IT Security Stories to Watch: Was UCF's Network Compromised?

The University of Central Florida (UCF) has released details about an outside intrusion into its computer network.

And as a result, UCF tops this week’s list of IT security newsmakers to watch, followed by eBay (EBAY), TalkTalk Group and Malwarebytes. 

What can managed service providers and their customers learn from these IT security newsmakers? Check out this week’s edition of IT security stories to watch to find out:

1. UCF identifies network security compromise

UCF has announced it discovered its computer network was compromised recently. 

The university noted the personally identifiable information of some members of its university community may have been exposed during the incident.

“UCF discovered the unauthorized access in January. University officials reported the incident to law enforcement and launched an internal investigation with the assistance of a national digital forensics firm,” UCF President John C. Hitt wrote in a prepared statement. 

2. Check Point discovers eBay vulnerability

Check Point Software Technologies has found an eBay vulnerability that allows cybercriminals to distribute phishing and malware campaigns.

The IT security software provider said it disclosed the vulnerability to eBay on Dec. 15, 2015; however, eBay last month said it had no plans to fix the vulnerability. 

“An attacker could target eBay users by sending them a legitimate page that contains malicious code,” Check Point wrote in a blog post. “Customers can be tricked into opening the page, and the code will then be executed by the user’s browser or mobile app, leading to multiple ominous scenarios that range from phishing to binary download.”

3. TalkTalk cyber attack costs company approximately $8.7 million

TalkTalk last week said it lost approximately $8.7 million as a result of an Oct. 2015 cyber attack.

Computer Business Review noted the attack’s cost is nearly double the amount that had previously been predicted by TalkTalk’s management.

In addition, TalkTalk said it lost 101,000 customers after the cyber attack.

4. Malwarebytes discloses software vulnerabilities

Malwarebytes last week released details about software vulnerabilities that affected the consumer version of Malwarebytes Anti-Malware.

The IT security provider noted it was alerted about the vulnerabilities in November 2015 and is still “triaging based on [the] severity” of the vulnerabilities.

“The research seems to indicate that an attacker could use some of the processes described to insert their own code onto a targeted machine. Based on the findings, we believe that this could only be done by targeting one machine at a time,” Malwarebytes CEO Marcin Kleczynski wrote in a blog post. “However, this is of sufficient enough a concern that we are seeking to implement a fix. Consumers using the Premium version of Malwarebytes Anti-Malware should enable self-protection under settings to mitigate all of the reported vulnerabilities.”

What are your thoughts on this week’s IT security stories to watch? Share your thoughts about this story in the Comments section below, via Twitter @dkobialka or email me at [email protected].