IT Security News

Two-speed Android update risk: Mobes face months-long wait
Aug 24, 2016: Mobile app metrics firm Apteligent examined device data for Samsung, LG, Sony, HTC, Motorola, and ZTE to determine which manufacturer pushes out OS updates the soonest.
Eddie Bauer is latest retailer to be hit by point-of-sale malware
Aug 24, 2016: Sportswear retailer Eddie Bauer has informed customers that point-of-sale systems at its stores were hit by malware, enabling the theft of payment card information.
Apple Updates iOS to Version 9.3.4
Aug 12, 2016: Apple has released an update for its mobile operating system, iOS 9.3.4, which fixes a memory corruption issue that could be exploited "to execute arbitrary code with kernel privileges." The update blocks a jailbreak bug known as IOMobileFrameBuffer.
Microsoft Security Bulletin Summary for August 2016
Aug 12, 2016: Microsoft has released nine bulletins addressing more than 30 vulnerabilities in Windows, Edge, Internet Explorer, Office, and other products. Five of the nine bulletins address issues rated critical.
Google to push Flash closer to extinction with new version of Chrome
Aug 12, 2016: Chrome 55, due out in December, will replace the once-popular plug-in with HTML5, Google says.
Software Bundling Outfits Intentionally Distributing Unwanted Apps
Aug 10, 2016: A joint report published by Google and NYU researchers notes alerts generated by ad injectors, scareware and other unwanted apps far outstrip alerts for malware.
Newkirk medical records breach impacts 3.3M, Blue Cross Blue Shield customers affected
Aug 10, 2016: Newkirk Products, Inc, a service provider that issues healthcare ID cards for health insurance plans including several Blue Cross Blue Shield branches, has begun notifying approximately 3.3 million people of a data breach.
Most companies still can’t spot incoming cyberattacks
Jul 19, 2016: More than three quarters of organisations vulnerable to hackers due to lack of cybersecurity staff or tools, says report.
Delilah malware secretly taps webcam, blackmails and recruits insider threat victims
Jul 19, 2016: Delilah malware taps computer and webcam to get dirty little secrets, then blackmails victims into becoming an insider threat and coughing up a company’s secrets.
Ex-Cardinals employee gets nearly 4 years in prison for Astros hack
Jul 19, 2016: A former employee of the St. Louis Cardinals baseball organization has been sentenced to nearly four years in prison for hacking computers belonging to the Houston Astros, the US Justice Department said Monday.

IT Security Latest Alerts

When virtual meets reality: Pokémon GO is a real world adventure with real-life risks
Jul 21, 2016:

The game itself is free of charge, but some of the associated risks can be very costly. Follow our tips to stay Poké-Safe!

300 Wendy’s Restaurants Fall Victim to Malware
May 19, 2016:

Starting in the fall of 2015, Wendy's believes around 300 North American restaurants experienced a malware installation through the use of compromised third-party vendor credentials, which affected parts of the sales system. The malware caused unusual payment card activity. Reports indicated that fraudulent charges may have occurred at other retailers after payment card were legitimately used at Wendy's.  To learn more about what Wendy's is doing and for FAQ's, visit: https://www.wendys.com/en-us/about-wendys/the-wendys-company-updates. 

Google has released a new update for Chrome
Apr 29, 2016:

Google has released a new update for Chrome to address several vulnerabilities for Mac, Windows, and Linux users.

FBI Successfully Hacks the iPhone
Apr 05, 2016:

One hour. That’s all it takes from beginning to end to hack into the iPhone using the UFED Touch device. Time is not the only thing that makes the device easy to use.

Warning!  Details on the Latest Email Scam
Feb 03, 2016:

A number of MU employees and students have had their University and/or personal email accounts compromised.  Find out more about the latest scam tactic and learn how to thwart this attack!

What's New

MakeITSafe Security Awareness Training

University employees are required to complete annual information security awareness training. Click on this link: MakeITSafe Training to access the training modules. Please contact the UM Chief Information Security Officer with questions at umciso@umsystem.edu.