Staff Updates

1 day 19 hours ago

The following color scheme will be used to describe expected timelines for applying most operating system and application patches.  

  1. Red = Drop everything and address situation (e.g., patch) immediately.

  2. Orange = 24 hours or less

  3. Yellow = 1 week (default unless escalated by IT Security Office, CIO, or IT LT Director)

  4. Anything that needs to exceed a week is to be discussed with IT Security Office

Vendors and systems that provide patches on a schedule with frequency greater than monthly, e.g., Oracle, will have a schedule as agreed to by the unit involved and the Information Security office.

1 month 4 weeks ago

For UNI-managed computers, IT takes care of ensuring that the machine you use is kept up-to-date and patched. For personally-owned devices, including many devices that aren't "computers", the update responsibility is squarely on your shoulders. Some devices provide "automatic updates".  Turn that on and take advantage of it! Otherwise, set a reminder at least once per month to check for updates and apply those that are available. https://www.sans.org/newsletters/ouch/power-updating/

2 months 1 week ago

QR codes are everywhere: you can see them on posters and leaflets, ATM screens, price tags and merchandise, historical buildings and monuments. People use them to share information, promote various online resources, pay for their goodies, and pass verification. And yet you don’t see lots of QR codes in email: users often read messages on their phones without any other device handy for scanning. As such, most letters come with ordinary hyperlinks instead. Nevertheless, the attackers increasingly turn to QR codes delivered through email. Read more at https://securelist.com/qr-codes-in-phishing/110676/

3 months 1 week ago

It’s clear that users remain a key target for threat actors looking to gain a foothold in corporate systems. In the past, businesses have placed the onus on users – expecting them to know what to look out for and identify phishing attacks – but with techniques becoming more convincing, a new approach is needed. Read more at https://www.infosecurity-magazine.com/blogs/how-can-users-stay-protected/

4 months 1 day ago

UNI IT has chosen Bitwarden as its licensed partner for an enterprise password manager. Bitwarden also offers free accounts that should be more that adequate for most uses. Migration from other password managers is generally available and documented on Bitwarden's website.  For more on password managers in general, see https://www.sans.org/newsletters/ouch/power-password-managers/

5 months 18 hours ago

Phone call scams are sometimes preferred by bad actors because they provide a direct connection between the bad actor and the potential victim. Guidance to protect yourself can be found at https://www.sans.org/newsletters/ouch/stop-phone-call-scams/

5 months 3 weeks ago

Your financial accounts are a primary target for cyber-criminals. You have money, and they will do anything to steal it. By financial accounts, we mean not only your checking or savings accounts, but also investments, retirement, and online payment accounts like PayPal. Fortunately, with some simple, fundamental steps, you can protect yourself.  Read the details at  https://www.sans.org/newsletters/ouch/securing-financial-accounts/

7 months 1 day ago

This upgrade has taken place on Thursday, May 26

In mid-to-late April, a number of Duo applications were upgraded to be able to convert to Duo's new Universal Prompt. See https://it.uni.edu/updates/duo-universal-prompt-phase-2 for those details. However, the set of applications scheduled for April 27 had some issues and was reverted. Those updates are now scheduled for this coming Wednesday, May 17.

  • Wednesday, May 17:  Many internal and/or higher-use resources, e.g., Google apps, eBiz, Zoom, ServiceHub, CBORD GET, VPN, Docusign, EZ Proxy, FAMIS 360, etc.

The above is a sample of the most common applications affected. A complete list can be found at https://it.uni.edu/shibboleth-and-duo-universal-prompt-upgrades. Details on Duo's Universal Prompt can be found at https://guide.duo.com/universal-prompt

7 months 1 day ago

As QR codes continue to be heavily used by legitimate organizations—from Super Bowl advertisements to enforcing parking fees and fines, scammers have crept in to abuse the very technology for their nefarious purposes. The rest of the story is here: https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/

7 months 2 days ago

AI: What is It and Why Should I Care?

Artificial Intelligence (AI) describes systems programmed to think and respond like humans. In fact, we asked the AI solution ChatGPT that very question and got this response. https://www.sans.org/newsletters/ouch/artificial-intelligence/

Pages

  • ITTC 36
  • (319) 273-5555
  • Service Hub