Computing Services ISO - Carnegie Mellon University

Information Security Office (ISO)

The ISO collaborates with the campus community to protect Carnegie Mellon from and to respond to threats to our electronic information resources and computing and networking infrastructure.

horizontal rule

News & Alerts

7/18/2016

ISO has sent a massmail to Faculty and Staff reminding users to be viligant about phish scams and ransomware, which has infected several users on campus.  The details of the email can be found in our news archive at https://www.cmu.edu/iso/news/phishing-massmail.html

horizontal rule

7/11/2016

ISO has sent a massmail to Faculty and Staff regarding the Symantec Endpoint Protect decommision.  The exact message was published on the Computing Services website and is included below.

On July 5, 2016, Computing Services announced that critical security flaws were recently discovered in Symantec's enterprise and consumer anti-virus products. This has accelerated our plans to terminate the Symantec Endpoint Protection (SEP) license. We have updated our virus protection recommendations and will no longer provide campus licensed SEP installers or patches.

It is CRITICAL that all faculty, staff and students transition to the new recommended virus protection software as soon as possible unless otherwise advised by departmental IT support or DSP.

Failure to act will increase your computer’s susceptibility to attack. These recent security flaws can be exploited without user interaction when files are automatically scanned (e.g., on email receipt, web visit, file upload, etc.) and are likely to be targeted to compromise computers.


WHAT YOU NEED TO DO

1. If your computer is managed by your departmental IT administrator or DSP, follow their virus protection software recommendations.

2. Follow instructions in the Secure Your Computer Get Started guides at https://www.cmu.edu/computing/security/start/ to uninstall Symantec Endpoint Protection and install and configure the appropriate virus protection software for your operating system.

3. Review the Safe Computing Tips at https://www.cmu.edu/iso/aware/secure/ and continue to be vigilant about common scams, patching, and managing your passwords.


MORE INFORMATION

Full technical details regarding the Symantec Endpoint Protection security flaw are available on the Information Security Office web site at https://www.cmu.edu/iso/news/symantec-phaseout.html.

Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu).



Mary Ann Blair
Director of Information Security
Carnegie Mellon University
412-268-8556
iso@andrew.cmu.edu

horizontal rule

7/5/2016

Significant: Symantec Products SYM16-008 & SYM16-010 and Symantec Endpoint Protection Phaseout

Critical security flaws have been discovered in the core components shared by nearly all of Symantec's enterprise and consumer anti-virus products. These security flaws can be exploited without user interaction when files are automatically scanned (e.g. on email receipt, web visit, file upload, etc...) Though no attacks have been reported, wormable malware exploits are highly likely.

Although Symantec has released security updates to fix these vulnerabilities, Computing Services has decided to accelerate our Symantec Endpoint Protection (SEP) phaseout plans. We will be recommending that users uninstall SEP and replace it with alternate anti-virus software.

More details can be found at the full story.

horizontal rule

Phishing Message from Farnam Jahanian via Dropbox

03/18/2016

Thursday night starting around 9:45 PM a phishing email attack was sent to CMU email addresses.

The phishing message was a fake Dropbox shared document notification pretending to be from "Farnam Jahanian via Dropbox [official@andrew.cmu.edu]".

This phish asks users to click on a link leading to a fake Dropbox login page and provide their username and password.  The fake login page showed logos for Gmail, AOL, Windows Live, Yahoo and "other emails" and prompted with the text "To view the shared document, you are required to Login with your email address below"

This is not a legitimate e-mail and it was not an ISO phish training campaign.  ISO notified the recipients around 11:35 PM that same evening.

To determine what you need to do, please visit the full story.

horizontal rule

Focusing on Data Classification and Data Protection during 2015 NCSAM

10/08/2015

In observance of 2015 National Cybersecurity Awareness Month, the Information Security Office (ISO) focused on raising awareness about the University's Guidelines for Data Protection and Guidelines for Data Classification. The ISO published weekly articles on the following topics:

Visit Focusing on Data Classification & Data Protection during 2015 National Cybersecurity Awareness Month (NCSAM) for information on:

  • Data Classification
  • Data Protection
  • EDUCAUSE Live webinar on "Creating a CyberAware Culture" 
  • Identity Finder
  • EDUCAUSE video on Data Privacy

horizontal rule

Security Advisory: A Phish Email Titled "Your Computer will be suspended from CMU network" with an Attachment is Reported

09/22/2015

A phishing email carrying an attachment and titled "Your Computer will be suspended from CMU network" has been reported to Computing Services Help Center. Your computer will NOT be suspended from CMU network. These were simulated phishing emails designed to raise the Carnegie Mellon community's awareness of phishing and determine our overall susceptibility to such attacks.

An actual Digital Millennium Copyright (DMCA) notice will have a notice number and include the title of the copyrighted work, the IP address and timestamp from which the event occurred and the name of the rights holder entity reporting the infringement.

For Information on What To Do, visit Security Advisory: A Phish Email Titled "Your Computer will be suspended from CMU network" with an Attachment is Reported.

horizontal rule

Security Alert: Mac OS X Yosemite (10.10.4 - 5) Vulnerable to Exploits

08/21/2015

Critical threats were detected in the Yosemite OS X (versions 10.10.4 - 5) operating system. One of the methods by which attackers use to exploit the operating system is going through untrusted applications from the web. Installing untrusted applications could allow attackers to gain access to the computer without using a password -- allowing them to take full control. The Information Security Office (ISO) recommends that those using the Macintosh operating system enable the Gatekeeper feature (built-in to Yosemite) for protective measures until Apple provides a software update to correct this issue.

For more information on What You Need To Do, visit Security Alert: Mac OS X Yosemite (10.10.4 - 5) Vulnerable to Exploits .