Today, February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year’s SID theme—Create, Connect and Share Respect: A better Internet starts with you—encourages everyone to play their part in creating a better, safer, and more secure Internet.
Info Sec news
Marshall University Information Technology (MUIT) wants to warn the Marshall community to be on the look-out for Tax Identity Theft scams. Many federal agencies are offering information and resources to help consumers learn to protect themselves from tax-related identity theft and Internal Revenue Service (IRS) imposter scams.
MUIT along with the National Cybersecurity & Communications Integration Center (NCCIC) and the United States Computer Emergency Readiness Team (US-CERT) encourage consumers to review IRS publication Taxes.Security.Together. and NCCIC/US-CERT Tip Preventing and Responding to Identity Theft. Users can also participate in a series of free webinars and chats on avoiding tax identity theft, hosted by the Federal Trade Commission, IRS, Department of Veterans Affairs, and others.
For more information about Information Security at Marshall University please visit our website: www.marshall.edu/infosec .
Marshall University will be conducting a test of the MU Alert emergency messaging system on Wednesday, January 24, 2018 at 10 a.m.. This is an opt-in service available to MU community members. Subscribers are asked to be sure they receive a message by noon on Wednesday, and if necessary update their contact information via the myMU interface. If the information is correct and no message was received, please email firstname.lastname@example.org with details on which method (text, email, and/or voice) did not work and the details for each pertinent method. Please sign up or update your information prior to 5:00 p.m. on Tuesday, January 23rd to be included on the test.
Additional information is available on the MU Alert website.
This is an important computer security bulletin from Marshall University Information Technology team directed at Marshall University students, faculty and staff who own or use an Apple Macintosh computer. Apple has released a critical security update which should be applied to all computers which are running macOS High Sierra 10.13. Marshall University IT staff are working to address this issue on University-owned devices; students, faculty and staff need to be aware of this issue needs addressed on personal-owned devices.
What computers are at risk?
If you have an Apple Macintosh computer which is running the current release of macOS High Sierra 10.13 or 10.13.1, you are at risk and need to apply this update ASAP. If you are still running macOS Sierra 10.12.6 or earlier, this update is not needed.
How do I check which version of macOS in on my computer?
Click on the ‘Apple’ icon menu (in the upper left corner of your computer), and select ‘About This Mac’. You should see a pop-up window which will list the operating system name and version (see below):
If your computer shows ‘macOS High Sierra Version 10.13 or 10.13.1’, click on the ‘Software Update…’ button in the lower-right of the pop-up. This will launch the Apple ‘App Store’ utility. Click on the ‘Updates’ menu and apply any needed updates. If the App Store shows ‘No Updates Available’, be sure to confirm that these 2 critical updates ‘MacOS 10.13.1 Update’ and ‘Security Update 2017-001’ are listed as being installed:
Please review the links below for further information and assistance
- Apple Security Update 2017-001
- Apple releases macOS High Sierra Security Updates
- Marshall University IT Service Desk
- Marshall University IT Information Security Team
Recent Phishing Attacks
Over the past several months, the Office of Information Technology has seen an influx of fraudulent “phishing” messages, many which appear urgent, and are designed to trick account holders into clicking a link (or in some cases, replying to an email) and providing a username and password.
In most cases, these emails have been sent from other Marshall University account holders who have already been victims of these fraudulent messages and thus have had their accounts compromised. Once an account is compromised, it is then being used by a cyber-criminal to distribute more phishing messages to other MUNet/Office365 account holders.
Since the messages are coming from @marshall.edu or @live.marshall.edu addresses, the recipient is more likely to trust the sender and be tricked into clicking a link and logging in to what they think is a legitimate web page. Many of these web pages are designed to look like authentic Marshall University, Microsoft, or financial institution login pages, but are actually capturing credentials.
Prevention and Education
The IT department is doing their best to catch compromised accounts before more phishing messages can be distributed, however, the best way to protect yourself and others is to use caution when checking your email.
ALWAYS be suspicious of any unexpected email messages, regardless of the source, which include file attachments, web URLs, or are written with a sense of urgency and require you to provide credentials or other personal information.
Below are a few examples of recent phishing messages. Notice that each includes hyperlinked text which, when the mouse is hovered over, reveals a web address that is NOT a marshall.edu or microsoft.com address. Also, these messages have a sense of urgency and ask that the recipient verify information. Marshall University will never send you unsolicited email asking you to verify your password or personal information, nor will any other trusted organization.
If You Receive A Fraudulent Email
- (Optional) Report a suspicious email sent to your @marshall.edu or @live.marshall.edu email address by forwarding the message to email@example.com. YOu will receive an auto-reply confirming receipt of the message as well as additional instructions.
- Delete the message from your inbox
- As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however…
- If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304)-696-3200 / firstname.lastname@example.org.
Protecting Yourself From Email Fraud(AKA Phishing)
InfoSec Tips #7: Don’t Be Tricked
Marshall faculty, students, and staff have seen a recent upswing in the number of phishing emails received recently. Brooke Griffin, reporter for The Parthenon, recently interviewed IT staff. Read the article here.
On Tuesday, October 17th, and Thursday, October 19th, from 11a.m.-1p.m. each day, Marshall University’s Information Technology (IT) division will be hosting the Hackers for Charity student group for a National Cyber Security Awareness Month (NCSAM) table in the lobby of the first floor of the Drinko Library and Information Center. These students will share practical tips on how to improve your personal information security and avoid online threats.
As technology continues to become a large part of our professional and personal lives, it is important to be educated in how to keep private information secure. We are eager to share with you the resources Marshall University has to not only provide information on the importance of cybersecurity but demonstrate the steps you can take to become more cyber secure in your everyday life. Additional information regarding weekly topics and resources can be found at www.marshall.edu/it/ncscam/topics
For the month of October, MUIT’s Instagram and Twitter will be posting weekly tips on cybersecurity, follow the hashtag #CyberAware and follow us @MarshallU_IT.
For more information about NCSAM, visit www.staysafeonline.org/ncsam.
Marshall University Information Technology Contact: Crystal Stewart
-Kristin Salustro, MUIT Marketing Intern
The “Cyber Research Acceleration Workshop” hosted by the Indiana University Center for Applied Cybersecurity Research took place on October 10 and 11. Marshall’s Chief Information Officer, Edward Aractingi, spoke as a panelist during the event. In addition to Dr. Aractingi, the panel included CIOs and industry speakers from the University of Illinois and Indiana University and discussed ways for university CIOs to drive and support research acceleration, especially in the Cybersecurity field.
The Marshall University Information Technology (IT) department is participating in National Cyber Security Awareness Month (NCSAM) to raise awareness of Cyber Security issues. Throughout the month of October, Marshall IT will be sharing information from the national campaign on Twitter, their website and through newsletter articles.
“This is the fifth year in which Marshall IT has participated in national cyber security awareness events,” said Jon Cutler, chief information security officer. “This is another opportunity for our team to share practical advice on information security with our campus community. We know many folks are concerned about online threats. So now we share information about how they can protect not only themselves but also the campus against cyber-criminal activity. We believe you will find each of the weekly topics to be helpful and welcome any feedback in how those messages can be improved.”
National Cyber Security Awareness Month began 14 years ago as a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online. NCSAM is celebrated across the country each October under the leadership of the U.S. Department of Homeland Security and the National Cyber Security Alliance.
Different cybersecurity issues will be addressed each week including basic online safety and security, workplace cybersecurity, recognizing and combating cybercrime, our continuously connected lives and what to do if you are a victim of cyber-crime.
“We know the Marshall campus community has a lot of questions about cyber security. Use of technology is a part of our everyday lives – both professionally and personally,” Cutler said. “Are you concerned when hearing reports in the news of yet another hacker security breach? Does the growing number of smart-devices in our lives put us and others at risk? Participation in National Cyber Security Month provides another opportunity to share a wide variety of resources which will help us gain a better understanding of online security issues and provides some simple steps you can take to protect yourself.”
For more information about NCSAM, visit www.staysafeonline.org/ncsam. You are also invited to follow and use the hashtag #CyberAware on Twitter throughout the month of October.
Marshall University will be conducting a test of the MU Alert emergency messaging system on Wednesday, September 6, 2017 at 10 a.m.. This is an opt-in service available to MU community members. Subscribers are asked to be sure they receive a message by noon on Wednesday, and if necessary update their contact information via the myMU interface. If the information is correct and no message was received, please email email@example.com with details on which method (text, email, and/or voice) did not work and the details for each pertinent method. Please sign up or update your information prior to 5:00 p.m. on Tuesday, September 5th to be included on the test.
Additional information is available on the MU Alert website.