News & Events
A phishing email titled "SCAN" that includes a malware-infected attachment titled "scan3434.zip" is circulating at Carnegie Mellon University. Once a recipient clicks on the attachment the malware is executed, and the email client is compromised, sending copies of the email (and the attachment) to all contacts.
For more information on What You Need To Do, visit Email Titled "SCAN" Includes a Malware-Infected Attachment.
On December 4, 2014 the Information Security Office (ISO) published an information notice titled “Scam Alert: Higher Ed is Target of Direct Deposit Thieves”. This notice can be found on the ISO’s home page at www.cmu.edu/iso. The article warned of phishing email attacks targeting schools for the purpose of stealing credentials and using them to alter the victims’ direct deposit information.
On Saturday, February 21, 2015, nearly 200 Carnegie Mellon users received a phishing email that appears to have been designed for this purpose. The email’s subject was, “Your Salary Raise Information”. A link in the message led to a well-crafted copy of Carnegie Mellon’s login page. After providing their login information, victims were redirected to campus web sites. Later, the attacker used a subset of the harvested login information to access Workday. Workday is the system used by employees (including work study and some grad students) for payroll, human resources and time tracking information.
While the investigation is ongoing, there is no evidence that any Workday data was modified and known victim accounts, of which there were relatively few, have been secured. Only data accessible to the individual victims’ accounts was ever at risk.
A weakness called GHOST in the Linux and Unix operating systems C library "glibc" allows attackers to take complete control of a compromised system. The GHOST vulnerability may affect many Unix and Linux systems including but not limited to Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04 & 10.10.
For detailed information about this alert and What You Need To Do, please visit The GHOST Vulnerability Affects Unix and Linux Operating Systems.
Many schools have experienced email scams that use harvested credentials to alter direct deposit information. These scams typically involve fake emails impersonating Human Resources or other university offices about salary increases, email storage limits, or connections from unexpected IP addresses. The emails include malicious links that when clicked, lead to login pages that are carefully crafted to look the same as the university’s login pages. Once someone provides their login id and password, the attacker uses them to access the victim’s payroll information to redirect direct deposits to a bank account. This is not a hypothetical situation. Faculty and staff at other institutions have lost their paychecks via this scam. While this hasn’t happened at Carnegie Mellon, analysts warn of a continuing trend.
Stay alert to scams like these. Confirm with Human Resources, the Information Security Office, or your supervisor before attempting to login if you are suspicious of any email.
A vulnerability has been announced for most web browsers that could enable the disclosure of private information during a "secure" web session (https), such as a shopping, banking, enrollment or mail viewing session, where you'd normally expect secure, encrypted traffic.
For detailed information about this alert and What You Need To Do, please visit Security Alert: Vulnerability Affecting Browsers ("POODLE").
October is National CyberSecurity Awareness Month! Please join us in the Security 101 Completion Challenge - our goal is to reach a 50% completion rate.
Please visit NCSAM: Take Security 101 for more information.
A vulnerability has been discovered in Internet Explorer (IE) browser that is being exploited to compromise computers. The campus community should refrain from using IE until Microsoft releases a security update. The Information Security Office will continue to monitor for and block known malicious websites.
For detailed information about this alert and What You Need To Do, please visit Security Alert: Significant Vulnerability in Internet Explorer V6-11.
Announced on April 7, 2014, a security vulnerability called Heartbleed allows attackers to collect information that is expected to be encrypted including encryption keys, session cookies, credit card numbers, passwords, and social security numbers. Computing Services Information Security Office (ISO) is actively scanning CMU's network for vulnerable hosts, monitoring for evidence of attack and compromise, and responding to impacted individuals accordingly. University vendors are also being assessed.
For detailed information about this advisory and What You Need To Do, please visit Security Advisory: OpenSSL "Heartbleed Bug" may disclose sensitive information.
The 2014 - Security 101 training course was developed by Carnegie Mellon's Information Security Office (ISO) to raise awareness about Carnegie Mellon's information security policies and guidelines, data classification, roles and responsibilities, information security risks, and techniques for safeguarding institutional data and information systems.
For instruction on how you can access the 2014 - Security 101 course, please visit Security 101 Training and Awareness Program.
Microsoft plans to end support for Windows XP on April 8, 2014. There have been a number of advisories from various sources indicating that shortly after the end of support, a rash of malware and exploits will be released targeting the XP operating system. Accordingly, the Information Security Office (ISO) will begin scanning for XP computers on campus or connected to campus services on Thursday, March 20, 2014.
For information on the security advisory and on What You Need to Do, please read the entire security advisory message on Upgrade Now - Windows XP Support Ends April 8.
Several university staff members reported receiving phone calls where individuals asked for their "HP number". When questioned, the caller typically hangs up. While "HP number" is unclear, it is possible that they are looking for the printers IP address, which might provide the scammer with remote access to the printer.
For information on the security alert and on What You Need to Do, please read the entire security alert message on Hewlett Packard (HP) Phone Scam.