This Week In Security - 05/25/2020
Windows 10 Fails Again
The latest Windows update has done little to make users “fall in love” with their PCs “all over again” as promised.- instead, it seems to be causing more issues than it’s fixing.
Users have taken to social media to vent their anger at the KB4556799 Windows 10 update. While some complained of Blue Screen of Death (BSOD) crashes, others reported that the update had deleted all their files.
Many of the issues are all too familiar, coming hot on the heels of February’s update which deleted user data; March’s which caused “boot problems, slowdowns and BSOD crashes”: and April’s that compromised the security of the Google Chrome browser.
So far, Microsoft is claiming both ignorance and innocence, “with its official KB4556799 update page saying the company ‘is not currently aware of any issues with this update’.”
Users are being advised to turn off their update for now and should delay all further updates until Microsoft sorts out “yet another disaster”.
There are rumors that Microsoft is planning a massive overhaul of its software, however, that could see an end to “low key Windows 10 updates”. Instead, “Windows features could become available as individual app store downloads”.
Let’s hope it’s worth the wait.
Cybercriminals Target Unemployment Systems
Cybercriminals are targeting beleaguered state unemployment systems who, in turn, are straining to cope as claims in the US soar to over 36 million.
The New York Times reported that the US Secret Service had obtained information “suggesting that the scheme was coming from a well-organized Nigerian fraud ring and could result in ‘potential losses in the hundreds of millions of dollars’.”
The fraud scheme came to light in Washington when employed people reported receiving confirmation of their unemployment claims through the post. Evidence of attacks has also been found in “Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, and Wyoming”.
It is believed “the fraud ring behind this possesses a substantial P.I.I. [personally identifiable information] database” given the “volume of applications observed thus far”.
Scott Jensen of the Rhode Island Department of Labor and Training said the attacks were so sophisticated, “it could be hard to distinguish between a legitimate claim and a fraudulent one”.
Ms. LeVine confirmed that “the state is working with law enforcement agencies to try and reclaim some of the funds”.
In the meantime, a special agent at the Secret Service, Roy Dotson, said, “We are actively running down every lead we are getting”.
Home Chef Announces Data Breach
Leading meal delivery service, Home Chef, announced a data breach after eight million user records were found on a Dark Web marketplace.
Home Chef was one of 11 companies whose data was up for grabs, courtesy of the hacking group, Shiny Hunters. The meal delivery company confirmed that stolen data includes “a customer’s email address, name, phone number, encrypted passwords, the last four digits of credit card numbers”.
In a statement to BleepingComputer, Home Chef confirmed that the eight million Home Chef records stolen in the data breach form part of a database of “73 million user records” that is currently up for grabs for $18,000.
Although no passwords were stolen in the incident, Home Chef users are nonetheless advised to adopt a new and unique password to guard against potential cyberattacks and account takeovers.
Home Chef assured customers that action would be taken “to investigate this situation and to strengthen our information security defenses to prevent similar incidents from happening in the future.”
One cybersecurity expert warned that “All companies in this [meal delivery] sector must not falsely assume that they are immune to attack just because they have become an essential service to help people during a challenging time”.
Stanford Ranks Best For Cybersecurity
Stanford offers the best cybersecurity degree in the US according to the independent educational organization, Cyber Degrees Edu.
The organization listed Stanford as the best out of 55 cybersecurity degree providers. Other leading courses are offered by Carnegie Mellon University and the University of California.
Stanford’s low student to faculty ratio along with its “rates of acceptance and graduation” pushed it to the top of the list. “Stanford boasts the highest graduation rate with 94% of students leaving the university with a degree”. By comparison, Carnegie achieved 89% and Davis, 86%.
The schools listed are, according to a spokesperson for Cyber Degrees Edu, “either high quality or very affordable”. They went on to emphasize the importance of each student “to find the best school for their particular needs”.
Universities were ranked by their overall reputation as well as the reputation of their cybersecurity programs and their alumni. “What matters most is the reputation of the individual cybersecurity program. That is why knowing which schools were attended by the best cybersecurity professionals is so vital”.
The announcement comes hot on the heels of the latest Cybersecurity Workforce Study which shows a global deficit of just over four million cybersecurity professionals.