Information Security Updates
As fears and anxiety continue to rise over the spread of the corona virus across the world, so do email phishing attempts. Those with malicious intent are known to capitalize on periods of rising fear by conducting phishing campaigns that utilize techniques taking advantage of that very fear.
Information Technology urges the campus community to continue its vigilance when deciding whether to trust an email communication and click on any links held within. The IT Phishing Education website highlights several examples sent out to the university community over the past year and explains in each case why the message was a fake, and potentially, a phishing attempt.
As always, if you have concerns about a certain email message that you've received, you can forward it to security@uni.edu to receive help and guidance on whether or not the message is real.
Information Technology (IT) is constantly working to improve and secure the systems and services it runs. These changes take many shapes, including security updates, upgrades to functionality, and other modifications. These changes are worked on in testing systems and then deployed into production on a regular schedule. Under the circumstances of a campus closure event, IT will change its strategy to allow work to continue and progress to be made, without any changes actually being pushed into production. This may allow progress on system development to continue without introducing unnecessary risk (e.g. system outages, downtime, etc) into an already tense environment where a large number of employees are working from home.
IT continually works with campus leadership to identify those systems and services most crucial to maintaining the University's academic mission and during a campus closure event, our resources will be spent "keeping the lights on" for those systems.
If you have any questions, comments, or concerns, please don't hesitate to open an IT request by visiting Service Hub at servicehub.uni.edu and using the Get IT Help request form.
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. See https://thehackernews.com/2020/02/sudo-linux-vulnerability.html for details, how to determine if your system(s) is/are vulnerable, and how to fix with a simple configuration change.
The default settings for MacOS and a number of common Linux distributions are such that sudo on those platforms is not vulnerable but the defaults on a few distros are vulnerable, e.g., Mint and Elementary OS. This vulnerability is being tracked as CVE-2019-18634.
Because it works! Here's a real life story... https://isc.sans.edu/forums/diary/Why+Phishing+Remains+So+Popular/25742/
A silly phishing campaign is underway where the attackers state that your password will expire and be changed unless you login and confirm that you want to keep it the same.
As people get better at spotting the phishing scams pretending to be shipping information, receipts, and voicemails, scammers need to come with new methods to get people to click the links in their emails. Such is the case with a new phishing email that states you need click on the "Keep same password" button or your password will expire.
FULL ARTICLE: https://www.bleepingcomputer.com/news/security/silly-phishing-scam-warns-that-your-password-will-be-changed/
The full article includes screenshots, and the text of a sample phish
The Information Technology policies have a new home on the UNI Policies website. What had previously been part of a shared chapter and numbered 9.51 through 9.59, is now a separate chapter, Chapter 14.
There is also a convenient IT Policy page that lists all IT and related policies, whether they are part of Chapter 14 or not, as well as IT Procedures that are referenced by a variety of Policies.
A new phishing campaign on Instagram attempts to alarm its targets by sending what appears to be an official copyright infringement notice from Instagram, stating that the user's account will be suspended unless the user follows the link in the email to fill out a "copyright objection form." https://www.bleepingcomputer.com/news/security/instagram-phishing-attack-baits-with-copyright-infringement-note/
Security researchers have identified 24 Android apps delivering the recently-discovered Joker Trojan. As we've previously reported, Joker made its way onto Google Play as early as June, and it exfiltrates data while signing victims up for premium subscriptions.
The list of affected apps can be found here: https://hotforsecurity.bitdefender.com/blog/if-you-have-any-of-these-24-android-apps-installed-delete-them-now-21514.html
During the 2018-19 academic year, UNI Information Security facilitated several phishing education campaigns. By all accounts, these were highly successful and resulted in a heightened awareness of criminal phishing attacks that are seen daily. We are pleased to have been allocated funding to continue this effort during the 2019-20 academic year. Simulated but realistic phishing messages will be sent to faculty and staff at several key times during the upcoming year. Individuals that follow the embedded links will receive immediate feedback including identification of clues within the simulated phish that could identify it as such.
Hy-Vee Issues Warning to Customers After Discovering Point-of-Sale Breach
UPDATE: Hy-Vee now has a page that provides dates and locations that were affected by this breach. Visit https://www.hy-vee.com/paymentcardincident/ to check for dates and locations when your card information may have been stolen.
Though the firm cannot cite specific locations in which its point-of-sale (PoS) systems were affected due to an ongoing investigation, supermarket chain Hy-Vee notified its customers this week that a security breach occurred on certain systems. Thus far, it's believed that transactions at "Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers)" may be vulnerable to hackers. A spokesperson said, "We believe the actions we have taken stopped the unauthorized activity on our payment processing systems."
Registers in Hy-Vee grocery stores utilize a different system and are reportedly not affected in the same way as those in the auxiliary enterprises. More information is available on the Hy-Vee site at https://www.hy-vee.com/corporate/news-events/announcements/notice-of-payment-card-data-incident/
Pages
- ITTC 36
- (319) 273-5555
