News & Events-Computing Services ISO - Carnegie Mellon University

News & Events

Thursday, April 7, 2016

Significant: Adobe Flash Player 0-Day Exploits - APSA16-01

A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version and earlier.

Immediately update to the current version of Flash Player.

More details are at

If your computer is managed by Desktop Support or a departmental computing administrator, please consult them before making any changes. 

Immediately update to the current version of Flash Player.

  1. Visit Adobe's About Flash Player to check that you have the latest version.
  2. If the version is not the latest for your browser, visit Adobe's Player Download Center and follow the update instructions.
  3. If available, allow Adobe to install updates automatically. Some browsers (Chrome, Microsoft Edge, and IE 10) will automatically update the Flash plugin for you.
  4. Repeat these steps for each browser you have installed.
Tuesday, March 22, 2016

Campus Scam Alerts

Dear Faculty and Staff,

I am writing to alert you to a number of recent – and, unfortunately, successful -- email phishing scams that have been received by faculty and staff at Carnegie Mellon or by other schools.  These scams target Workday users, DropBox users, Blackboard users, and research faculty with the goal of capturing login ids and passwords for various purposes.    They impersonate our official email addresses and service providers. The email messages and websites they lead to are sophisticated, look legitimate, and require due diligence in detecting and reporting. 

See additional details for each of these scams below.

As April 1 approaches, a day notorious for pranks and scams, please be on increased alert for scams: 

  • Avoid clicking on links or opening attachments in unexpected email; 
  • Check in with senders to be sure a message is legitimate before taking action;
  • Never send your username and password in response to an email, no matter how urgent sounding;
  • Validate URLs or use known good URLs or bookmarks to navigate to university services;
  • Question unexpected callers before providing requested information.

If you receive suspicious emails, phone calls or other forms of contact, please report as soon as possible to  

The ISO will triage the situation and if necessary block campus access to malicious destinations, notify affected parties, and take other actions to contain harmful effects.  The sooner you report, the sooner we can protect.

From the entire ISO team, thank you for remaining vigilant, reporting concerns, following procedures, and assisting in our response efforts.  We appreciate your partnership in keep CMU’s data, systems, and networks secure.

Thank you,

Mary Ann Blair
Director of Information Security
Carnegie Mellon University
Friday, March 18, 2016

Phishing message from Farnam Jahanian via Dropbox

Thursday night starting around 9:45 PM a phishing email attack was sent to CMU email addresses.

The phishing message was a fake Dropbox shared document notification pretending to be from "Farnam Jahanian via Dropbox []".

This phish asks users to click on a link leading to a fake Dropbox login page and provide their username and password.  The fake login page showed logos for Gmail, AOL, Windows Live, Yahoo and "other emails" and prompted with the text "To view the shared document, you are required to Login with your email address below"

This is not a legitimate e-mail and it was not an ISO phish training campaign.  ISO notified the recipients around 11:35 PM that same evening.

To determine what you need to do, please click through to the full story.

Tuesday, October 27, 2015

Identity Finder 8.1 Now Available

Identity Finder version 8.1 is now available and is compatible with Windows 7+ and Mac OS X 10.9+. Identity Finder is licensed by Carnegie Mellon University to protect sensitive information from Identity Theft. The University offers this software at no cost to faculty, staff and students.

Version 8.1 identifies and highlights sensitive data stored in documents, applications, email and browsers.

Monday, October 19, 2015

Data Protection – Self-Assess your Data Security

With more reliance on computer systems to store and process sensitive data, there is always a risk the information may be misused or accessed by unauthorized individuals. University technical staff are tasked to set security controls and ensure that private and restricted institutional data is stored and processed securely. MORE
Monday, October 12, 2015

Protecting Institutional Data

Carnegie Mellon University has over 13,200 students and 5000 faculty and staff. With so many employees and students, it is likely people will shift job responsibilities, leave their position or graduate. When these changes occur, access to resources no longer required should be removed. This practice is known as deprovisioning and is key to protecting institutional data.

Supervisors should keep a list of job related resources that employees have been authorized to access; and inform system and application managers to deprovision the account when access is no longer authorized.

Friday, October 2, 2015

What is Data Classification?

Data classification organizes institutional data into categories based on level of sensitivity, value and criticality to the University if the data is disclosed, altered or destroyed without authorization.

There are designated individuals at Carnegie Mellon with the Data Steward role. These individuals classify institutional data  into three categories: public, private and restricted. It is important to know the type of data you interact with to understand your role in its protection.

Tuesday, September 22, 2015

Security Advisory: A Phish Email Titled “Your Computer will be suspended from CMU network” with an Attachment is Reported

A phishing email carrying an attachment and titled “Your Computer will be suspended from CMU network” has been reported to Computing Services Help Center.  Your computer will NOT be suspended from CMU network.  These were simulated phishing emails designed to raise the Carnegie Mellon community’s awareness of phishing and determine our overall susceptibility to such attacks. MORE
Friday, August 21, 2015

Security Alert: Mac OS X Yosemite (10.10.4 0 5) Vulnerable to Exploits

Critical threats were detected in the Yosemite OS X (versions 10.10.4 - 5) operating system. One of the methods by which attackers use to exploit the operating system is going through untrusted applications from the web. Installing untrusted applications could allow attackers to gain access to the computer without using a password -- allowing them to take full control. The Information Security Office (ISO) recommends that those using the Macintosh operating system enable the Gatekeeper feature (built-in to Yosemite) for protective measures until Apple provides a software update to correct this issue.

For more information on What You Need To Do, visit Security Alert: Mac OS X Yosemite (10.10.4 - 5) Vulnerable to Exploits.

Friday, June 12, 2015

Security Alert: An email with subject line "Problem with invoices" carries a malware infected attachment

An email with the subject line "Problem with invoices" containing a malware infected attachment named "" is currently circulating at Carnegie Mellon University. When a recipient opens the .zip attachment and double clicks on the program inside, the malware is executed, infecting the computer system you are using if it is running any version of the Windows operating system. The malware is known to hijack your email credentials (Andrew UserID and password) and then attempt to spread itself by sending email from your system.

For more information on What You Need To Do, visit Security Alert: An email subject line "Problem with invoices" carries a malware infected attachment.

Wednesday, April 1, 2015

Security Advisory: Email Titled "SCAN" Includes a Malware-Infected Attachment

A phishing email titled "SCAN" that includes a malware-infected attachment titled "" is circulating at Carnegie Mellon University. Once a recipient clicks on the attachment the malware is executed, and the email client is compromised, sending copies of the email (and the attachment) to all contacts.

For more information on What You Need To Do, visit Email Titled "SCAN" Includes a Malware-Infected Attachment.

Wednesday, February 25, 2015

Security Alert: Email Scam Targets CMU Employees for Potential Payroll Theft

On December 4, 2014 the Information Security Office (ISO) published an information notice titled “Scam Alert: Higher Ed is Target of Direct Deposit Thieves”. This notice can be found on the ISO’s home page at The article warned of phishing email attacks targeting schools for the purpose of stealing credentials and using them to alter the victims’ direct deposit information.

On Saturday, February 21, 2015, nearly 200 Carnegie Mellon users received a phishing email that appears to have been designed for this purpose. The email’s subject was, “Your Salary Raise Information”. A link in the message led to a well-crafted copy of Carnegie Mellon’s login page. After providing their login information, victims were redirected to campus web sites. Later, the attacker used a subset of the harvested login information to access Workday. Workday is the system used by employees (including work study and some grad students) for payroll, human resources and time tracking information.

While the investigation is ongoing, there is no evidence that any Workday data was modified and known victim accounts, of which there were relatively few, have been secured.  Only data accessible to the individual victims’ accounts was ever at risk.

Tuesday, January 27, 2015

Security Alert: The GHOST Vulnerability Affects Unix and Linux Operating Systems

A weakness called GHOST in the Linux and Unix operating systems C library "glibc" allows attackers to take complete control of a compromised system. The GHOST vulnerability may affect many Unix and Linux systems including but not limited to Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04 & 10.10.

For detailed information about this alert and What You Need To Do, please visit The GHOST Vulnerability Affects Unix and Linux Operating Systems.

Thursday, December 4, 2014

Scam Alert: Higher Ed is Target of Direct Deposit Thieves

Many schools have experienced email scams that use harvested credentials to alter direct deposit information. These scams typically involve fake emails impersonating Human Resources or other university offices about salary increases, email storage limits, or connections from unexpected IP addresses. The emails include malicious links that when clicked, lead to login pages that are carefully crafted to look the same as the university’s login pages. Once someone provides their login id and password, the attacker uses them to access the victim’s payroll information to redirect direct deposits to a bank account. This is not a hypothetical situation. Faculty and staff at other institutions have lost their paychecks via this scam. While this hasn’t happened at Carnegie Mellon, analysts warn of a continuing trend.

Stay alert to scams like these. Confirm with Human Resources, the Information Security Office, or your supervisor before attempting to login if you are suspicious of any email.

For more information:

Wednesday, October 15, 2014

Security Alert: Vulnerability Affecting Browsers ("POODLE")

A vulnerability has been announced for most web browsers that could enable the disclosure of private information during a "secure" web session (https), such as a shopping, banking, enrollment or mail viewing session, where you'd normally expect secure, encrypted traffic.

For detailed information about this alert and What You Need To Do, please visit Security Alert: Vulnerability Affecting Browsers ("POODLE").

Thursday, October 2, 2014

National CyberSecurity Awareness Month - 2014

October is National CyberSecurity Awareness Month!  Please join us in the Security 101 Completion Challenge - our goal is to reach a 50% completion rate.

Please visit NCSAM: Take Security 101 for more information.

Monday, April 28, 2014

Security Alert: Significant Vulnerability in Internet Explorer v6-11

A vulnerability has been discovered in Internet Explorer (IE) browser that is being exploited to compromise computers. The campus community should refrain from using IE until Microsoft releases a security update. The Information Security Office will continue to monitor for and block known malicious websites.

For detailed information about this alert and What You Need To Do, please visit Security Alert: Significant Vulnerability in Internet Explorer V6-11.

Thursday, April 10, 2014

Security Advisory: OpenSSL "Heartbleed Bug" may disclose sensitive information

Announced on April 7, 2014, a security vulnerability called Heartbleed allows attackers to collect information that is expected to be encrypted including encryption keys, session cookies, credit card numbers, passwords, and social security numbers. Computing Services Information Security Office (ISO) is actively scanning CMU's network for vulnerable hosts, monitoring for evidence of attack and compromise, and responding to impacted individuals accordingly. University vendors are also being assessed.

For detailed information about this advisory and What You Need To Do, please visit Security Advisory: OpenSSL "Heartbleed Bug" may disclose sensitive information.

Monday, March 31, 2014

ISO Releases its 2014 - Security 101 Training Course

The 2014 - Security 101 training course was developed by Carnegie Mellon's Information Security Office (ISO) to raise awareness about Carnegie Mellon's information security policies and guidelines, data classification, roles and responsibilities, information security risks, and techniques for safeguarding institutional data and information systems.

For instruction on how you can access the 2014 - Security 101 course, please visit Security 101 Training and Awareness Program.

Thursday, March 20, 2014

Security Advisory: Upgrade Now - Windows XP Support Ends April 8

Microsoft plans to end support for Windows XP on April 8, 2014.  There have been a number of advisories from various sources indicating that shortly after the end of support, a rash of malware and exploits will be released targeting the XP operating system. Accordingly, the Information Security Office (ISO) will begin scanning for XP computers on campus or connected to campus services on Thursday, March 20, 2014.

For information on the security advisory and on What You Need to Do, please read the entire security advisory message on Upgrade Now - Windows XP Support Ends April 8.

Tuesday, March 18, 2014

Security Alert: Hewlett Packard (HP) Phone Scam

Several university staff members reported receiving phone calls where individuals asked for their "HP number". When questioned, the caller typically hangs up. While "HP number" is unclear, it is possible that they are looking for the printers IP address, which might provide the scammer with remote access to the printer.

For information on the security alert and on What You Need to Do, please read the entire security alert message on Hewlett Packard (HP) Phone Scam.

Tuesday, February 25, 2014

Lessons from Recent Security Breaches

Several recent high profile vulnerabilities and security breaches serve as reminders of the importance of reporting concerns, staying up to date with security patches, remaining vigilant to scams, and other good security practices, both on campus and at home. MORE

Security Alerts RSS feed

Support Contact

Information Security Office