Tuesday, December 27, 2011

Update to Firefox 9 and 3.6.25

Earlier today, the Mozilla Foundation released Firefox 9 and Firefox 3.6.25 to address multiple vulnerabilities that would allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack.  (In other words, they could control your browser or PC, cause it not to function, or steal information.)   Campus computers will be updated automatically; however, you are encouraged to update your Firefox installations on personal devices as soon as possible

For additional information, review the Mozilla Foundation Security Advisories for Firefox 9 and Firefox 3.6.25.

Android Devices are High on the Target List

For those of you who own an Android device:  you might want to take a look at these two recent news releases.  Unfortunately, Android's lack of review\approval for Android apps that are available for download plays a huge part in the potential for malicious apps making their way onto your phone or tablet.  There is still no known malware attack against stock iPhones (although jailbroken iPhones are vulnerable).

McAfee:  Nearly All New Mobile Malware in Q3 Targeted at Android  (you can read the full McAfee Threat report here)

Researcher Develops Remote Access Android Exploit

Monday, December 19, 2011

Funny New Phishing Video: "Phishing Bells"

Thanks to our talented friends at the University of Rochester for posting their most recent production of "Phishing Bells", a video about the do's and don'ts when it comes to spam email.  Enjoy!

Thursday, December 15, 2011

Erroneous Virus Message on Windows XP

This morning, the Help Desk has received a number of calls from users indicating that McAfee Antivirus detected and deleted a virus. This has been researched by Information Resourses and identified as a false positive by the antivirus software. This message will only be displayed if the computer you are using is running Windows XP. This does not occur on Windows 7 computers.

A fix has been put in place but it may take a few hours to propagate to all systems across campus. If you see this popup message, just close the message box and click "Cancel" when prompted to perform a file restore. This will clear the message and the system will run normally. If you still have questions or concerns, contact the Customer Support Help Desk at 913-588-7995.

Wednesday, December 14, 2011

Phishing Email: Chase Email Change Notification

Click on the image of the email to view bigger.



























The URL has been blocked from on-campus access. Member of the KUMC community are encouraged to delete this scam email if they receive it.

Phishing Email: Subject line is "N/A"

Click on the image of the email to view bigger.

The link goes to a compromised server belonging to the Westview High School.  We've notified them of the issue and the link is now dead.  Members of the KUMC community who receive this phishing email should delete it.

Tuesday, December 13, 2011

Microsoft Patch Notifications for December 2011

Microsoft released 13 patches today designed to address 20 vulnerabilities, including the one exploited by the Duqu worm.  One of the patches, MS11-087 or KB2639417, addresses a currently exploited issue in the way that the Windows kernel-mode driver handles TrueType font files and has been given a "PATCH NOW" rating by SANS for workstations and a Critical rating for servers.  In addition, there are 7 other patches rated critical for workstations.  Windows, Office and Internet Explorer are all affected and many of the updates will require you to restart your computer.

Members of the KUMC community will have these patches deployed automatically to your on-campus computers, so no further action is needed.  However, you should ensure that your personal computer are updated as soon as possible.

For more information see: http://technet.microsoft.com/en-us/security/bulletin/ms11-dec

Phishing Email: Fake Payroll Emails

Our campus email is once again being targeted by scammers attempting to steal passwords and personal information. This afternoon, you may have received several copies of scam emails with the following subject lines:
  • "19092011 PAYROLL REPORTS"
  • "09122011 PAYROLL BOOKS"
  • "11112011 PAYROLL RECORDS"
  • "03112011 PAYROLL INDICES"
In all cases, the subjects are a variant related to payroll and the body of the email contains a link that has nothing to do with payroll or KUMC. Here's an example of one of the emails:


 
Please do NOT click on the links contained in these emails, as they are malicious and will attempt to infect your computer with a virus. The best action is to delete the email. And, as always, you should never click on links or open attachments sent to you from an unknown person.

If you have any questions regarding these emails or have received an email that seems suspicious, please contact Information Security at (913) 588-3333 or kumc-security@kumc.edu.

Phishing Scam: Payroll-Related Emails

The campus is currently experiencing a high volume of scam emails with the word "Payroll" in the subject line.  Various subjects include:

"03112011 PAYROLL INDICES"
"12132011 PAYROLL RECORDS"
"11112011 PAYROLL RECORDS"
"03122011 PAYROLL LOGS"

Here is an example of one of the emails:

From: “Kelli Godfrey” retypingpb7@etisbew.com
Date: Tue, 13 Dec 2011 15:43:08 -0500
Subject: 12132011 PAYROLL RECORDS

http://neikiddo.com/DU4P9H10.html
Please open the URL below to access PAYROLL RECORDS. It was submitted to you using a Xerox
WorkCentre. Pro
=============================================================================
Confidential Notice: This information is dedicate just for the entity to that it is addressed and may enclose information that is intimate or otherwise preserved from disclosure.If you have take this email in fault, please contact the support by respond the present email and trash the original e-Mail and each copy..

Notice the non-KUMC sender address and the URL - these are great ways to tell whether or not an email  is a scam or not.  Information Security is actively blocking the URLs contained in these emails and KUMC community members are encouraged to delete these emails.

Monday, December 12, 2011

List of Most Vulnerable Smartphones in 2011 Released

Bit9, the market-leading company in advanced threat protection and server security software has published a new report highlighting the most vulnerable popular smartphones in use today. The devices on the list pose the most serious security and privacy risk to consumers and corporations.

According to the news release, "56% of Android phones in the marketplace today are running out-of-date and insecure versions of the Android operating system software. The study found that smartphone manufacturers such as Samsung, HTC, Motorola and LG often launch new phones with outdated software out of the box, and they are slow to upgrade these phones to the latest and most secure versions of Android. In some cases, the phones are not updated at all, as the manufacturers shift their focus to newer models, leaving existing customers stranded with insecure software.

Is your phone on this list?

1. Samsung Galaxy Mini
2. HTC Desire
3. Sony Ericsson Xperia X10
4. Sanyo Zio
5. HTC Wildfire
6. Samsung Epic 4G
7. LG Optimus S
8. Samsung Galaxy S
9. Motorola Droid X
10. LG Optimus One
11. Motorola Droid 2