Cyber Security Today: A new Office 356 attack, librarians versus LinkedIn and patch this software

A new Office 356 attack, librarians versus LinkedIn and patch this software.

Welcome to Cyber Security Today. It’s Wednesday July 24th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanda.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

I told you on Monday that organizations using the Microsoft Office 365 business suite are common targets for criminals. Here’s the latest way attackers are trying to get in: By tricking the suite’s email administrators. According to the news site Bleeping Computer, attackers are emailing out fake Office 356 alerts. These alerts may be about alleged issues that require an administrator’s immediate attention such as a problem with the mail service, payment or unauthorized access. The message includes a link where the administrator can log in. This, of course, is a trick for capturing the administrator’s username and password. Don’t be fooled by messages like this. If you have to log into a site, don’t do it by clicking on a link in an email or text message. Go to the web site yourself through your browser by typing the address or with a link you’ve bookmarked the usual way you log in. That advice goes for anyone.

It isn’t often that the American Library Association, which represents U.S. public libraries, gets upset. But according to the news site ZDNet, the association is complaining about LinkedIn’s upcoming login change for those who want to access the online site called Lynda.com, which hosts many video instruction courses, from public libraries. LinkedIn bought Lynda.com several years ago. Now the site is called LinkedIn Learning. Right now those who want to access the site from a public library have to enter their library card number and a PIN number when they log in. But that will change later this month, when public library users will have to create and login with a LinkedIn profile. The library association complains library users will have to disclose their full name and email address to LinkedIn to get access. LinkedIn says the change is to better authenticate users and prevent fraud. It notes that users can set their LinkedIn profile so it isn’t publicly seen.

If you want an idea of how fast hackers work here’s an example: Two weeks ago a software company called Atlassian announced an update to fix a vulnerability in its Jira project tracking software. In the few days since then hackers have been trying to exploit that vulnerability before it’s patched. So IT administrators whose companies use Jira are warned.

Here’s another warning to IT and website administrators: If your organization uses the ProFTDP open-source FTP server, install the latest security patch. It fixes a serious vulnerability that could allow an attacker to copy files on the FTP server.

Finally, Apple users should be on the lookout for security updates. A bunch of them have been issued for the iOS and Mac operating systems, as well as for tvOS, used in Apple TV media players, and watchOS, used in Apple Watches.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast