Information Technology Updates
Many people mistakenly believe they are not a target for cyber attackers: that they, their systems, or accounts do not have any value. This could not be further from the truth. If you use technology in anyway, at work or at home, trust us - you have value to the bad guys. But, you are in luck. You already have the best defense there is against these cyber attacks - you. SANS OUCH!
An email message with Subject: Request for Input - UNI Branding Effort is being delivered to many faculty, staff, and perhaps student inboxes this week. I have had several conversations with recipients who are concerned about the legitimacy of this message. This message is legitimate.
While the From: address is a non-UNI address, it is the expected address for email originating from our Qualtrics survey tool. Other clues that this is a legitimate message include:
- A Reply-to: of firstname.lastname@example.org. Additionally, the content in the body of the message discusses contacting CSBR for questions or administrative issues with the survey.
- The link(s) in the message have a domain of uni.co1.qualtrics.com, the proper domain for Qualtrics surveys administered by UNI.
I understand and greatly appreciate your vigilance regarding this message, especially in the midst of our Phishing Education initiative. Keep up the good work!
Communicating using G Suite Apps
This workshop will focus on communication applications included with G Suite, covering GMail, Google Groups, and Google Hangouts Chat. During this workshop, we will review how to create and reply to messages, add attachments and images, and content organization. We will also walk through the process of requesting and configuring a Google Group, and will end the session by exploring Google Hangouts Chat and the benefits of creating a chat-based workspace.
January 25th - 10:00-11:00 AM - ScholarSpace - 301 Rod Library
Getting Organized with G Suite Apps
This workshop will focus on organization applications included in G Suite, specifically, Calendar, Keep, and Tasks. During this workshop, we will review how to create an event, create appointment slots, view a guest’s availability, and add a room or resource to an event. In addition, we will look at sharing calendars and creating secondary calendars. Next, we will move into using Keep and how to create notes and use reminders. We will wrap the class up by talking about how to create tasks, subtasks, and due dates.
January 29th - 1:30-2:30 PM - ScholarSpace - 301 Rod Library
Using Google Drive
This workshop focuses on Google Drive and will include information and demonstrations on My Drive, Team Drives, Docs, Sheets, and Slides. We will review the process of sharing documents and folders, requesting a Team Drive, and setting access permissions. During this session, we will discuss how to use Google Drive for storage and connecting it to your computer through Drive File stream.
December 6th - 11:00-12:00 PM - ScholarSpace - 301 Rod Library
Febuary 6th - 2:00-3:00 PM - ScholarSpace - 301 Rod Library
Have questions for the GSuite team?
Create an Incident at ServiceHub and begin the Title Field: GSuite Team.
A security flaw in libssh leaves thousands of servers at risk of hijacking.
Excerpt: "The vulnerability allows an attacker to bypass authentication procedures and gain access to a server with an SSH connection enabled without having to enter the password. An attacker can do this by sending the SSH server "SSH2_MSG_USERAUTH_SUCCESS" message instead of the "SSH2_MSG_USERAUTH_REQUEST" message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate. Because of a coding error, when libssh receives the "SSH2_MSG_USERAUTH_SUCCESS" message, it will interpret this as the "authentication has already taken place" and will grant the attacker access to the local server."
Source: Catalin Cimpanu, ZDNet Date
Published: October 17, 2018
To read the complete article see: https://www.zdnet.com/article/security-flaw-in-libssh-leaves-thousands-of-servers-at-risk-of-hijacking/
Come visit with your UNI Blackboard staff and Blackboard representatives on October 23 in the Maucker Union. There will be sessions on future releases of Blackboard, the new Blackboard Ultra Base and Ultra Course view and a question and answer session with Blackboard staff. Snacks will be provided for the sessions and Blackboard will have some giveaway items. For more information including the schedule, visit the Blackboard Day website.
Does your Blackboard Grade Center seem overwhelming? You can filter Grade Center data in Bb Learn by Grading Period, Category, Grade Status and more, making it easier to find what you need quickly. Submit questions to UNI eLearning Suite support.
UNI will embark on a phishing education venture starting in October and continuing through April. Simulated but realistic phishing messages will be sent periodically to faculty and staff mailboxes by a contracted vendor. Those that respond to these educational messages will receive some quick and specific training on recognizing and avoiding future phishing messages. Tips for dealing with phishing messages in general are available at Phishing
Free credit freezes and year-long fraud alerts are here, starting September 21, 2018, thanks to a new federal law. Here’s what you should know: https://it.uni.edu/free-credit-freezes-are-here
This morning has brought another round of scam emails that purport to be from President Nook, but that are not using his real UNI address. An example address that was used was "email@example.com". Personal messages to you from President Nook will come from his normal UNI address, "Mark.Nook@uni.edu". Mass messages will be from a different address, usually "firstname.lastname@example.org".
The initial content of this morning's scam message was very short and cryptic:
Are you available now?
A response to that message went to a human and generated a conversation that ends with a request for you to purchase several iTunes gift cards for which reimbursement will made. This is an outright scam. The criminals aren't after your credentials or identity, they just want your money! Recognize the fake message from the beginning, mark it as spam, and delete it.