Information Technology Updates
During the 2018-19 academic year, UNI Information Security facilitated several phishing education campaigns. By all accounts, these were highly successful and resulted in a heightened awareness of criminal phishing attacks that are seen daily. We are pleased to have been allocated funding to continue this effort during the 2019-20 academic year. Simulated but realistic phishing messages will be sent to faculty and staff at several key times during the upcoming year. Individuals that follow the embedded links will receive immediate feedback including identification of clues within the simulated phish that could identify it as such.
Hy-Vee Issues Warning to Customers After Discovering Point-of-Sale Breach
UPDATE: Hy-Vee now has a page that provides dates and locations that were affected by this breach. Visit https://www.hy-vee.com/paymentcardincident/ to check for dates and locations when your card information may have been stolen.
Though the firm cannot cite specific locations in which its point-of-sale (PoS) systems were affected due to an ongoing investigation, supermarket chain Hy-Vee notified its customers this week that a security breach occurred on certain systems. Thus far, it's believed that transactions at "Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants (Market Grilles, Market Grille Expresses, and Wahlburgers)" may be vulnerable to hackers. A spokesperson said, "We believe the actions we have taken stopped the unauthorized activity on our payment processing systems."
Registers in Hy-Vee grocery stores utilize a different system and are reportedly not affected in the same way as those in the auxiliary enterprises. More information is available on the Hy-Vee site at https://www.hy-vee.com/corporate/news-events/announcements/notice-of-payment-card-data-incident/
It has been recently disclosed that Apple Remote Management can be attacked to generate a reflective denial of service attack against any arbitrary internet host. To prevent unwitting participation by UNI resources in these denial of service attacks, a temporary block of network traffic to this service has been put in place at the campus border. Campus users who are using Apple Remote Desktop from home to access their on-campus Apple workstations should request VPN access via the SRS system as a workaround until Apple corrects the issue. Contact the Service Desk for help with SRS requests.
On Sunday, August 4, 2019 from 7 a.m. to 9 a.m., UNI phone handsets will be upgraded. This upgrade affects only network connected Voice over IP phones. The duration of the upgrade for each phone is about 10 minutes. Computers will also be disconnected from the network for a few minutes during maintenance. After the phone upgrades are complete we will upgrade firmware on campus switches. This will result in network disconnections and IP phone reboot.
For call centers the state of busyout or auxworks button may change to accepting calls. Volume on IP phones will be reset to default loudness.
No service disruption is expected for public safety dispatch or other analog and digital phones, including blue emergency and elevator phones.
On Monday, July 8, 2019, Service Hub (servicehub.uni.edu) will be updated. For information, see Using the New Service Hub Portal article. The new site is more mobile-friendly and will integrate with IT articles and requests to help you get IT help quickly.
During the change, Service Hub may be unavailable. While the new site is moved, please contact the IT Service Desk for assistance.
A recent phishing scam says you won $2.5M for using Google's services. You didn't, so don't fall for this scam that's trying to steal your personal information.
A new phishing scam is offering Gmail users a prize of $2.5 million as a thank you gift for using Google services. To add legitimacy to the message, the phishers state that the message was sent by a Managing Director on behalf of Google CEO, Larry Page.
Attached to the email is a form entitled "Official Winning Letter by Google and mastercard visa 2019.pdf" stating that the recipient won a Google Visa/MasterCard (GVMC) Award with a cash prize of the aforementioned amount. Recipients are encouraged to fill out the claims form and send it back in order to receive the prize. The document states that the recipient will receive additional emails after the scammers get the claims form, which will most likely be requests for more personal information.
Read more at https://www.bleepingcomputer.com/news/security/phishing-scam-says-you-won-25m-for-using-googles-services/
LinkedIn Learning is an on-demand learning solution designed to help you gain new skills and advance your career. You will have unlimited 24/7 access to more than 5,000 video tutorials from any desktop or mobile device. Tutorials address business, creative and technology topics presented by expert instructors including industry leaders. Watch for more details later this summer.
On Saturday, June 22, 2019 the Panopto application will be UNAVAILABLE as the Panopto cloud site will be upgraded to the latest release.. This upgrade will require downtime from 8:00 pm to 11:00 pm CDT. During this time you will not be able to access recordings on the Panopto server, and any attempts to upload will result in a "Server unable to connect" message.
A Trend Micro fraud researcher discovered a new tech support scam that uses iframes and browser-specific popups to trap its victims, making this scam relatively more sophisticated than other scams of its kind. Details on this scam are available at https://www.bleepingcomputer.com/news/security/tech-support-scammers-freeze-browsers-using-iframes/
It is very easy to find any information you need in today’s connected world. Have you ever Googled yourself to see what information about you is online? A search can often provide your address history, phone number, age, birthdate, employment information, public records, and social media accounts. Consider what can be done with Personally Identifiable Information (PII) from the perspective of a cyber criminal looking to commit identity theft or other crimes. Read more at https://www.cisecurity.org/newsletter/share-your-information-with-care/