Information Security Office (ISO)
The ISO collaborates with the campus community to protect Carnegie Mellon from and to respond to threats to our electronic information resources and computing and networking infrastructure.
News & Alerts
An email with the subject line "Problem with invoices" containing a malware infected attachment named "New.zip" is currently circulating at Carnegie Mellon University. When a recipient opens the .zip attachment and double clicks on the program inside, the malware is executed, infecting the computer system you are using if it is running any version of the Windows operating system. The malware is known to hijack your email credentials (Andrew UserID and password) and then attempt to spread itself by sending email from your system.
For more information on What You Need To Do, visit Security Alert: An email subject line "Problem with invoices" carries a malware infected attachment.
A phishing email titled "SCAN" that includes a malware-infected attachment titled "scan3434.zip" is circulating at Carnegie Mellon University. Once a recipient clicks on the attachment the malware is executed, and the email client is compromised, sending copies of the email (and the attachment) to all contacts.
For more information on What You Need To Do, visit Email Titled "SCAN" Includes a Malware-Infected Attachment.
On December 4, 2014 the Information Security Office (ISO) published an information notice titled “Scam Alert: Higher Ed is Target of Direct Deposit Thieves”. This notice can be found on the ISO’s home page at www.cmu.edu/iso. The article warned of phishing email attacks targeting schools for the purpose of stealing credentials and using them to alter the victims’ direct deposit information.
On Saturday, February 21, 2015, nearly 200 Carnegie Mellon users received a phishing email that appears to have been designed for this purpose. The email’s subject was, “Your Salary Raise Information”. A link in the message led to a well-crafted copy of Carnegie Mellon’s login page. After providing their login information, victims were redirected to campus web sites. Later, the attacker used a subset of the harvested login information to access Workday. Workday is the system used by employees (including work study and some grad students) for payroll, human resources and time tracking information.
While the investigation is ongoing, there is no evidence that any Workday data was modified and known victim accounts, of which there were relatively few, have been secured. Only data accessible to the individual victims’ accounts was ever at risk.
For detailed information about this alert and What You Need To Do, please visit Security Alert: Email Scam Targets CMU Employees for Potential Payroll Theft.
A weakness called GHOST in the Linux and Unix operating systems C library "glibc" allows attackers to take complete control of a compromised system. The GHOST vulnerability may affect many Unix and Linux systems including but not limited to Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04 & 10.10.
For detailed information about this alert and What You Need To Do, please visit The GHOST Vulnerability Affects Unix and Linux Operating Systems.