Information Security Office (ISO)
The ISO collaborates with the campus community to protect Carnegie Mellon from and to respond to threats to our electronic information resources and computing and networking infrastructure.
News & Alerts
Thursday night starting around 9:45 PM a phishing email attack was sent to CMU email addresses.
The phishing message was a fake Dropbox shared document notification pretending to be from "Farnam Jahanian via Dropbox [email@example.com]".
This phish asks users to click on a link leading to a fake Dropbox login page and provide their username and password. The fake login page showed logos for Gmail, AOL, Windows Live, Yahoo and "other emails" and prompted with the text "To view the shared document, you are required to Login with your email address below"
This is not a legitimate e-mail and it was not an ISO phish training campaign. ISO notified the recipients around 11:35 PM that same evening.
To determine what you need to do, please visit the full story.
In observance of 2015 National Cybersecurity Awareness Month, the Information Security Office (ISO) focused on raising awareness about the University's Guidelines for Data Protection and Guidelines for Data Classification. The ISO published weekly articles on the following topics:
- What is Data Classification?
- Protecting Institutional Data
- Identity Finder 8.1 Now Available
- Data Protection - Self Assess your Data Security
- Data Classification
- Data Protection
- EDUCAUSE Live webinar on "Creating a CyberAware Culture"
- Identity Finder
- EDUCAUSE video on Data Privacy
A phishing email carrying an attachment and titled "Your Computer will be suspended from CMU network" has been reported to Computing Services Help Center. Your computer will NOT be suspended from CMU network. These were simulated phishing emails designed to raise the Carnegie Mellon community's awareness of phishing and determine our overall susceptibility to such attacks.
An actual Digital Millennium Copyright (DMCA) notice will have a notice number and include the title of the copyrighted work, the IP address and timestamp from which the event occurred and the name of the rights holder entity reporting the infringement.
For Information on What To Do, visit Security Advisory: A Phish Email Titled "Your Computer will be suspended from CMU network" with an Attachment is Reported.
Critical threats were detected in the Yosemite OS X (versions 10.10.4 - 5) operating system. One of the methods by which attackers use to exploit the operating system is going through untrusted applications from the web. Installing untrusted applications could allow attackers to gain access to the computer without using a password -- allowing them to take full control. The Information Security Office (ISO) recommends that those using the Macintosh operating system enable the Gatekeeper feature (built-in to Yosemite) for protective measures until Apple provides a software update to correct this issue.
For more information on What You Need To Do, visit Security Alert: Mac OS X Yosemite (10.10.4 - 5) Vulnerable to Exploits .