On 11/21, Information Technology Services identified multiple email accounts sending a single message from a single location outside the United States. Continue reading
Cybersecurity
UConn is introducing a potential cybersecurity enhancement. Continue reading
Student Work Accounts
Student employees occupy dual roles at the University. As students, they have access to information and resources consistent with this academic role. Continue reading
Deprecation of Windows 7
The proper maintenance and applications of patches, hot fixes, and other after the fact code revisions is important in maintaining a proper level of security and the protection of university data and systems. Continue reading
University Chief Information Security Officer
Dr. Chris Bernard has joined ITS on July 19, 2019 as the new university Chief Information Security Officer (CISO).
KnowBe4: Security Awareness Training
Explore an extensive collective of IT security videos and training modules. Continue reading
Risk and Compliance Self-Assessment Questionnaire
Starting this week, ITS Information Security Office is sending a Risk and Compliance Self-Assessment Questionnaire to designated IT professionals in each school, college, campus, and department. The purpose of the questionnaire is to collect information about systems, services, and data that will inform efforts to continuously strengthen UConn’s information security posture. In addition to identifying institutional security gaps, this questionnaire also assists UConn in maintaining compliance with federal regulations, policies, procedures, and best practices in areas such as FERPA, HIPAA, PII, backups, and incident response. For more information, visit security.uconn.edu/risk-management.
Wireless Risk, Patch Your Personal Devices
The most commonly used security standard for Wi-Fi networks has been compromised. A recent Key Reinstallation Attack (KRACK) breaks the handshake that encrypts the connection, and cyber criminals could target nearby Wi-Fi networks. There have been no reports yet of this vulnerability being actively exploited. However, ITS recommends that you take action to protect your devices and data.
The intended targets of this attack are end-user devices. ITS-supported clients will be patched by ITS, and we strongly encourage that you install security updates on personal devices that connect to a Wi-Fi network as soon as they are available. Microsoft has patched their operating systems, and Apple will be releasing fixes shortly. Those with Android smartphones should check with their phone manufacturer or mobile carrier for updates. Other devices, such as individual wireless routers, should be updated with vendor provided patches.
Please note: You are safe if your connection has other protection, such as HTTPS or VPN.
For more information or assistance, contact the ITS Help Center at techsupport@uconn.edu
Phishing Scam Alert
The following phishing scam from a uconn.edu email address is circulating again (see 9-5-17 post).
We will be Shutting Down your Account due to suspicious Activity and Login from a Different IP with your Account which have made us take this decision to safeguard your Account. To avoid Shutting Down of this Account you will be Required to CLICK THIS LINK now and Submit Details as you have just 24Hrs to confirm your Account.
Regards,
System Administrator.
If you receive this message:
- Do not click on any links, and do not provide your information. ITS and other University organizations will not send unsolicited requests for UConn credentials or other personal information.
- Forward the message to reportphishing@uconn.edu
- Delete it from you inbox.
If you clicked on the links:
- Change your NetID password immediately.
- Set up or change your “secret questions and answers” for your NetID account.
For more a more in-depth discussion of how you can spot phishing scams and protect yourself, please see “Phishing attacks and how to avoid being scammed”.
Contact the ITS Help Center at 860-486-4357 is you need assistance.
Alert: Increase in Compromises of Direct Deposit
From Multi-State Information Sharing and Analysis Center (MS-ISAC), 12/4/17
“The MS-ISAC has seen an increase in cyber threat actors sending phishing emails to K-12 public education employees for the purposes of obtaining account login information. In these incidents, this information is then typically used to modify the employees’ direct deposit account information. By changing this information, the cyber threat actors reroute the employees’ paychecks to a financial account under the actors’ control. No specific payroll platforms are being targeted, as reports indicate the victims have used various platforms for payroll functionality.
Historically, the MS-ISAC has seen this attack target the education sector and universities in particular. Though universities are still targeted, the MS-ISAC is currently seeing an increase in K-12 school incidents.”