Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News & Events
Friday, April 19, 2019

Apple Receipt Phishing E-Mail Aims to Steal Your Apple Credentials

A new Apple purchase receipt phishing e-mail attempts to steal Apple credentials by tricking the recipient into thinking they were wrongly charged.
Monday, March 11, 2019

Gift Card Scam Uses Phony Academic and Administrative Leadership Emails

A type of spear phishing attack-that the Information Security Office (ISO) has seen a lot of recently attempts to fool people by sending a series of emails that appear to come from academic or administrative leadership and request gift card purchases.
Monday, February 25, 2019

New CMU Phishing E-Mail is Double Trouble

A recent staff-wide phishing e-mail that had been circulating throughout the University contained two different ways malware could infect your system. The author of this phishing e-mail was hoping to lure unsuspecting users to open the PDF attachment or click the link and download the PDF file as both were laced with malware.
Wednesday, August 01, 2018

Spear Phishing attack seeks gift cards
Monday, July 16, 2018

Extortion campaign leverages passwords stolen from third-parties

Extortion campaign leverages passwords stolen from third-parties. There is no need to be alarmed.
Friday, June 01, 2018

FBI recommends everyone reboot home routers

On May 25, 2018, the FBI issued a public service announcement recommending that everyone reboot (power cycle) home and office routers to disrupt malware known as as "VPNFilter".
Thursday, March 29, 2018

March 2018 Phishing: Security Alert on You Account

This past weekend, a targeted phishing e-mail was sent to campus community members. This phish presented a screen that looks like the CMU web login page. If you had entered your credentials, the attackers attempted to log into Workday, but were luckily foiled by Duo, our two-factor authentication.
Wednesday, October 25, 2017

University Response to Wi-Fi Vulnerabilities

Over the last week the Internet has been buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these vulnerabilities on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
Tuesday, October 17, 2017

Campus Response to Wi-Fi vulnerabilities (aka KRACK)

Dear Community Members, Today the Internet is buzzing with reports of newly discovered vulnerabilities in WPA2, a security protocol that protects the confidentiality of Wi-Fi network connections. A bad actor could exploit these vulnerabilities on an unpatched Wi-Fi network or client to read encrypted communication and in some cases, do additional harm such as change the content of communications and spread malware.
Thursday, August 17, 2017

Quick survey to help CMU improve two-factor authentication

Dear Carnegie Mellon community members, Last semester the university implemented a new Two-Factor Authentication service (2fa). Researchers at CMU’s CyLab would like to take this moment to get your feedback one last time on your thoughts and experiences on this move toward two-factor authentication. We encourage you to participate whether or not you completed the previous surveys.
Thursday, June 29, 2017

New website

The ISO site is using the new v5 templates from our content management system.
Tuesday, May 16, 2017

Campus Response to "WannaCry" Ransomware Attack

Dear Members of the Carnegie Mellon Community, As you may have learned over the weekend, there is a world-wide ransomware attack known as 'WannaCry' hitting the Internet. More on ransomware below. It has affected hundreds of thousands of computers in over 150 countries but you don't have to be a victim.
Thursday, April 20, 2017

Quick survey for people who do not use two-factor authentication
Monday, March 27, 2017

Quick survey to help CMU improve two-factor authentication
Thursday, March 16, 2017

ISO and Libraries Workshop on Password Managers
Friday, February 17, 2017

Confirming Legitimate Email: “Action Required: Launch of New Security Measure”​

Dear Members of the Carnegie Mellon Community, Some of you have expressed concern about a suspicious link in a recent campus-wide email sent on 2/15/2017 with the subject "Action Required: Launch of New Security Measure." We want to assure you that this email is legitimate. It is NOT a phishing email.
Thursday, October 20, 2016

National Cyber Security Awareness Month: Our Shared Responsibility

Dear Students, October is National Cyber Security Awareness Month. This year's theme is "Our Shared Responsibility". Nothing could be more true when it comes to cyber security.
Tuesday, October 18, 2016

ISO releases Password Manager Guidance
Tuesday, October 18, 2016

National Cyber Security Awareness Month: Our Shared Responsibility Conference

October is National Cyber Security Awareness Month, and this year's theme is "Our Shared Responsibility". ISO is hosting a free mini-conference for faculty, staff and students on October 24, 2016 from 9:00 until 1:30 in Rangos 3. The morning session (9-11:30) is geared towards faculty and staff and begins with an opening by our VP of Operations, Dr Rodney McClendon and continues with emerging cyber threats, business continuity and disaster recovering planning, strengthening authentication, and improving password management with password managers. The afternoon session (12-1:30) is geared towards students and includes discussion on careers in Cyber Security and securing Google Apps for Education.Seating is limited, please register!
Tuesday, October 04, 2016

National Cyber Security Awareness Month (NCSAM)

October is National Cyber Security Awareness Month! The Information Security Office has a few things we'd like to share with you, including information on two-factor authentication! Vist us athttp://www.cmu.edu/iso/aware/ncsam/index.html
Monday, October 03, 2016

National Cyber Security Awareness Month (NCSAM)

The Information Security Office has sent a massmail to staff, faculty and PhD students related to National Cyber Security Awareness Month and Our Shared Responsibility. Details of this message are found by clicking through to the detailed content.
Monday, July 18, 2016

Stay Alert for Email Scams and Ransomware

I am writing to alert you to a number of recent email-based scams and how they have impacted faculty and staff at Carnegie Mellon. Earlier this year, I sent an alert about email scams, aka phishing attacks, targeting our community with the goal of collecting login ids and passwords. (See "Campus Scam Alerts" on the ISO's website under News & Alerts.) We are now seeing unauthorized use of login ids and passwords gathered during those or similar phishing attacks to change direct deposit information in Workday. No actual payroll losses have occurred thanks to collaborative response efforts but more than a dozen victims temporarily lost access to their Andrew account while the matter was being resolved. Email scams are also being used to deliver ransomware via malicious attachments or links to malicious websites. Ransomware is a particular type of malware that encrypts all of the files accessible to the infected computer before demanding that a ransom be paid to unlock them. It is one of the fastest growing cyber threats. Without good backup copies of their electronic files, victims of ransomware are stuck paying the ransom or trying to reconstruct their files from other sources.
Tuesday, July 05, 2016

Significant: Symantec Products SYM16-008, SYM16-010 and Symantec Endpoint Protection Phaseout

Critical security flaws have been discovered in the core components shared by nearly all of Symantec's enterprise and consumer anti-virus products. These security flaws can be exploited without user interaction when files are automatically scanned (e.g. on email receipt, web visit, file upload, etc...) Though no attacks have been reported, wormable malware exploits are highly likely.Although Symantec has released security updates to fix these vulnerabilities, Computing Services has decided to accelerate our Symantec Endpoint Protection (SEP) phaseout plans. We will be recommending that users uninstall SEP and replace it with alternate anti-virus software.
Thursday, April 07, 2016

Significant: Adobe Flash Player 0-Day Exploits - APSA16-01

A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Immediately update to the current version of Flash Player. More details are at https://helpx.adobe.com/security/products/flash-player/apsa16-01.html WHAT YOU NEED TO DO:If your computer is managed by Desktop Support or a departmental computing administrator, please consult them before making any changes. Immediately update to the current version of Flash Player. Visit Adobe's About Flash Player to check that you have the latest version. If the version is not the latest for your browser, visit Adobe's Player Download Center and follow the update instructions. If available, allow Adobe to install updates automatically. Some browsers (Chrome, Microsoft Edge, and IE 10) will automatically update the Flash plugin for you. Repeat these steps for each browser you have installed.
Tuesday, March 22, 2016

Campus Scam Alerts

Dear Faculty and Staff, I am writing to alert you to a number of recent -- and, unfortunately, successful -- email phishing scams that have been received by faculty and staff at Carnegie Mellon or by other schools. These scams target Workday users, DropBox users, Blackboard users, and research faculty with the goal of capturing login ids and passwords for various purposes. They impersonate our official email addresses and service providers. The email messages and websites they lead to are sophisticated, look legitimate, and require due diligence in detecting and reporting. See additional details for each of these scams below. As April 1 approaches, a day notorious for pranks and scams, please be on increased alert for scams: Avoid clicking on links or opening attachments in unexpected email; Check in with senders to be sure a message is legitimate before taking action; Never send your username and password in response to an email, no matter how urgent sounding; Validate URLs or use known good URLs or bookmarks to navigate to university services; Question unexpected callers before providing requested information. If you receive suspicious emails, phone calls or other forms of contact, please report as soon as possible to iso-ir@andrew.cmu.edu. The ISO will triage the situation and if necessary block campus access to malicious destinations, notify affected parties, and take other actions to contain harmful effects. The sooner you report, the sooner we can protect. From the entire ISO team, thank you for remaining vigilant, reporting concerns, following procedures, and assisting in our response efforts. We appreciate your partnership in keep CMU's data, systems, and networks secure. Thank you, Mary Ann BlairDirector of Information SecurityCarnegie Mellon University412-268-8556macarr@cmu.edu
Friday, March 18, 2016

Phishing message from Farnam Jahanian via Dropbox

Thursday night starting around 9:45 PM a phishing email attack was sent to CMU email addresses.The phishing message was a fake Dropbox shared document notification pretending to be from "Farnam Jahanian via Dropbox [official@andrew.cmu.edu]". This phish asks users to click on a link leading to a fake Dropbox login page and provide their username and password. The fake login page showed logos for Gmail, AOL, Windows Live, Yahoo and "other emails" and prompted with the text "To view the shared document, you are required to Login with your email address below"This is not a legitimate e-mail and it was not an ISO phish training campaign. ISO notified the recipients around 11:35 PM that same evening. To determine what you need to do, please click through to the full story.
Load more articles
Need to report a concern?