RIT Information Security

A newly revealed flaw in WhatsApp and Signal allows attackers to silently track users in real time and even drain their phone batteries and data. Security researchers warn that by exploiting delivery receipts and measuring round‑trip times, adversaries can monitor over 3 billion users worldwide simply by knowing their phone number, uncovering details such as when someone is home, asleep, or actively online—all without triggering notifications. The vulnerability, dubbed Silent Whisper, highlights a fundamental weakness in the messaging protocols and raises urgent concerns about privacy and resilience against stealth surveillance.
Read more here;

Over 3 billion WhatsApp and Signal users can be tracked in real time by anyone A publicly released tool can exploit a vulnerability in WhatsApp and Signal’s delivery receipts to secretly track the real-time activity of over three billion users, while also draining battery and data.

🌐 Cybersecurity Students Making a Difference!
RIT students are stepping up to help local nonprofits and community organizations stay safe online, offering pro bono cybersecurity services that protect sensitive data and strengthen digital defenses. 💻🔒
This initiative not only secures vital community resources but also gives students real-world experience in tackling today’s cyber threats.
Read more about how they’re creating impact:

How pro bono services from cybersecurity students are helping secure community organizations With RIT’s Cybersecurity Clinic, students are gaining real-world pentesting and vulnerability assessment experience, while also helping the community.

🛒 Cyber Monday Chaos: Shopify Outage Hits Thousands 🛒

On one of the busiest shopping days of the year, Shopify went down for thousands of users, leaving businesses scrambling and customers frustrated. For small shops, every minute offline during Cyber Monday can mean lost sales and disappointed buyers.
This outage is a reminder of how much we rely on digital platforms and how vulnerable they can be under extreme demand.

Full story here:

Shopify outage hits thousands during Cyber Monday mania Shopify goes down during the height of Cyber Monday mania, with thousands of online users reporting login issues and problems navigating the E-commerce website.

Its so hard to shop for a phish! All they want is my password to my bank!

Google has confirmed that hackers are actively exploiting vulnerabilities in Chrome, and the company has issued an emergency update affecting more than 2 billion users worldwide. If you use Chrome, update your browser right away to stay protected.

Cyberattacks move fast, but so can we. Keeping your software patched is one of the simplest, most effective defenses against threats like this.

Read the full article here:

Attacks Confirmed—Google Issues Emergency Update For 2 Billion Chrome Users Update now warning suddenly issued for all Google Chrome users. Act now.

Attackers are shifting their phishing tactics from email to LinkedIn and it’s making waves. A new report from The Hacker News outlines five reasons why LinkedIn has become a prime target for cybercriminal activities.
🧠 1. No Email Filters = No Defense
LinkedIn DMs bypass traditional email security tools. No spam filters, no phishing scanners, no centralized visibility. Attackers exploit this blind spot to reach targets directly.

🎯 2. Business App Used Personally
LinkedIn is used for work, but it’s treated like a personal app. That mix makes it easy for attackers to pose as recruiters, vendors, or colleagues without raising alarms.

📱 3. Corporate Devices, Real Risk
Executives and employees often access LinkedIn from work devices. That means phishing links can lead to credential theft, malware installs, or access to business accounts like Microsoft Entra and Google Workspace.

💬 4. Spear Phishing at Scale
Attackers use LinkedIn to research targets, then craft personalized messages that feel legit. It’s social engineering with a professional polish.

📉 5. Underreported and Undetected
Most phishing metrics come from email tools. LinkedIn-based attacks fly under the radar, making them harder to track and easier to repeat.
LinkedIn phishing isn’t just a personal risk, but a business threat. If your team uses LinkedIn, they need to be trained to spot fake profiles, suspicious messages, and malicious links.
Full article;

5 Reasons Why Attackers Are Phishing Over LinkedIn Phishing shifts to LinkedIn and other non-email channels, enabling scalable attacks and high-impact enterprise breaches.

Cybernews just released the most common passwords of 2025, and the results are rough. “123456” was found over 7.6 million times in leaked data. Other top offenders include “admin,” “password,” and “1234567890.”
These weak passwords make it easy for attackers to break into accounts. If you’re using anything on that list, it’s time to upgrade.
Security tip: Try a passphrase instead of a password. Four random words are easier to remember and harder to crack due to the length. For example:
PurpleT0astersDancingQuietly
or
47M00nwalkingCactuses!
Even better, use a password manager to generate and store strong one's for you.
Read more:

These are the most common passwords of 2025 According to the latest research, users still often opt for weak passwords like ‘123456’, ‘admin’, and ‘password’.

On October 31, an R1 research university in the Northeast United States was targeted in a major cyberattack. A compromised employee account was used to send mass emails to more than 700,000 people, criticizing the university's security and threatening to leak personal data.

The breach exposed sensitive information for over 1.2 million individuals, including donation history, estimated net worth, and demographic details. The university is working with the FBI to investigate.

Security tip: If an email seems off, confirm with the sender before clicking.