Annoucements: Alerts & Advisories

Security Advisories

  • US-CERT Current Activity:
    The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
    http://www.us-cert.gov/ncas/current-activity/
  • Internet Crime Complaint Center (IC3):
    The Internet Crime Complaint Center (IC3) is an alliance between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI). IC3’s mission is to address crime committed over the Internet.
    http://www.ic3.gov/media/default.aspx
  • Microsoft Security Bulletins:
    Microsoft security bulletins provide information & news about computer vulnerabilities and security updates to keep your computer protected.
    http://technet.microsoft.com/en-US/security/dn481339
  • Apple Security Updates:
    This document outlines security updates for Apple products.
    http://support.apple.com/kb/ht1222
  • Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin:
    This page lists announcements of security fixes made in Critical Patch Update Advisories and Security Alerts, and it is updated when new Critical Patch Update Advisories and Security Alerts are released.
    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Alerts

Thousands of Smart Homes and Businesses at Risk of Data Breach

Submitted by meroman1 on September 4, 2018 - 2:47pm

Cybercriminals can now gain access to smart homes through misconfigured Message Queuing Telemetry Transport (MQTT) servers. The MQTT protocol is used to interconnect and control smart home devices via smart home hubs. Cybersecurity firm Avast found over 49,000 MQTT servers that were publicly visible on the Internet due to a misconfigured MQTT protocol. There were also about 32,000 servers that were not password protected. Severe security vulnerabilities may arise if the MQTT is not implemented or configured correctly.

NIST Small Business Cybersecurity Act Becomes Law

Submitted by meroman1 on September 4, 2018 - 2:45pm

U.S. President Donald Trump signed the NIST Small Business Cybersecurity Act, formerly known as the MAIN STREET Cybersecurity Act, into a law on August 14 this year. The law would require the National Institute of Standards and Technology (NIST) to "disseminate clear and concise resources to help small business concerns identify, assess, manage, and reduce their cybersecurity risks." The new law will attempt to provide the necessary tools to small businesses to strengthen their cybersecurity infrastructure as well as fight online attacks.

How The Internet Works

Submitted by meroman1 on July 18, 2018 - 2:48pm

We use the internet every day, but how many of us actually know how it works? The complicated “World Wide Web” is built on a series of universal truths and technology, and knowing how it works will help you improve your information security.  If you are up for learning a little bit more, you’ll be able to better protect yourself and your family.

Credit Card Skimmers Still Popular At The Pump

Submitted by meroman1 on July 18, 2018 - 2:47pm

You may have noticed that most every bank has issued credit and debit cards with “chip” technology that is meant to prevent credit card “skimming,” which steals information from the card with a swipe. It’s the reason why most every store has a pad that beeps angrily at you if you don’t take out your card quickly enough. This chip technology has been generally effective (although there have been issues with it), but there are a few places where it hasn’t yet come into play; specifically, gas stations.

Bluetooth: Another Avenue For Hackers

Submitted by meroman1 on July 18, 2018 - 2:41pm

Bluetooth-enabled devices have become a common fixture in our everyday lives. We connect our phones and smart devices to speakers, headphones, TVs, and more. Bluetooth enables more frequent and simpler connections to devices, further increasing the number of internet-connected devices that provide amazingly valuable services by communicating to each other in an increasingly complex web of devices and services.

Stay Secure During Summer Travel

Submitted by meroman1 on July 18, 2018 - 2:36pm

The summer is always a great time to travel, especially when you live in Arizona. But as you flee from the heat, you should be aware that your privacy is even more at risk abroad. Air travel protocol has changed recently, and privacy and security in hotels is now more suspect. Make sure to take just a few precautions before you begin traveling so you can have a relaxing summer vacation.

Troubleshoot: DUO and ASU Mobile App on iOS

Submitted by mathom37 on April 26, 2018 - 8:32am

If you experience issues with ASU authentication on a mobile application that requires Duo two-factor authentication, please update the ASU Mobile App from the App Store.  The best method is to use iOS 3D touch or "force press" on the Duo notification to authenticate with Duo. If you end up in the Duo App to approve the Duo authentication factor, you can use the back to "ASU" link in the upper left of the Duo App after you approve the authentication.

ASU Office365 Email and junk mail

Submitted by twitucky on April 12, 2018 - 5:18pm

Microsoft has changed how they identify junk emails causing legitimate email to incorrectly be marked as spoofed or junk. As a response, we have implemented a temporary solution for emails sent to exchange. This may increase the amount of email delivered to your inbox which typically gets filtered to junk. We understand the importance and impact of the issue and are working to correct it.

Student Jobs E-Mail Scam

Submitted by mathom37 on March 13, 2018 - 12:16pm

A large number of phishing scam emails have been seen targeting ASU students. The scam works by sending you an email with the promise of a job. The email subjects vary, some saying “Student Jobs" and others saying "Application Approved", even though you never submitted an application. The scamming email will ask you for your full name, address, and telephone number. The scammer then tells you that you will be doing various things, like acting as a middleman to purchase office supplies.

Meltdown and Spectre

Submitted by mathom37 on January 5, 2018 - 8:49am

Security Researchers have discovered two hardware vulnerabilities involving CPU chips. The first vulnerability is called "Meltdown". Meltdown allows a program to access your system's memory, potentially exposing sensitive information such as username and passwords or application data. The second vulnerability found is called "Spectre". Spectre breaks down application isolation on your system. This break down allows an attacker to potentially access data across applications thus exposing data. It is recommended that you patch your system.

The Danger of IOT

Submitted by mathom37 on December 28, 2017 - 9:44am

You may have heard of the term "Internet of Things (IOT)" floating around. You probably have heard it so much that you are likely desensitized to the dangers that unsecured IOT present. A prominent Information Security Researcher has written an article about attacks that have been carried out with IOT and the harm they caused. If you were ever curious about how the IOT can be used for nefarious reasons, then click here for a great informative read. 

Emergency Vulnerability: Apple Mac OS High Sierra 10.13 & 10.13.1

Submitted by mathom37 on December 1, 2017 - 9:40am

A vulnerability on the Apple MacOS High Sierra 10.13 and MacOS High Sierra 10.13.1 of the highest severity has been discovered. The vulnerability allows for anyone with access to Apple devices running MacOS High Sierra 10.13 or MacOS High Sierra 10.13.1 to bypass administrator authentication without supplying the administrator’s password. This gives the attacker administrator privileges and they don’t even need to provide a password.

Fraudulent Phone Calls, Beware!

Submitted by mathom37 on November 16, 2017 - 7:41am

The ASU Information Security Office has received reports that international students attending ASU have been receiving fraudulent calls. The fraudulent caller is pretending to be from the Internal Revenue Service (IRS). It is reported that the fraudulent caller will state that the student owes money to the IRS. The fraudulent caller instruct the student to purchase a gift card in the amount "owed" and to take said gift card to an address that is provided by the fraudulent caller. The reported address that is provided is in fact an actual IRS office.

Wireless Protocol WPA2 Weakness

Submitted by twitucky on October 16, 2017 - 4:20pm

On 10/16, security researchers published vulnerability information affecting all wireless devices using the WPA2 protocol, which is the current standard for WiFi communications. This affects both clients & servers, and allows an attacker in the same range as any unpatched wireless device to decrypt transmissions and in some cases even inject data. Although there are not yet reports of exploits in the wild, all wireless-type devices should be updated with vendor-released patches as they become available.

Mobile Account Hijacking

Submitted by mathom37 on August 31, 2017 - 9:17am

The cyber criminal element has once again come up with creative ways to gain access to your online accounts and steal your data. An attack vector that is gaining popularity is called "Mobile Account Hijacking". The attacker will call your cellular phone service provider and pretend to be the account owner(you). Once in contact with your cellular provider they have your phone number transferred to a device that the attacker has control of.

Card Skimmers in Arizona

Submitted by mathom37 on August 31, 2017 - 6:36am

Recently, law enforcement agencies have noticed a marked rise in the use Card skimmers at local gas stations in Arizona, particularly in the Phoenix area. The Arizona Agriculture Department says 128 card skimmers have been found at 74 locations since 2016. A card skimmer is a card-reading device placed either inside or placed over the actual legitimate card reader. The device captures the financial information from a card, and the data can be used to create "cloned" cards to withdraw your money.

Smartphone Wi-Fi Vulnerbility (Broadpwn)

Submitted by mathom37 on July 31, 2017 - 8:24am

There is a new vulnerability discovered by security researchers that affects billions of smartphone devices, iPhone and android devices included. This newly discovered vulnerability has been named "Broadpwn". The vulnerability has to do with third party Wi-Fi chips that are used in billions of smartphones. To protected devices from this vulnerability, ensure that you update your smartphones operating system software to the latest version. For more information about the vulnerability please click here

E-Mail Scam: Part Time Job

Submitted by mathom37 on July 7, 2017 - 8:14am

Recently, we have noticed a large number of part time job scams coming through email services that have been targeting the ASU community. The scam works by sending you an email with the promise of a part time job that offers high compensation. The ASU Information Security office reminds everyone to be vigilant about the threat landscape that is present on the internet. Below is an actual example of the part time job scam.

***Beginning of scam email***

Dear student,

Electronic Purchases Fraud PSA

Submitted by mathom37 on June 22, 2017 - 9:22am

Arizona State University Information Security Office has received a public service announcement (PSA) from the Federal Bureau of Investigation concerning noticeable increases in U.S. based universities and university students being targets for credit card schemes involving high-end electronic purchases. For more information about the fraud scheme and the PSA, click here.

IRS Data Retrieval Tool Fraud

Submitted by mathom37 on June 13, 2017 - 12:26pm

Two individuals were indicted on 23 federal charges relating to $12 million in identity-theft by filing false tax returns using student's information. The 2 alleged individuals reportedly used the "IRS DataRetrieval Tool" to harvest personal information of students applying for federal financial aid. The tool allowed students to electronically fill out tax informaton while applying for grants and scholarships. The tool was taken offline in march after security risks were discovered.

ACD 125 Refresher

Submitted by mathom37 on June 2, 2017 - 11:06am

At ASU, we use a lot of electronic resources and deal everyday with sensitive information. In order to protect you and the university, we use an acceptable use policy called ACD 125. This allows us to define the boundaries around ASU’s computing and communication services.

The entire Computer, Internet, and Electronic Communications Information Management policy can be found at Get Protected, but here’s what ACD 125 covers:

Wanna Cry (Ransomware)

Submitted by mathom37 on May 19, 2017 - 11:15am

On 12 May 2017 the ransomware attack called Wannacry was reported, spreading quickly to over 150 countries.  This attack targets computers running the Microsoft Windows operating system, encrypts the users data and then demands a ransom payment in the Bitcoin cryptocurrency. 

To protect yourself there are several things that you should do immediatly.

1) Update your anti-virus/anti-malware software definitions.

2) Ensure you have patched your Microsoft Windows operating system with the latest Microsoft windows updates.

Buzzword defined: DDoS

Submitted by mathom37 on May 12, 2017 - 3:01am

Without some context, the term “DDoS” may look like a strange typo, a random assortment of letters applying to something you probably don’t need to know. However, the acronym DDoS stands for “distributed denial of service attack” and is a real thing and a growing internet attack vector that has proliferated in recent years. DDoS attacks have affected ASU teaching and learning and most likely have impacted many of the companies, organizations you interact with regularly.

Identity theft and phishing schemes

Submitted by mathom37 on May 12, 2017 - 2:59am

Identity theft and phishing schemes continue to be on the rise. The IRS is one example of an organization that maintains tips and information on how their name is invoked by criminals to access your information. ASU continues to improve and implement new technology for your protection, but unfortunately some schemes still make it through. We wanted to share  a few tips to help protect you and your loved ones from becoming victims of identity theft.

Spear Texting

Submitted by mathom37 on May 5, 2017 - 10:38am

There are reports of students from other in-state universities receiving text messages that ultimately request the username and password of their student account. This alert serves as a reminder that ASU will never ask for any account password. Never give out a password to any account you use for any reason.

For more information about phishing and how to protect yourself please visit https://getprotected.asu.edu/information/phishing

Google Drive Phishing Campaign

Submitted by mathom37 on May 3, 2017 - 3:02am

On Wednesday, 3 May 2017, a large phishing campaign hit ASU. The phishing email appears to invite you to edit a file in Google Docs from someone you know. If you receive such an email, do not open it, delete it. It may be spam from a phishing scheme that is spreading quickly.

WWW Service Notification

Submitted by mathom37 on April 14, 2017 - 9:30am

ASU is always working to ensure we offer the best in everything we do. As part of that continuing effort, the Information Security Office has identified you as a subscriber to the WWW Service (personal web hosting) offered to all faculty, staff, and students at ASU.

Our records indicate that your website has not been visited in the last 90 days. Due to inactivity, ASU will be removing the WWW Service from your ASU account in order to minimize the footprint that can be used to carry out cyber-attacks against ASU.

Top 5 Security Initiatives

Submitted by meroman1 on April 11, 2017 - 9:55am

Safeguarding ASU’s assets and information is of utmost importance to ASU. In response to increasing risks especially in the areas of cybersecurity, we have identified the list of critical Information Security initiatives intended to improve ASU’s security posture and ultimately reduce risk. University Executive Leadership supports improving security in a number of areas.
Details are available at http://links.asu.edu/asutop5doc (restricted viewing)

Tax Season Scams

Submitted by mathom37 on April 6, 2017 - 12:28pm

The Internal Revenue Service (IRS) is a powerful name, and one that is frequently used as a part of a phishing scam. Telling an email recipient that they are in trouble with the IRS is a surefire way for cybercriminals to instill panic, lessening the likelihood of calm, rational thought. It’s one of the oldest tricks in the modern phishing book, but even still, people fall for the attacks. Identifying the ways phishers or criminals can masquerade as the IRS to gain access to your money, accounts, or system is the first step in preventing them from doing so.

Information security Buzzword defined: Hacker

Submitted by mathom37 on March 30, 2017 - 8:56am

Chances are, you’ve heard the term hacker in this modern, always connected world. Films and TV shows may conjure a sensational, unstoppable technical wizard in your mind, but the reality is much more manageable. The word hacker has been used for skilled programmers and high-tech criminals, so let’s break down the different uses the word has, and what actually poses a threat to your information security.

New Phishing Technique Targeting Gmail

Submitted by twitucky on March 16, 2017 - 12:20pm

A new, highly effective way to phish has been discovered in the wild. The messages claim to contain an attachment, but the "attachment" is an image in the body of the email that opens a link in a new tab. The address that shows in the location bar contains "https://accounts.google.com", which is what you'd expect to see in a standard Gmail login. The fake page itself looks exactly like a Google authentication page, so it's easy to see how even the most tech-savvy could fall for this. The way to spot it is to check the beginning of the address.

Dun & Bradstreet NetProspex data leak

Submitted by twitucky on March 15, 2017 - 1:58pm

Security researcher Troy Hunt published a story about a recent large data leak from Dun & Bradstreet, a business services firm. The data appears to be business contact information compiled by a company named NetProspex, which was acquired by Dun & Bradstreet in 2015. While no sensitive information appeared to be listed, a large number of ASU email addresses were included in the record list.

Dangers of Holiday Phishing

Submitted by twitucky on December 14, 2016 - 10:51am

The holidays are a time for family gatherings, a break from work and of course shopping! Now more than ever, while you are doing your shopping it’s important to remember to be cognizant of where that URL is directing you and what links you are trusting to click on. Here are a few things to keep in mind this month and always while you are enjoying everything this fun season has to offer.

Online Holiday Safety Tips

Submitted by twitucky on November 18, 2016 - 4:57pm

Tis the season - the season of holiday joy is now upon us. With the cooler weather, abundance of indulgences everywhere, and the amazing online holiday deals at every turn, it's important for us to review tips on how to keep your accounts and identity safe so it can truly be a happy holiday season!

EMV Card Skimmers now available

Submitted by twitucky on October 28, 2016 - 11:41am

According to a report on pciblog.org, criminals have already created card skimmers designed to steal data from chip and PIN EMV cards, and are selling them. The skimmers can steal both track data as well as PIN. Although EMV is intended to help reduce credit card fraud, this serves as a warning that no solution can guarantee security, and we should remain vigilant as consumers.

Source: http://www.pciblog.org/emv-skimmers/

IRS Scam voicemail alert

Submitted by nquach on October 21, 2016 - 3:43pm

There has been another IRS scam voicemail appearing on many employee’s phones.  The call came from 1-253-216-0680 and the message was 38 seconds in length.  The message, claiming to be from the Internal Revenue Service, stated that you have to call back to the above number regarding a lawsuit and pending legal charges from “headquarter” and that you have a chance to rectify this case.

Please inform your respective colleagues of this scam and instruct them about the contact site and phone number below so people can lodge a complaint or get help and support if they are the victim.

Don't Need It? Delete It!

Submitted by twitucky on October 3, 2016 - 4:37pm

Just like in real life, our digital lives can become cluttered and messy if we don’t take care to clean up now and then. Additionally, removing files that could contain sensitive information can protect you from attackers - hackers can’t steal what isn’t there!  Downloaded files, unneeded applications, and old documents are all examples of items that should be removed periodically.

If you don’t need it, delete it! We’re all busy but these 5 tips will save you time and effort in the long run.

Dropbox Breach Notification

Submitted by twitucky on September 2, 2016 - 8:08pm

Dropbox has notified its users of a data breach which occurred in 2012 which likely compromised up to 68 million user credentials. Dropbox should have already notified you if they believe you were affected and has completed a password reset for anyone who hadn’t updated their password since mid-2012. This reset ensures that even if these passwords are cracked, they can’t be used to access Dropbox accounts.

Third-Party flash player issues

Submitted by twitucky on September 1, 2016 - 3:53pm

ASU has recently had reports of some issues involving downloaded third party Flash Player software with file names of ckplayer.swf or ckplayer6.3.swf.  While we cannot find any direct threat to ASU or its users from these files, there have been reports that, once installed, the Flash Player can overwrite some Web browser settings, including the browsers homepage settings, to redirect users to sponsored advertiser Web sites.  There is no permanent damage to devices and the effects can be reversed by simply re-setting the configurations in the browser once the software has been installed; how

IRS Publication - Warning of Surge in Automated IRS Impersonation Calls

Submitted by nquach on August 11, 2016 - 3:08pm

A recent IRS Publication alerted us of an update to the typical IRS phone scam.  Scammers have been known to impersonate IRS employee and demand unpaid taxes payment.  More recently, instead of having the call from a live person, the bogus calls would come from an automated phone message to reach more potential victims.

Recent Increase in Tech Support Scams

Submitted by twitucky on June 3, 2016 - 1:14pm

Cyber security experts are seeing an increase in complaints related to technical support scams, where someone claims to be an employee (or an affiliate) of a major computer software or security company offering technical support to the victim. Recent scams are claiming to be support for cable and Internet companies to offer assistance with digital cable boxes and connections, modems, and routers. They claim the company has received notifications of errors, viruses, or security issues from the victim’s internet connection. Some even claim they are working on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations.

Extortion E-mail Schemes Tied to Recent High-Profile Data Breaches

Submitted by twitucky on June 3, 2016 - 1:07pm

Cyber security experts are seeing an increase in extortion attempts related to recent high-profile data thefts. Recipients are told via email that personal information, such as their pictures, videos, and personal information such as name, phone number, address, and credit card information, will be released to their social media contacts, family, and friends if a ransom is not paid. The recipient is usually instructed to pay in Bitcoin, a virtual currency that provides a high degree of anonymity to the transactions.

Preventing identity theft and identity repair service

Submitted by twitucky on April 27, 2016 - 4:28pm
ASU takes your security and that of your personal information seriously, and we have made substantial effort and investments to protect you and your information. However, the risk of theft of personal information is ever-present, at ASU and beyond. During this tax season, please remember that ASU has a partnership with AllClear ID to provide you with complimentary identity repair assistance. AllClear ID Guarantee coverage is automatic and applies to you and your information regardless of the circumstances in which you might become victim of fraud or identity theft. This benefit is available immediately at no cost to you.

Android Stagefright

Submitted by meroman1 on July 30, 2015 - 8:51am

There is a potentially severe and unpatched flaw to be announced in a talk at BlackHat & DefCon in a few days. It is expected that almost all unpatched Android devices can be compromised by merely receiving a malicious text message.
 
Google has acknowledged (and has actually fixed in their Android distributions) the bug in the Stagefright media library which allows a single crafted malicious MMS 'text' to remotely execute code (all the attacker needs is your cell phone's telephone number to send you an MMS text).
 

Critical Microsoft Update - MS15-078

Submitted by meroman1 on July 21, 2015 - 8:34am

Microsoft Security has pushed a patch for all supported Windows systems to patch a critical security vulnerability.

This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded OpenType fonts.

Adobe Flash Player Zero Day (CVE-2015-5119)

Submitted by meroman1 on July 8, 2015 - 8:46am

Update: July 13th, 2015

Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  

Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015.

Affected software versions:

OpenSSL (CVE-2015-1793)

Submitted by meroman1 on July 7, 2015 - 8:26am

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Adobe Flash Player Zero Day (2015-3113)

Submitted by meroman1 on June 23, 2015 - 8:48am

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.

Adobe recommends users update their product installations to the latest versions:

Vulnerability in TLS

Submitted by meroman1 on May 20, 2015 - 2:41pm

ASU has recently become aware of a vulnerability in certain implementations of HTTPS using TLS, which could allow for the disclosure of sensitive information. This vulnerability is caused by a basic design flaw in the way that TLS handles Diffie-Hellman key exchanges and allows an attacker to intercept the HTTPS connection from vulnerable clients or servers by downgrading the RSA key to a weaker, export-grade, 512-bit RSA key.

Now that you've filed your taxes... patch your system!

Submitted by meroman1 on April 16, 2015 - 11:37am

Microsoft has released a security update for recent versions of Windows (7/8/Server 2008/2012) patching a critical vulnerability that could allow an attacker to gain complete control of the system. ISO recommends patching all affected systems immediately (make sure "Security Update for Windows ... (KB3042553)" is included through Windows Update). ASU will be taking additional steps to protect against this vulnerability, but systems should be patched to provide another level of defense.

More information:

Sailing the Seven Seas

Submitted by meroman1 on April 9, 2015 - 2:42pm

Earlier today, you may have received an email from “Regent Seven Seas”. This email contained a zipped file claiming to be an invoice of your booked trip. This invoice, disguised as a PDF file, is a malicious piece of software. If this software is activated, it will install, disabling any protections you may have to combat it, hide itself within your system, and then begin redirecting network traffic/downloading additional malware in the background.

OpenSSL FREAK Vulnerability

Submitted by meroman1 on March 5, 2015 - 3:14pm

A "new" vulnerability is hitting the press that affects systems using OpenSSL (a popular open-source encryption suite, used in many systems, including Apple products and Android devices). The vulnerability allows an attacker to weaken the encryption used, thus making it easier to crack, and allow information to be stolen.

Telephone Scam Targeting International Students

Submitted by meroman1 on March 2, 2015 - 9:28am

Arizona State University has been informed by several students of a false telephone calls (a “telephone scam”) targeting international students at ASU and around the country. Students have received phone calls from people identifying themselves as employees of the Internal Revenue Service and other U.S. government agencies. The callers insist that students send them money to avoid immediate arrest or other legal action against them. The caller tells the student that they owe money to the US government for improper tax filing, missing documentation, or some other infraction.

Wordpress Slimstat Vulnerability

Submitted by meroman1 on February 25, 2015 - 5:26pm

Wordpress Slimstat, a popular web analytics plugin, versions 3.9.5 and prior could lead to cyberattackers being able to guess the plugin's "secret" key, perform an SQL injection and take over a target website. The security bug is found in all versions of the analytics plugin except the latest 3.9.6 version.  The Information Security Office urges all users of the plugin to upgrade to the latest version immediately due to the severity of the issue.

Lenovo and Superfish

Submitted by meroman1 on February 20, 2015 - 11:05am

There are certain Lenovo products, going back to 2010, which have included a piece of adware/spyware with a non-unique certificate that allowed for the hijacking of browsing traffic. This situation escalated when the root certificate and decrypted key were published, allowing for a man in the middle attack to occur.

It is recommended that if you own one of these devices, to remove the software immediately.

https://www.us-cert.gov/ncas/alerts/TA15-051A

Adobe Flash 0 Day Vulnerability

Submitted by meroman1 on January 23, 2015 - 9:31am

To start off this year, it appears there is a 0day exploit in the wild for Flash. This is a good reminder that unsupported, or unused software should be uninstalled. For software that is used, but often subject to attempted exploitation (given wide adoption), patch as soon as possible.

If you have a work related requirement to visit web sites that use Flash or other commonly exploited technologies, consider these options to reduce, but not eliminate, your exposure:

University Employee Payroll Scam

Submitted by meroman1 on January 20, 2015 - 1:48pm

The FBI Internet Crime Complaint Center is reporting a resurgence of fraudulent emails related to payroll scams first reported in May 2014 (see our previous posting on GetProtected: https://getprotected.asu.edu/announcements/fyi-online-scams). ASU has already taken precautions to prevent unauthorized direct deposit changes, and continues to monitor for signs of scams and phishing attempts. The best line of defense, however,  is individual education.

Microsoft SCHANNEL Vulnerability

Submitted by meroman1 on November 12, 2014 - 4:12pm

Microsoft announced a vulnerability yesterday in the SCHANNEL SSL library that is used by all versions of Microsoft Windows that could allow remote code execution. The severity of this vulnerability is considered high as it applies to all current versions of Microsoft Windows, and exploits are expected to follow shortly.  Microsoft has issued a patch. The Information Security Office strongly recommends updating all Windows systems immediately (following standard patching procedures).

SSL 3.0 Vulnerability (POODLE)

Submitted by meroman1 on October 17, 2014 - 2:44pm

SSLv3 is a known, less secure protocol that has remained active for backward compatibility with older browsers that didn’t support the newer TLS protocol. However, this week details were released about a vulnerability which allows an attacker to steal secure data in plaintext, aptly named “POODLE”. Security experts are recommending that all web sites disable support for SSLv3 on their servers as quickly as possible. In addition, the major browser vendors will be removing support for the protocol in upcoming releases of their browser software.

October is Cyber Security Awareness Month

Submitted by meroman1 on October 3, 2014 - 4:41pm

Cyberspace is woven into the fabric of our daily lives and the world is more interconnected today than ever before. We enjoy the benefits and convenience that cyberspace provides as we shop from home online, bank using our smart phones, and interact with friends from around the world through social networks. The Information Security Office (ISO) is committed to bringing you events, ideas and stuff to raise cyber security awareness across the university and ultimately help us all protect ourselves from and know how to respond to cyber incidents.

Critical Security Flaw in Bash

Submitted by meroman1 on September 25, 2014 - 5:15pm

A critical security flaw, now being dubbed "Shellshock" was discovered in the Bash shell, a widely used shell for unix and linux based operating systems. Not only do most unix and linux based systems (including Ubuntu, RedHat, and Mac OS X) use Bash a default shell, but many applications make use of bash beneath the surface. The vulnerability is particularly harmful as it could be exploited by an attacker to remotely execute malicious code on unpatched systems.