Archive for 2014

Can you spot the phishing scams and stay safe online this holiday season?

by Neal Fisch in awareness, counterfeit websites, data security, faculty, holiday scams, holiday shopping, personal security, phishing scams, security, social networking, staff, students, tips 0

For many people, the holidays means a dramatic spike in email traffic. There is more communication between family and friends, more solicitations from retailers pitching holiday bargains, and more online shopping confirmations and shipping notifications. It’s also a time of year when cyber-criminals try to take advantage of the overwhelming volume of email communications to catch unwitting victims off guard with phishing scams. Hopefully you would be able to spot a fake malicious email and avoid getting compromised, but don’t be too sure. For additional information on how to stay safe please read on.

Don't be Duped by Internet Fraud

by Neal Fisch in awareness, counterfeit websites, data security, email, faculty, personal security, phishing scams, security, social networking, spear phishing attack, staff, students, tips 0

We all get offers that seem too good to be true. Whether they come by email or appear on web sites, they are often clever schemes designed to dupe the gullible. Don't be tricked by Internet Fraud. For more information see http://www.lookstoogoodtobetrue.com.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

by Neal Fisch in attacks, awareness, counterfeit websites, data security, email, faculty, news, personal security, phishing scams, security, social networking, staff, students, tips 0

An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox.

Link to the rest of this SC Magazine article to find out more about this new scam.

Use a password in only one place.

by Neal Fisch in awareness, cloud, counterfeit websites, data security, email, faculty, passwords, personal security, phishing scams, security, staff, students, tips 0

Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

NSA, Net Neutrality Fears Overshadow Senate Cybersecurity Vote

by Neal Fisch in awareness, data security, email, encryption, faculty, personal security, security, social networking, staff, students 0

The Senate Intelligence Committee will vote Tuesday on a bill that would allow companies to share information about digital threats, but the legislation faces potential roadblocks over concerns it could boost surveillance efforts and endanger net neutrality. Additional information can be found here.

Are you emailing sensitive information? If so, beware... This could happen to you!

by Neal Fisch in awareness, data security, email, encryption, faculty, personal security, security, staff, students, tips, vulnerabilities 0

It's inevitable that at some point at a college or university a request for sensitive data will be made to the owning department for a research project, a cross departmental project, or even a report to upper management. All of these scenarios are common and acceptable requests, however, the method used to transmit or share the requested confidential data is critical to the safety and security of that data. Here is an example of using an incorrect transmission method and the repercussions that followed.

Sharing of confidential information is an acceptable practice provided the following safeguards are used:

Approval of the data owning department is given (preferably in writing).
A secure, encrypted transmission method is setup to send and receive the data.
Communication! If you're unsure transmitting this data is appropriate or safe contact your security team.

Following these steps at a minimum will save you from many headaches and heartaches later.

by Neal Fisch in attacks, awareness, data security, faculty, news, personal security, phishing scams, security, social networking, spear phishing attack, staff, students 0

Email phishing continues to increase and the attackers are constantly looking for better ways to trick you. Phishers have their sites focused on PayPal now more than ever. Read this SC Magazine article summarizing "The Internet Threats Trend Report April 2014" to learn more.

Hackers hit eBay database containing personal info, users asked to change passwords

by Neal Fisch in attacks, awareness, data security, faculty, news, passwords, personal security, security, staff, students 0

EBay is asking users to change their passwords after it was announced yesterday attackers gained unauthorized access to eBay's corporate network, compromising a database containing encrypted passwords and other personal data. Additional information may be found here or on eBay.

What you need to know about Heartbleed, a critical OpenSSL vulnerability that enables SSL/TLS decryption

by Neal Fisch in awareness, counterfeit websites, data security, devices, encryption, faculty, passwords, patches, personal security, security, staff, students, vulnerabilities 0

You know that little padlock icon you look for to ensure your Web traffic is encrypted and secure? It turns out that you might not be as secure as you think thanks to a vulnerability that was accidentally introduced into the code of OpenSSL.

Read this article which explains what you need to know about Heartbleed and OpenSSL.

Additional resources:

Critical OpenSSL vulnerability, 'Heartbleed Bug,' enables SSL/TLS decryption

How to recvover from Heartbleed

Difficulty of Detecting OpenSSL Heartbleed Attacks Adds to Problem

Major Apple security flaw found. Patches issued and should be applied.

by Neal Fisch in awareness, data security, devices, faculty, news, patches, personal security, security, staff, students 0

Apple rushed to release iOS 7.0.6 on Friday and OS X 10.9.2 today with patches for a shockingly overlooked SSL encryption issue that leaves iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack. All users of iOS 7 and Mac OS X Mavericks (10.9) should download and apply these patches. The vulnerability is not present in versions of OS X prior to OS X 10.9 Mavericks or iOS prior to iOS 6.

Additonal resources:

Major Apple security flaw: Patch issued, users open to MITM attacks

For a full listing on the security patches in this update, visit the Apple site.

Apple releases OS X 10.9.2 update, patches severe SSL bug

For a full listing on the security patches in this update, visit the Apple site.

Computer Security and You.

by Neal Fisch in attacks, awareness, data security, email, faculty, passwords, personal security, phishing scams, security, social networking, spear phishing attack, staff, students, tips, virus 0

Scammers, hackers, and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.

Visit our friends at OnGuardOnline.gov and see what you can do to better protect yourself and your personal information.