Carnegie Mellon University
—
—
—
Search
Search
Search this site only
Information Security Office
Computing Services
The ISO Celebrated 2012 National Cyber Security Awareness Month (NCSAM)
Thursday, November 01, 2012
The ISO Celebrated 2012 National Cyber Security Awareness Month (NCSAM)
The Computing Services Information Security Office (ISO) hosted a variety of events including training classes and on-lineresources during the month of October in observance of National Cybersecurity Awareness Month (NCSAM). Visit The ISO Celebrates 2012 National Cybersecurity Awareness Month (NCSAM) for a list of on-line resources.
Security Alert: Update Available for Internet Explorer
Friday, September 21, 2012
Security Alert: Update Available for Internet Explorer
On September 18, Computing Services issued a security alert regarding a critical vulnerability in Internet Explorer versions 6, 7, 8 and 9. Microsoft has released a patch for Internet Explorer. The Information Security Office will continue to monitor for and block known malicious websites. For information on the security alert and on What You Need To Do, please read the entire security alert message onUpdate Available for Internet Explorer.
Security Alert: Attacks Against Internet Explorer
Tuesday, September 18, 2012
Security Alert: Attacks Against Internet Explorer
Microsoft has announced that Internet Explorer versions 6, 7, 8 and 9 are being attacked through an unpatched vulnerability. Internet Explorer 10 on Windows 8 is not affected. Normal Web browsing could allow an attacker to gain control over your computer. The Information Security Office will monitor for and block known malicious websites and will also notify users once Microsoft has released a patch. For information on the security alert and on What You Need To Do, please read the entire security alert message on Attacks Against Internet Explorer.
Security Alert: Update Available for Java version 7 (or 1.7)
Friday, August 31, 2012
Security Alert: Update Available for Java version 7 (or 1.7)
On August 29, 2012 Computing Services notified students, faculty and staff of a critical vulnerability in Java version 7 (or 1.7). Oracle has released a new version of Java 7 that corrects this vulnerability. All users of Java 7 should upgrade to Java 7. Update 7 as soon as possible. For information on the security alert and on What You Need To Do, please read the entire security alert message onUpdate Available for Java version 7 (or 1.7).
Security Alert: Maplesoft Security Breach Leads to Phishing Attacks
Thursday, July 19, 2012
Security Alert: Maplesoft Security Breach Leads to Phishing Attacks
Maplesoft, a provider of mathematics, modeling and simulation software that is licensed by Carnegie Mellon, reported that it was investigating a security breach of its administrative database. As an apparent result of this breach, users of Maplesoft software are being targeted by phishing attacks. One such phishing attack claims that vulnerability has been detected in Maplesoft software and includes an attachment called Maple_Patch.zip. This email instructs the recipient to extract the file using the password MapleSecurityUpdate1707. A variation of this message that has been detected includes a maple-soft.com link instead of proving an attachment. For information on the security breach and the phishing attack and on What You Need To Do, please read the entire security alert message on Maplesoft Security Breach Leads to Phishing Attacks.
Security Advisory: Spear Phishing Attacks Targeting Intellectual Property
Tuesday, June 26, 2012
Security Advisory: Spear Phishing Attacks Targeting Intellectual Property
Earlier this month, security analysts discovered a spear phishing campaign targeted at US government contractors and service providers within the industrial control systems community. Carnegie Mellon was one of several universities targeted by these attacks. These particular phishing emails pretended to be from familiar acquaintances. Furthermore, the messages contained a link to what appeared to be a PDF file about staffing changes, but actually downloaded malicious software. If installed, the software provides remote access to the compromised computer. For information on the spear phishing attack and on What You Need To Do, please read the entire security advisory message on Spear Phishing Attacks Targeting Intellectual Property.
Security Advisory: Malicious DVDs Sent Through Mail
Tuesday, June 19, 2012
Security Advisory: Malicious DVDs Sent Through Mail
Several universities have recently reported that members of their user communities have received malicious DVDs through physical mail. The mail indicates that there is a possible security issue and includes a DVD with alleged details on the security issue. In reality, the DVD contains a malware. Reports indicate that this malware is not being recognized by antivirus software. As a general best practice, users should ensure that AutoPlay and AutoRun functionality is disabled on their computers. To learn how to disable AutoPlay and AutoRun on your computer, please read the entire security advisory message onMalicious DVD's Sent Through Mail
Security Alert: LinkedIn and eHarmony Report Stolen Passwords - Reset Account Password
Thursday, June 07, 2012
Security Alert: LinkedIn and eHarmony Report Stolen Passwords - Reset Account Password
LinkedIn, a popular professional networking site, and eHarmony, a popular dating site, confirmed yesterday, June 6, that passwords associated with its accounts were compromised. LinkedIn and eHarmony are both sending users with compromised account passwords an email with instructions on how to reset their passwords. Computing Services urges you to take the following measures regardless of whether your account was compromised. For information on What You Need To Do please read the entire security alert message at Security Alert: LinkedIn and eHarmony Report Stolen Passwords-Reset Account Password.
Security Alert: Don't Fall for this Scam - Phishing Email "IMPORTANT NOTICE!!!"
Friday, April 27, 2012
Security Alert: Don't Fall for this Scam - Phishing Email "IMPORTANT NOTICE!!!"
For all Andrew email account holders, a phishing email with the subject “IMPORTANT NOTICE!!!” claiming to be from "CMU Computing Services Help Center" was delivered to a large number of Carnegie Mellon email accounts today. The message alleges that the user's university email account was reported for numerous spams activities and prompts the user to confirm account ownership by responding to the email with Andrew account credentials. Computing Services staff members will NEVER ask for your password by email, phone or any other method. Please read the entire security alert message on What You Need To Do if you received this phishing email and if you responded already at Security Alert: Don't Fall For This Scam - Phishing Email "IMPORTANT NOTICE!!!"
Action Needed-Security Alert: Run Apple Security Update to Remove Flashbak Malware
Friday, April 13, 2012
Action Needed-Security Alert: Run Apple Security Update to Remove Flashbak Malware
Over the last several days, Carnegie Mellon has seen a rise in MAC OS X computers being infected by malware called "Flashback." As a result, Computing Services is suspending infected computers from the university network. Apple has released a new update that will remove current variations of Flashback and also take additional steps to prevent future Flashback infections. Please read the entire security alert message on how to remove Flashback infection and on What You Need To Do to protect your computer at Security Alert: Action Needed: Run Apple Security Update to Remove Flashback Malware.
Action Needed-Security Alert: Mac Malware Exploits Java Vulnerabilities and Steals Passwords
Wednesday, April 04, 2012
Action Needed-Security Alert: Mac Malware Exploits Java Vulnerabilities and Steals Passwords
Carnegie Mellon is detecting an increased number of infected computers related to new malware called "Flashback." Flashback infects MAC OS X computers by exploiting vulnerabilities in Java. FlashBack steals usernames and passwords for online payment, banking and credit card websites without user interaction. Please read the entire security alert message on What You Need To Do to protect your computer at Security Alert: Mac Malware Exploits Java Vulnerabilities and Steals Passwords.
Action Needed-Security Alert: Run Windows Update Today - Increased Risk in Microsoft Remote Desktop Protocol Vulnerability
Saturday, March 17, 2012
Action Needed-Security Alert: Run Windows Update Today - Increased Risk in Microsoft Remote Desktop Protocol Vulnerability
Due to an increase in malicious activity related to the Microsoft Remote Desktop Protocol (RDP) vulnerability announced on March 13, Computing Services advises that you take certain precautions. Please read the entire security alert message on Action Required to secure your computer at Security Alert: Run Windows Update TODAY - Risk in Microsoft Remote Desktop Protocol Vulnerability.
Security Alert: Remote Desktop Critical Vulnerability
Tuesday, March 13, 2012
Security Alert: Remote Desktop Critical Vulnerability
Microsoft Windows platforms running the Remote Desktop Protocol (RDP) are susceptible to a vulnerability which could allow an attacker to execute code on the vulnerable system without being authenticated. By default, RDP is not enabled on any Windows operating system and systems that do not have RDP enabled are not at risk. However, all Microsoft Windows users should take action. Microsoft Windows users should run Windows Update and install the latest security updates. Please read the entire security alert message on Action Required to secure your computer at Security Advisory: Remote Desktop Critical Vulnerability.
Load more articles
Support Contact
Information Security Office
412-268-2044
iso@andrew.cmu.edu
Related Topics
Computing Services
Frequently Asked Questions
About
Computing Services Help Center
News
Report Concerns