As you know, on Friday there was a worldwide ransomware attack. Though that attack is currently partially halted, there are additional versions currently released that are live and active. Technical staff should be aware that this family of ransomware works by exploiting the Server Message Block vulnerability. Microsoft released patches on March 14 to address this.
By now you should have seen the news of widespread ransomware attacks. It is projected to have affected users in more than 150 countries.
In this attack ransomware called WannaCry was emailed to users. When opened, the malware locked files on their computers. Older versions of Microsoft Windows systems that have not applied security patches were affected.
On Monday, January 23, Apple released the iOS 10.2.1 update which fixes flaws that previously allowed iOS devices to be compromised. If you have any iOS devices (iPad, iPhone, iPod, etc.) it is highly recommended to run the update as soon as possible. More detailed information from Apple can be found here: support.apple.com/en-us/HT207482.
A new type of phishing scam is targeting online shoppers, reminding us to be aware of how we interact with websites and that phishing attacks can come from many sources, not just email!
The Enterprise Security team's mission is to improve the security awareness and profile of the university. We wanted to make you aware of this scam that could cause you loss as a consumer.
The Internet Crime Complaint Center (IC3) has issued an alert on employment scams targeting college students. Phony job opportunities are advertised via college employment websites or sent to students’ university email addresses. Unfortunately, students who have taken the bait have suffered financial losses. For more information and tips on avoiding these scams please review the IC3 Alert.
Adobe has released security updates to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
The Enterprise Security team's mission is to improve the security awareness and profile of the university. This includes making you aware of important cybersecurity new items. A Joint Analysis Report has been released by US-CERT providing details on malicious activities undertaken by Russian Civilian and Military Intelligence Services (RIS).
This week we’ve seen a surge of phishing attacks against the university. Most recently we spotted a malicious website posing as a login page for BuckeyeMail and wanted to bring it to your attention. Please avoid clicking on links in emails when possible and always verify you’re at the site you meant to be at before entering user name and password. If you receive an email phish please report it to firstname.lastname@example.org. By informing us, we can more easily target and block other emails and sites from the same source.
Have you ever received a suspicious email from someone claiming they work for the IRS? Or an out-of-place phone call that asks you to respond to the IRS immediately? What about an unexpected text with an attached tax form? You’re not alone!
We want to alert Ohio State students to a fraudulent scheme involving a third party offering to pay your Ohio State tuition charges in order to save you money. This information has also been shared with students by Ohio State Enrollment Services.
In this scam, a person asks for your Ohio State username and password to pay your tuition charges by credit card. Once you receive a confirmation of the credit card payment, you are instructed to send the person a wire transfer payment or a check for that amount less 5 percent.
Despite receiving a confirmation of the credit card payment, the payment is fraudulent and will eventually be rejected by the credit card company, leaving you with a balance still due to Ohio State.