IT Security News

Google discloses unpatched IE flaw after Patch Tuesday delay
Feb 28, 2017: Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.
Windows 10 to permit block on apps installing if they’re not from Microsoft Store
Feb 28, 2017: Microsoft is testing a new feature that offers the option of preventing non-Windows 10 Store apps being installed.
RIAA, Other Copyright Holders Want ISPs to Introduce Piracy Filters
Feb 28, 2017: The DMCA is no longer enough for rightsholders, who now want ISPs to filter out copyrighted content and block access
Yahoo issues new breach warning; Verizon shaves $300M off its Yahoo offer
Feb 17, 2017: Verizon was in talks to purchase Yahoo's internet business when news broke that the web company had been hit with two massive data breaches and this has had an impact on the asking price with the initial offer of $4.8 billion has been reduced by about $250 million, according to a report Wednesday on
Adobe issues patches, Microsoft’s usual Patch Tuesday fixes delayed
Feb 17, 2017: The company released fixes as part of its regularly scheduled patch series for more than a dozen code execution vulnerabilities in its Flash Player.
Microsoft Launches Office 365 Secure Score
Feb 14, 2017: Microsoft on Friday announced that Office 365 Secure Score API, the company's security analytics tool aimed at evaluating data risk levels in the cloud service, is now available for commercial Office 365 users.
Microsoft Delays February’s Security Updates
Feb 14, 2017: Microsoft's security updates for February will be delayed.
Microsoft Warns of Emails Bearing Crafty PDF Phishing Scams
Feb 02, 2017: Instead of trying to cram malware into inboxes, attackers are increasingly using PDF-based social engineering schemes to trick victims into handing over sensitive data or email login passwords.
Half the Web Is Now Encrypted. That Makes Everyone Safer
Feb 02, 2017: Computer security news is usually pretty dismal, from malware crippling the web to ransomware taking down hospitals. But the web is getting safer in an important way.
Police camera system in D.C. hit with ransomware
Feb 02, 2017: A ransomware attack forced the city's security team to take the system offline while it mitigated the intrusion and reinstalled the system throughout the area.

IT Security Latest Alerts

Employment Opportunity Scam
Jan 23, 2017:

There is an elaborate employment opportunity scheme currently underway which is targeted towards college students.  Learn more!

Ho, Ho, NO! Don’t let online deals become cyber steals!
Dec 16, 2016:

While this time of year brings out kindness and joy, make sure that you don’t fall for a criminal’s latest ploy!

Tracking Number Email Scams Target Online Shoppers
Dec 15, 2016:

This holiday season don't take the bait! Many shipping carriers have experienced phishing scams targeting consumers. Subject lines often include tracking numbers, and the emails can contain a fake notice from the carrier with attachments and links. Be aware, the attachments and links can contain viruses! Do not give away any personal information. Delete the message immediately. For more information on scams carriers are seeing, visit the FedEx and UPS guides.

Social Engineering and Phishing Scam Affect LinkedIn Users
Nov 28, 2016:

A new social engineering scam is using phishing emails that appear to be from LinkedIn. The phony email claims there's a security issue with the user's LinkedIn account and requests personal information. It informs recipients that it's a "precautionary measure to defend you", but prompts users to provide the information in 24 hours or their accounts will be terminated.  

Yahoo ‘expected to confirm massive data breach’, says Recode
Sep 22, 2016:

Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts.

What's New

MakeITSafe Security Awareness Training

University employees are required to complete annual information security awareness training. Click on this link: MakeITSafe Training to access the training modules. Please contact the UM Chief Information Security Officer with questions at umciso@umsystem.edu.