JPMorgan Chase and 9 Other Financial Institutions Hacked

JPMorgan Chase and nine other yet to be named financial institutions suffered a massive data breach targeting both individuals and businesses.   The attackers were able to steal client names, addresses, email, and phone numbers.  JPMorgan states that no financial and login information was compromised.

Clients are advised to watch out for phishing scams within the next couple of months.  It has been reported by the security company SANS that some customers are already receiving phishing SMS / text messages.

JPMorgan Chase suggest:

  • Users watch their accounts for suspicious activity
  • Change their account password
  • Do not reuse the same password for multiple accounts
  • Watch out for phishing emails

If you receive an email that asks for your login or other personal information call the company directly to verify the email.  Do not respond or click on any links in the email. Do not log into your bank account from a link in the email; type in the bank url directly into the web browser.

Do not respond or click on any links in unsolicited text messages from your financial institution.  Call the company directly to verify the contents of the text message.

Other Links:

NYTimes: Hackers’ Attack Cracked 10 Financial Firms in Major Assault.

Computerworld: JPMorgan Chase attackers hit other banks

 

Posted in Safe Computing | Comments closed

NU users upgrade to OS X Mavericks for Free

Apple has not provided the Shellshock patch for versions of OS X older than Lion.  If you have an older version of OS X and would like to upgrade to Mavericks the Service Desk will be able to assist you.   Depending on your current hardware you may be able to upgrade to Mavericks for free.   The Service Desk will assist in evaluating your hardware, backing up and restoring your data and installing the update.

Please contact the Service Desk for assistance.  617-373-4357 or help@neu.edu

If your hardware does not support OS X Lion and above, Apple states that your risk from the Shellshock bug is low if you have not installed a web server on your computer. Should Apple release a Shellshock patch for older Macs, users are advised to update once it is made available.

Information about Shellshock: SecureNU Shellshock Bash bug Information

Posted in Apple | Comments closed

Apple Releases Shellshock Patch

Apple has released a patch to fix Shellshock Bash bug vulnerabilities.  Its is strongly recommended Mac users install the update when it becomes available through Software Update.

Northeastern managed Macs will be updated automatically with the patch.

For additional information: Shellshock Bash bug and the Apple update.

Note: This initial patch from Apple only fixes 2 of the 6 reported Shellshock vulnerabilities and only applies to Lion, Mountain Lion, and Mavericks.   Users are should apply additional updates should they be made available from Apple. 

Posted in Apple | Comments closed

ALERT: Mac, Linux, And Unix Users Impacted By Security Vulnerability “Shellshock”

For updated Shellshock Information: SecureNU – Shellshock Bash bug Information

This week security experts discovered an extensive security flaw in Bash, a component used in Linux and Unix operating systems, including Mac OS X. This vulnerability, nicknamed Shellshock, makes  devices running Bash susceptible to hackers and worms. Several technology manufacturers have already released preliminary patches to help stop this issue.

What is Shellshock?

Bash is a program that typically runs in the background so many users are likely not aware of its existence on their devices, although it is used in several different operating systems. The security vulnerability makes it possible to add malicious code to existing Bash code, allowing hackers to take over the operating system, where they can extract important information and compromise the device. Shellshock has the potential to be a greater security risk than the Heartbleed bug, as there are a wide variety of systems that utilize Bash, and this vulnerability is easy to exploit.

What can we do to protect ourselves?

Preliminary patches are now available for several of the impacted operating systems. ITS strongly recommends that you update any Mac OS X, Linux and Unix operating systems once security patches are available. Please be aware that external websites may be impacted by this vulnerability, and if compromised, there is the possibility of worms being transmitted to your computer. Please note that over time more and more information is being discovered regarding the extent and impact of this bug.

What is ITS doing to protect Northeastern?

To reduce our risk internally, ITS immediately began working on updating all of Northeastern’s technology with the available patches, and will continue to do so as new ones are released, limiting the exposure of campus systems. Additionally we have hardened our firewall against this vulnerability. System administrators across the university are working now to apply necessary patches to impacted sites and services. ITS will continue to monitor the situation, assess the associated risks and provide updates on this security issue as more news of Shellshock becomes available. We are continuing to work with our partner providers and vendors to address this serious security concern. As this is a constantly evaluating situation, information and updates will continue to be posted on the Office of Information Security website.

Other Security Concerns – Phishing

In the coming weeks, it is vitally important that you have a heightened awareness regarding your security. Hackers and Internet criminals never pass up a good crisis. Expect to see spam and phishing emails in the future citing security concerns due to Shellshock. If you have any doubts about the validity of emails, contact the company in question by phone. For Northeastern-specific emails contact the ITS Service Desk.

 

Posted in Safe Computing | Comments closed

4.5M Mail.ru and 1.2M Yandex Accounts Leaked; But Do Not Worry

On Tuesday an unknown individual posted a file containing 4.5 million Mail.ru and 1.2 million Yandex addresses and passwords to a Russian bulletin board. Both Mail.ru and Yandex deny the passwords came from their systems; it is believed the list has been compiled from hacked websites and phishing emails.

Regardless of where passwords came from both Mail.ru and Yandex state that only a small percentage of the accounts in the list might have worked. Independent reports state that the passwords are old and probably not even for valid Mail.ru or Yandex accounts.

What should you do?

If your Mail.ru or Yandex.ru password has not changed recently, now is a good time to change it.

As always, do not use the same email address and password for different website accounts. If one website is hacked, the attackers will be able to gain access to your other website accounts as well.

More information:

RT.com: http://rt.com/news/186580-millions-google-accounts-leaked/
Business Insider: http://www.businessinsider.com/russian-hackers-publish-passwords-to-nearly-5-million-email-accounts-2014-9

Posted in Safe Computing | Comments closed

5 Million Gmail Passwords Leaked; But Do Not Worry

logo4w

On Tuesday an unknown individual posted a file containing 5 million Gmail addresses and passwords to a Russian bulletin board. Google denies the passwords came from their systems; it is believed the list has been compiled from hacked websites and phishing emails.

Regardless of where passwords came from Google says that only about 2% of the accounts in the list might have worked. Independent reports state that the passwords are old and probably not even for Gmail accounts.

What should you do?

If your Gmail password has not changed recently, now is a good time to change it. For added protection enable 2-Step Verification on your account. 2-Step Verification requires you to enter a code the first time you access your account from a new computer or phone. This prevents a third party who may know your password from gaining access to your account.

Here is more information on how to enable 2-Step Verification on your Gmail account: https://www.google.com/landing/2step/

As always, do not use the same email address and password for different website accounts. If one website is hacked, the attackers will be able to gain access to your other website accounts as well.

More information:

Forbes: Google Says Not To Worry About 5 Million ‘Gmail Passwords’ Leaked

Posted in Safe Computing | Comments closed

Get Anti-Virus Software FREE!

computervirus
Welcome Students!

The new school year brings new virus and malware threats to your Mac and Windows computers. The ResNet Resource Center has a stack of Apples and PCs that are infected with viruses. Long gone are the days when Apple users are immune from viruses and malware. The viruses today attack both Macs and Windows with equal success and damage.

The only way to help protect your computer is to install anti-virus software. Fortunately Northeastern offers Symantec Endpoint Protection (anti-virus) for both Mac and Windows for FREE!

Download Symantec Endpoint Protection FREE today!

Why should you install anti-virus software?

The viruses today are much more dangerous than in the past; and may cause much irreversible damage such as:

  • Stealing your email password and hijacking your account
  • Stealing your social media passwords and hijacking your accounts
  • Stealing your personal information and photos
  • Encrypting and holding all your data hostage
  • Corrupting your operating system, making your computer unusable
  • Hijacking your computer to make it part of an international crime bot-net (not as cool as it sounds)

Wiping the computer and reinstalling the operating system from scratch is often the only way to remove the viruses. Do not be left without a computer or your data. Get FREE anti-virus software to help keep your computer safe and secure.

Contact the Service Desk at x4357 or the ResNet Resource Center for assistance.

Image credit: IntelFreePress, on Flickr

Posted in Apple, Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Decrypt CryptoLocker Ransomware Files for Free!

cryptolocker

Victims of the CryptoLocker ransomware are now able to decrypt and recover their files for free.

The BBC is reporting the website https://www.decryptcryptolocker.com will provide users the decryption key and recovery program that will decrypt all the files on their computer encrypted with CryptoLocker. The service was developed by the security companies Fox-IT and FireEye after their research on CryptoLocker uncovered the master decryption key used by the malware.

If your files are encrypted by CryptoLocker, first remove the malware using standard malware removal software. Next, to go the www.decryptcryptolocker.com and submit a file that has been encrypted along with your email address. The site will provide the decryption key for your computer and a program that will remove the encryption.

Please contact the Service Desk (617.373.4357) for assistance removing the CryptoLocker malware and recovering your files.

The best protection against CryptoLocker and future variants of the malware is to have anti-virus software installed and a current backup of your data. In the event that this service cannot decrypt your files a good recent backup is the only solution to recover your data.

BBC: Cryptolocker victims to get files back for free

SecureNU: What is CryptoLocker Ransomware?

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed