Information Security

 

February 2016

Linux Mint compromised over the weekend

We've become aware that the Linux Mint project was hacked over the weekend. As part of this attack, data was stolen from the community forum and the download page was modified so that the installer would use a version of Mint which contained malware.

The Mint maintainers have published details on what happened, how to determine whether you are affected, and what you need to do. If you use the Mint forum or downloaded Mint over the weekend you should read these immediately.

http://blog.linuxmint.com/?p=2994

Posted in Linux
E-mails claiming to be for a BACS payment with malware attachment

We've received reports of a series of fake BACS payment e-mails which attempt to trick the receiver into opening an attached .zip file. This attachment contains a malware downloader which will run once the ZIP is opened.

This is the sample e-mail that we have received:

Posted in
Drupal 6 CMS reaching end-of-Life

Drupal is the open source content management system used by the majority of the University's websites.

On February 24th, 2016, Drupal 6 will reach end-of-life (EOL) and no longer be widely supported.

Maintainers of Drupal 6 based websites will need to make plans to either:

Posted in
Money transfer spear phishing

We've been made aware of a series of money transfer spear phishing e-mails being sent to finance departments in the University. The attackers pretend to be a senior member of staff and ask for a wire transfer of money to another bank account:

Hi,
Are you in the office? I'll need you to process an urgent bank transfer, email me once you receive this for the details.
Regards,
HoD

It is vitally important that you do not reply to these mails and instead use other means to ascertain the identity of the sender:

Posted in