IT Security News

BlueBorne: What You Need To Know
Sep 15, 2017: These days, leaving your Bluetooth turned on might do more than just drain your phone battery. A new cyberattack known as BlueBorne allows hackers to take control of your devices through the air. What makes BlueBorne so scary is that you do not have to authorize to pair your device, it just happens.
500+ Android apps found containing program that can download spyware plug-in
Aug 25, 2017: More than 500 mobile apps on Google Play were recently discovered containing an advertising software development kit capable of downloading malicious plug-ins that can spy on Android users' call histories, researchers from mobile security company Lookout have reported.
Malicious PowerPoint Slide Show files exploit Microsoft bug to deliver REMCOS RAT
Aug 18, 2017: In what researchers are calling a first, malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability that is more typically exploited with Rich Text File documents.
70% of DevOps Pros Say They Didn’t Get Proper Security Training in College
Aug 18, 2017: Veracode survey shows majority of DevOps pros mostly learn on the job about security.
How Cybersecurity Became 2017’s Hot New Major
Aug 18, 2017: If recent headlines about attacks on our privacy make one thing clear, it’s that there is a lot of work to do in the world of cybersecurity.
Mozilla Firefox patches 29 vulnerabilities
Aug 11, 2017: Mozilla Foundation released 29 CVE patches to Firefox 55, including five that address critical vulnerabilities.
Android app stores flooded with 1,000 spyware apps
Aug 11, 2017: Three fake messaging apps in the Google Play Store have been found to be distributing SonicSpy malware.
Adobe patches security flaws in Acrobat and Reader
Aug 11, 2017: Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and Mac, patching vulnerabilities that could allow an attacker to take control of the affected system.
Microsoft fixes ‘critical’ security bugs affecting all versions of Windows
Aug 11, 2017: Microsoft patched 48 separate vulnerabilities — the majority of which were the highest "critical" rating.
CopyCat malware infects 14M Android devices, steals credits for app downloads
Jul 10, 2017: Dubbed CopyCat, the malware is the first known adware that injects its code into Zygote, a daemon tasked with launching apps on Android devices.

IT Security Latest Alerts

Major Equifax Cyber Attack Impacting 143 Million Americans
Sep 11, 2017:

Equifax (one of the major consumer credit reporting agencies) reported on Thursday, 9/7/2017, that hackers gained access to company data which potentially compromised sensitive information for 143 million American consumers. The compromised consumer data includes name, address, birthdate, Social Security numbers, and driver's license numbers. Learn how to protect yourself

Printer Model/Toner Social Engineering Scam
Jul 24, 2017:

University staff members are reporting they have received phone calls from outside entities requesting printer model numbers.  The “vendor” will ship toner and printer supplies to any departments that disclose this information.  This will result in a large outstanding invoice and the vendor demanding payment because they were given verbal consent for the products shipped.  Please make departmental staff aware of this situation.  Follow our best practices to prevent being a victim of these scams.

Watch out for Malicious Apps Posing as Virus Scanners!
Jun 16, 2017:

A cybersecurity firm discovered several apps related to WannaCry ransomware in the Google Play Store for Androids and in Apple’s App Store. Another hundred fraudulent antivirus apps were also discovered on digital markets. In order to keep your device safe, be sure to only download software from reputable developers and check the app description for grammatical errors, things out of place and user reviews.

Chipotle Mexican Grill Reports Payment Card Security Incident
May 31, 2017:

Chipotle Mexican Grill worked in conjuction with law enforcement, payment card networks and cyber security firms to investigate a payment card security incident reported on April 25, 2017. The investigation uncovered malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. Both Columbia, MO restaurants have been identified as locations infected between March 24, 2017 and April 18, 2017. If you believe you have used a payment card at either location during this timeframe, please be vigiliant when reviewing your charge statements and report any unauthorized charges immediately. For more information, visit https://www.chipotle.com/security

Google Docs Phishing Scam: What We Know
May 04, 2017:

On May 3rd, 2017, news outlets and social media sites were reporting a phishing scam surrounding fake “Google Doc” emails. Learn more!

What's New

MakeITSafe Security Awareness Training

University employees are required to complete annual information security awareness training. For more information, vist our training page.