News & Events-Computing Services ISO - Carnegie Mellon University

News & Events

Monday, July 18, 2016

Stay Alert for Email Scams and Ransomware

I am writing to alert you to a number of recent email-based scams and how they have impacted faculty and staff at Carnegie Mellon.

Earlier this year, I sent an alert about email scams, aka phishing attacks, targeting our community with the goal of collecting login ids and passwords.   (See “Campus Scam Alerts” on the ISO’s website under News & Alerts.)  We are now seeing unauthorized use of login ids and passwords gathered during those or similar phishing attacks to change direct deposit information in Workday.    No actual payroll losses have occurred thanks to collaborative response efforts but more than a dozen victims temporarily lost access to their Andrew account while the matter was being resolved.  

Email scams are also being used to deliver ransomware via malicious attachments or links to malicious websites. Ransomware is a particular type of malware that encrypts all of the files accessible to the infected computer before demanding that a ransom be paid to unlock them.   It is one of the fastest growing cyber threats. Without good backup copies of their electronic files, victims of ransomware are stuck paying the ransom or trying to reconstruct their files from other sources.

Tuesday, July 5, 2016

Significant: Symantec Products SYM16-008 & SYM16-010 and Symantec Endpoint Protection Phaseout

Critical security flaws have been discovered in the core components shared by nearly all of Symantec's enterprise and consumer anti-virus products. These security flaws can be exploited without user interaction when files are automatically scanned (e.g. on email receipt, web visit, file upload, etc...) Though no attacks have been reported, wormable malware exploits are highly likely.

Although Symantec has released security updates to fix these vulnerabilities, Computing Services has decided to accelerate our Symantec Endpoint Protection (SEP) phaseout plans. We will be recommending that users uninstall SEP and replace it with alternate anti-virus software.
Thursday, April 7, 2016

Significant: Adobe Flash Player 0-Day Exploits - APSA16-01

A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version and earlier.

Immediately update to the current version of Flash Player.

More details are at

If your computer is managed by Desktop Support or a departmental computing administrator, please consult them before making any changes. 

Immediately update to the current version of Flash Player.

  1. Visit Adobe's About Flash Player to check that you have the latest version.
  2. If the version is not the latest for your browser, visit Adobe's Player Download Center and follow the update instructions.
  3. If available, allow Adobe to install updates automatically. Some browsers (Chrome, Microsoft Edge, and IE 10) will automatically update the Flash plugin for you.
  4. Repeat these steps for each browser you have installed.
Tuesday, March 22, 2016

Campus Scam Alerts

Dear Faculty and Staff,

I am writing to alert you to a number of recent – and, unfortunately, successful -- email phishing scams that have been received by faculty and staff at Carnegie Mellon or by other schools.  These scams target Workday users, DropBox users, Blackboard users, and research faculty with the goal of capturing login ids and passwords for various purposes.    They impersonate our official email addresses and service providers. The email messages and websites they lead to are sophisticated, look legitimate, and require due diligence in detecting and reporting. 

See additional details for each of these scams below.

As April 1 approaches, a day notorious for pranks and scams, please be on increased alert for scams: 

  • Avoid clicking on links or opening attachments in unexpected email; 
  • Check in with senders to be sure a message is legitimate before taking action;
  • Never send your username and password in response to an email, no matter how urgent sounding;
  • Validate URLs or use known good URLs or bookmarks to navigate to university services;
  • Question unexpected callers before providing requested information.

If you receive suspicious emails, phone calls or other forms of contact, please report as soon as possible to  

The ISO will triage the situation and if necessary block campus access to malicious destinations, notify affected parties, and take other actions to contain harmful effects.  The sooner you report, the sooner we can protect.

From the entire ISO team, thank you for remaining vigilant, reporting concerns, following procedures, and assisting in our response efforts.  We appreciate your partnership in keep CMU’s data, systems, and networks secure.

Thank you,

Mary Ann Blair
Director of Information Security
Carnegie Mellon University
Friday, March 18, 2016

Phishing message from Farnam Jahanian via Dropbox

Thursday night starting around 9:45 PM a phishing email attack was sent to CMU email addresses.

The phishing message was a fake Dropbox shared document notification pretending to be from "Farnam Jahanian via Dropbox []".

This phish asks users to click on a link leading to a fake Dropbox login page and provide their username and password.  The fake login page showed logos for Gmail, AOL, Windows Live, Yahoo and "other emails" and prompted with the text "To view the shared document, you are required to Login with your email address below"

This is not a legitimate e-mail and it was not an ISO phish training campaign.  ISO notified the recipients around 11:35 PM that same evening.

To determine what you need to do, please click through to the full story.

Tuesday, October 27, 2015

Identity Finder 8.1 Now Available

Identity Finder version 8.1 is now available and is compatible with Windows 7+ and Mac OS X 10.9+. Identity Finder is licensed by Carnegie Mellon University to protect sensitive information from Identity Theft. The University offers this software at no cost to faculty, staff and students.

Version 8.1 identifies and highlights sensitive data stored in documents, applications, email and browsers.

Monday, October 19, 2015

Data Protection – Self-Assess your Data Security

With more reliance on computer systems to store and process sensitive data, there is always a risk the information may be misused or accessed by unauthorized individuals. University technical staff are tasked to set security controls and ensure that private and restricted institutional data is stored and processed securely. MORE
Monday, October 12, 2015

Protecting Institutional Data

Carnegie Mellon University has over 13,200 students and 5000 faculty and staff. With so many employees and students, it is likely people will shift job responsibilities, leave their position or graduate. When these changes occur, access to resources no longer required should be removed. This practice is known as deprovisioning and is key to protecting institutional data.

Supervisors should keep a list of job related resources that employees have been authorized to access; and inform system and application managers to deprovision the account when access is no longer authorized.

Friday, October 2, 2015

What is Data Classification?

Data classification organizes institutional data into categories based on level of sensitivity, value and criticality to the University if the data is disclosed, altered or destroyed without authorization.

There are designated individuals at Carnegie Mellon with the Data Steward role. These individuals classify institutional data  into three categories: public, private and restricted. It is important to know the type of data you interact with to understand your role in its protection.

Tuesday, September 22, 2015

Security Advisory: A Phish Email Titled “Your Computer will be suspended from CMU network” with an Attachment is Reported

A phishing email carrying an attachment and titled “Your Computer will be suspended from CMU network” has been reported to Computing Services Help Center.  Your computer will NOT be suspended from CMU network.  These were simulated phishing emails designed to raise the Carnegie Mellon community’s awareness of phishing and determine our overall susceptibility to such attacks. MORE

Security Alerts RSS feed