IT Security News

No More Ransom!
May 24, 2017: Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. However this is not guaranteed and you should never pay!
Windows Defender does not defend Windows 7 against WannaCry
May 24, 2017: Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7.
BEC scammers picked off $5B, FBI says
May 10, 2017: Business E-mail Compromise (BEC) scams have now raked in a total of $5 billion, according to the Federal Bureau of Investigation (FBI).
Microsoft uncovers hacking operation aimed at software supply chain
May 10, 2017: Microsoft researchers recently uncovered a sophisticated hacking campaign that was serving targeted malware to “several high-profile technology and financial organizations.”
WordPress Zero-Day Could Expose Password Reset Emails
May 05, 2017: Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
Massive Google Docs phishing attack targeted credentials, permissions
May 05, 2017: A fast moving, but widespread phishing attack targeting Google Gmail and Docs users hit yesterday affecting an unknown number of victims with the likely goal of stealing login credentials and millions of additional email addresses that could be used for a future phishing campaign.
Nokia Threat Intelligence Report- Protect your IoT devices!
Apr 19, 2017: The most recent report from Nokia states that mobile device infection rates have gone up steadily throughout 2016—a rise of 400% smartphone malware. he report highlights vulnerabilities in a lot of different IoT devices, as well as iOS systems in iPhones
President Trump Signs Repeal of U.S. Broadband Privacy Rules
Apr 19, 2017: Earlier this month, President Trump signed a law to repeal privacy rules that “can prevent broadband providers from selling customers’ internet-browsing histories and other data without their permission.”
Critical Security Updates from Adobe, Microsoft
Apr 14, 2017: Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products.
Microsoft Patches Critical Zero-Day Exploit in Office Suite
Apr 14, 2017: This Patch Tuesday, Microsoft issues a fix for a zero-day vulnerability in the Office productivity suite that attackers were actively exploiting.

IT Security Latest Alerts

Google Docs Phishing Scam: What We Know
May 04, 2017:

On May 3rd, 2017, news outlets and social media sites were reporting a phishing scam surrounding fake “Google Doc” emails. Learn more!

Apple releases iOS Update to Remedy WiFi Problems
Apr 19, 2017:

A security update was made available for a variety of iPhone, iPad and iPod Touch devices after seeing that attackers within range were able to execute code on a WiFi chip. This update improved input validation, and is available for consumers now. More Info: Apple Security Content of iOS 10.3.1

Update LastPass NOW to Protect Your Passwords!
Apr 19, 2017:

LastPass, a password manager tool, recently fixed a major security flaw that allowed hackers to steal your passwords and manipulate your account. Users should make sure to update to the most recent verison of the software in order to secure their passwords and other account information. More Info: FAQs about the attack

Social Engineering Attacks hit Google Maps
Apr 19, 2017:

Thousands of fake listings are added to Google Maps each month, and these listings direct users to fake websites that either sell fake or overpriced services. This was popular in larger metropolitan areas like NYC, Chicago or LA, because people would go on Google Maps to find a service and then get re-directed to the website of a fake business…or would call the phone number of a fake business. Google says it has reduced its amount of abusive listings by 70% since June 2015 (peak period).

Be Careful with Attachments in Your Emails!
Apr 19, 2017:

A vulnerability was discovered in Microsoft Word that allowed for zero-day attacks to infect computers with malware through Word-document email attachments. When the attachments are opened, a fake word document is opened while malware is installed on the victim’s computer system. The attack only targeted a limited number of victims, but users should “be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.”

What's New

MakeITSafe Security Awareness Training

University employees are required to complete annual information security awareness training. Click on this link: MakeITSafe Training to access the training modules. Please contact the UM Chief Information Security Officer with questions at umciso@umsystem.edu.