IT Security NewsMay 24, 2017: Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. However this is not guaranteed and you should never pay! May 24, 2017: Thanks to Kaspersky, we now know that 98% of the Windows machines infected by WannaCry/WannaCrypt were running Windows 7. May 10, 2017: Business E-mail Compromise (BEC) scams have now raked in a total of $5 billion, according to the Federal Bureau of Investigation (FBI). May 10, 2017: Microsoft researchers recently uncovered a sophisticated hacking campaign that was serving targeted malware to “several high-profile technology and financial organizations.” May 05, 2017: Polish security expert Dawid Golunski has discovered a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link, under certain circumstances. May 05, 2017: A fast moving, but widespread phishing attack targeting Google Gmail and Docs users hit yesterday affecting an unknown number of victims with the likely goal of stealing login credentials and millions of additional email addresses that could be used for a future phishing campaign. Apr 19, 2017: The most recent report from Nokia states that mobile device infection rates have gone up steadily throughout 2016—a rise of 400% smartphone malware. he report highlights vulnerabilities in a lot of different IoT devices, as well as iOS systems in iPhones Apr 19, 2017: Earlier this month, President Trump signed a law to repeal privacy rules that “can prevent broadband providers from selling customers’ internet-browsing histories and other data without their permission.” Apr 14, 2017: Adobe and Microsoft separately issued updates on Tuesday to fix a slew of security flaws in their products. Apr 14, 2017: This Patch Tuesday, Microsoft issues a fix for a zero-day vulnerability in the Office productivity suite that attackers were actively exploiting.
IT Security Latest AlertsMay 04, 2017:
On May 3rd, 2017, news outlets and social media sites were reporting a phishing scam surrounding fake “Google Doc” emails. Learn more!Apr 19, 2017:
A security update was made available for a variety of iPhone, iPad and iPod Touch devices after seeing that attackers within range were able to execute code on a WiFi chip. This update improved input validation, and is available for consumers now. More Info: Apple Security Content of iOS 10.3.1Apr 19, 2017:
LastPass, a password manager tool, recently fixed a major security flaw that allowed hackers to steal your passwords and manipulate your account. Users should make sure to update to the most recent verison of the software in order to secure their passwords and other account information. More Info: FAQs about the attackApr 19, 2017:
Thousands of fake listings are added to Google Maps each month, and these listings direct users to fake websites that either sell fake or overpriced services. This was popular in larger metropolitan areas like NYC, Chicago or LA, because people would go on Google Maps to find a service and then get re-directed to the website of a fake business…or would call the phone number of a fake business. Google says it has reduced its amount of abusive listings by 70% since June 2015 (peak period).Apr 19, 2017:
A vulnerability was discovered in Microsoft Word that allowed for zero-day attacks to infect computers with malware through Word-document email attachments. When the attachments are opened, a fake word document is opened while malware is installed on the victim’s computer system. The attack only targeted a limited number of victims, but users should “be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.”
University employees are required to complete annual information security awareness training. Click on this link: MakeITSafe Training to access the training modules. Please contact the UM Chief Information Security Officer with questions at email@example.com.