Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News

News

Verify Direct ISO Email

Follow our Featured News to stay current with service changes, new service releases, cybersecurity awareness and education on current services and technology.

View Upcoming Events

Wednesday, April 30, 2025

The Consequences of Not Updating Software
Saturday, March 01, 2025

Google Chrome Extensions Vulnerabilities
Saturday, February 01, 2025

Inventory Your Software
Monday, January 13, 2025

Cybersecurity Tips for Students Returning from Winter Break
Thursday, February 29, 2024

Stay Alert For Fraudulent Text Messages

Tuesday, September 26, 2023

Report Phishing!
Tuesday, September 26, 2023

Use Strong Passwords!
Tuesday, September 26, 2023

Update Your Software!
Tuesday, September 26, 2023

Turn On 2fa!
Tuesday, May 02, 2023

Know Before You Go: Computing Tips for International Travel
Wednesday, April 05, 2023

HTML Smuggling
Monday, October 24, 2022

Phishing

Cybercriminals like to go phishing, but you don’t have to take the bait. 
Monday, October 17, 2022

Software Updates

One of the easiest ways to keep your information secure is to keep your software and apps updated. 
Monday, October 10, 2022

Passwords

Passwords are the keys to your digital castle. Just like your house keys, you want to do everything you can to keep your passwords safe.
Monday, October 03, 2022

Multi-factor Authentication

Also known as two-factor authentication and two-step verification. No matter what you call it, multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.
Wednesday, June 08, 2022

Get a duplicate e-mail? It may be malware

Malware is automatically resending e-mails from old Outlook files, with malware attached or linked.
Monday, June 06, 2022

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability: "Follina"

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability: "Follina"
Tuesday, January 18, 2022

Data Privacy Week: Take Back Control of Your Data

For Data Privacy Day 2022 learn how to take back control of your data by implementing a few steps which help you to better manage your personal information and make informed decisions around your data and how it is being used.
Monday, December 13, 2021

Critical Security Vulnerability Discovered Take Immediate Action

A new critical security vulnerability known as Log4Shell (CVE-2021-4428) has been discovered that affects millions of Java applications from many different vendors and is actively being exploited by cybercriminals. The flaw is in the popular logging framework known as Apache Log4j and could lead to ransomware, data theft, or complete system take over.
Tuesday, November 30, 2021

Holiday Shopping Hazards

Shopping online can save you time and effort during the often-hectic holiday season, but it also carries risks. While shopping scams happen year-round, attacks tend to surge near the holidays. At this time of year, it’s especially important to examine any email that asks you to click a link, download a file, or confirm login credentials or payment information.
Friday, October 15, 2021

Students Sharing Andrew userID Password

When should students share their Andrew userID Password? The short answer is never. Sharing an Andrew ID password is against the Carnegie Mellon University Computing Policy and doing so can result in the account being suspended.
Friday, October 01, 2021

Be Cyber Smart

At a time when we are more connected than ever, being “cyber smart” is of the utmost importance. This year has already seen more than a fair share of attacks and breaches, including the SolarWinds and Kaseya breaches as well as high-profile attacks on the Colonial Pipeline and other critical infrastructure. Furthermore, as has been underlined by these recent breaches, cyber-attacks are becoming more sophisticated with more evolved bad actors cropping up each day. Luckily, there are several steps that we can take on a daily basis to mitigate risks and stay one step ahead of cybercriminals.
Thursday, September 16, 2021

Update Your Apple Devices Now

Apple released an emergency security update for iPhone, iPad, Apple Watch and Mac computers this week. Apple is encouraging all customers to update their devices immediately.
Thursday, August 26, 2021

Hola VPN Blocked on CMU Network

The Information Security Office has seen an uptick in malicious traffic from users with the free Hola Virtual Private Network (VPN) installed. Hola VPN is a free desktop, web, and mobile application that uses a peer-to-peer network (P2P). Allowing unsupported third-party access to your campus IP address is a direct violation of the Computing Policy.
Thursday, August 19, 2021

Securely Using the Cloud

Cloud computing is a general term that refers to the delivery of different services such as data storage, servers, databases, networking, and software over the Internet or virtual space instead of on a computer’s hard drive. Cloud-based storage allows for information to be accessed remotely from any Internet connected device, anywhere in the world making it extremely convenient for many organizations.
Wednesday, June 30, 2021

Is a Scammer Getting Unemployment Benefits In Your Name?
Wednesday, June 23, 2021

Protect Yourself From Tech Support Scams

Tech support scams include a scammer attempting to trick an individual into providing them remote access to a computer and its files. Scammers pretend to be from a reputable technical support company and will highlight common concerns regarding your computer. Scammers will request to connect to your system in order to “fix” the issue. Once on your computer, the scammer may install malware, steal your personal information, or ask for a payment in order to remedy the problem.
Wednesday, June 09, 2021

Defend Against Ransomware

Ransomware is a type of malicious software (malware) that is designed to hold files or computer systems hostage, demanding payment in order to regain access. Ransomware is the fastest growing form of malware and has remained a constant threat to individuals, small businesses, hospitals, school districts, and city governments for some time. In recent weeks, ransomware cyber-attacks have made the national spotlight; from shutting down gas pipelines and large food suppliers, to hijacking hospitals and city governments
Thursday, May 06, 2021

Celebrate World P@$$w0rd Day

May 6th is World Password Day and it’s as good of a time as any to ensure that your passwords are safe and secure.
Tuesday, March 30, 2021

IRS Warns University Community of Impersonation Email Scam

The Internal Revenue Service warned of an ongoing IRS-impersonation scam that appears to target educational institutions, including students, staff, and faculty who have “.edu” email addresses.
Tuesday, March 09, 2021

Are you really safe on social media?

TikTok, Facebook, Twitter, Instagram, and other social media platforms help you to stay in touch with family and friends around the world. We're all spending more time apart than ever before, so connecting online can be crucial.
Monday, February 15, 2021

How Secure Are Your Passwords?
Monday, January 25, 2021

Data Privacy Day

January 28th is Data Privacy Day! Most people believe that control of their personal data is broken, but don't know what to do to fix it, or worse, think they can’t do anything to fix it. This Data Privacy Day choose to follow these quick steps which will make a huge difference in protecting your privacy: from reducing your exposure to privacy risks, to adding extra protection to your passwords and accounts.
Monday, January 11, 2021

Spear Phishing Attack Targets CMU

On Saturday, January 9th the Carnegie Mellon University community was the target of a highly sophisticated spear phishing attack. The message appeared to be sent from it-help@cmu.edu with the subject message “ID 449189 – Account Irregular Activity Detected – “.
Monday, December 14, 2020

5 Ways to Outsmart a Social Engineer

All successful social engineering attacks have one thing in common: Someone believed something they shouldn’t have. But there is good news: If you are targeted, you are always in control. Don’t fall for the trap and the attack falls flat. Use these five tips to stay one step ahead of social engineers.
Wednesday, November 18, 2020

Holiday Shopping Hazards

'Tis the season for cyber scams and festive phish. Shopping online can save you time and effort during the often-hectic holiday season, but it also carries risks. While shopping scams happen year-round, attacks tend to surge near the holidays. At this time of year, it’s especially important to examine any email that asks you to click a link, download a file, or confirm login credentials or payment information.
Tuesday, November 03, 2020

FBI Warns of Widespread Compromises of Federal Student Aid Login Credentials via Spear Phishing

The Federal Bureau of Investigation (FBI) recently released a statement regarding an expected increase of spear phishing campaigns targeting university students attempting to steal federal student aid login credentials. Spear phishing is a type of targeted phishing email attack where a cybercriminal poses as a trusted organization in order to trick individuals into giving up financial or personal information such as account credentials.
Wednesday, October 28, 2020

NCSAM Week 3: Protect Your Accounts with Multifactor Authentication

Have you noticed how often security breaches, stolen data, and identity theft are consistently front-page news these days? The National Security Agency (NSA) reports that password compromise is a primary cause of these crimes and recommends multifactor authentication (MFA) as mitigation. By applying MFA to more of your personal accounts, such as email, social media, and more, you can better secure your information and identity online!
Thursday, October 15, 2020

NCSAM Week 2: Secure Your Smart Home and IoT Devices

Each year there seems to be a variety of popular new devices that make your home life more efficient. These Internet connected devices are rapidly making the world smarter by connecting the physical and the digital, however with more connected “things” entering our homes and workplaces each day, it is important that everyone know how to secure their digital lives. Do your part and #BeCyberSmart when using IoT devices in your smart home.
Tuesday, October 06, 2020

NCSAM Week 1: 5 Steps to Protecting Your Digital Home

More and more of our home devices—including thermostats, door locks, coffee machines, and smoke alarms—are now connected to the Internet. This enables us to control our devices on our smartphones, no matter our location, which in turn can save us time and money while providing convenience and even safety. These advances in technology are innovative and intriguing, however they also pose a new set of security risks. #BeCyberSmart to connect with confidence and protect your digital home.
Friday, October 02, 2020

FireEye Mandiant Threat Intelligence Landscape for Higher Education Webinar

Carnegie Mellon University has partnered with frontline intelligence experts from Mandiant and FireEye for actionable intelligence to strengthen our cyber security posture. As part of our National Cyber Security Awareness Month activities, Carnegie Mellon’s Information Security Office is hosting a threat briefing for higher education.
Wednesday, September 23, 2020

Job Offer Scams Target Undergraduate Students

As the new school year begins, the Information Security Office (ISO) would like to bring attention to a string of fake job offer scams that have been targeting undergraduate students at Carnegie Mellon University.
Tuesday, September 08, 2020

Back to School Cybersecurity

The start of the school year brings changes for everyone, whether you’re a student, a staff member, or an educator. You may need to navigate new digital environments, create new online accounts, and safely share data, documents, and personal details. The following security tips can help you— and any students in your care—start the year strong.
Wednesday, July 29, 2020

How to Identify Email Spoofed Phishing Attacks

Did you know that email scammers can easily forge the email from address? It’s called email spoofing and it can make the job of spotting scams more difficult.
Monday, June 29, 2020

How to Protect Personal Information Online

People have protected their personal information and sensitive documents for centuries. Historically that involved mostly physical protections, but in a digital world, physical protections are not enough. Physical protection of sensitive documents can occur by locking them away in a drawer or renting a safety deposit box at the bank. However, protecting a person’s digital information can be more difficult.
Wednesday, May 27, 2020

The Power of Updating

You may not realize it but cyber attackers are constantly looking for and finding new vulnerabilities and weaknesses in the software people use every day. This software may run your laptop, could be the mobile apps you use on your smartphone, or perhaps even the software in your baby monitor or other devices in your home. Bad guys take advantage of these software weaknesses, allowing them to remotely break into devices around the world.
Monday, May 04, 2020

May the Force Be With You in Protecting Your Data and Devices

Monday, May 4th is National Star Wars Day.  Millions of science fiction fans of the Star Wars movie franchise may find themselves uttering a pun on the famous catchphrase “May the Force be with You”, which means wishing someone good fortune. Now you may not be a Jedi master like Obi-Wan Kenobi, but here’s how to use the force so you can protect your data and devices from cyber threats and Sith Lords.
Wednesday, April 22, 2020

Keep Your Mobile Devices Secure

Mobile devices, such as smartphones and tablets, aren’t exempt from cybercrime. When a mobile device is connected to the Internet, the user of that device faces the same threats as a desktop computer user. Fortunately, you are not powerless when it comes to cyber threats. Taking a few preventative measures will go a long way in stopping a cyber-attack before it begins.
Monday, April 13, 2020

Scammers Request Electronic Gift Card Purchases Due to Coronavirus

Scammers are taking advantage of the coronavirus pandemic by finding new ways to trick users into giving up their money. There have been reports of coronavirus-related scams such as fake donations to hospitals for Personal Protective Equipment (PPE), unemployment benefits scams, fake charity scams, and scams offering coronavirus cures. Though the scams are new, these criminals are still attempting to collect cash through an old and reliable method ― gift cards.
Monday, March 30, 2020

Be Aware of Your Surroundings While Working Remotely

Many of us are working remotely these days in open or shared environments such as the kitchen table, the living room couch, the back porch, or even squirreled away in an unused bedroom. We may have roommates, significant others, or kids coming in and out of our work area. We may also have smart assistants in our homes, such as Alexa, Cortana, Google, and Siri. These devices are always listening and reacting to your commands.
Monday, March 23, 2020

Beware of 'ZoomBombing' Attacks
Thursday, March 19, 2020

Tips for Securely Working From Home

Just as our university is a target, so too are you at home. Your personal information, accounts, emails, and even your systems at home are valuable to cyber attackers. The university network block protections are not effective on non-campus networks. Not only can remote workers have their own privacy put at risk, working from home could result in breaching company security as well. This is why it is essential that when working from home, you follow the security procedures in the Guides for Remote Learning and Work. Read on for some simple steps you can take to create a more cyber secure home environment.
Monday, March 09, 2020

Digital Spring Cleaning

Most of us are so looking forward to spring! The landscape starts to take shape, flowers start to bloom, and, for many, there’s a desire to spring clean. While it might be easy to see the need to purge and tidy up, realizing the need to also digitally declutter isn’t so apparent. Here are some quick tips to get your digital life in order and establish new digital habits.
Thursday, February 20, 2020

Social Engineering: Pretexting and Impersonation

Pretexting is a form of social engineering where a criminal creates a fictional backstory that is used to manipulate someone into providing private information or to influence behavior. Criminals will often impersonate a person of authority, co-worker, or trusted organization to engage in back-and-forth communication prior to launching a targeted spear phishing attack against their victim.
Friday, February 07, 2020

The Dangers of Security Tailgating

One of the most common and widespread security breaches affecting organizations today is a social engineering attack known as tailgating (also referred to as piggybacking). Tailgating is a physical security breach in which an unauthorized person follows an authorized individual to enter a typically secured area.
Monday, January 27, 2020

Data Privacy Day

January 28th is Data Privacy Day! Most people believe that control of their personal data is broken, but don't know what to do to fix it, or worse, think they can’t do anything to fix it. This Data Privacy Day choose to follow these quick steps which will make a huge difference in protecting your privacy: from reducing your exposure to privacy risks, to adding extra protection to your passwords and accounts.
Wednesday, January 08, 2020

Phishing: Don't Be the Latest Catch

Email and other forms of messaging services such as Instagram, Skype, WhatsApp, and Facebook are primary methods of communication. These services are utilized by individuals daily for work, as well as to communicate with friends and family in their private lives. Unfortunately, since so many people rely on these messaging services, they have become a primary attack vector used by cyber criminals to gain access to sensitive information in a scheme known as phishing.
Monday, December 16, 2019

Phishing vs Spam: How to Determine the Difference

While there are many tools in place to filter and block a large volume of phishing or spam emails, some of these messages may be delivered to your inbox. Make sure you understand the difference between a spam and phishing email and how to handle each type of message.
Friday, December 06, 2019

Stay Safe from Online Threats This Holiday Season

As the holiday season approaches, the Information Security Office (ISO) encourages users to be aware of potential holiday scams and malicious cyber campaigns, particularly when browsing or shopping online.
Friday, November 22, 2019

Using a Password Manager to Easily Secure Your Accounts

In 2019 almost everything a person does online requires an account. Whether it’s for shopping, socializing, playing games, or even listening to music; there is an account and password that needs to be created in order to utilize the service. Since the average user has dozens, if not hundreds of accounts, it can be overwhelming to create and remember strong, unique passwords for each one. This can lead to weak passwords that can be cracked in a matter of seconds, or password reuse.
Thursday, November 07, 2019

Fake Job Opportunity for Students is the Latest Gift Card Scam

Gift cards are a popular and convenient way to provide someone a gift, especially during the holiday season. However, gift card scams have become an increasingly popular tactic used by criminals in recent years to steal money from unknowing victims. The latest gift card scam involves a bad actor posing as a professor of the university who is sending emails to students with a supposed job opportunity.
Wednesday, October 23, 2019

Spooky Social Media Cyber Threats

Cyber security threats can be scary and even downright frightful when you don’t know what to look for. This Halloween the Information Security Office wants to make sure that unlike your favorite horror movie, you are prepared to defend yourself against these types of spooky social media cyber threats before it’s too late!
Thursday, October 03, 2019

Password Reuse Leads to Andrew Account Compromise

CMU users who have used the textbook rental company Chegg or the fashion and sneaker trading platform StockX may have been affected by a recent security breach.
Wednesday, October 02, 2019

Cyber Circus to Kickoff NCSAM

The National Cyber Security Alliance and the US Department of Homeland Security launched National Cyber Security Awareness Month (NCSAM) in 2004 to promote cyber awareness. This year’s theme “Own IT. Secure. IT. Protect IT.” encourages personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.
Wednesday, September 25, 2019

Multi-Factor Authentication: What It Is and Why You Need It

Strong web security relies on a variety of tools and policies. It’s important not to rely on any single method for comprehensive protection. Multi-factor Authentication (MFA) adds another layer of account security, supplementing the username and password model with another factor that only the specific user has access to.
Friday, September 13, 2019

How to Create, Remember, and Secure a Strong Password

Passwords have become a big part of our lives in the digital age. We use them so often that it is easy to overlook the importance of creating a strong one. Almost every bit of private information about us is stored behind a password. If that password were to fall into the wrong hands, it could jeopardize our personal and financial livelihood. This article will provide helpful tips on how to create and remember a strong password—and more importantly, how to keep it secure.
Wednesday, August 28, 2019

How to Handle and Report Information Security Concerns

We know that students, staff, and faculty care about protecting their computers and mobile devices and take steps to secure them. However, no matter how securely we use technology, cybercriminals are constantly utilizing new attack methods to compromise accounts and steal personally identifiable information. This article will review how users should report security concerns here at Carnegie Mellon.
Thursday, August 15, 2019

Using a Virtual Private Network at CMU

Surfing the web or making transactions on an unsecured network, such as public Wi-Fi, means you could be exposing your private information. A cybercriminal could eavesdrop on a user’s network activity if not using encrypted communications protocols such as HTTPS. One way to protect online activity is to use a Virtual Private Network (VPN).
Thursday, August 01, 2019

Email Impersonation Scams on the Rise at CMU

Email is the primary form of communication for students, staff, and faculty here at Carnegie Mellon University. Email provides users a quick and reliable way to effectively communicate with coworkers, friends, and family. Though email communication is essential in a digital world, it can also be dangerous. Cybercriminals are taking advantage of email based communication by creating and delivering impersonation based scams to Carnegie Mellon users.
Tuesday, July 16, 2019

How to Spot and Avoid Common Scams

Have you ever gotten an email from someone claiming to be royalty? In their email, they tell you that they will inherit millions of dollars, but need your money and bank details to get access to that inheritance. You know this email isn’t legitimate, so you delete it, yet there are many more scams being perpetrated by criminals that sound more believable and aren’t as easy to spot.
Friday, June 28, 2019

On-Demand Security Awareness Training Available at CMU

Security awareness has a critical role in minimizing serious cyber threats posed by advances in information technology and innovations by cyber criminals. Proofpoint’s Wombat Security Education platform features 36 interactive training modules in over 35 different languages which focus on the most prevalent issues in cyber security today.
Wednesday, June 12, 2019

Protect Your Personal Devices

With an increasing amount of sensitive data being stored on personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you be prepared in case your laptop is stolen or your smartphone is misplaced.
Tuesday, May 21, 2019

Voice Phishing Phone Scams Hit Home and Office

In this digital day and age, the average Carnegie Mellon user is likely familiar with the techniques cybercriminals use to get ahold of personal data and money. However, cybercriminals have become smarter and therefore their attacks have become more complex.
Monday, May 06, 2019

World Password Day!

Thursday, May 2nd was World Password Day! Password Day falls on the first Thursday in May each year and is intended to raise awareness of password best practices and the need for strong, unique passwords.
Wednesday, April 24, 2019

Take Control of Your Personal Info to Help Prevent Identity Theft

Identity theft has become a fact of life during the past decade, however there is a lot we can do to protect ourselves from identity theft and to make recovery from cyber incidents quicker and less painful.
Monday, March 11, 2019

Gift Card Scam Uses Phony Academic and Administrative Leadership Emails

Cyber criminals use a variety of attack methods in order to obtain personal or financial information. One of the more sophisticated types of attacks is known as spear phishing. Spear phishing is a targeted attack towards a specific individual, organization, or business.
Monday, February 25, 2019

New CMU Phishing E-Mail is Double Trouble

A recent staff-wide phishing e-mail that had been circulating throughout the University contained two different ways malware could infect your system. The author of this phishing e-mail was hoping to lure unsuspecting users to open the PDF attachment or click the link and download the PDF file as both were laced with malware.
Monday, July 16, 2018

Extortion campaign leverages passwords stolen from third-parties

Extortion campaign leverages passwords stolen from third-parties. There is no need to be alarmed.
Friday, June 01, 2018

FBI recommends everyone reboot home routers

On May 25, 2018, the FBI issued a public service announcement recommending that everyone reboot (power cycle) home and office routers to disrupt malware known as as "VPNFilter".
Thursday, March 29, 2018

March 2018 Phishing: Security Alert on You Account

This past weekend, a targeted phishing e-mail was sent to campus community members. This phish presented a screen that looks like the CMU web login page. If you had entered your credentials, the attackers attempted to log into Workday, but were luckily foiled by Duo, our two-factor authentication.
Tuesday, May 16, 2017

Campus Response to "WannaCry" Ransomware Attack

Dear Members of the Carnegie Mellon Community, As you may have learned over the weekend, there is a world-wide ransomware attack known as 'WannaCry' hitting the Internet. More on ransomware below. It has affected hundreds of thousands of computers in over 150 countries but you don't have to be a victim.
Load more articles