Take Action Today!

 

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Encrypt Data

Spotlight

ASU Information Security Office

Security Advisories

  • US-CERT Current Activity:
    The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
    http://www.us-cert.gov/ncas/current-activity/
  • Internet Crime Complaint Center (IC3):
    The Internet Crime Complaint Center (IC3) is an alliance between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI). IC3’s mission is to address crime committed over the Internet.
    http://www.ic3.gov/media/default.aspx
  • Microsoft Security Bulletins:
    Microsoft security bulletins provide information & news about computer vulnerabilities and security updates to keep your computer protected.
    http://technet.microsoft.com/en-US/security/dn481339
  • Apple Security Updates:
    This document outlines security updates for Apple products.
    http://support.apple.com/kb/ht1222
  • Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin:
    This page lists announcements of security fixes made in Critical Patch Update Advisories and Security Alerts, and it is updated when new Critical Patch Update Advisories and Security Alerts are released.
    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Protecting Against Phishing

What is Phishing?

Phishing, in a nutshell, is the online version of a con-job. The perpertrators of phishing messages are essentially tech-savvy con-artists. In a phishing scam, these con-artists send out messages and emails that "look" legitimate, hoping to trick the unsuspecting user into giving out their personal information, including usernames and passwords, and allowing the perpertrator to conduct identity theft.

Combatting Ransomware

The ASU Information Security Office has seen a recent increase in ransomware. Ransomware is a type of malware aimed at holding something hostage until the user pays a ransom fee to the attackers. Typically it comes in the form of a drive-by-download (malicious downloads hidden in ads or other site content users may be unaware of) or malicious email with a link. The malware will install on the user's system, silently encrypt files and documents (including on accessible network shares), effectively destroying the files for the user. It also attempts to destroy and stop data backups.

OpenSSL FREAK Vulnerability

A "new" vulnerability is hitting the press that affects systems using OpenSSL (a popular open-source encryption suite, used in many systems, including Apple products and Android devices). The vulnerability allows an attacker to weaken the encryption used, thus making it easier to crack, and allow information to be stolen. OpenSSL announced and released a patch for this vulnerability on January 8th, so systems running OpenSSL directly should be patched immediately. Systems that run other software that includes OpenSSL (i.e.

Telephone Scam Targeting International Students

Arizona State University has been informed by several students of a false telephone calls (a “telephone scam”) targeting international students at ASU and around the country. Students have received phone calls from people identifying themselves as employees of the Internal Revenue Service and other U.S. government agencies. The callers insist that students send them money to avoid immediate arrest or other legal action against them. The caller tells the student that they owe money to the US government for improper tax filing, missing documentation, or some other infraction.