Info Sec news

MU Alert System Test – January 25, 2017

Marshall University will be conducting a test of the MU Alert emergency messaging system on Wednesday, January 25, 2017.  This is an opt-in service available to MU community members.  Subscribers are asked to be sure they receive a message by noon on Wednesday, and if necessary update their contact information via the myMU interface.  If the information is correct and no message was received, please email mualert@marshall.edu with details on which method (text, email, and/or voice) did not work and the details for each pertinent method.  Please sign up or update your information prior to 5:00 p.m. on Tuesday, January 24th to be included on the test.

Additional information is available on the MU Alert website.

1502_mualert_digitalslide2017

National Cyber Security Awareness Month (NCSAM)

As part of its participation in National Cyber Security Awareness Month (NCSAM) to bring awareness of Cyber Security to the Marshall community, the Marshall IT department is highlighting three Lynda Campus videos related to cyber security:
Computer Security Investigation and Response
Cyber Security Field
Securing Your Mobile Device

Marshall University Information Technology provides access to Lynda Campus for ALL students, faculty and staff. This service provides the university community with quick and easy access to the extensive online library of Lynda.com.

This training library includes in-depth training on a variety of essential computer skills including the basics and advanced features for Microsoft Windows 10 and Apple Mac OS X as well as all of the core productivity tools of Microsoft Office, WordPress, SharePoint, Adobe Acrobat DC, Photoshop, Illustrator and more.

To take advantage of this free training, visit Lynda.marshall.edu and sign in using your MUNet Account username and password. This can be accessed both on and off-campus.

Benefits to using lynda.com include:

  • Unlimited access to courses on a wide variety of technologies and disciplines
  • Up-to-date content to keep skills current and to learn new skills
  • New courses added every week
  • Tutorials taught by recognized industry experts
  • Access to instructors’ exercise files to follow along as you learn
  • Closed captioning and searchable, time-coded transcripts
  • Beginner to advanced courses
  • The option to watch complete courses or bite-size videos as you need them

Need assistance?

Lynda.com System Requirements

More information on NCSAM at Marshall University can be found at www.marshall.edu/it/ncsam2016/

Contact the IT Service Desk, located on the first floor in the Drinko Library, e-mail itservicedesk@marshall.eduor call 304-696-3200.L

Symantec Endpoint Protection Software Updated to 12.1RU6MP6

The Marshall University campus Symantec Endpoint Protection Management (SEPM) Servers and Symantec Endpoint Protection (SEP) client install packages have been upgraded to version 12.1.7061.6600 (Windows/Mac/Linux). This Symantec provided update addresses Symantec Security Advisory SYM16-015 (client decomposer engine). This update provided client OS support for Mac OS 10.12 (Sierra).

SEP client patches are being distributed via background update process for managed client installs. Updated client install packages will be made available on the campus \Distributions share and via web download https://www.marshall.edu/antivirus for new installs and off-site computers.

Please contact the Marshall IT Service Desk at 304-696-3200 or via e-mail at itservicedesk@marshall.edu to report any questions or issues related to the install/upgrade process.

Additional details are available at the following URL:
* Security Advisories Relating to Symantec Products – Symantec Endpoint
Protection Manager Multiple Security Issues
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00

* New Fixes and Component Versions in Symantec Endpoint Protection 12.1.6MP6
https://support.symantec.com/en_US/article.INFO9413.html

Symantec Endpoint Protection Software Updated to 12.1RU6MP5

The Marshall University campus Symantec Endpoint Protection Management (SEPM) Servers and Symantec Endpoint Protection (SEP) client install packages have been upgraded to version 12.1.7004.6500 (Windows/Linux) and 12.1.6867.6400 (MacOS). This Symantec provided update addresses Symantec Security Advisory SYM16-010 (client decomposer engine) and SYM16-011 (multiple SEPM security issues). This update addresses several ‘high severity’ issues in both the SEPM hosts as well as SEP Client software.

SEP client patches are being distributed via background update process for managed client installs. Updated client install packages are available on the campus \Distributions share and via web download https://www.marshall.edu/antivirus for new installs and off-site computers.

Please contact the Marshall IT Service Desk at 304-696-3200 or via e-mail at itservicedesk@marshall.edu to report any questions or issues related to the install/upgrade process.

Additional details are available at the following URL:
* Security Advisories Relating to Symantec Products – Symantec Endpoint
Protection Manager Multiple Security Issues
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00

* New Fixes and Component Versions in Symantec Endpoint Protection 12.1.6MP5
https://support.symantec.com/en_US/article.INFO3801.html

Beware Holiday E-Mail Scams

MU Information Security Alert…
Don’t get hooked by a holiday e-mail scam!

Phishing is a fraudulent process used by spammers to acquire sensitive information from users such as usernames, passwords, and credit card details. Email recipients are often deceived by phishing attempts since messages appear to be sent by legitimate and trustworthy sources.

ALWAYS be wary of unexpected e-mail messages (regardless of the apparent source) which include file attachments, web URL’s, or are written with a sense of urgency for you to provide computer passwords or reveal personal financial information.

During the holiday season, we expect cyber-criminals to continue to attempt to trick us into sharing sensitive information with these types of messages:
• An ‘urgent fraud alert’ sent from your bank or other financial institution;
• An ‘online order is delayed’ notice from an online retailer;
• A ‘click-here-for-too good-to-be-true’ coupon or rebates;
• An ‘attempted-delivery-rescheduled’ notice from UPS, FedEx or other shipping service when you might be expecting a package.

If you receive one of these messages…
Please protect yourself by following the principle of STOP-THINK-CONNECT:
• STOP. Do not act too quickly.
• THINK. Do I have an account with this bank? Did I order something from this online retailer? Am I expecting a delivery notice? If not, then you should delete the e-mail message.
• CONNECT. If you are a customer of the organization, then connect safely in the following manner: Do NOT respond using any URL included in the e-mail. Rather, open your web browser and type in the web address or use a previously saved shortcut to connect to your bank, retailer, or shipping service. If there really was a problem with your account, order or shipment, it should be apparent.

If you receive an obviously fraudulent e-mail message….
We ask that you take the following actions:
1) Please delete the message from your inbox if it is obviously fraudulent.
2) As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however
3) If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304) 696-3200 / itservicedesk@marshall.edu.

Protecting Yourself From E-mail Fraud (aka Phishing)

InfoSec Tip #7: Don’t Be Tricked

Thank you for your continued awareness,

Marshall to observe National Cybersecurity Awareness Month

October 1 marks the start of National Cybersecurity Awareness Month (NCSAM), according to Jon Cutler, chief information security officer at Marshall. NCSAM is an annual, month-long effort to increase awareness and prevention of online security problems, spearheaded by the U.S .Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA). This year’s theme is “Our Shared Responsibility.”

“Cyber Security Awareness is important to because each of us has a responsibility to protect the confidentiality, integrity and availability of information in today’s highly-networked system environment,” Cutler said.

Cybersecurity does not have to be complicated, he added. Throughout the month of October, the Marshall University Division of Information Technology and Office of Information Security will share newsletter topics and quick tips that demonstrate how students, faculty and staff can stay safe and secure online.

“We encourage you to follow our daily updates via Twitter @MUITServiceDesk #CyberAware and share the website URL www.marshall.edu/IT/NCSAM2015 with family and friends,” he said.

Many of the tips will echo themes from the “Stop. Think. Connect. Campaign,” an ongoing public awareness campaign aimed at increasing the understanding of cyber threats and empowering the public to be more safe and secure online.

Stop: before you use the Internet, take time to understand the risks and learn how to spot potential problems. Think: take a moment to be certain the path ahead is clear. Consider how your actions online could impact your safety, or your family’s. Connect: Enjoy the Internet with greater confidence knowing you have taken the right steps to safeguard yourself and your computer.