Skip to main content

News & Announcements

IT@UC Office of Information Security Alert Bulletin

**Email Phishing Alert**

A number of University of Cincinnati email users have recently reported receiving malicious emails, similar to the one below (see *Sample Phishing Email* below).

TAKE CAUTION! The sender is not a representative of UC. The link they provide in the email does not lead to UC’s network, even though it appears to be a valid hyperlink. Access to the malicious site from the UC’s network has been blocked, but be aware that access can still be made via other networks, including non-UC wireless networks.

What is Phishing?

Phishing is the act of attempting to acquire information such as usernames, passwords, credit card and/or banking details by masquerading as a trustworthy entity by electronic communication (typically email).

What if I Received a Suspicious Email?

UC’s spam filters appear to have caught the majority of the malicious messages. If you have received a suspicious email, do not click on any links, fill out any forms or reply! All you have to do is delete the email.

*Sample Phishing Email Reported*

From: Microsoft Volume Licensing Services [REMOVED]
Subject: Welcome to the Microsoft Volume Licensing Service Center (VLSC)53707338:1
 
Welcome [REMOVED]!

Congratulations on your newly accepted Open License with Microsoft, ending in 80350. You have been assigned Administrator permissions on the Microsoft Volume Licensing Service Center (VLSC) site.

To begin registration, please download details from link below. When prompted, enter your business e-mail as shown below:
VLSC Registration details:
[LINK REMOVED]

Required Business E-mail: [REMOVED]
Type of new Licensing ID: OPEN
Once VLSC registration is complete, you will be able to:
•    Download licensed software
•    Retrieve keys for Volume Licensing software
•    View Microsoft licensing details for your organization
•    Manage Software Assurance benefits
•    Manage subscriptions, including MSDN and/or TechNet
•    Assign others in your organization to do any of the above tasks—or to also be an Administrator.
•    Also, within selected regions, VLSC enables the direct purchase of media kits from the Software Download Catalog.
Once you are registered, you may add any individual to your VLSC account to help manage your licenses or perform other tasks at any time. To do so, please visit the [LINK REMOVED] link to view all details related to your VLSC permissions settings. Also visit [LINK REMOVED] in the Help section to learn more about what you can do in the Volume Licensing Service Center. Your new access permissions to VLSC may take up to 2 hours to become effective.

Thank you,


The Microsoft Volume Licensing Service Center Team
________________________________________
This e-mail may contain identifiable health information that is subject to protection under state and federal law. This information is intended to be for the use of the individual named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited and may be punishable by law. If you have received this electronic transmission in error, please notify us immediately by electronic mail (reply).
 
________________________________________

Email correspondence to and from this sender is subject to the N.C. Public Records Law and may be disclosed to third parties.


What Can I Do to Help?

If you are aware of any users that received the message and clicked on the link, please instruct them to change their passwords as soon as possible via uc.edu/PSS or contact the UC Information Technologies Help Desk at 513-556-HELP (4357) for assistance.

Please distribute this Security Alert to anyone who you feel needs to be made aware.

Contact the UC Information Technologies Help Desk at 513-556-HELP (4357) or toll-free at 866-397-3382 or the UCIT Office of Information Security at 513-558-ISEC (4732) with any questions or concerns.

End IT@UC Office of Information Security Alert Bulletin

VirusScan Enterprise for Mac Now Supports Yosemite

Intel Security (McAfee) released a new version of VirusScan Enterprise for Mac that adds support for OS X Yosemite. This antivirus is free to all students, faculty, and staff for personal use.

Link: http://www.uc.edu/infosec/antivirus.html

UC Adopts New Information Security Training Program

"As part of our commitment to a safe and secure cyber workplace, we are pleased to provide information security training to all employees, faculty, and student workers," said Matthew Williams, Information Security Manager for the IT@UC Office of Information Security.

Link: http://www.uc.edu/news/NR.aspx?id=20840.

Symantec PGP End-of-Support

As many of you know, the university now uses McAfee ePO for enterprise management of anti-virus and full-disk encryption needs. Effective December 31st, 2014, the university will end support of Symantec PGP full-disk encryption. Machines not decrypted by this deadline may not be able to obtain recovery keys from the server causing the potential for data loss. It is strongly recommended that all PGP encrypted devices be decrypted within this time frame and that data be backed up prior to the decryption process. The Office of Information Security (OIS) will communicate directly with unit level IT staff in the following days to assist with identification of potential PGP users and systems. Full-disk encryption via McAfee ePO can be implemented by authorized unit level IT staff. Please contact OIS via infosec@uc.edu or 513-558-ISEC (4732) with any questions or concerns.

September 25, 2014 East Campus Shred Event Results

UCIT Office of Information Security (UCIT OIS) is pleased to announce the results from the campus Shred Event on Thursday, September 25, in Lot 13 outside of the Kettering Lab Complex on West campus.

Courtesy of sponsorship from Document Destruction, UCIT OIS collected, securely shredded and recycled nearly 6,100 pounds (3.05 tons!) of documents received from 20 departments/colleges in only 4 hours at zero cost to the university.

If you and/or your department or college were unable to participate in this first shred event, don’t worry. UCIT OIS will be hosting another one in the near future, so be looking out for a date!

All personal and professional documents are accepted, but paper clips, hanging file folders and other metal/plastic must be removed from the documents in advance. (Staples are okay.)

For additional information please visit the UCIT OIS website at http://www.uc.edu/infosec/services/shredding.html

East Campus Shred Event

The UCIT Office of Information Security (UCIT OIS) is hosting a free document shredding event for all UC students, faculty, and staff on Thursday, September 25, 2014. The event will take place in Lot 13 outside of the Kettering Lab Complex on East Campus from 9 a.m. until 1 p.m.

UCIT OIS staff will be onsite at all times to ensure all documents are securely destroyed and recycled.

UCIT Office of Information Security Alert Bulletin (05/21/2014)

** Password Expiration Notification**

By now you may have heard about the internet bug Heartbleed, which has impacted up to 2/3 of companies on the web. Without getting too technical, Heartbleed affects the OpenSSL framework used by many entities to privately send data to and form internet servers.

We want to assure you that the university took immediate and proactive steps to patch this security vulnerability - and has successfully eliminated any risk of unauthorized access to your account.

For your added protection, we will be expiring your Central Login System (CLS) password within the next 2 to 4 weeks. Changing your password at this time is not required. Similar to a normal password expiration, you will receive an email stating that your password is about to expire and that you need to change your password at that time. You will receive five grace logins but should change your password as soon as possible.

It's also a good idea to regularly change your passwords for all websites you frequent, especially if any use the same password as you were using for UC. 

What Can I Do to Help?

Please distribute this Security Alert to anyone who you feel needs to be made aware.

Contact the UCIT Integrated Services Desk at 513-556-HELP (4357), 866-397-3382 or helpdesk@uc.edu or the UCIT Office of Information Security at 513-558-ISEC (4732) or infosec@uc.edu with any questions or concerns.

UCIT Office of Information Security Alert Bulletin (05/02/2014)

** OpenID and OAuth Vulnerability Alert**

OpenID and OAuth Vulnerability Summary

This vulnerability may also be referred to as the “Covert Redirect” flaw.

The vulnerability allows hackers to trick users into authorizing an app or website using malicious phishing links.

Per Lifehacker:

For example, if you visit a site and click a button to log in with Google or Facebook, you'll see the familiar authorization popup. If you authorize the login, your personal data can be sent to the hacker instead of to the site. This can include your email address, contact lists, birthday, and more. The vulnerability could also redirect you to a different look-alike website.

Perhaps the scariest thing is the Covert Redirect flaw doesn't use a fake domain that might be spotted by more savvy surfers, but instead uses the real site address that you're trying to log into. So it's very hard to detect. 

Additional information may be found at:  http://www.cnet.com/news/serious-security-flaw-in-oauth-and-openid-discovered/ and at http://lifehacker.com/security-flaw-found-in-oauth-and-openid-heres-what-it-1570872265.

What applications does this affect?

This vulnerability currently affects websites and applications that use credentials from websites such as Facebook, Twitter, Google, Yahoo, LinkedIn, Microsoft, PayPal, and others as a means to log into them.

How will the vulnerability be remediated?

CNET reports that this is not easy for sites to fix.

Per CNET:

This is to say, it's not easy to fix, and any effective remedies would negatively impact the user experience. Just another example that Web security is fundamentally broken and the powers that be have little incentive to address the inherent flaws.

What should I do?

The UCIT Office of Information Security suggests that users perform the following:

  • Whenever possible, do not use credentials from websites such as Facebook, Twitter, Google, Yahoo, LinkedIn, Microsoft, PayPal, and others as a means to log into them.
  • Watch out for links that immediately ask you to log into them and close the window to prevent the redirection attack.

What Can I Do to Help?

Please distribute this Security Alert to anyone who you feel needs to be made aware.

Contact the UCIT Integrated Services Desk at 513-556-HELP (4357), 866-397-3382 or helpdesk@uc.edu or the UCIT Office of Information Security at 513-558-ISEC (4732) or infosec@uc.edu with any questions or concerns.

UCIT Office of Information Security Alert Bulletin (05/02/2014)

**Security Update for Internet Explorer Alert**

Microsoft Security Bulletin MS14-021 –Critical | CVE-2014-1776

Internet Explorer Security Update Summary

Microsoft has issued a security bulletin announcing the immediate availability of a fix that closes the “hole” in Internet Explorer discovered earlier this week. Since this is such a crucial vulnerability, the patch is available now meaning you don’t have to wait until Microsoft’s “Patch Tuesday.”

All versions of Internet Explorer on ALL versions of Windows contain a security hole that could allow cybercriminals to implant malware on your computer with little or no warning. The attacks that have been discovered have been targeting IE 9, 10, and 11; they also relied on a Flash file to help the attack, as well as an IE extension from Microsoft called VGX.DLL used for vector graphics rendering.

What Applications/Operating Systems does this affect?

This vulnerability currently affects all versions of Internet Explorer including 6, 7, 8, 9, 10 and 11. 

All versions of Windows are vulnerable.

What should I do?

The UCIT Office of Information Security suggests that users perform the following:

  • Update your machines immediately to ensure you receive this security update
    • Go to Control Panel | Windows Update

Although Windows XP will still receive this update, this is likely one of the last to be released by Microsoft as that operating system has reached end-of-life support status. 

For more information on the Security Update and the vulnerability, go here: https://technet.microsoft.com/library/security/ms14-021

What Can I Do to Help?

Please distribute this Security Alert to anyone who you feel needs to be made aware.

Contact the UCIT Integrated Services Desk at 513-556-HELP (4357), 866-397-3382 or helpdesk@uc.edu or the UCIT Office of Information Security at 513-558-ISEC (4732) or infosec@uc.edu with any questions or concerns.