Workstations

August Desktop Security Updates Approved for Campus Computers

The majority of campus Windows desktops will have updates sent to them in the next day or so. For security reasons, campus computers are given an installation deadline for monthly patches. The installation deadline this month is Thursday, August 31st at 5:00 PM. On Thursday at 5:00 PM, if you have not installed this month’s patches, they will automatically begin installing, and when done, may reboot your computer. If your computer is off at the time of the deadline, updates will begin installing the next time you log in, and when done, may reboot your computer.

 We highly recommend that you install the patches as soon as you are prompted to do so, before the installation deadline. This way, you can be present when the computer needs to restart and you have more control over the restart timing, allowing you to save any open work. If you ignore the update messages you run the risk of updates being applied while you are not present and potentially having your computer restart and possibly even losing unsaved work.

In addition to Microsoft updates, there may be updates for Adobe Flash, Google Chrome, Mozilla Firefox, Oracle Java, and other 3rd party applications. These updates will require you to close all your browser windows. Please save any work in your browsers before doing so.

Maintenance

Distribution Switch Stack Software Upgrade

Maintenance Window: Wednesday, August 2nd 6:00-7:00 AM
Services Impacted: BMU Network Services

During this maintenance window, software in some of the campus core network switches will be upgraded. This is an advisory notice only; no downtime is anticipated due to network redundancy. If unexpected behavior were to occur, network services to the BMU could be briefly impacted.

Security

Students Targeted by Email Job Scams

CSU, Chico students are often targeted with scams promising jobs. Students have been scammed out of money or had campus accounts compromised by job-related phishing scams. ITSS recently used PhishMe to raise awareness of this type of scam. We modeled the PhishMe campaign after an actual job scam that had recently targeted CSU, Chico students.

The campaign was a “double barrel” format wherein an initial email references a forthcoming email to build trust. The second email will attempt to obtain account credentials, personal information for identity theft, or will request payment for materials needed for the fake job.

2.46% of CSU, Chico students were found by PhishMe to be susceptible to this type of scam and were redirected to educational phishing material. While this is lower than previous campus PhishMe campaigns it still leaves room for improvement.  Be aware of emails that:

  1. Ask you to click on a link or open an attachment.
  2. Create a sense of urgency.
  3. Evoke strong emotions, like greed, jealousy, or fear.
  4. Request sensitive data.

CSU, Chico will never ask for passwords or other sensitive data via email. Always check the URL of the site you are visiting. In many instances, a phishing email will direct you to an imitation website that appears legitimate, but attempts to steal your password or other sensitive data.

ITSS has worked with Student Employment and the Career Center to collect actual job scam examples that have recently targeted CSU, Chico students:

job scam example

job scam example

If an email or job offer sounds too good to be true it probably is. Most legitimate jobs do not require you to pay money or send personal information via email. Don’t hesitate to check with ITSS if you are unsure about the authenticity of an email you’ve received.

Workstations

Campus Dell Power Settings Change

On Tuesday, August 1st at 8:00 AM ITSS will be deploying new settings to campus Dell desktop computers. These new settings will be enabling a feature called “Auto On”, which will be set to automatically power on computers every Wednesday at 2:00 AM. This feature will ensure computers that are turned off get necessary security patches and updates, as well as the latest virus definitions. Users will not need to do anything for this to take effect, it runs silently and does not require a restart.

We will exclude labs, laptops & servers, as they have different power and scheduling needs.

If you have questions or concerns, please submit a request at support.csuchico.edu or contact IT Support Services.

Security

Petya Ransomware Warning

The campus is aware of a new cyber-attack that is being reported widely in the news.  The Cyber-attack is called Petya, and it is primarily spread through Phishing and old Windows software vulnerabilities.

The campus server, network, and desktop teams are actively monitoring and working to protect the campus from this attack.

What you need to know:

  • This is a Windows Operating System, not a Mac OS or IOS attack.  However, Mac OS and iOS can forward links and attachments which contain the attacking “malware.”  Mac OS systems should run anti-virus/anti-malware software.
  • If you have a campus managed computer, your computer should have received the security patch for this attack in March.
  • Be very vigilant about opening email messages, Phishing is the primary method of attack.  More information about phishing: http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml.
  • If your computer reboots unexpectedly and acts uncharacteristically slow, or prompts you stating that “your files are no longer accessible,” turn off your computer and contact ITSS.
  • Make sure that you store your files on the campus Box instance or Bay file server.  If your computer is compromised, your files will be permanently lost unless a backup exists.

What does “managed” mean, and how can I tell if my campus computer is managed?

Managed means that your workstation or server is configured to use the campus ITSS management system SCCM.  You can verify this by entering “Software Center” in the Start Menu search.  You can also tell if your computer notifies you regularly that updates are being installed. If you believe that your campus computer is not managed please contact ITSS.

What do you need to know for protecting your home or personal computer?

  • Make sure that your computer has the latest Microsoft Patches installed.
  • Patch any other non-Microsoft software installed on your computer.
  • Make sure your files are backed-up.
  • Make sure that you are running an anti-virus program that is receiving current updates.

More information about Petya ransomware is available at https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported

Maintenance, Telephone, Wireless

Farm Microwave Cutover

Maintenance Window: Thursday, July 6th 11:30 AM – 3:30 PM
Services Impacted: University Farm Network & Telephone

During this maintenance window, network and campus telephone services to the University Farm will be interrupted for up to 2-3 hours as the connection between the Farm and campus is cut over to new microwave radios. During this time, calls to the Farm may be routed to voicemail, and only emergency 911 calling will be available from campus phones at the Farm. Cellular services will be unaffected.