Phishing campaigns targeting students

Everyone is busy at Christmas. As the old year ends people’s thoughts turn to making plans for traveling, for shopping, for celebrations and for what the new year might hold. We are distracted and perhaps a little more optimistic than … Continue reading

Posted in Current Threats, Email | Comments Off on Phishing campaigns targeting students

Major Dridex Banking Malware Outbreak

Beginning Friday and continuing through the weekend, OxCERT’s network security monitoring has picked up an extreme number of PCs infected with the ‘Dridex’ family of banking malware. This malware is a specialised form of computer virus, tailored specifically to Windows-based … Continue reading

Posted in Current Threats, Email, General Security, Information Security, Microsoft | 2 Comments

Financial Fraud Targeting University Departments

OxCERT have received an escalating number of reports of highly convincing financial fraud emails directed at University Finance Officers and others responsible for issuing large financial payments. This threat goes beyond simple ‘phishing’ campaigns, this is clearly a direct and … Continue reading

Posted in Current Threats, Email, General Security | Comments Off on Financial Fraud Targeting University Departments

CVE-2015-3456 ‘VENOM’ – And it was all going so well…

After a relatively long period without a potentially-catastrophic vulnerability to report, we must again break out the hard hats as the numerically-improbable ‘CVE-2015-3456‘ is here and it wants to kill your datacentre. It’s called VENOM, in case you were wondering. … Continue reading

Posted in Current Threats, General Security, Information Security, Web Security | 1 Comment

Targeted financial fraud

We were recently alerted to an example of an attempted highly-targeted financial fraud. Now, we see fraudulent emails all the time, but fortunately most are immediately apparent to the recipients. In this case, however, the attacker had done their homework. … Continue reading

Posted in Current Threats, Email, General Security | Comments Off on Targeted financial fraud

‘CTB-Locker’ Ransomware Campaign

Over the last several days, Oxford users have reported a growing number of suspicious emails to the OxCERT team; this has coincided with the discovery of a number of personal and University machines afflicted by a new ‘ransomware’ variant known … Continue reading

Posted in Current Threats, Email, Microsoft | Comments Off on ‘CTB-Locker’ Ransomware Campaign

Bodleian Libraries Targeted Phish

OxCERT have received reports of very convincing looking phishing emails appearing to originate from an @bodleian.ox.ac.uk email address. The phishing emails use the subject “Library Account Access” and contain links, which are disguised to look like they lead to our … Continue reading

Posted in Current Threats | Comments Off on Bodleian Libraries Targeted Phish

New Malware Campaign – ‘Dyre’ Banking Trojan

In recent days OxCERT have witnessed a sharp rise in the incidence of emails associated with the ‘Dyre’ banking malware family. This strain of malware concerns itself with the theft of financial data including credit card details, logins to payment … Continue reading

Posted in Current Threats, Email | 1 Comment

How To Train Your POODLE part II – Servers and Infrastructure

In our previous blog post, we gave a quick overview of the ‘POODLE’ SSLv3.0 vulnerability, followed by tips for mitigating the risks on client applications. In this post, we will focus our attention on server side strategies. For servers using … Continue reading

Posted in Current Threats, General Security, Microsoft, Web Security | Comments Off on How To Train Your POODLE part II – Servers and Infrastructure

How To Train Your POODLE part I – Clients

As you may be aware, a serious vulnerability dubbed ‘POODLE’ has been discovered in SSL version 3.0. A successful POODLE attack could allow a malicious person (with network access) to decrypt an SSLv3.0 connection. What does that actually mean? Well, … Continue reading

Posted in Apple, Current Threats, Google, Microsoft | Comments Off on How To Train Your POODLE part I – Clients