Columbus State University Print Logo

Office of Information Security

Office of Information Security

Security Archives





 2017 Alerts:

Google Releases Security Updates for Chrome

Mozilla Releases Security Update

TA18-004A : Meltdown and Spectre Side-Channel Vulnerability Guidance

TA17-318B : HIDDEN COBRA – North Korean Trojan: Volgmer

TA17-318A : HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL

TA17-293A : Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

TA17-181A : Petya Ransomware

TA17-164A : HIDDEN COBRA – North Korea's DDoS Botnet Infrastructure

TA17-163A : CrashOverride Malware

TA17-156A : Reducing the Risk of SNMP Abuse

TA17-132A : Indicators Associated With WannaCry Ransomware

TA17-117A : Intrusions Affecting Multiple Victims Across Multiple Sectors

TA17-075A : HTTPS Interception Weakens TLS Security




2017 Newsletters:

December:   Lock Down Your Login

November:   Shopping Online Securely

October:      Helping Others Secure Themselves

September:  Password Managers

August:        Backup & Recovery

July:            Gaming Online Safely & Securely

June:           Lessons From WannaCry

May:            Securing Today's Online Kids

April:           Passphrases

March:         Securely Using Mobile Apps

February:     Staying Secure on the Road

January:      Social Engineering



2017 Newsletters:

December:    Avoiding Holiday Scams

November:    Shopping Safely Online

October:       National Cyber Security Awareness Month

September:   Staying secure on Social Media

August:        Connected Home Devices: The Internet of Things

July:           Identifying and Reporting Common Scams

June:          Sun, Sand, and Cybersecurity

May:           Are You Really Being Secure Online?

April:           Digital Spring Cleaning

March:       Common IT Wisdom That Keeps You Secure

February:   Staying Safe From Tax Season Scams

January:      Looking Forward: 2017's Top Threat Prediction



Security tips of the week

Cyber Criminals Don't Just Target Your Phone

Technology is only half the story. When cyber crooks launch their assault on your devices and data they don't target just the security holes on your system. They also aim to prey on your weaknesses.

For more information: The Hackable Human - 6 Psychological Biases That Make Us Vulnerable

Cybercrime Attempts
This week the U.S. Department of Homeland security reported an increase in cybercrime attempts directed to government agencies.
Sadly, just yeasterday we were apprised by the Georgia Technology Authority (GTA) that a state agency was also the target of an attack.

To address these increases in cybercrime, additional measures to protect against attack include the following:

· Be wary of unsolicited phone calls, visits or email messages from unknown individuals who are inquiring about internal information or information about you or other employees.

· Do not disclose information about our organization to individuals who are not authorized to have the information.

· Do not disclose personal or financial information through email, nor respond to requests for this information via email.

Always remember PURLS when evaluating emails for their legitimacy:

Pretend - Scams may use real logos or appear to originate from people we know and pose as legitimate messages.

Urgency - Scams often convey a sense of urgency or a threat of action if ignored.

Resemblance - Many scams use email addresses resembling familiar legitimate businesses.

Links - By resting your mouse pointer over but not clicking on a link, you can determine if the link matches the text.

Spelling - Many scam emails contain spelling and grammar errors.

Monday, December 4th - Is our CSU Critical Document Shredding Campaign on Main Campus
Faculty & Staff we need you to start gathering your outdated sensitive documents and submitting an eQuest for pick up.

For safety precautions it is best to have outdated official university records destroyed based on the University Records Disposal Guidelines.

Please review your documents and participate in the campaign!

Cyber Tips for Holiday Shopping
Cheers to a cybersecure holiday season! Cyber Monday 2017 – less than two weeks away – is expected to be the biggest shopping day in U.S. history, and roughly 80 percent of adults purchase products online. Mobile has taken over holiday gift giving: last year, half of website visits and 30 percent of online sales were conducted via mobile devices. And technology ranks high on shopping lists, too – from new laptops and gaming systems to tablets, the latest phones and Internet of Things devices like video cameras, toys and appliances.

Whether you are giving the gift of connectivity or using it yourself, don't let hackers mess with the merriment. The National Cyber Security Alliance reminds everyone that all devices connected to the internet must be protected. Read more on Holiday Shopping Tips by StaySafeOnline.

NSCAM: The Internet of Things Wants You!
A career in Cybersecurity is about protecting the internet, a critical resource we all depend on.

If you haven't thought about a cybersecurity career, you'll be happy to know that you are probably more interested than you think.

There are job everywhere for Cybersecurity and not all positions require extensive technical skills
You can learn about Cybersecurity Careers by checking out this: Infographic provided by StaySafeOnline

NSCAM: Inside Your Connected Home
Every day, your house connects to the internet in ways you might not even realize – today's appliances, toys, lighting, TVs, cameras are rapidly advancing in technology. And outside your home, there's so much more that's connected – from your car to the roads you travel on to your whole city.

You can learn about how to protect your connected home by
checking out this: Infographic provided by StaySafeOnline!(PDF)

How Do I Detect an "ADP" Phishing Email?
The University System of Georgia Shared Services Center (SSC) wants to help you protect yourself from
possible "ADP" phishing attempts where people pose as a reputable entity with the purpose
of obtaining your sensitive information.

What Can Happen if My ADP Account is Compromised?
• Your direct deposit account information can be changed to a fraudulent account.
• If the pre-note option is not in place, funds may disperse to the fraudulent account.
• The fraudulent information has the potential to flow into other systems, such as PS Financials and could possibly effect expense reimbursements. Read More (PDF)

Wise giving in the wake of Hurricane Harvey
Consider these tips when asked to give:
Donate to charities you know and trust.
Be alert for charities that seem to have sprung up overnight in connection with current events.
Designate the disaster.
Never click on links or open attachments in e-mails unless you know who sent it.
Don't assume that charity messages posted on social media are legitimate.
When texting to donate, confirm the number with the source before you donate.
Find out if the charity or fundraiser must be registered in your state.
Read more about Scam Harvey Charities (PDF)

Credit: Federal Trade Commission

A Costly Low-Cost Trial Offer
You've probably seen online ads with offers to let you try a product – or a service – for a very low cost, or even for free. Sometimes they're tempting: I mean, who doesn't want whiter teeth for a dollar plus
shipping? Until the great deal turns into a rip-off. That's what the FTC says happened in a case it announced

The defendants sold tooth-whitening products under various names, and hired other companies to help them market the products. These affiliate marketers created online surveys, as well as ads for free or
low-cost trials – all to drive people to the product's website. Read more about this scam (PDF)
Sources: Federal Trade Commission
"Free" Computer Scans
Messages telling you to install and update security software for your computer seem to be everywhere. So you might be tempted by an offer of a "free security scan," especially when faced with a pop-up, an email, or an ad that claims "malicious software" has already been found on your machine. Unfortunately, it's likely that the scary message is a come-on for a rip-off.

The free scan claims to find a host of problems, and within seconds, you're getting urgent pop-ups to buy security software. After you agree to spend $40 or more on the software, the program tells you that your problems are fixed. The reality: there was nothing to fix. And what's worse, the program now installed on your computer could be harmful.

Source: FTC Consumer Information - "Free" security scan(PDF)

Criminals use undetectable "Shimmers" in new credit card scam
Shimmers are thin skimmers that fit inside where you swipe your Credit Card. These devices scan your Credit Cards chip and stores its data

Remember these tips to try and avoid them

Use the contactless tap-and-go feature on your credit or debit card in stead of swiping or inserting your card.
Use contactless mobile services such as Apple Pay or
Samsung Pay to tap and pay.
If you're withdrawing cash at a bank, go inside to a teller.
Use ATMs in banks rather than a more vulnerable standalone machine.
Cover the keypad with your hand when entering your PIN.
Don't proceed with a transaction if your card encounters resistance when it is inserted.
Contact the bank, merchant and your card issuer is you suspect your card has been compromised.
References: Fox19 , Themerkle, WTVM, CBS