Security research company iDefence has reported that Chinese hackers have targeted universities around the world in a bid to steal naval secrets 

A total of 27 institutions, including the University of Hawaii, the University of Washington and the Massachusetts Institute of Technologyare believed to have been targeted. While the full list of universities has not been revealed, iDefense says they share a common interest in research on underwater warfare technology – particularly the launching of submarine missiles. 

iDefence assess that with “moderate to high confidence” the perpetrator of the hacks is a known Chinese group called Mudcarp, which goes by other names including Temp.Periscope and Leviathan. Analysis of malware sent to the universities reportedly shows indicators associated with Mudcarp’s previous activity 

The attackers used a technique called “spear phishing“, which involved sending emails that were made to look like they had been sent by other universities, but actually contained malware which allowed the hackers to access networks.  

The NCSC recommends that individuals remain vigilant to phishing emails and has published guidance on how to defend your organisation from phishing attacks 

Keeping software up-to-date will also help to address weaknesses. Installing updates as soon as possible will keep your devices more securehelping to mitigate the threat of malware.  

South African electoral register exposes voter details

Local reports suggest that approximately 36,000 South African citizens living overseas have had their details exposed online, due to security flaw affecting the online voter registration portal 

Citizens who wish to vote in the 2019 elections while overseas must inform the IEC (South African Electoral Commission) of their intention and submit a VEC 10 application online. After a VEC 10 application is completed and processed, voters are given a URL to access their receipt, which details whether their application has been approved or declined.  

However, this URL uses sequential numeric identifiers to access different application reports, and the recipient can simply change the number at the end of the URL to view other voters’ details. They are not protected with authentication.  

Application receipts contain sensitive data including full names, ID numbers, and contact information.  

The nature of this vulnerability could allow attackers to scrape information from all VEC 10 applicants by iterating through each sequential numeric ID. After being alerted to the security flaw, the IEC resolved the issues and release the following statement:  

“We have looked at the security flaw you identified, have attended to it, and it is resolved and eliminated. 

“It was an unintended attempt at addressing a page expiry concern.” 

The NCSC has published security design principles for digital services 

Visitor management systems vulnerable to cyber attacks

Researchers from IBM have published a blog post identifying 19 vulnerabilities in popular automated visitor management systems that could lead to data leaks, including exposure of logs, contact information and details of corporate activities.  

The researchers have also expressed concern that the vulnerabilities could be used to compromise corporate networks. This may be the case if the visitor management system extends the corporate network. 

These automated services often allow businesses to autonomously authenticate new visitors to a building, provide them with a badge and/or grant access levels to manage their movement in the building.  

While the details of the specific vulnerabilities have not been made public, one of the flaws is reportedly related to default administration credentials.  

Details for the vulnerabilities have been provided to the affected vendors in order to allow time for an official fix to be developed and released in advance of the vulnerabilities being made public. Several of the vendors have already updated their software 

IBM recommends that companies apply patches, where available, evaluate and update system privileges, enable full-disk encryption and set strong passwords.