College hacks, Office 365 phishing and Chrome over Edge.
There’s plenty of interesting stories to unwrap from the past week in cyber security. From an Iowa college student hacking his own grades to advice on talking to your executive team about cyber security. We’ve got it all covered.
Here are the most interesting stories from the past week in cyber security:
Iowa college student arrested for changing grade more than 90 times
An Iowa college student, wrestler Trevor Graves is accused by the FBI of secretly pluggin keyloggers into university computers in classrooms and in labs. Thst allowed Graves to record whatever his professors typed, including credentials to log into university grading and email systems. Graves used that access to change his grades, as well as those of five other students, more than 90 times. And he would have gotten away with it too if it weren’t for that pesky dog… wait. That’s Scooby Doo. Actually it was a professor who noticed the changes and reported it. The university says the investigation cost $68,000.
[Source: Naked Security]
Microsoft Employee Installs Chrome mid-presentation after Edge keeps crashing
Here’s a little egg on Microsoft’s face. Michael Leworth of Microsoft’s Azure Migration team was mid-presentation when the Microsoft Edge browser continue to crash. Rather than fight against his company’s own browser, Leworth took the unorthodox step of installing Google Chrome and completing the presentation on a competitor’s browser. The presentation had been uploaded to YouTube. Leworth blamed the issue on the computer he was using.
Office 365 missed 34,000 Phishing Emails last month
Roughly 10% of all phishing emails got through Office 365’s security filters. Researchers from Cyren analyzed 10.7 messages to find that figure. Of the 10.7 million emails, 9.75 million (90.7%) were clean and safe, with newsletter making up about half (4.6 million). The rest were considered Spam and Microsoft’s filters failed to protect its users from them, instead, it let the mail right in their inbox.
[Source: Dark Reading]
Google wants you to use physical hardware token
A physical hardware token is a great place to store a private key. This keeps it off your network and makes it harder to steal or compromise. EV Code Signing certificates make this a standard practice, but any key can be placed on a hardware token that is kept on your person or safely in storage. Google will now be offering the option of a hardware token to its most at-risk users.
How to sell Cyber Security to your executive team
We’ll end on more of a how-to, but a useful one. CSO Online has an article with some strategies for addressing the executive level on cyber security measures. Face it, cyber security isn’t going to make you money. And while it may save you money in the long run, most executives are more interested in making money than spending it. That can create a challenge for IT teams from a funding standpoint. Here’s some advice on dealing with that.
[Source: CSO Online]
What we Hashed Out this week: