Three U.S. universities have disclosed data breach incidents impacting personally identifiable information of students or employees following unauthorized access to some of their employees' email accounts. All three universities — Graceland University, Oregon State University, and Missouri Southern State University — have notified the individuals whose personal information was potentially stolen or accessed about the security incidents. In addition, no evidence has been found of the impacted personal information being stolen or used in a malicious manner while investigating the disclosed data privacy incidents involving all three universities. As the university discovered during the breach investigation, "the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access." As the university discovered during the breach investigation, "the personal information of some people who had interacted with these email accounts over the past several years was available during the time the unauthorized user(s) had access." After analyzing the contents of the impacted Office 365 accounts, MSSU found that the emails contained within stored "first and last names, dates of birth, home addresses, email addresses, telephone numbers, and social security numbers." We have named all 3 universities and have their comments posted on OUR FORUM.

A new Android Trojan that uses web push notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google's Play Store. Multiple fake apps of well-known brands that distributed the malware dubbed Android.FakeApp.174 got removed in early June after researchers from Doctor Web reported them to Google. While the apps were only installed by a little over 1000 users, the malware operators could publish other similar apps at any time on the Play Store and might also be switching to more aggressive attack methods such as redirecting victims to malicious payloads, launching phishing attacks targeting bank customers, or spreading fake news. For instance, "Potential victims can think the fake notification is real and tap it only to be redirected to a phishing site, where they will be prompted to indicate their name, credentials, email addresses, bank card numbers, and other confidential information," Doctor Web explains. When the malicious fake apps are first launched, the Android.FakeApp.174 Trojan loads a site hardcoded in its settings using the Google Chrome web browser, a website which asks the targets to allow notifications under the guise of verifying that the user is not a bot. Upon agreeing to enable web push notifications for "verification purposes," the compromised device's owner is subscribed to the site's notifications and will be spammed with dozens of notifications sent by Chrome using Web Push technology. These push notifications can pose as a wide range of alerts ranging from new social media messages and news to new social media events and notifications seemingly being pushed by applications installed on the device. Follow this by visiting OUR FORUM.