{"id":26959,"date":"2019-02-22T09:25:14","date_gmt":"2019-02-22T16:25:14","guid":{"rendered":"https://www.webroot.com/blog/?p=26959"},"modified":"2019-03-20T17:02:11","modified_gmt":"2019-03-20T23:02:11","slug":"cyber-news-rundown-phishing-through-email-filter","status":"publish","type":"post","link":"https://www.webroot.com/blog/2019\/02\/22\/cyber-news-rundown-phishing-through-email-filter\/","title":{"rendered":"Cyber News Rundown: Phishing through Email Filter"},"content":{"rendered":"\n<h2>Email Phishers Find New Filter Bypass<\/h2>\n\n\n\n<p>Since <a href=\"https:\/\/www.helpnetsecurity.com\/2019\/02\/20\/phishers-new-trick-for-bypassing-email-url-filters\/\">email\nfilters<\/a> have gained popularity over the last decade, scammers have\nbeen forced to adapt their attacks. To bypass a normal URL filter that would\ncheck for malicious links, these scammers have found a way to alter the\n\u201cdocument relationship\u201d file (xml.rels) and continue to push out harmful links.\nBy removing the malicious link from the relationship file, many filters simply\nskip over it and allow the link to remain clickable, a new tactic which relies\non filters scanning only a portion of a file.<\/p>\n\n\n\n<h2>Unknown Devices Putting UK Firms at Risk<\/h2>\n\n\n\n<p>In a recent survey, nearly <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/half-of-uk-firmsunknown-devices-1\/\">3\nmillion UK businesses<\/a> have admitted to constantly monitoring dozens of\nunknown devices connecting to their corporate networks. With internal security\nflaws being the main driver for data breaches, new policies should be\nimplemented to work with the increasing number of external IoT devices connecting\nwith systems expected to maintain a certain level of privacy. Unfortunately,\nmany companies still see IoT devices as a non-threat and continue to ignore the\ngaping security holes appearing within their walls.<\/p>\n\n\n\n<h2>Swedish Healthcare Database Left Unattended for Years<\/h2>\n\n\n\n<p>A server was recently discovered to contain <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/27-million-health-related-calls-sensitive-info-exposed-for-six-years\/\">millions\nof call records<\/a> made to a Swedish Healthcare Guide service that has been\nleft exposed for up to six years. The server itself was created, then forgotten\nin 2013, and has since missed dozens of patches, leaving it vulnerable to at\nleast 23 unique security flaws. Within the call records are names, birth dates,\nand even social security numbers, though after hearing of the breach, the\ncompany made swift efforts to properly secure the sensitive data.<\/p>\n\n\n\n<h2>Stanford Students Exposed After URL Vulnerability Spotted<\/h2>\n\n\n\n<p>What started as a simple admissions document request has\nleft the personal data of <a href=\"https:\/\/www.infosecurity-magazine.com\/news\/student-data-exposed-at-stanford-1\/\">93\nstudents<\/a> exposed, due to a simple flaw in the record\u2019s URL. By easily\nswapping out parts of the numeric ID viewable in the document\u2019s URL, anyone\nwith a login to the site could view another student\u2019s records. Within the\nadmissions documents was personal information relating to a specific student,\nincluding non-university records like background\/criminal checks and\ncitizenship standings. Fortunately, Stanford was quick to make the necessary\nchanges and contacting affected students. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Email Phishers Find New Filter Bypass Since email filters have gained popularity over the last decade, scammers have been forced to adapt their attacks. To bypass a normal URL filter that would check for malicious links, these scammers have found a way to alter the \u201cdocument relationship\u201d file (xml.rels) and continue to push out harmful [&hellip;]<\/p>\n","protected":false},"author":47,"featured_media":27271,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[21936,21940,21942,21943],"yst_prominent_words":[5793,24041,3769,3517,24037,3493,24045,3619,24093,23393,6371,6433,11491,24029,3479,23923,24043,24039,24035,5265],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26959"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/47"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=26959"}],"version-history":[{"count":3,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26959\/revisions"}],"predecessor-version":[{"id":28251,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/26959\/revisions\/28251"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/27271"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=26959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=26959"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=26959"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=26959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}