Info Sec Alerts

MU Information Security Alert

A number of fradulent emails have been circulating with various subjects and @live.marshall.edu senders, all with message bodies looking similar to the image below.  Many accounts are continuing to be compromised. Please DO NOT CLICK any links in messages which look similar to the image below, or any other messages before verifying the sender, verifying the URL, and ensuring you expect the message and that it is legitimate.

IF YOU HAVE ALREADY CLICKED A LINK IN A MESSAGE SIMILAR TO THE ONE ABOVE, CHANGE YOUR PASSWORD AS SOON AS POSSIBLE and contact the IT Service Desk at (304)696-3200. 

 

IF YOU RECEIVE A FRAUDULENT EMAIL MESSAGE, WE ASK YOU TAKE THE FOLLOWING ACTION(s):

  1. (Optional) Report a suspicious email message sent to your @marshall.edu email address by forwarding the message to phishing@marshall.edu. You will receive an auto-reply confirming receipt of the message as well as additional instructions.
  2. Delete the message from your inbox.
  3. As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however…
  4. If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304) 696-3200 / itservicedesk@marshall.edu.

 

Security Tip: Use of the ‘Skeptical Hover Technique’ Most email applications allow you to simply hover your mouse – without clicking – over an embedded web link to preview where the hidden link will try to send you if you should click it.

 

ALWAYS be suspicious of any unexpected email messages (regardless of the source) which include file attachments,  web URL’s, or are written with a sense of urgency that you must provide computer passwords or reveal personal financial information.

 

Phishing Scams and Compromised Accounts – What Should I Do?

https://www.marshall.edu/it/departments/information-security/compromise/

 

InfoSec Tips #7: Don’t Be Tricked

http://www.marshall.edu/it/training/infosec-tips-7/

 

Thank you for your continued awareness,

 

 

Adobe Creative Cloud licensing update

Marshall University students, faculty and staff who require the Adobe Creative Cloud software as part of their academic program or job function now have new and expanded access to this software suite.

This licensing enhancement expands the use to not only select University-owned computers, but also allows installation on an additional device including a personally-owned computer. This new capability is called ‘named-user-licensing’ and will be accessible via single-sign-on with your MUNet account credentials.

The University is funding this initiative for specific academic programs and business units. Named-user licensing will allow students, faculty, and staff to install and run the complete Adobe Creative Cloud Suite on up to two computers that they use, including their own personal computer, but is limited to one active computer at a time.

Eligible students include those enrolled in a major under the College of Arts and Media (CAM) and other select courses. Students enrolled in an eligible course outside of CAM may receive access for the duration of the approved course’s term.  Check my eligibility.

If a student needs access to Adobe Creative Cloud software for a specific course, please ask your instructor to complete the online request form to Request Access to Adobe Creative Cloud apps.

If your use is not course-related, then you may want to consider purchasing a personal license through Adobe Creative Cloud with an educational discount. Users with active license assignments (personal and enterprise) may use the Adobe Creative Cloud applications in one of our technology labs and designated classrooms across campus.

Students, Faculty and Staff who need access to Adobe Creative Cloud apps for their academic or administrative work should complete the online request form to create their license assignment.

Please visit the following website www.marshall.edu/it/adobe for further information, to check your eligibility, and to request access.

Still have questions or having issues with installing or updating your Creative Cloud license? Please contact the IT Service Desk via chat, phone 304-696-3200, email itservicedesk@marshall.edu, or in person.

SPSS License Renewal Notification

The IBM/SPSS software starts alerting our campus software users about the upcoming expiration 30-days in advance each time the application is launched.  Marshall University users can ignore these alerts regarding our current SPSS license that has a renewal anniversary date of 2/28/2018.  The annual license renewal requisition process started several weeks ago and should be completed very soon.

macOS High Sierra – Critical Security Update

This is an important computer security bulletin from Marshall University Information Technology team directed at Marshall University students, faculty and staff who own or use an Apple Macintosh computer. Apple has released a critical security update which should be applied to all computers which are running macOS High Sierra 10.13. Marshall University IT staff are working to address this issue on University-owned devices; students, faculty and staff need to be aware of this issue needs addressed on personal-owned devices.

What computers are at risk?

If you have an Apple Macintosh computer which is running the current release of macOS High Sierra 10.13 or 10.13.1, you are at risk and need to apply this update ASAP. If you are still running macOS Sierra 10.12.6 or earlier, this update is not needed.

How do I check which version of macOS in on my computer?

Click on the ‘Apple’ icon menu (in the upper left corner of your computer), and select ‘About This Mac’. You should see a pop-up window which will list the operating system name and version (see below):


 

How do I check for and apply needed software updates?

If your computer shows ‘macOS High Sierra Version 10.13 or 10.13.1’, click on the ‘Software Update…’ button in the lower-right of the pop-up. This will launch the Apple ‘App Store’ utility. Click on the ‘Updates’ menu and apply any needed updates. If the App Store shows ‘No Updates Available’, be sure to confirm that these 2 critical updates ‘MacOS 10.13.1 Update’ and ‘Security Update 2017-001’ are listed as being installed:

Please review the links below for further information and assistance

  • Apple Security Update 2017-001

https://support.apple.com/en-us/HT208315

  • Apple releases macOS High Sierra Security Updates

https://9to5mac.com/2017/11/29/macos-root-fix/

  • Marshall University IT Service Desk

https://www.marshall.edu/it/departments/it-service-desk/

  • Marshall University IT Information Security Team

https://www.marshall.edu/infosec

Protecting Your Marshall MUNet/Email Account from Phishing Attacks

Recent Phishing Attacks

Over the past several months, the Office of Information Technology has seen an influx of fraudulent “phishing” messages, many which appear urgent, and are designed to trick account holders into clicking a link (or in some cases, replying to an email) and providing a username and password.

In most cases, these emails have been sent from other Marshall University account holders who have already been victims of these fraudulent messages and thus have had their accounts compromised. Once an account is compromised, it is then being used by a cyber-criminal to distribute more phishing messages to other MUNet/Office365 account holders.

Since the messages are coming from @marshall.edu or @live.marshall.edu addresses, the recipient is more likely to trust the sender and be tricked into clicking a link and logging in to what they think is a legitimate web page. Many of these web pages are designed to look like authentic Marshall University, Microsoft, or financial institution login pages, but are actually capturing credentials.

Prevention and Education

The IT department is doing their best to catch compromised accounts before more phishing messages can be distributed, however, the best way to protect yourself and others is to use caution when checking your email.

ALWAYS be suspicious of any unexpected email messages, regardless of the source, which include file attachments, web URLs, or are written with a sense of urgency and require you to provide credentials or other personal information.

Phishing Examples

Below are a few examples of recent phishing messages. Notice that each includes hyperlinked text which, when the mouse is hovered over, reveals a web address that is NOT a marshall.edu or microsoft.com address. Also, these messages have a sense of urgency and ask that the recipient verify information. Marshall University will never send you unsolicited email asking you to verify your password or personal information, nor will any other trusted organization.

If You Receive A Fraudulent Email

  1. (Optional) Report a suspicious email sent to your @marshall.edu or @live.marshall.edu email address by forwarding the message to phishing@marshall.edu. YOu will receive an auto-reply confirming receipt of the message as well as additional instructions.
  2. Delete the message from your inbox
  3. As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however…
  4. If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304)-696-3200 / itservicedesk@marshall.edu.

Protecting Yourself From Email Fraud(AKA Phishing)

Phishing Scams


InfoSec Tips #7: Don’t Be Tricked

Tip 7: Don’t Be Tricked

 
 

This alert was also sent to the Marshall community via e-mail

MU WiFi

MU WiFi is back up and functioning normally.  We apologize for the inconvenience.  If you encounter WiFi problems contact MUIT service desk, itservicedesk@marshall.edu, 304-696-3200.

IMPORTANT – Campus MUNet Wireless Service Currently Unavailable

Marshall University Wireless Network services for the Huntington and Regional Campuses are currently offline. The current issue was reported earlier this morning.  IT staff and management are working alongside Cisco, our wireless vendor, to resolve what is reported to be a technical issue in their product.

We do not have an estimate at this time when services will be back online.  Look for further updates to be posted on the News/Alerts section of the Marshall IT main web page https://www.marshall.edu/IT.

Thank you for your patience and we regret any disruption caused by these technical issues.

Computer Security Advisory: ‘WannaCry’ Ransomware

Computer Security Advisory for All University Faculty & Staff E-mail Recipients

Starting last Friday (5/13/2017) computer security researchers and news media began sharing information about a new computer security attack called ‘WannaCry’. This attack is another variation of malicious software referred to as ‘ransomware’. When a computer becomes infected with ransomware, this malicious code attempts to encrypt (scramble and password-protect) as many data files as it can find available. This occurs not only to the local computer but also to any attached drives and network shares to which  your user account has write access. This tactic is called ransomware because the only way to regain access to those encrypted files is to pay a fee – a ransom often starting at $300 and up – to the criminals. If the victim does not pay, then the only other recovery method is to restore the files from a secure backup location.

There have been no major outbreaks reported on the University campus network nor detected by campus network security services. We attribute this in part to faculty and staff cooperation with regular computer software updates, increased information security awareness, and not being heavily targeted (yet) by computer criminals.

If you are responsible for software updates whether on your personally-owned computer, a University-owned computer or a group of your department’s computers, we ask that you take a moment to review the following guidance.

How can you minimize risk to University- and personally-owned computers?

We trust that the following guidance should sound familiar when we remind you that the best defense is to already be following computer security best-practices:

  • Is Your Software Updated and Supported? – Be sure all of your computers – whether located on-campus or off-campus – are running the latest supported operating system, security and application software appropriate for your academic or business unit. This is not simply so we can say we run the ‘latest-and-greatest’. Rather software authors focus their efforts on their latest products so they will include the latest security features as well as fix known-security bugs. For a PC: we strongly suggest Microsoft Windows 10 ver 1607 and later and Symantec Endpoint Protection v. 14. Windows XP, Windows Vista and Windows 8.0 are no longer supported; For a Mac: you should be at Mac OS 10.12.x and Symantec Endpoint Protection for Mac v. 14. Mac OS prior to 10.10 (Yosemite) is no longer supported. Marshall University Information Technology provides the above recommendations. Please consult with your campus IT Support team for configurations supported by the MU School of Medicine and Marshall Health.
  • Are you Patched? – Be sure all of your computers – whether located on-campus or off-campus – are configured to automatically receive and apply security updates when they are released. For a PC: Use Windows Update and make sure both Critical and Important Updates are applied. For a Mac: Go to your Apple menu click ‘About this Mac…’ and then ‘Software Updates’ or open the App Store and click on the ‘Updates’ icon.
  • Is Your Important University and Personal Data Backed-up? – Take steps now to have a backup copy of important documents and data. For items which are essential to University or Department operations, these should be saved to a secure location (such as a campus-managed fileserver) which has a regularly scheduled backup. For personal items, use of an external hard drive or high-capacity thumb-drive which can be attached for backup then promptly disconnected, is highly recommended. Remember, ransomware will attempt to encrypt any and all data files which you have write access. Recovery is limited to those items which were inaccessible by the user (campus-managed backups) or were offline (disconnected hard drive or thumb-drive) at the point of infection.
  • Are You Being Cautious with E-mail and Websites? – Always exercise suspicion for unsolicited e-mail and unfamiliar web sites, particularly those which urge you to ‘open this attached file’ or ‘click this web page link’ for some urgent action. Many of us work in areas where we do receive unsolicited documents and in those cases, ask a trusted colleague or an IT support resources for a second opinion before opening the message. A mobile device may be used in cases where you want to preview the file, but understand that the malicious payload may only be designed to affect a desktop or laptop computer. This allows you to delete the file or entire message before ever attempting to preview/open it on the computer.
  • Report Suspicious Computer Behavior, Alerts, or E-mail Messages – We understand that it is difficult for everyone to stay up-to-date and how they should respond to an ongoing stream of important computer security issues. You can assist by reporting  unexpected or suspicious activity to computers located to your closest campus Information Technology Support or IT Information Security professional.Please reach out to one of the following IT Service Desk or IT Service Provider contacts:

IT Upgrade: WiFi (Requires Action for All Users)

Over the holiday break the IT Infrastructure Communications Team began upgrading the Wireless LAN Controllers and the radius authentication servers.  Those upgrades were completed early this morning.  Due to the nature of our authentication protocols you will now have to “accept” a new security certificate to connect to the WiFi network.  During this upgrade the security certificates on the radius servers were moved to our InCommon provider.  Although each device connects differently; the iOS (iPhone and iPad) certificate should look like this other devices will have similar notices:

apple-trust

 

 

 

 

If this message does not appear and you are unable to connect to the wireless network, you may need to turn off wireless on your device and turn it back on to re-establish the connection to your device.  If it still fails, you can try “forgetting” the network from your device and re-connecting.

Detailed instructions for connecting a device to the wireless network can be found at: www.marshall.edu/wifi .

Please check your cellular/wireless mobile devices to avoid unwanted data usage over the cell network.

If you require further assistance, please contact the IT Service Desk:

304.696.3200   (Huntington)
304.746.1969   (Charleston)
itservicedesk@marshall.edu