Carnegie Mellon University
Wednesday, August 01, 2018

Spear Phishing attack seeks gift cards

Monday, July 16, 2018

Extortion campaign leverages passwords stolen from third-parties

Extortion campaign leverages passwords stolen from third-parties. There is no need to be alarmed.
Friday, June 01, 2018

FBI recommends everyone reboot home routers

On May 25, 2018, the FBI issued a public service announcement recommending that everyone reboot (power cycle) home and office routers to disrupt malware known as as "VPNFilter".
Thursday, March 29, 2018

March 2018 Phishing: Security Alert on You Account

This past weekend, a targeted phishing e-mail was sent to campus community members. This phish presented a screen that looks like the CMU web login page. If you had entered your credentials, the attackers attempted to log into Workday, but were luckily foiled by Duo, our two-factor authentication.
Wednesday, October 25, 2017

University Response to Wi-Fi Vulnerabilities

Over the last week the Internet has been buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these vulnerabilities on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
Tuesday, October 17, 2017

Campus Response to Wi-Fi vulnerabilities (aka KRACK)

Dear Community Members, Today the Internet is buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these vulnerabilities on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
Thursday, August 17, 2017

Quick survey to help CMU improve two-factor authentication

Dear Carnegie Mellon community members, Last semester the university implemented a new Two-Factor Authentication service (2fa). Researchers at CMU’s CyLab would like to take this moment to get your feedback one last time on your thoughts and experiences on this move toward two-factor authentication. We encourage you to participate whether or not you completed the previous surveys.
Thursday, June 29, 2017

New website

The ISO site is using the new v5 templates from our content management system.
Tuesday, May 16, 2017

Campus Response to "WannaCry" Ransomware Attack

Dear Members of the Carnegie Mellon Community, As you may have learned over the weekend, there is a world-wide ransomware attack known as 'WannaCry' hitting the Internet. More on ransomware below. It has affected hundreds of thousands of computers in over 150 countries but you don't have to be a victim.
Tuesday, March 22, 2016

Campus Scam Alerts

Dear Faculty and Staff, I am writing to alert you to a number of recent -- and, unfortunately, successful -- email phishing scams that have been received by faculty and staff at Carnegie Mellon or by other schools. These scams target Workday users, DropBox users, Blackboard users, and research faculty with the goal of capturing login ids and passwords for various purposes. They impersonate our official email addresses and service providers. The email messages and websites they lead to are sophisticated, look legitimate, and require due diligence in detecting and reporting. See additional details for each of these scams below. As April 1 approaches, a day notorious for pranks and scams, please be on increased alert for scams: Avoid clicking on links or opening attachments in unexpected email; Check in with senders to be sure a message is legitimate before taking action; Never send your username and password in response to an email, no matter how urgent sounding; Validate URLs or use known good URLs or bookmarks to navigate to university services; Question unexpected callers before providing requested information. If you receive suspicious emails, phone calls or other forms of contact, please report as soon as possible to iso-ir@andrew.cmu.edu. The ISO will triage the situation and if necessary block campus access to malicious destinations, notify affected parties, and take other actions to contain harmful effects. The sooner you report, the sooner we can protect. From the entire ISO team, thank you for remaining vigilant, reporting concerns, following procedures, and assisting in our response efforts. We appreciate your partnership in keep CMU's data, systems, and networks secure. Thank you, Mary Ann BlairDirector of Information SecurityCarnegie Mellon University412-268-8556macarr@cmu.edu
Load more articles