Information Security Office (ISO)
The ISO collaborates with the campus community to protect Carnegie Mellon from and to respond to threats to our electronic information resources and computing and networking infrastructure.
News & Alerts
A phishing email carrying an attachment and titled "Your Computer will be suspended from CMU network" has been reported to Computing Services Help Center. Your computer will NOT be suspended from CMU network. These were simulated phishing emails designed to raise the Carnegie Mellon community's awareness of phishing and determine our overall susceptibility to such attacks.
An actual Digital Millennium Copyright (DMCA) notice will have a notice number and include the title of the copyrighted work, the IP address and timestamp from which the event occurred and the name of the rights holder entity reporting the infringement.
For Information on What To Do, visit Security Advisory: A Phish Email Titled "Your Computer will be suspended from CMU network" with an Attachment is Reported.
Critical threats were detected in the Yosemite OS X (versions 10.10.4 - 5) operating system. One of the methods by which attackers use to exploit the operating system is going through untrusted applications from the web. Installing untrusted applications could allow attackers to gain access to the computer without using a password -- allowing them to take full control. The Information Security Office (ISO) recommends that those using the Macintosh operating system enable the Gatekeeper feature (built-in to Yosemite) for protective measures until Apple provides a software update to correct this issue.
For more information on What You Need To Do, visit Security Alert: Mac OS X Yosemite (10.10.4 - 5) Vulnerable to Exploits .
An email with the subject line "Problem with invoices" containing a malware infected attachment named "New.zip" is currently circulating at Carnegie Mellon University. When a recipient opens the .zip attachment and double clicks on the program inside, the malware is executed, infecting the computer system you are using if it is running any version of the Windows operating system. The malware is known to hijack your email credentials (Andrew UserID and password) and then attempt to spread itself by sending email from your system.
For more information on What You Need To Do, visit Security Alert: An email subject line "Problem with invoices" carries a malware infected attachment.
A phishing email titled "SCAN" that includes a malware-infected attachment titled "scan3434.zip" is circulating at Carnegie Mellon University. Once a recipient clicks on the attachment the malware is executed, and the email client is compromised, sending copies of the email (and the attachment) to all contacts.
For more information on What You Need To Do, visit Email Titled "SCAN" Includes a Malware-Infected Attachment.
On December 4, 2014 the Information Security Office (ISO) published an information notice titled “Scam Alert: Higher Ed is Target of Direct Deposit Thieves”. This notice can be found on the ISO’s home page at www.cmu.edu/iso. The article warned of phishing email attacks targeting schools for the purpose of stealing credentials and using them to alter the victims’ direct deposit information.
On Saturday, February 21, 2015, nearly 200 Carnegie Mellon users received a phishing email that appears to have been designed for this purpose. The email’s subject was, “Your Salary Raise Information”. A link in the message led to a well-crafted copy of Carnegie Mellon’s login page. After providing their login information, victims were redirected to campus web sites. Later, the attacker used a subset of the harvested login information to access Workday. Workday is the system used by employees (including work study and some grad students) for payroll, human resources and time tracking information.
While the investigation is ongoing, there is no evidence that any Workday data was modified and known victim accounts, of which there were relatively few, have been secured. Only data accessible to the individual victims’ accounts was ever at risk.
For detailed information about this alert and What You Need To Do, please visit Security Alert: Email Scam Targets CMU Employees for Potential Payroll Theft.
A weakness called GHOST in the Linux and Unix operating systems C library "glibc" allows attackers to take complete control of a compromised system. The GHOST vulnerability may affect many Unix and Linux systems including but not limited to Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04 & 10.10.
For detailed information about this alert and What You Need To Do, please visit The GHOST Vulnerability Affects Unix and Linux Operating Systems.