Education
Vulnerability at Student Portal Exposes Sensitive Information
12 - 19 February 2019
Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents.

Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents. NolijWeb contains an insecure direct object references vulnerability that allows a login user to retrieve student records by changing the numeric ID in the URL. At least 91 students were affected in the incident, which exposes personally identifiable information such as social security number, ethnicity and home address as well as academic results including standardised test scores and personal essays. Previously in December 2017, Stanford University exposed the personal information of nearly 10,000 non-teaching staff after misconfiguring the permissions setting on two file-sharing platforms used in the campus.
References:
[1] Data Breach Allowed Students to View Other Students’ Admission Files, Sensitive Personal Data
References:
[1] Data Breach Allowed Students to View Other Students’ Admission Files, Sensitive Personal Data
More Weekly Cyber Newsanalysis and insights

Weekly Comments
A hacker known as Gnosticplayers has released a third round of stolen accounts for sale in Dream Market.

Hospital Halts GandCrab Infection with Layered Defence
A US healthcare provider was able to stop a targeted GandCrab ransomware attack by adopting layered defence to protect its data and resources.

Ransomware Wipes Out Database at Email Service Provider
An anonymous email service provider, VFEmail, suffered a ransomware attack that wiped out 18 years' worth of customer emails, including data held in backup servers.

Phishing Scheme Targets Transportation Contractors
An ongoing phishing scheme is harvesting email credentials from transportation contractors by spoofing the Texas Department of Transportation (TxDOT) bidding portal.

Hackers Target Government Websites After Fresh Conflicts Hit Contested Region
Pakistani Ministry of Foreign Affairs websites in several countries were inaccessible following rising tensions in the northern Indian state of Jammu and Kashmir.

Bank Suspends Operations after Hackers Try to Steal US$14.6 mil
Malta's largest bank, Bank of Valetta (BOV) was forced to suspend all operations after hackers broke into its systems and transferred US$14.6 million overseas.
Education
Vulnerability at Student Portal Exposes Sensitive Information
12 - 19 February 2019
Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents.

Stanford University is hit by a second data breach in 15 months, exposing student's personal information via a student portal known as NolijWeb. The portal, which has reached end-of-life and is pending replacement, is a content management repository that stores admission-related documents. NolijWeb contains an insecure direct object references vulnerability that allows a login user to retrieve student records by changing the numeric ID in the URL. At least 91 students were affected in the incident, which exposes personally identifiable information such as social security number, ethnicity and home address as well as academic results including standardised test scores and personal essays. Previously in December 2017, Stanford University exposed the personal information of nearly 10,000 non-teaching staff after misconfiguring the permissions setting on two file-sharing platforms used in the campus.
References:
[1] Data Breach Allowed Students to View Other Students’ Admission Files, Sensitive Personal Data
References:
[1] Data Breach Allowed Students to View Other Students’ Admission Files, Sensitive Personal Data
More Weekly Cyber Newsanalysis and insights

Weekly Comments
A hacker known as Gnosticplayers has released a third round of stolen accounts for sale in Dream Market.

Hospital Halts GandCrab Infection with Layered Defence
A US healthcare provider was able to stop a targeted GandCrab ransomware attack by adopting layered defence to protect its data and resources.

Ransomware Wipes Out Database at Email Service Provider
An anonymous email service provider, VFEmail, suffered a ransomware attack that wiped out 18 years' worth of customer emails, including data held in backup servers.

Phishing Scheme Targets Transportation Contractors
An ongoing phishing scheme is harvesting email credentials from transportation contractors by spoofing the Texas Department of Transportation (TxDOT) bidding portal.

Hackers Target Government Websites After Fresh Conflicts Hit Contested Region
Pakistani Ministry of Foreign Affairs websites in several countries were inaccessible following rising tensions in the northern Indian state of Jammu and Kashmir.

Bank Suspends Operations after Hackers Try to Steal US$14.6 mil
Malta's largest bank, Bank of Valetta (BOV) was forced to suspend all operations after hackers broke into its systems and transferred US$14.6 million overseas.