IT Security News

Nokia Threat Intelligence Report- Protect your IoT devices!
Apr 19, 2017: The most recent report from Nokia states that mobile device infection rates have gone up steadily throughout 2016—a rise of 400% smartphone malware. he report highlights vulnerabilities in a lot of different IoT devices, as well as iOS systems in iPhones
President Trump Signs Repeal of U.S. Broadband Privacy Rules
Apr 19, 2017: Earlier this month, President Trump signed a law to repeal privacy rules that “can prevent broadband providers from selling customers’ internet-browsing histories and other data without their permission.”
Critical Security Updates from Adobe, Microsoft
Apr 14, 2017: Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products.
Microsoft Patches Critical Zero-Day Exploit in Office Suite
Apr 14, 2017: This Patch Tuesday, Microsoft issues a fix for a zero-day vulnerability in the Office productivity suite that attackers were actively exploiting.
Microsoft kills off security bulletins after several stays
Apr 14, 2017: 'Disappointing,' says patch expert after concluding the replacement means more work for admins
Home Routers Used to Hack WordPress Sites
Apr 14, 2017: There's a group of hackers who are hijacking unsecured home routers and using these devices to launch coordinated brute-force attacks on the administration panel of WordPress sites.
Email-based attacks exploit unpatched vulnerability in Microsoft Word
Apr 11, 2017: Attackers have been exploiting a zero-day vulnerability in Microsoft Word since January to infect computers with malware
Amazon’s Third-Party Sellers Hit By Hackers
Apr 11, 2017: Fraud stems largely from email, password credentials stolen from hacked accounts, sold on the ‘dark web’
Google discloses unpatched IE flaw after Patch Tuesday delay
Feb 28, 2017: Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.
Windows 10 to permit block on apps installing if they’re not from Microsoft Store
Feb 28, 2017: Microsoft is testing a new feature that offers the option of preventing non-Windows 10 Store apps being installed.

IT Security Latest Alerts

Apple releases iOS Update to Remedy WiFi Problems
Apr 19, 2017:

A security update was made available for a variety of iPhone, iPad and iPod Touch devices after seeing that attackers within range were able to execute code on a WiFi chip. This update improved input validation, and is available for consumers now. More Info: Apple Security Content of iOS 10.3.1

Update LastPass NOW to Protect Your Passwords!
Apr 19, 2017:

LastPass, a password manager tool, recently fixed a major security flaw that allowed hackers to steal your passwords and manipulate your account. Users should make sure to update to the most recent verison of the software in order to secure their passwords and other account information. More Info: FAQs about the attack

Social Engineering Attacks hit Google Maps
Apr 19, 2017:

Thousands of fake listings are added to Google Maps each month, and these listings direct users to fake websites that either sell fake or overpriced services. This was popular in larger metropolitan areas like NYC, Chicago or LA, because people would go on Google Maps to find a service and then get re-directed to the website of a fake business…or would call the phone number of a fake business. Google says it has reduced its amount of abusive listings by 70% since June 2015 (peak period).

Be Careful with Attachments in Your Emails!
Apr 19, 2017:

A vulnerability was discovered in Microsoft Word that allowed for zero-day attacks to infect computers with malware through Word-document email attachments. When the attachments are opened, a fake word document is opened while malware is installed on the victim’s computer system. The attack only targeted a limited number of victims, but users should “be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.”

Employment Opportunity Scam
Jan 23, 2017:

There is an elaborate employment opportunity scheme currently underway which is targeted towards college students.  Learn more!

What's New

MakeITSafe Security Awareness Training

University employees are required to complete annual information security awareness training. Click on this link: MakeITSafe Training to access the training modules. Please contact the UM Chief Information Security Officer with questions at umciso@umsystem.edu.