IT Security NewsJun 20, 2017: On Thursday, Girl Scouts of the USA announced a new partnership with Palo Alto Networks to create a series of cybersecurity badges. Jun 16, 2017: According to multiple reports, a new widespread ransomware campaign (known as WannaCry, WCry, Wanna Decryptor) is affecting various organizations across the globe. One possible way you can be infected is through phishing. May 26, 2017: In recent weeks, there have been some high-profile reports about Mac malware, most notably OSX/Dok and OSX.Proton.B. Dok malware made headlines due to its unique ability to intercept all web traffic, while Proton.B gained fame when attackers replaced legitimate versions of HandBrake with an infected May 26, 2017: Linguistic analysis of ransom notes by Flashpoint suggests the ransomware note writer speaks Chinese - and used Google Translate. May 26, 2017: University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone. May 24, 2017: Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. However this is not guaranteed and you should never pay! May 24, 2017: Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7. May 10, 2017: Business E-mail Compromise (BEC) scams have now raked in a total of $5 billion, according to the Federal Bureau of Investigation (FBI). May 10, 2017: Microsoft researchers recently uncovered a sophisticated hacking campaign that was serving targeted malware to “several high-profile technology and financial organizations.” May 05, 2017: Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
IT Security Latest AlertsJun 16, 2017:
A cybersecurity firm discovered several apps related to WannaCry ransomware in the Google Play Store for Androids and in Apple’s App Store. Another hundred fraudulent antivirus apps were also discovered on digital markets. In order to keep your device safe, be sure to only download software from reputable developers and check the app description for grammatical errors, things out of place and user reviews.May 31, 2017:
Chipotle Mexican Grill worked in conjuction with law enforcement, payment card networks and cyber security firms to investigate a payment card security incident reported on April 25, 2017. The investigation uncovered malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. Both Columbia, MO restaurants have been identified as locations infected between March 24, 2017 and April 18, 2017. If you believe you have used a payment card at either location during this timeframe, please be vigiliant when reviewing your charge statements and report any unauthorized charges immediately. For more information, visit https://www.chipotle.com/security.May 04, 2017:
On May 3rd, 2017, news outlets and social media sites were reporting a phishing scam surrounding fake “Google Doc” emails. Learn more!Apr 19, 2017:
A security update was made available for a variety of iPhone, iPad and iPod Touch devices after seeing that attackers within range were able to execute code on a WiFi chip. This update improved input validation, and is available for consumers now. More Info: Apple Security Content of iOS 10.3.1Apr 19, 2017:
LastPass, a password manager tool, recently fixed a major security flaw that allowed hackers to steal your passwords and manipulate your account. Users should make sure to update to the most recent verison of the software in order to secure their passwords and other account information. More Info: FAQs about the attack
University employees are required to complete annual information security awareness training. Click on this link: MakeITSafe Training to access the training modules. Please contact the UM Chief Information Security Officer with questions at email@example.com.