Universities often need to have a number of computers in classrooms ready for faculty and staff to use for presentations and Internet access , which can be a security challenge . Carleton University is the latest to find that out when a regular inspection discovered USB keylogging devices had been plugged into six classroom PCs . The computers themselves can ’ t store data , said Beth Gorham , Carleton ’ s manager of public affairs , so there was no risk of university data being captured Attack.Databreach . However , the PCs are connected to the campus network so keyloggers would be able to capture Attack.Databreach login information . As a result all staff , faculty , contract instructors and teaching assistants have been ordered to change their passwords . In addition , the university has recommended all students do the same “ out of an abundance of caution. ” “ We have no indication that any personal information has been obtained Attack.Databreach , ” she said . Discovery of the devices was made a week ago during a regular inspection of classroom devices by the instructional media services staff , Gorham said . Until now because presenters use USB memory sticks for presentations the USB ports of the computers hadn ’ t been locked , Gorham said . However , she said , since the discovery “ those computers and other were secured [ with locks ] so this can ’ t happen again. ” And as a result of the incident classroom inspections have been stepped up .

RawPOS continues to evolve , and has recently been equipped with the capability to steal Attack.Databreach data contained in the victims ’ driver ’ s license ’ s 2-dimensional barcode . “ Although the use of this barcode is less common than credit card swipes , it is not unheard of . Some people might experience getting their driver ’ s license barcode scanned in places like pharmacies , retail shops , bars , casinos and others establishments that require it , ” Trend Micro researchers explained . “ Traditionally , PoS threats Attack.Databreach look for credit card mag stripe data and use other components such as keyloggers and backdoors to get Attack.Databreach other valuable information . RawPOS attempts to gather Attack.Databreach both in one go , cleverly modifying the regex string to capture Attack.Databreach the needed data. ” This particular variant is geared towards collecting Attack.Databreach data from driver ’ s licenses issued in the US . Thus , along with payment card data , criminals also get Attack.Databreach information such as the victims ’ full name , date of birth , full address , gender , height , hair and eye color . This additional info could definitely help criminals impersonate the card holder in many identity theft scenarios , as well as while effecting fraudulent card-not-present transactions . RawPOS is one of the oldest known Point-of-Sale RAM scraper malware families . It ’ s first incarnation was spotted all the way back in 2009 . According to the researchers , it is mainly used by threat actors that focus on targeting businesses operating in the hospitality industry .

A new malware program that targets macOS users is capable of spying on encrypted browser traffic to steal Attack.Databreach sensitive information . The new program , dubbed OSX/Dok by researchers from Check Point Software Technologies , was distributed via email phishing campaigns Attack.Phishing to users in Europe . One of the rogue emails was crafted Attack.Phishing to look as if it was sent Attack.Phishing by a Swiss government agency warning recipients about apparent errors in their tax returns . The malware was attached to the email as a file called Dokument.zip . Once installed on a Mac , OSX/Dok displays Attack.Phishing a fake and persistent notification about a system security update that needs to be installed . Users who agree to install the update will be prompted for their administrator password . Once the malware obtains elevated privileges , it will make the active user a permanent administrator so the OS will never ask for the password again when the malware executes privileged commands in the background . Dok will also modify the system 's network settings to route web traffic through a proxy server controlled by the attackers and located on the Tor anonymity network . In order for this to work , it also installs a Tor client that 's started automatically . The reason why web traffic is routed through a proxy server is to perform a man-in-the-middle ( MitM ) attack and decrypt secure HTTPS connections . This is achieved by installing a rogue root certificate on the system that is then used to decrypt and re-encrypt HTTPS connections when they pass through the proxy . With this method , users will continue to see the SSL visual indicator in their browser when they access HTTPS websites and the browser will not complain about untrusted certificates . The ability to snoop on HTTPS traffic allows attackers to steal Attack.Databreach sensitive information like passwords for email ; social media and online banking accounts ; credit card details entered on shopping websites ; personal and financial information entered into web forms ; and more . With more than half of all web traffic in an average user 's browser now encrypted , it 's not surprising that attackers are resorting to man-in-the-middle techniques to capture Attack.Databreach sensitive data . This and other capabilities make Dok one of the most sophisticated malware programs targeting macOS to date , not counting spy programs created or used by nation states and law enforcement agencies . `` We have been and still are in direct contact with Apple [ employees ] who are very helpful and responsive , '' Yaniv Balmas , Check Point 's malware research team leader , said via email . `` With Apple ’ s cooperation , we believe this specific campaign is now futile and does no longer pose any threat to Mac users . ''