Columbus State University Print Logo

Office of Information Security

Office of Information Security

Security Archives

Alerts

uscert

   

 

 

2016 Alerts:

TA16-336A : Avalanche (crimeware-as-a-service infrastructure)
TA16-288A : Heightened DDoS Threat Posed by Mirai and Other Botnets
TA16-250A : The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
TA16-187A : Symantec and Norton Security Products Contain Critical Vulnerabilities
TA16-144A : WPAD Name Collision Vulnerability
TA16-132A : Exploitation of SAP Business Applications
TA16-105A : Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
TA16-091A : Ransomware and Recent Variants

 

Newsletters

sans

2016 Newsletters:

December:     Securely Disposing of Your Mobile Device

November:     Using The Cloud Securely

October:        Four Steps to Staying Secure

September:    Email Do's and Don'ts

August:         Ransomware

July:             CEO Fraud

June:            Encryption

May:             Internet of Things (IoT) 

April:            I'm Hacked, Now What? 

March:          What is Malware?

February:      Securing your Home Network

January:        Securing Your New Tablet   

 

 

ms

2016 Newsletters:

December: New Device? Check Your CyberSecurity!

November: Cyber Tips for Holiday Shopping 

October: Beware of Malware

September: Two-Factor Authentication 

August: Back to School

July: Going for Gold in Cybersecurity

June: Travelling Securely

May: CyberSecurity Information Sharing Act of 2015

April: Phishing Emails and You

March: Why Strong, Unique Passwords Matter

February: Avoiding Online Tax Scams

January: The Hidden Costs of a Data Breach

 

Tips

Security tips of the week

 

Prize Scams: Don't Pay to Play

You get a phone call from an excited caller saying you've won a trip, a car, or a lot of money. Next, they ask you to send money before you get the prize. That is a sure sign of a scam. Here's one way to think about it: if you have to pay, it's not a prize. Read more about spotting prize scams.

Source: https://www.consumer.ftc.gov

Tips for Using Public Wi-Fi Networks

Wi-Fi hotspots in coffee shops, libraries, airports, hotels, universities, and other public places are convenient, but often they're not secure. If you connect to a Wi-Fi network, and send information through websites or mobile apps, it might be accessed by someone else. To protect your information when using wireless hotspots, send information only to sites that are fully encrypted, and avoid using mobile apps that require personal or financial information. Read more about Tips for Using Public Wi-Fi Networks.

Source: https://www.consumer.ftc.gov

Romance Scams - Don't Become a Victim

Romance Scam experts target people looking for romantic partners. They often find their victims via dating websites, apps or social media by pretending to be prospective companions using fake online profiles designed to lure you in. Once trust has been established, they move on to manipulate and exploit their victims. Read more on how to protect yourself from becoming a victim of romance scams.

Source: www.fbi.gov/news/stories/romance-scams

Paying your friends through an app?

There are several apps out there that allow you to transfer money to friends and family effortlessly – often requiring only the recipients email address or mobile number. When dealing with such apps, it is important that you take certain security precautions in order to safe guard yourself. Before you use one - or use one again - check the app's settings for available security features. Read more on how to make your account less vulnerable.

Source: https://www.consumer.ftc.gov

Employment Scam Targeting College Students Remains Prevalent

College students across the United States continue to be targeted in a common employment scam. Scammers advertise phony job opportunities on college employment websites, and/or students receive e-mails on their school accounts recruiting them for fictitious positions. This "employment" results in a financial loss for participating students. Read more on how to identify and protect yourself from this scam.

Source: www.ic3.gov

 

Stay Safe from Cybercrime During Tax Time

Tax season is prime time for online scams. Cybercriminals are continuously looking to lift your personal information to cash in on a refund request and/or steal your identity. The problem is rampant: in 2015, the Federal Trade Commission received close to half a million complaints, and nearly half (45 percent) were tax fraud-related. Cyber thieves are crafty: they can break into your account or device and literally steal your online life – as well as your tax refund. Read more on how to Stay Safe from Cybercrime During Tax Time.

Source: staysafeonline.org

 

How to set up your Android phone for ultimate privacy

It's not an exaggeration to say that your smartphone is the most personal device you have. The fact it's always with you, however, sure does generate a lot of information about your habits. Your location history, Google searches, web browsing habits, app usage, and even recordings of your voice talking to the Google Assistant. Read more on How to set up your Android phone for ultimate privacy.

Source: http://www.csoonline.com/article/3157077/android/how-to-set-up-your-android-phone-for-ultimate-privacy.html

 

The National Cyber Security Alliance's Five Digital To Dos for 2017

"Today, so many of us are always connected. As we think about how to better safeguard our virtual lives, we've identified quick and easy tips that will help keep you on a safe and secure track year round," said Michael Kaiser, NCSA's executive director. "If you implement these five reliable practices, you will enjoy the benefits of connectivity with greater confidence. And, if you can convince your family and friends to do the same, we will all be safer and more secure online in 2017 and in years to come." Read more on The National Cyber Security Alliance's Five Digital To Dos for 2017.

Source: https://staysafeonline.org/about-us/news/the-national-cyber-security-alliance-recommends-five-digital-to-dos-for-2017

 

New Device? Check Your CyberSecurity!

Last month, we talked about how you can minimize your risk of identity theft and malicious cyber activity while doing your online holiday shopping. In this month's issue, we'll focus on another aspect of the holiday season: that new device you get or give during the holidays. Whether it's a smartphone, laptop, desktop, tablet, or another device, check out the below tips to help you protect your new technology and secure your personal data. Read more on New Device? Check Your CyberSecurity!

Source: https://msisac.cisecurity.org/newsletters/2016-12.cfm

 

Holiday Phishing Scams

It always happens this time of year, an influx of holiday related scams circulating the interwebs. Scams don't wait for the holidays, but scammers do take advantage of the increased shopping and distraction when things get busy to take your money and personal information. Jon French, security analyst at AppRiver, warns you of six holiday threats to watch out for.Read more on Holiday Phishing Scams (PDF).

Source: Francis, R. (2016). 10 top holiday phishing scams. CSO Online. Retrieved December 05, 2016.
 

Disposing of Devices Safely

Getting a new computer, notebook, tablet, or other technology can be both necessary and enjoyable. Afterward you may decide to dispose of your old equipment. Whether you have your device recycled, give it to a friend, or donate it to a charity, a school, or a soldier, you need to protect the information on it from exposure. However, removing your information is harder than it seems. Systems are set up to protect us from losing information we need—when we delete a file, we can still get it back. Similarly, others who get your discarded computer or other device can get it back, too.Read more on Disposing of Devices Safely (PDF).

Source: https://www.us-cert.gov/security-publications/Disposing-Devices-Safely

 

Cyber Tips for Holiday Shopping

The holidays are right around the corner and that means food, fun, parties, and lots of online shopping. Online shopping can be a great solution, allowing you to find the perfect gift and saving time, but it can also end with identity theft, malware, and other cyber unpleasantness. Rather than letting it ruin your holiday season, you can take a few simple security precautions to help reduce the chances of being a cyber victim. Read more on Cyber Tips for Holiday Shopping (PDF).

Sources:
[1] msisac.cisecurity.org
[2] www.pexels.com

 

Cyber Security Awareness Month

Thank you CSU for making the Cyber Security Awareness Month events a success.

Below are the winners for the CSU Cyber Security Poster Contest for 2016.

James Morgan

1st Place

Prize : Microsoft Surface 4 Tablet

Nicole Coulter

2nd Place Tie

Prize : $50 Gift Certificate

Eddie Sampson

2nd Place Tie

Prize : $50 Gift Certificate

More Information

 

Cyber Security Tips for Higher Education

When you start college, you're taking on new responsibilities, making your own decisions, and becoming part of the campus community. There is an important role that you can play in your college's cybersecurity efforts that combines these elements of responsibility, decision-making, and community. Read more on Cyber Security Tips (PDF).

Source: StaySafeOnline.org

 

The Basics of Cloud Computing

Cloud computing is receiving a great deal of attention, both in publications and among users, from individuals at home to the U.S. government. Yet it is not always clearly defined. Cloud computing is a subscription-based service where you can obtain networked storage space and computer resources. One way to think of cloud computing is to consider your experience with email.Your email client, if it is Yahoo!, Gmail, Hotmail, and so on, takes care of housing all of the hardware and software necessary to support your personal email account. When you want to access your email you open your web browser, go to the email client, and log in. For more information on this please refer to Basics of Cloud Computing (PDF).

Sources:
[1] Basics of cloud computing US-CERT
[2] www.tomsitpro.com

 

Pokémon Go Is a No-Go for Security

You can imagine the science-fiction episode: A video game suddenly appears in an unwitting society. The game proves so addictive that millions of people endanger themselves just to be able to keep playing it. The game gets so powerful that it can steal their secrets.

That's actually not an episode of The Twilight Zone or Black Mirror. According to a security expert, it's the story of Pokémon Go, the augmented-reality mobile game that's the biggest fad of the summer so far.
For more information on this please go to UITS blog site.

Reference:  ROBINSON MEYER JUL 11, 2016, The Atlantic

Note: Also the newly discovered fake Pokemon Go game will actually lock your phone and then secretly run in the background, clicking on porn ads. For more information on this go to CSO IDG site.