Information Technology Updates
The Information Technology policies have a new home on the UNI Policies website. What had previously been part of a shared chapter and numbered 9.51 through 9.59, is now a separate chapter, Chapter 14.
There is also a convenient IT Policy page that lists all IT and related policies, whether they are part of Chapter 14 or not, as well as IT Procedures that are referenced by a variety of Policies.
Due to Microsoft license changes, faculty, staff, students, and Emeritus no longer affiliated with UNI will no longer be able to use the Office 365 services through UNI including using Microsoft Office on personal devices with their UNI account. On December 3rd, 2019 these accounts will be deactivated and access to Microsoft products (like Microsoft Office) and other Microsoft services through UNI will end.
Anyone impacted by this change should complete moving documents they want to retain from their UNI OneDrive or SharePoint account before end of day on December 2nd, 2019 by following these instructions:
This change will only impact Microsoft services through UNI for anyone no longer affiliated with the university.
A new phishing campaign on Instagram attempts to alarm its targets by sending what appears to be an official copyright infringement notice from Instagram, stating that the user's account will be suspended unless the user follows the link in the email to fill out a "copyright objection form." https://www.bleepingcomputer.com/news/security/instagram-phishing-attack-baits-with-copyright-infringement-note/
Security researchers have identified 24 Android apps delivering the recently-discovered Joker Trojan. As we've previously reported, Joker made its way onto Google Play as early as June, and it exfiltrates data while signing victims up for premium subscriptions.
The list of affected apps can be found here: https://hotforsecurity.bitdefender.com/blog/if-you-have-any-of-these-24-android-apps-installed-delete-them-now-21514.html
During the 2018-19 academic year, UNI Information Security facilitated several phishing education campaigns. By all accounts, these were highly successful and resulted in a heightened awareness of criminal phishing attacks that are seen daily. We are pleased to have been allocated funding to continue this effort during the 2019-20 academic year. Simulated but realistic phishing messages will be sent to faculty and staff at several key times during the upcoming year. Individuals that follow the embedded links will receive immediate feedback including identification of clues within the simulated phish that could identify it as such.
Hy-Vee Issues Warning to Customers After Discovering Point-of-Sale Breach
UPDATE: Hy-Vee now has a page that provides dates and locations that were affected by this breach. Visit https://www.hy-vee.com/paymentcardincident/ to check for dates and locations when your card information may have been stolen.
Though the firm cannot cite specific locations in which its point-of-sale (PoS) systems were affected due to an ongoing investigation, supermarket chain Hy-Vee notified its customers this week that a security breach occurred on certain systems. Thus far, it's believed that transactions at "Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers)" may be vulnerable to hackers. A spokesperson said, "We believe the actions we have taken stopped the unauthorized activity on our payment processing systems."
Registers in Hy-Vee grocery stores utilize a different system and are reportedly not affected in the same way as those in the auxiliary enterprises. More information is available on the Hy-Vee site at https://www.hy-vee.com/corporate/news-events/announcements/notice-of-payment-card-data-incident/
It has been recently disclosed that Apple Remote Management can be attacked to generate a reflective denial of service attack against any arbitrary internet host. To prevent unwitting participation by UNI resources in these denial of service attacks, a temporary block of network traffic to this service has been put in place at the campus border. Campus users who are using Apple Remote Desktop from home to access their on-campus Apple workstations should request VPN access via the SRS system as a workaround until Apple corrects the issue. Contact the Service Desk for help with SRS requests.
On Sunday, August 4, 2019 from 7 a.m. to 9 a.m., UNI phone handsets will be upgraded. This upgrade affects only network connected Voice over IP phones. The duration of the upgrade for each phone is about 10 minutes. Computers will also be disconnected from the network for a few minutes during maintenance. After the phone upgrades are complete we will upgrade firmware on campus switches. This will result in network disconnections and IP phone reboot.
For call centers the state of busyout or auxworks button may change to accepting calls. Volume on IP phones will be reset to default loudness.
No service disruption is expected for public safety dispatch or other analog and digital phones, including blue emergency and elevator phones.
On Monday, July 8, 2019, Service Hub (servicehub.uni.edu) will be updated. For information, see Using the New Service Hub Portal article. The new site is more mobile-friendly and will integrate with IT articles and requests to help you get IT help quickly.
During the change, Service Hub may be unavailable. While the new site is moved, please contact the IT Service Desk for assistance.
A recent phishing scam says you won $2.5M for using Google's services. You didn't, so don't fall for this scam that's trying to steal your personal information.
A new phishing scam is offering Gmail users a prize of $2.5 million as a thank you gift for using Google services. To add legitimacy to the message, the phishers state that the message was sent by a Managing Director on behalf of Google CEO, Larry Page.
Attached to the email is a form entitled "Official Winning Letter by Google and mastercard visa 2019.pdf" stating that the recipient won a Google Visa/MasterCard (GVMC) Award with a cash prize of the aforementioned amount. Recipients are encouraged to fill out the claims form and send it back in order to receive the prize. The document states that the recipient will receive additional emails after the scammers get the claims form, which will most likely be requests for more personal information.