IT Security News

Diversity in Recent Mac Malware
May 26, 2017: In recent weeks, there have been some high-profile reports about Mac malware, most notably OSX/Dok and OSX.Proton.B. Dok malware made headlines due to its unique ability to intercept all web traffic, while Proton.B gained fame when attackers replaced legitimate versions of HandBrake with an infected
WannaCry: Ransom note analysis throws up new clues
May 26, 2017: Linguistic analysis of ransom notes by Flashpoint suggests the ransomware note writer speaks Chinese - and used Google Translate.
Android Overlay and Accessibility Features Leave Millions at Risk
May 26, 2017: University researchers are warning that two features, not flaws, core to Google’s Android mobile operating system can be used together to launch clickjacking attacks to gain control of a target’s phone.
No More Ransom!
May 24, 2017: Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. However this is not guaranteed and you should never pay!
Windows Defender does not defend Windows 7 against WannaCry
May 24, 2017: Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7.
BEC scammers picked off $5B, FBI says
May 10, 2017: Business E-mail Compromise (BEC) scams have now raked in a total of $5 billion, according to the Federal Bureau of Investigation (FBI).
Microsoft uncovers hacking operation aimed at software supply chain
May 10, 2017: Microsoft researchers recently uncovered a sophisticated hacking campaign that was serving targeted malware to “several high-profile technology and financial organizations.”
WordPress Zero-Day Could Expose Password Reset Emails
May 05, 2017: Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances.
Massive Google Docs phishing attack targeted credentials, permissions
May 05, 2017: A fast moving, but widespread phishing attack targeting Google Gmail and Docs users hit yesterday affecting an unknown number of victims with the likely goal of stealing login credentials and millions of additional email addresses that could be used for a future phishing campaign.
Nokia Threat Intelligence Report- Protect your IoT devices!
Apr 19, 2017: The most recent report from Nokia states that mobile device infection rates have gone up steadily throughout 2016—a rise of 400% smartphone malware. he report highlights vulnerabilities in a lot of different IoT devices, as well as iOS systems in iPhones

IT Security Latest Alerts

Google Docs Phishing Scam: What We Know
May 04, 2017:

On May 3rd, 2017, news outlets and social media sites were reporting a phishing scam surrounding fake “Google Doc” emails. Learn more!

Apple releases iOS Update to Remedy WiFi Problems
Apr 19, 2017:

A security update was made available for a variety of iPhone, iPad and iPod Touch devices after seeing that attackers within range were able to execute code on a WiFi chip. This update improved input validation, and is available for consumers now. More Info: Apple Security Content of iOS 10.3.1

Update LastPass NOW to Protect Your Passwords!
Apr 19, 2017:

LastPass, a password manager tool, recently fixed a major security flaw that allowed hackers to steal your passwords and manipulate your account. Users should make sure to update to the most recent verison of the software in order to secure their passwords and other account information. More Info: FAQs about the attack

Social Engineering Attacks hit Google Maps
Apr 19, 2017:

Thousands of fake listings are added to Google Maps each month, and these listings direct users to fake websites that either sell fake or overpriced services. This was popular in larger metropolitan areas like NYC, Chicago or LA, because people would go on Google Maps to find a service and then get re-directed to the website of a fake business…or would call the phone number of a fake business. Google says it has reduced its amount of abusive listings by 70% since June 2015 (peak period).

Be Careful with Attachments in Your Emails!
Apr 19, 2017:

A vulnerability was discovered in Microsoft Word that allowed for zero-day attacks to infect computers with malware through Word-document email attachments. When the attachments are opened, a fake word document is opened while malware is installed on the victim’s computer system. The attack only targeted a limited number of victims, but users should “be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.”

What's New

MakeITSafe Security Awareness Training

University employees are required to complete annual information security awareness training. Click on this link: MakeITSafe Training to access the training modules. Please contact the UM Chief Information Security Officer with questions at umciso@umsystem.edu.