Carnegie Mellon University Website Home Page
 

SECURITY ALERT: Maplesoft Security Breach Leads to Phishing Attacks

(US Eastern Time)
DAY: Thursday
DATE: July 19, 2012

WHOM DOES THIS AFFECT?

Users of Maplesoft software

SUMMARY:

Maplesoft, a provider of mathematics, modeling and simulation software that is licensed by Carnegie Mellon, reported that it was investigating a security breach of its administrative database.

As an apparent result of this breach, users of Maplesoft software are being targeted by phishing attacks. One such phishing attack claims that vulnerability has been detected in Maplesoft software and includes an attachment called Maple_Patch.zip. This email instructs the recipient to extract the file using the password MapleSecurityUpdate1707. A variation of this message that has been detected includes a maple-soft.com link instead of providing an attachment.

WHAT YOU NEED TO DO:

If you receive an email claiming to be from Maple or Maplesoft, DO NOT open any attachments or click on hyperlinks included in the message. The email is most likely malicious and should be deleted.

Faculty and staff members that have opened an attachment or clicked on a link in one of these emails should contact the Information Security Office at iso-ir@andrew.cmu.edu.

Students who opened the attachment or clicked the link should take the following steps:

  • Update and run Symantec Antivirus on your computer.
  • Change your Andrew account password and consider changing personal account passwords.
  • Contact the Computing Services Help Center if you require assistance.


MORE INFORMATION:

Maplesoft has created a website where they are providing updates related to this security breach and the resulting phishing attacks: http://www.maplesoft.com/security/.

Sample text of the phishing messages:


maple phishing

CONTACT:

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or advisor@andrew.cmu.edu) or to your departmental administrator or DSP consultant.