New Blackboard Phishing Email

bb_phishing

The above phishing email has been reported by several members of the Northeastern community. This email, like many phishing emails, attempts to trick the user into clicking on a link that supposedly points to an official Northeastern website. If you hover your mouse over the link you will notice that the link does not point to a Northeastern website.

This email takes the scam a step further by adding a fake time constraint that forces the user to take immediate action rather than stop and consider the veracity of the message.

If you receive this email please do not click on the link and delete it from your inbox.

Please contact the Service Desk at help@neu.edu or 617-373-4357 for assistance.

Posted in Malware, Anti-Virus, Phishing, Scams | Comments closed

Are you a cyber superhero?

cyberlock

Sure, you are secure but how about your friends?

You are a security expert. Your passwords are complex, longer 10 characters, and stored in a password manager. You always update your software and Apple operating system when new patches come out. You never leave your laptop or phone alone in the library or classroom. You use a VPN on public wireless in coffee shops and restaurants. In every respect you are the perfect example of a secure computer user.

But what about your friends? Do your friends know how to create a complex password with more than 10 characters; with upper and lower case letters and numbers? Do your friends know how to use a VPN on public wireless? Do your friends know not to leave their laptops alone in the library to thwart opportunistic thieves?

Take a moment now to help your friends become more secure. The routine simple things you do every day to secure your computer could save them a ton of trouble and suffering. Teach your friends these simple tasks and who knows, you may help prevent your friends from becoming the next victim of a cyber-crime or theft. You can be their cyber superhero!

Help them:

For questions about these tips or other cyber security issues please contact the Office of Information Security at ois@neu.edu.

Image credit: Flickr: Yuri Samoilov

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Stagefright – Android malware

This past week, the mobile security firm Zimperium discovered a major vulnerability within the Android operating system. This vulnerability, nicknamed Stagefright, has the potential to impact around 950 million Android devices. This exploit is unique in that users do not have to do anything in order for the malicious code to be downloaded to their phones. Once a hacker has gained access, they can completely take over your phone, from stealing or deleting your data, to turning on your camera and microphone. Morning Edition on NPR has a good explanation of both the vulnerability and challenges with this security threat: Major Flaw In Android Phones Would Let Hackers In With Just A Text

Several smartphone manufactures and wireless carriers have already developed and deployed necessary patches to resolve the issue; others are actively working on a patch release. In the meantime, Android users can defend themselves in the following ways:

Turn off “Auto Retrieve MMS” in all messaging apps
The scariest part of this particular vulnerability is that the user does not need to open the message for the virus to be activated. Many androids are set to automatically download images and videos within messaging apps, the virus is automatically downloaded upon receipt. To avoid this, the Office of Information Security (OIS) recommends turning off “Auto Retrieve MMS” in all messaging apps. Instructions can be found on the Digital Trends website.

Enable automatic updates
Turning on automatic updates will ensure that patches are installed as soon as they are released. Patches are targeted at known vulnerabilities, so automatic updates help you to protect yourself from security threats. In fact, a recent security study done by Google found that the top practice recommended by security experts was installing software updates.

Never play a video multimedia text message (MMS) from anyone you do not recognize
Stagefright happens when message containing a video with embedded malicious code is received. As with emails, you should never click on any links or images in text messages from people you do not know. Remember, regardless whether it is an email or text message, opening messages from people you do not know can be dangerous.

Questions or concerns? Please contact the Office of Information Security at OIS@neu.edu.

For the latest news on security issues, visit the Office of Information Security website or follow SecureNU on Twitter. To stay updated with all things tech-related, please visit the ITS website or follow NortheasternITS on Twitter.

Related links:
ZDNet – Stagefright: Just how scary is it for Android users?
Twilio – How to Protect Your Android Phone From the Stagefright Bug

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Adobe Flash Vulnerabilities

The Hacking Team, a group of digital activists, was hacked earlier this summer. Within the data that was compromised, three Adobe Flash vulnerabilities were discovered; CVE-2015-5123, CVE-2015-5122, CVE-2015-5119.

Adobe has patched two of the three vulnerabilities but has yet to release a patch for the third. While Adobe has committed to patching all three vulnerabilities by the end of the week, many organizations are putting protections in place. For example, Mozilla Firefox is now blocking Adobe Flash by default. The block will remain in place until a version is running that contains a patch for all three vulnerabilities.

Below are some additional tips to protect yourself from the Adobe Flash vulnerabilities:

– Make sure you have Symantec installed and updated! (http://www.northeastern.edu/its/services/software/sep/)
– Avoid using Adobe Flash. Please see below for instructions on how to disable Adobe Flash in your browser.
– If you must use flash, use Firefox or Chrome. Both have a built-in “sandbox” feature which “adds an additional layer of protection to your browser by protecting against malicious web pages that try to leave programmes on your computer, monitor your web activities or steal private information from your hard drive” (https://tools.google.com/dlpage/res/chrome/en-GB/more/security.html)

—–
Disabling Adobe Flash:

Internet Explorer versions 10 and 11
Open Internet Explorer
Click on the “Tools” menu, and then click “Manage add-ons”
Under “Show”, select “All add-ons”
Select “Shockwave Flash Object” and then click on the “Disable” button
You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash Object”, and then clicking on the “Enable” button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.

Firefox
Open Firefox
Open the browser menu and click “Add-ons”
Select the “Plugins” tab
Select “Shockwave Flash” and click “Disable”
You can re-enable Adobe Flash Player by repeating the same process, selecting “Shockwave Flash”, and then clicking on the “Enable” button.

Chrome
Type “chrome:plugins” in the address bar to open the page
On the Plugins page that appears, find the “Flash” listing
To disable Adobe Flash Player completely, click the “Disable” link under its name
To enable Adobe Flash Player, click the “Enable” link under its name

Posted in Uncategorized | Comments closed

Tips for Sending Sensitive Information via Email

Thanks to the internet, we are sharing more than ever! Most of the time, we don’t think anything of it. Need to send over those tax documents to your accountant? No problem! Just send them over via e-mail, right?

Before you hit send, here are a few tips on how to better secure your information when sending it over e-mail.

tips for sending info via email

Posted in Safe Computing, SecureNU Information | Comments closed

China is conducting a massive DDoS attack against GitHub

GitHub.com, a popular code repository, hosts two projects that allow users in China to bypass the Great Firewall of China (GFW) to view the New York Times and GreatFire.org.

This attack is designed to take down GitHub and the GFW projects using a technique called Man-on-the-Side attack. When a user visits a website that is behind the GFW, the firewall itself returns to the user browser attack code that takes part in a distributed denial of service (DDoS) attack against GitHub. The attack code tells the browser to continuously reload the GitHub project URL with the purpose of overloading the server. This process is magnified over millions of times to create what GitHub has called “the largest DDoS attack in github.com’s history”.

As described by Netresec:

In short, this is how this Man-on-the-Side attack is carried out:
1. An innocent user is browsing the internet from outside China.
2. One website the user visits loads a javascript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).
3. The web browser’s request for the Baidu javascript is detected by the Chinese passive infrastructure.
4. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious javascript that tells the user’s browser to continuously reload two specific pages on GitHub.com.

As stated on Vice.com: “In other words, even people outside China are being weaponized to target things the Chinese government does not like[.]”

Fortunately this latest attempt at Internet censorship can be prevented with encryption. Encrypting web traffic through HTTPS makes it much harder for the GFW to view and manipulate network traffic between client and server. With network traffic encrypted the firewall would not be able to read let alone insert attack code sent back to the client. This option is not foolproof and there are a ways that the GFW can read encrypted traffic, but encrypting all web traffic will go a long way to prevent these types of attacks from nations and criminals alike.

Lets Encrypt https://letsencrypt.org Sponsored by EFF, Cisco, Mozilla, Akamai

More Information about the attack:

Netresec.com China’s Man-on-the-Side Attack on GitHub:

TechDirt.com China’s Great Firewall Turned Around: Why China Wants To Censor Global Internet

EFF.org China Uses Unencrypted Websites to Hijack Browsers in GitHub Attack

ThreatPost: DDOS ATTACK ON GITHUB LINKED TO EARLIER ONE AGAINST GREATFIRE.ORG

Posted in Uncategorized | Comments closed

Antivirus works – here are the numbers

Here are the malware and virus statistics for the past month:

The Northeastern offered Symantec Endpoint Protection (SEM) has blocked or deleted over 20 thousand pieces of malware and Trojan viruses from protected OS X and Windows computers. This includes 80 instances of ransomware, malware that makes a computer unusable until the victim pays a ransom. SEM has blocked Fake Adobe Flash updates, fake anti-virus popup alerts, browser and computer exploit kits, generally malicious network activity, and others.

Antivirus along with keeping the operating system and software up-to-date, maintaining an active firewall, and smart email and web browsing habits are all part of a safe computing posture that will help keep the attackers out.

There are at least 80 people at Northeastern this past month who have not been locked out of their data thanks in part to antivirus software.

Symantec Endpoint Protection is available free for the Northeastern community.

Get Symantec Endpoint Protection today!

Posted in Malware, Anti-Virus, Phishing, Scams, Safe Computing | Comments closed

Phishing Email – Your New Salary As Adjusted

phishing2015Click image for larger version

The Northeastern Community has received a new phishing email with the subject: “Your New Salary As Adjusted.” The email asks the user to click on a link and enter their myNEU credentials.

This email is a fake. Do NOT click on the link in the email. Delete from your inbox.

If you clicked on this email and entered your credentials you must change your password and password reset challenge question immediately. Please contact the Service Desk for assistance at 617-373-4357.

Northeastern will NEVER ask your to confirm your credentials in an email. This is a sure sign that the email is fraudulent. Please contact the Service Desk if you are unsure if an email from Northeastern is real.

Posted in Malware, Anti-Virus, Phishing, Scams | Comments closed