Tag Archive for: Website

COD website back up; School confirms outage was a malware attack

/in


All online student services are back up on the College of the Desert website. This comes nearly a month after a widespread computer outage took down phone and online services.

On Friday, school officials confirmed that the school was a victim of a malware attack. As we’ve previously reported, COD was working with the FBI to investigate the circumstances behind the outage.

There were no further details released on the federal investigation at this time.

“The College is working with law enforcement and given the sensitive nature of the investigation, will not be issuing further communications about the case,” reads a news release from COD officials.

This is the second malware attack at the school in the past two years. In August 2020, the COD website fell victim to a malware attack, wiping out access to online services and email, similar to what happened this month.

This recent malware attack started on July 4. Over the past few weeks, students and faculty reported issues accessing their emails, phone lines, and school servers while the school worked on a phase-based restoration of services.

“College of the Desert appreciates the patience and cooperation of students, faculty, and staff,” Garcia said. “Now that student-facing systems are operational, staff can focus on the College’s mission of student success.”

In the last two weeks, key student-facing services were restored in phases based on an internal recovery plan.

● July 5 – Temporary pathways to course resources and CODNews.org were built.
● July 14 – Wi-Fi, internet services, and Colleague UI Portal were brought back online.
● July 18 – The main website and phone systems were re-established.
● July 21 – Faculty email was restored; Student Self-Service, WebAdvisor, and Payment Processing were live.

“The College’s Information Technology team worked to quickly restore all systems that impact students,” said Superintendent/President, Martha Garcia, Ed.D. “Round-the-clock dedication and an overall spirit of teamwork among faculty, students and…

Source…

Pro-Russia hackers claim disruption of US Congress website

/in


Pro-Russia hackers claimed responsibility for a cyberattack that briefly interrupted access to a website for U.S. Congress on Thursday night.Related video above: Make sure your home security system is ‘secure’ from hackersAccess to Congress.gov was intermittently disrupted from around 9 p.m. ET Thursday until the website was restored to normal operation “just after” 11 p.m. ET, April Slayton, director of communications for the Library of Congress, which runs the website, told CNN.”The Library of Congress used existing measures to address the attack quickly, resulting in minimal down time,” Slayton said in an email. “The Library’s network was not compromised and no data was lost as a result of the attack.”A Russian-speaking hacking group known as Killnet claimed responsibility for the hack on their Telegram channel. The post included a screenshot of an error message on Congress.gov overlaid with an image of President Joe Biden with a puzzled look on his face.The hackers used a popular tactic known as a distributed denial of service attack (DDoS), according to Slayton, which floods computer servers with phony web traffic in an attempt to knock websites offline. Congress.gov displays information on bills, hearings and other deliberations of Congress.While DDoS attacks can have material consequences, such as when customers can’t access banking websites, they are sometimes more about making a statement and getting noticed.In the prelude to Russia’s full-scale invasion of Ukraine in February, the White House blamed Russian military intelligence for a series of DDoS attacks on Ukrainian government websites.The war in Ukraine has triggered a wave of pro-Russia and pro-Ukrainian hackers who have made political statements and targeted infrastructure in the two countries.Killnet last week claimed responsibility for DDoS attacks on websites of government agencies and private firms in Lithuania. The hackers said it was retaliation for Lithuania blocking the shipment of some goods to the Russian enclave of Kaliningrad.U.S. officials have been on high alert for months for retaliatory Russian cyberattacks after the Biden administration imposed stiff sanctions on Russia for its invasion of…

Source…

Australian black box website security checker unveiled | Information Age

/in


Most scanners do not perform a thorough job. Photo: Shutterstock

Most websites are vulnerable to attack, whether it’s opportunistic or intentional hacking, and the return on investment for cyber criminals can be substantial.

While website security scanning offers a line of protection, it’s not infallible.

To improve screening, a team of Australian and international researchers has just developed a new scanning tool to make sites less vulnerable to cyberattacks.

The black box security assessment prototype, tested by engineers in Australia, Pakistan and the UAE, was found to be more effective than existing web scanners.

UniSA mechanical and systems engineer Dr Yousef Amer, a member of the research team, said the researchers have been able to highlight numerous security vulnerabilities in website applications using the prototype.

Against a backdrop of escalating and more severe cyberattacks, and despite a projected $170 billion global outlay on internet security in 2022 according to Varonis, existing web scanners are falling way short when it comes to assessing vulnerabilities, noted Amer.

“We have identified that most of the publicly available scanners have weaknesses and are not doing the job they should,” said Amer.

These existing tools have less precision, accuracy and recall rate to determine web application vulnerabilities.

In addition, there are some vulnerabilities that most tools are unable to detect.

Dr Amer explained the black box prototype has better crawler coverage as it uses the high performing Arachni crawler.

“This enables us to find all possible web pages associated with the main website,” he told Information Age.

Serious vulnerabilities need to be identified

The researchers compared 11 publicly available web application scanners against the top 10 vulnerabilities in web applications and APIs identified by the Open Web Application Security Project (OWASP).

“We found that no single scanner is capable of countering all these vulnerabilities, but our prototype tool caters for all these challenges.

“It’s basically a one-stop guide to ensure 100 per cent website security,” he said.

The vulnerabilities included broken access control that…

Source…

Malawi Police accused of hacking Platform for Investigative Journalism website – Malawi 24

/in


Media body MISA Malawi says it cannot rule out the involvement of State agents in the hacking of Platform for Investigative Journalism (PIJ) website, which happened days after the Malawi Police Service (MPS) detained PIJ Managing Director Gregory Gondwe and held on to his computer and phone for a night.

Malawi Police Service has since hit back at MISA Malawi over the allegations.

The hacking of the website investigativeplatform-mw.org was noted on Thursday, April 14, 2022 and the site remained inaccessible for many hours on Friday. However, the site is now back online but PIJ said it was still working on fully recovering it

The incident happened nine days after officers from the Malawi Police Gondwe and confiscated his equipment, which raised serious privacy concerns.

In a statement on Friday, MISA Malawi Chairperson Teresa Temweka Ndanga said the hacking incident vindicates such fears.

“We believe the hacking incident is not a mere coincidence. MISA Malawi believes the hacking is intentional and we cannot rule out the involvement of State agents considering the circumstances.

“We are concerned that the police officers who must be in the forefront to combat Cybersecurity risks of Malawians and others in the country were directly involved in actions that qualify them as prime suspects in this Cyber-attack,” said Ndanga.

She added that the hacking is a direct attack on media freedom, right to access information and a criminal offence under the Electronic Transactions and Cyber Security Act of 2016.

She also noted that the Electronic Transactions and Cyber Security Act of 2016 prohibits hacking, cracking and introduction of viruses and any person who commits such offences is liable to a fine and to imprisonment for seven years.

Ndanga then demanded the State to investigate and prosecute anybody who violated section 21 of the Constitution of Malawi by violating Gondwe’s privacy, saying the same people are now prime suspects in this hacking incident.

“We wish to remind government that these continued attacks on journalists are tarnishing the country’s image on press freedom, a fundamental component in a democratic…

Source…