Showing posts with label awareness. Show all posts

It's National CyberSecurity Awareness Month - Come Celebrate with Us!

by in , , , , ,

October is National CyberSecurity Awareness Month!

In support of this annual cybersecurity event, ITS Information Security in concert with Professional Development will be hosting a webinar on Thursday, October, 22 from 10:00am – 11:00am titled “BeCyberSmart | Securing your “Smart” Home”. 

Follow this link for additional information about this event including how to sign up please.   We encourage you to share this awareness opportunity with all of your staff. 

Thank you

ITS Information Security

Celebrate CyberSecyruity Awareness Month.  Do Your Part, be #BeCyberSmart.

 

 

 

Beware of Coronavirus (COVID-19) Phishing Scams

by in , , , , , , , , , , ,

Most of us have seen and read in the news about the Coronavirus outbreak, currently known as SARS-CoV-2 or Coronavirus Disease 2019 (COVID-19). We wanted to remind you that during media intense events like this, cyber attackers take advantage of this opportunity and attempt to scam you or launch phishing attacks that attempt to get you to click on malicious links or open infected email attachments. Here are some of the most common indicators that the phone call or email you received is most likely a scam or attack (additional information on identifying scam phone calls and emails may be found at the Federal Trade Commission Consumer Information website).
  • Any messages that communicates a tremendous sense of urgency. The bad guys are trying to rush you into making a mistake.
  • Any message that pressures you into bypassing or ignoring our security policies and procedures.
  • Any message that promotes miracle cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.
  • Be very suspicious of any phone call or message that pretends to be an official or government organization urging you to take immediate action. 

For the latest updates consider visiting the World Health Organization website on Health and Disease Control, the Center for Disease Control website, or our own CSUCI Coronavirus (COVID-19) Information website. Please keep in mind Coronavirus scams and attacks can happen at work or at home, via email, text messaging or even over the phone. Don’t fall victim to bad guys playing on your emotions. 

If you feel you have received a phishing attack at work, simply delete the message or if you have concerns report it to your information security team.

Information Resources: 

CSUCI Coronavirus (COVID-19) Information
California Department of Public Health
U.S. Center for Disease Control and Prevention
World Health Organization
CSU Chancellor’s Office
U.S. Department of State
Johns Hopkins Real Time Map
County of Ventura
VC Emergency
Ventura County Public Health
Santa Barbara County Public Health
Federal Trade Commission Consumer Information

2-Factor Authentication is Coming to CI!

by in , , , , , , , , , , , , ,

Dear Colleagues,

Over the past months CI has been in the process of rolling out DUO’s 2-factor authentication solution to increase CI’s overall security posture and to better protect your myCI accounts. 2-factor (which is sometimes called 2-step or multi-factor) authentication or 2FA/MFA, is the process by which a user accesses a computer system or software application using two (or more) forms of authentication to log in to that system or application. The forms of authentication are often described as using, “something you know”, “something you have” and “something you are”. One factor is typically a username and password (something you know). A second factor can be the use of a mobile app, a phone call or text message, or hardware token (something you have) or, in some cases, the use of a fingerprint or retinal scan (something you are). Without at least two forms of verification, the login will fail.

CI is continuing its rollout to the faculty and staff community during the month of November with an anticipated completion date of November 30, 2019.

What to Expect:

During this time period you will receive an email from DUO inviting you to enroll in the system. Please read over the email carefully, and then follow the instructions to enroll yourself in the system.

Please note:

If you do not wish to use the DUO Push Mobile App on your mobile device, you may pick up a token at the Solution Center desk in the Broome Library 1350 from Anderson Hanchett Monday through Friday between the hours of 8:00 AM and 11:30 AM and again between 1:30 PM and 5:00 PM.

It is required that you register at least two (2) methods of authentication. These could be any of the following:

  • Mobile App and Token
  • Token and (unshared) desk phone
  • Token and mobile phone (to call)

Additional information regard 2FA at Channel Islands may be found at these links:


Thank you for your support in keeping Channel Islands a secure computing community.
If you have any questions about the 2-Factor Authentication rollout, please contact your information security team at infosec@csuci.edu.

Cyber Security Awareness Fair Coming to CI This Week!

by in , , , , , , , , , , , , , , , , , ,

Dear Campus Community,

In celebration of National Cyber Security Awareness Month (NCSAM) 2019, CSU Channel Islands Information Security is hosting a Cyber Security Awareness Fair on Tuesday, October 29th and Thursday, October 31st, 2019 and you are invited! Come join us for a two-day event that will provide insights from security professionals on the latest cyber threats and landscape, and the opportunity to collaborate across the university.

The Cyber Security Awareness Fair will take place on the main Camarillo campus at the Broome Library in rooms 1310 and 1320 from 9:00 AM - 5:00 PM on each day and will include a pizza lunch on both days until the food runs out.

This is a free event that is open to the entire CI campus community!

Please share this information with your friends and we hope to see you there!

Agenda

Tuesday 10/29/2019

09:30 AM - 10:30 AM Cybersecurity Education at CI
11:00 AM - 12:00 PM Nation State Attacks: You are a Target!
12:00 PM - 01:00 PM Scams Targeting CI Students
01:00 PM - 02:30 PM Diversity in Cybersecurity Panel
02:30 PM - 03:30 PM Securing your Home Router
03:30 PM - 04:30 PM Multi-Factor Authentication is Coming…
04:30 PM - 05:30 PM CI Cyber Security Club

Thursday 10/31/2019

09:00 AM - 10:00 AM How Secure is the Internet: Developing Secure Elliptical Curve Cryptography
10:00 AM - 11:00 AM Using a Raspberry Pi for Home Security
11:30 AM - 12:30 PM Cyber Security Jeopardy
12:30 PM - 01:30 PM The Cyber Threat Landscape and You…
01:30 PM - 02:30 PM The DARK Web…




Changes are coming to CI Records!

by in , , , , , , , , , , , , , , , , ,



On Monday March 26th CI Records will split into two systems, CI Records and CI Personnel. CI Records will remain as CI’s Student Information System, and CI Personnel will become CI’s Human Resources Information System. This change, which originated from our software vendor (Oracle) and which is now being implemented across all CSU campuses, will separate the one information system into two.

On Thursday March 22nd, CI Records will be shut down at 4:00 pm to prepare, upgrade and convert it into the two new information systems, CI Records and CI Personnel.

What this means for you:

If you are a Student:

  • You will continue to access and manage your student registration, payment, and enrollment information in CI Records. No changes are being made to the most common student processes. 

If you are a Student employee:

  • All student employees will complete timesheets, report absences, and view vacation & sick time balances in CI Personnel. 

If you are a Faculty member:

  • You will continue to access course, grades, and advising functions in CI Records. There are no changes to any of these operations or processes. 
  • All faculty will complete timesheets, report absences, and view vacation & sick time balances in CI Personnel. 

If you are a Staff employee:

  • All staff will complete timesheets, report absences, and view vacation & sick time balances in CI Personnel. 

Accessing CI Records

CI Records will continue to be available through the myCI portal.

Accessing CI Personnel

CI Personnel will be available through CI’s myCI portal and will be included in the list of services available.

Simply log into myCI and click on the new CI Personnel icon to log in. This button will become available to faculty and staff by 8:00AM on Monday March, 26th.


New monthly technology maintenance plan and schedule announced

by Anonymous in , , , , , , , ,

To provide the best possible service, the Division of Technology & Innovation T&I must regularly update and perform routine maintenance on its systems and networks. Some of these activities require that the affected systems and networks be shut down. While this work is essential, we also recognize that it presents an inconvenience. To enable those who use these systems to better plan for maintenance, we are establishing a new monthly maintenance plan and schedule for performing routine maintenance and upgrades to our services.

The Division of Technology & Innovation (T&I) will perform its scheduled monthly technology maintenance on the second Friday of each month starting at 6:00 PM and ending at 6:00 AM the following morning. The monthly maintenance program is a preventive measure that is essential to providing stable and secure systems to the University.

Visit the T&I Maintenance Schedule page for a complete list of scheduled maintenance dates and additional details about this updated practice. Please contact Deputy CIO Herb Aquino at herb.aquino@csuci.edu with any questions about the schedule or plan.

Google Releases Security Update for Chrome

by in , , , , , , , , , , ,

Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

Apple patches security flaws with new versions of iOS, OS X

by in , , , , , , , , , , , , , ,

Apple has packed patches for dozens of security flaws into the new versions of its iOS and OS X operating systems.

The company noted Tuesday in a security advisory that just-released version 8.4 of the iOS mobile operating system contains more than 20 fixes for vulnerabilities that could lead to remote code execution, application termination and the interception of encrypted traffic, among other issues.


Read more about these updates here.

Celebrate International Password Day!

by in , , , , , , , , , , , , ,

There are all sorts of days to celebrate during the year such as Mother's Day and Father's Day, and even some more off-the-wall days such as National Fried Chicken Day, Talk Like a Pirate Day, and a personal favorite, National Pancake Day.  But today is an extra special day that should be added to everyone's calendars.  Today is International Password Day!

International Password Day gives us all the opportunity to stop and reflect on what makes a good password, and how we can best protect our work and personal data by using strong password concepts.

To help you along, there's even a website dedicated too helping you figure out what makes a good password, how to deal with keeping track of the never ending list of passwords, mobile device passwords, and even some funny stories about password catastrophes!

Please take the time in joining your information security team in making every day a strong password day!


Don't be a victim of identity tax theft! The IRS is helping to protect false tax claims.

by in , , , , , , , , , ,

One of the hot identity theft scams is submission of false tax returns in order to receive unearned or earned refunds. The IRS has a process to try and detect these false returns. If they suspect a false return they will mail a letter to the address the taxpayer listed in their previous year return. The IRS letter directs the taxpayer to visit an IRS site to verify the tax return submitted. Legitimate letters should direct taxpayers to idverify.irs.gov. More details are contained in this link:http://www.irs.gov/uac/Newsroom/Taxpayers-Receiving-Identity-Verification-Letter-Should-Use-IDVerifyirsgov.

The IRS also has a great website page detailing active tax scams: http://www.irs.gov/uac/Tax-Scams-Consumer-Alerts.

If taxpayers suspect they are a victim of tax fraud/identity theft, they should contact the Treasury Inspector General for Tax Administration at 1-800-366-4484 or via the web at:http://www.treasury.gov/tigta/contact_report_scam.shtml

Taxpayers can forward scam emails to phishing@irs.gov.

Faster network coming to CI

by in , , , , , , , , , , , ,

After many months of planning, the campus is less than two weeks away from faster, stronger Internet access as the Technology Infrastructure team will be visiting each building over a span of 11 days to upgrade network connectivity.

During the planned upgrades, campus telephones, Internet access, wireless connectivity, and network connectivity for myCI, PeopleSoft, CI Learn, CI Records, CI Financials, CI Docs, CI Sync, etc. will not be available. Additionally, access to the campus wireless network from a different building than your own may not be available due to certain resources being bound to your location/workstation.

The upgrade process begins March 16 at Sage Hall and will continue through March 31. Installation in each building will take approximately four hours. You can review the planned schedule here to verify your building’s planned upgrade.

Ultimately, wireless access speeds will increase by 2 times, while wired access will increase by 10 times.

For more information, go to www.csuci.edu/tc or email questions to Herb Aquino, Manager of Technology Infrastructure at herb.aquino@csuci.edu

Adobe Flash Player Exploit Found - What you can do protect your systems.

by in , , , , , , , , , , , ,

Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player. Additionally, Adobe is investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists in the wild. For the latest information, please refer to the PSIRT blog here.  You may find more information about the Adobe Security Bulletin here.


Here are instructions on how to disable Adobe Flash in current browsers. If Flash is disabled, it can be temporarily re-enabled if needed. Follow the steps for all browsers used. If you use multiple browsers it may be simpler to uninstall Adobe Flash: http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html.

Mac

Firefox
  1. On the Firefox tool bar go to Tools 
  2. Select Add-ons 
  3. In the Plugins tab, set Shockwave Flash to Never Activate 
Safari
  1. On the Safari tool bar go to Safari > Preferences… 
  2. In the Security tab, ensure Allow Plug-ins is checked 
  3. Click on the Manage Website Settings… button 
  4. Select Adobe Flash Player 
  5. In the dropdown, select When visiting other websites: Block 
  6. Click on the Done button 
  7. Close the Preferences dialog box 
Chrome
  1. Type chrome:plugins in the address bar to open the Plug-ins page 
  2. On the Plug-ins page that appears, find Adobe Flash Player 
  3. Click the Disable ​link under its name 

Windows

Firefox
  1. Go to the Firefox menu button 
  2. Select Add-ons 
  3. In the Plugins tab, set Shockwave Flash to Never Activate 
Internet Explorer
  1. Click the Tools button, and then click Manage add-ons 
  2. Under Show, click All add-ons, and then select Shockwave Flash Object 
  3. Click Disable, and then click Close 
Chrome

  1. Type chrome:plugins in the address bar to open the Plug-ins page 
  2. On the Plug-ins page that appears, find Adobe Flash Player 
  3. Click the Disable ​link under its name

Fake Dropbox login page nabs credentials, is hosted on Dropbox

by in , , , , , , , ,

An email with the subject “important” tells recipients that they must sign into Dropbox in order to view a document too big to be sent via regular email, but clicking on the link included in the message brings people to a fake Dropbox login page that is actually hosted on Dropbox. 

Link to the rest of this SC Magazine article to find out more about this new scam.

Hackers hit eBay database containing personal info, users asked to change passwords

by in , , , , , , ,

EBay is asking users to change their passwords after it was announced yesterday attackers gained unauthorized access to eBay's corporate network, compromising a database containing encrypted passwords and other personal data. Additional information may be found here or on eBay.

Heartbleed Bug Update

by in , , , , , , , ,

There has been a lot of news recently regarding the Heartbleed Bug, a security threat that was erroneously introduced into the code of OpenSSL back in late 2011. T&C has determined its critical systems have not been affected by this threat and continue to perform evaluations of its other systems.

Additional information about public services such as Google, Yahoo, Facebook, etc. may be found here as well as at other sites on the internet:


Additional information on Heartbleed may be found here:

Major Apple security flaw found. Patches issued and should be applied.

by in , , , , , , , , ,

Apple rushed to release iOS 7.0.6 on Friday and OS X 10.9.2 today with patches for a shockingly overlooked SSL encryption issue that leaves iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack.  All users of iOS 7 and Mac OS X Mavericks (10.9) should download and apply these patches.  The vulnerability is not present in versions of OS X prior to OS X 10.9 Mavericks or iOS prior to iOS 6.


Additonal resources:
For a full listing on the security patches in this update, visit the Apple site.

For a full listing on the security patches in this update, visit the Apple site.

Computer Security and You.

by in , , , , , , , , , , ,

Scammers, hackers, and identity thieves are looking to steal your personal information – and your money. But there are steps you can take to protect yourself, like keeping your computer software up-to-date and giving out your personal information only when you have a good reason.


Visit our friends at OnGuardOnline.gov and see what you can do to better protect yourself and your personal information.

Ransomware Infections on the Rise.

by in , , , , , , , , , , ,

In a recent news release by US-CERT, the United States Computer Emergency Readiness Team, US-CERT stated they are aware of a malware campaign that surfaced in 2013 and is associated with an increasing number of ransomware infections. CryptoLocker, a new variant of ransomware, restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files.  As of this time the primary means of infection appears to be phishing emails containing malicious attachments.

Everyone who makes use of computer systems, including email, should be on guard for these types of malware infection attempts.  In many cases the email will appear to be legitimate and harmless but you need to ask yourself if you were expecting this communication, and if not, contact the sender to make sure it's legitimate.

To help mitigate any loss of data should you fall victim to this infection, you should take regular backups of your system and store your important files onto your file server which is backed up regularly.

To get more information about CryptoLocker, follow this link to the US_CERT website and think before you click!

October is National Cyber Security Awareness Month (NCSAM)!

by in , , , , , , , , , , , ,


Each and every one of us needs to do our part to make sure that our online lives are kept safe and secure. That's what National Cyber Security Awareness Month—observed in October —is all about!

Please take the time to review some of our resources available to help you become more aware of the current landscape for cyber-threats.




Think you deleted that file from your system? Think again!

by in , , , , , , , ,

new video released by SANS.org this month titled "Data Destruction" will help you learn just how difficult it is to truly delete data, and that it actually requires a process called wiping.