Security & Safe Computing Updates
As people seek to file their tax returns this year, cybercriminals will be busy trying to take advantage of this with a variety of scams. Citizens may learn they are victims only after having a legitimate tax return rejected because scammers already fraudulently filed taxes in their name. Read more at the Center for Internet Security.
Cyber criminals continue to come up with new and creative ways to fool people. A new type of scam is gaining popularity— personalized scams. Cyber criminals find or purchase information about millions of people, then use that information to personalize their attacks. Below we show you how these scams work and walk you through a common example. The more you know about these scams, the easier it is for you to spot and stop them.
Read the details in this month's OUCH! newsletter from SANS.
January 28 is Data Privacy Day (DPD), an annual effort to promote data privacy awareness and education. This year's DPD events, sponsored by the National Cyber Security Alliance (NCSA), focus around the theme, A New Era in Privacy.
The NCSA Stay Safe Online website will feature a live stream of the Data Privacy Day 2019 - Live From LinkedIn event, which includes presentations on opportunities and challenges and the future of privacy, as well as a TED-style talk with the Amazon Web Services Global principal security architect.
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review NCSA's tips on Managing Your Privacy and the following NCCIC tips:
Caribou Coffee chain announces card breach impacting 239 stores, including the Cedar Falls store
"All customers who used a credit or debit card at one of the affected stores between August 28, 2018, and December 3, 2018, should consider their card details compromised and take precautions such as asking for a card replacement, reviewing credit card reports, and enrolling in identity protection programs. Users can consult the list of impacted stores via the company's data breach notice, posted on its homepage. Caribou Coffee officials said they detected that something was wrong last month, on November 28, when its IT staff was alerted of "unusual activity" on its network via its security monitoring processes."
To read the complete article see: https://www.zdnet.com/article/caribou-coffee-chain-announces-card-breach-impacting-239-stores/
Many people mistakenly believe they are not a target for cyber attackers: that they, their systems, or accounts do not have any value. This could not be further from the truth. If you use technology in anyway, at work or at home, trust us - you have value to the bad guys. But, you are in luck. You already have the best defense there is against these cyber attacks - you. SANS OUCH!
An email message with Subject: Request for Input - UNI Branding Effort is being delivered to many faculty, staff, and perhaps student inboxes this week. I have had several conversations with recipients who are concerned about the legitimacy of this message. This message is legitimate.
While the From: address is a non-UNI address, it is the expected address for email originating from our Qualtrics survey tool. Other clues that this is a legitimate message include:
- A Reply-to: of csbr@uni.edu. Additionally, the content in the body of the message discusses contacting CSBR for questions or administrative issues with the survey.
- The link(s) in the message have a domain of uni.co1.qualtrics.com, the proper domain for Qualtrics surveys administered by UNI.
I understand and greatly appreciate your vigilance regarding this message, especially in the midst of our Phishing Education initiative. Keep up the good work!
A security flaw in libssh leaves thousands of servers at risk of hijacking.
Excerpt: "The vulnerability allows an attacker to bypass authentication procedures and gain access to a server with an SSH connection enabled without having to enter the password. An attacker can do this by sending the SSH server "SSH2_MSG_USERAUTH_SUCCESS" message instead of the "SSH2_MSG_USERAUTH_REQUEST" message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate. Because of a coding error, when libssh receives the "SSH2_MSG_USERAUTH_SUCCESS" message, it will interpret this as the "authentication has already taken place" and will grant the attacker access to the local server."
Source: Catalin Cimpanu, ZDNet Date
Published: October 17, 2018
To read the complete article see: https://www.zdnet.com/article/security-flaw-in-libssh-leaves-thousands-of-servers-at-risk-of-hijacking/
UNI embarked on a phishing education venture starting last October and continuing through April. Simulated but realistic phishing messages were sent periodically to faculty and staff mailboxes by a contracted vendor. Those that respond to these educational messages received some quick and specific training on recognizing and avoiding future phishing messages. Tips for dealing with phishing messages in general are available at Phishing
Here's a summary of the messages sent throughout the academic year.
-
FedEx missed delivery - October: https://it.uni.edu/phishing-education-23452
-
Deprovisioning followup - November: https://it.uni.edu/phishing-education-deprov
-
UNI Coffee Club offer - January: https://it.uni.edu/phishing-education-coffee
-
Target discount offer - February: https://it.uni.edu/phishing-education-53789
-
Google alert - March: https://it.uni.edu/phishing-education-72113
-
CatID Passphrase expiring - April: https://it.uni.edu/phishing-education-97953
Free credit freezes and year-long fraud alerts are here, starting September 21, 2018, thanks to a new federal law. Here’s what you should know: https://it.uni.edu/free-credit-freezes-are-here
This morning has brought another round of scam emails that purport to be from President Nook, but that are not using his real UNI address. An example address that was used was "drmarknook@gmail.com". Personal messages to you from President Nook will come from his normal UNI address, "Mark.Nook@uni.edu". Mass messages will be from a different address, usually "president@uni-mail.org".
The initial content of this morning's scam message was very short and cryptic:
Are you available now?
A response to that message went to a human and generated a conversation that ends with a request for you to purchase several iTunes gift cards for which reimbursement will made. This is an outright scam. The criminals aren't after your credentials or identity, they just want your money! Recognize the fake message from the beginning, mark it as spam, and delete it.
Pages
- ITTC 36
- (319) 273-5555
