Carnegie Mellon University Website Home Page
 

News and Alerts in 2012

horizontal rule

The ISO Celebrated 2012 National Cybersecurity Awareness Month (NCSAM)
11/01/2012

The Computing Services Information Security Office (ISO) hosted a variety of events including training classes and on-line resources during the month of October in observance of National Cybersecurity Awareness Month (NCSAM).  

Visit The ISO Celebrates 2012 National Cybersecurity Awareness Month (NCSAM) for a list of on-line resources. 

horizontal rule

Security Alert: Update Available for Internet Explorer
9/21/2012

On September 18, Computing Services issued a security alert regarding a critical vulnerability in Internet Explorer versions 6, 7, 8 and 9. Microsoft has released a patch for Internet Explorer. The Information Security Office will continue to monitor for and block known malicious websites.

For information on the security alert and on What You Need To Do, please read the entire security alert message on Update Available for Internet Explorer.

horizontal rule

Security Alert: Attacks Against Internet Explorer
09/18/2012

Microsoft has announced that Internet Explorer versions 6, 7, 8 and 9 are being attacked through an unpatched vulnerability. Internet Explorer 10 on Windows 8 is not affected. Normal Web browsing could allow an attacker to gain control over your computer. The Information Security Office will monitor for and block known malicious websites and will also notify users once Microsoft has released a patch.

For information on the security alert and on What You Need To Do, please read the entire security alert message on Attacks Against Internet Explorer.

horizontal rule

Security Alert: Update Available for Java version 7 (or 1.7)
08/31/2012

On August 29, 2012 Computing Services notified students, faculty and staff of a critical vulnerability in Java version 7 (or 1.7). Oracle has released a new version of Java 7 that corrects this vulnerability. All users of Java 7 should upgrade to Java 7. Update 7 as soon as possible. 

For information on the security alert and on What You Need To Do, please read the entire security alert message on Update Available for Java version 7 (or 1.7).

horizontal rule

Security Alert: Maplesoft Security Breach Leads to Phishing Attacks
07/19/2012

Maplesoft, a provider of mathematics, modeling and simulation software that is licensed by Carnegie Mellon, reported that it was investigating a security breach of its administrative database. As an apparent result of this breach, users of Maplesoft software are being targeted by phishing attacks. One such phishing attack claims that vulnerability has been detected in Maplesoft software and includes an attachment called Maple_Patch.zip. This email instructs the recipient to extract the file using the password MapleSecurityUpdate1707.  A variation of this message that has been detected includes a maple-soft.com link instead of proving an attachment.

For information on the security breach and the phishing attack and on What You Need To Do, please read the entire security alert message on Maplesoft Security Breach Leads to Phishing Attacks. 

horizontal rule

Security Advisory: Spear Phishing Attacks Targeting Intellectual Property
06/26/2012

Earlier this month, security analysts discovered a spear phishing campaign targeted at US government contractors and service providers within the industrial control systems community. Carnegie Mellon was one of several universities targeted by these attacks. These particular phishing emails pretended to be from familiar acquaintances.

Furthermore, the messages contained a link to what appeared to be a PDF file about staffing changes, but actually downloaded malicious software.  If installed, the software provides remote access to the compromised computer. 

For information on the spear phishing attack and on What You Need To Do, please read the entire security advisory message on Spear Phishing Attacks Targeting Intellectual Property.

horizontal rule

Security Advisory: Malicious DVDs Sent Through Mail
06/19/2012

Several universities have recently reported that members of their user communities have received malicious DVDs through physical mail. The mail indicates that there is a possible security issue and includes a DVD with alleged details on the security issue.  In reality, the DVD contains a malware.  Reports indicate that this malware is not being recognized by antivirus software.

As a general best practice, users should ensure that AutoPlay and AutoRun functionality is disabled on their computers. To learn how to disable AutoPlay and AutoRun on your computer, please read the entire security advisory message on Malicious DVD's Sent Through Mail

horizontal rule

Security Alert- LinkedIn and eHarmony Report Stolen Passwords-Reset Account Password
06/07/2012

LinkedIn, a popular professional networking site, and eHarmony, a popular dating site, confirmed yesterday, June 6, that passwords associated with its  accounts were compromised. LinkedIn and eHarmony are both sending users with compromised account passwords an email with instructions on how to reset their passwords. Computing Services urges you to take the following measures regardless of whether your account was compromised. 

For information on What You Need To Do please read the entire security alert message at Security Alert: LinkedIn and eHarmony Report Stolen Passwords-Reset Account Password.

horizontal rule

Security Alert- DON'T FALL FOR THIS SCAM - PHISHING EMAIL "IMPORTANT NOTICE!!!"
04/27/2012

For all Andrew email account holders, a phishing email with the subject “IMPORTANT NOTICE!!!” claiming to be from "CMU Computing Services Help Center" was delivered to a large number of Carnegie Mellon email accounts today. The message alleges that the user's university email account was reported for numerous spams activities and prompts the user to confirm account ownership by responding to the email with Andrew account credentials.

Computing Services staff members will NEVER ask for your password by email, phone or any other method. Please read the entire security alert message on What You Need To Do if you received this phishing email and if you responded already at Security Alert: Don't Fall For This Scam - Phishing Email "IMPORTANT NOTICE!!!"

horizontal rule

Security Alert- Action Needed: Run Apple Security Update to Remove Flashback Malware
04/13/2012

Over the last several days, Carnegie Mellon has seen a rise in MAC OS X computers being infected by malware called "Flashback." As a result, Computing Services is suspending infected computers from the university network. Apple has released a new update that will remove current variations of Flashback and also take additional steps to prevent future Flashback infections.

Please read the entire security alert message on how to remove Flashback infection and on What You Need To Do to protect your computer at Security Alert: Action Needed: Run Apple Security Update to Remove Flashback Malware.

horizontal rule

Action Needed-Security Alert: Mac Malware Exploits Java Vulnerabilities and Steals Passwords
04/04/2012

Carnegie Mellon is detecting an increased number of infected computers related to new malware called "Flashback." Flashback infects MAC OS X computers by exploiting vulnerabilities in Java. FlashBack steals usernames and passwords for online payment, banking and credit card websites without user interaction.

Please read the entire security alert message on What You Need To Do to protect your computer at Security Alert: Mac Malware Exploits Java Vulnerabilities and Steals Passwords.

horizontal rule

Action Needed-Security Alert: Run Windows Update Today- Increased Risk in Microsoft Remote Desktop Protocol Vulnerability
03/17/2012

Due to an increase in malicious activity related to the Microsoft Remote Desktop Protocol (RDP) vulnerability announced on March 13, Computing Services advises that you take certain precautions.

Please read the entire security alert message on Action Required to secure your computer at Security Alert: Run Windows Update TODAY - Risk in Microsoft Remote Desktop Protocol Vulnerability. 

horizontal rule

Security Alert: Remote Desktop Critical Vulnerability
03/13/2012

Microsoft Windows platforms running the Remote Desktop Protocol (RDP) are susceptible to a vulnerability  which could allow an attacker to execute code on the vulnerable system without being authenticated. By default, RDP is not enabled on any Windows operating system and systems that do not have RDP enabled are not at risk. However, all Microsoft Windows users should take action.

Microsoft Windows users should run Windows Update and install the latest security updates. Please read the entire security alert message on Action Required to secure your computer at Security Advisory: Remote Desktop Critical Vulnerability.