New vulnerabilities affecting Apple QuickTime Player for Windows computers have been announced, and Apple will not be patching them as the product is now considered end of life (EOL). As a result, any computers running this software are vulnerable to attacks and present a serious security risk.

ITSS will be removing QuickTime from all campus Windows computers beginning Thursday, 4/21 at 8:00 AM to protect against these vulnerabilities. If users need to view QuickTime media, VLC Media Player is installed on most campus computers and can also be downloaded through the Application Catalog.

More information about QuickTime vulnerabilities is available at  https://www.us-cert.gov/ncas/alerts/TA16-105A.

Identity Finder software will be launched on your campus workstation and search for Level 1 protected data, such as social security and credit card numbers. Beginning Wednesday April 13^th at 10:00 AM, Identity Finder scans will automatically scan your computer.  No data is deleted from your computer automatically by Identity Finder.  You must select “advanced” and review your results after the scan completes to protect your computer.

The CSUEU and the CFA have reviewed the Identity Finder deployment, and have recognized the importance and the value of this implementation to our security processes. Information Security has waited the amount of time agreed to with the unions to allow you to screen your workstation and files and to secure any personal information.

 When Identity Finder Runs

You may see a notification when Identity Finder starts running and when it completes searching your workstation (see below):

Identity Finder runs in the background, but running a search on any system for the first time can take several hours. You can continue to work while Identity Finder searches your computer, but it may slow your computer’s performance.

Reviewing your Results

As you are aware, data breaches are often big news and can be very costly. Identity Finder is specifically designed to find personally identifiable information stored on your campus workstation and to provide you with a way to securely remove this data.

As a result, it is imperative for you to review the results of Identity Finder’s scan of your workstation.

A tutorial on handling your Identity Finder search results is available at https://wiki.csuchico.edu/confluence/display/help/Handling+Search+Results.

 

For more information on Identity Finder, please visit the Identity Finder website at https://wiki.csuchico.edu/confluence/display/help/Identity+Finder.

The Internal Revenue Service has issued a warning about a phishing scam targeting taxpayers. Email scammers have been observed citing tax fraud to trick victims into clicking on a malicious link. There have been similar attempts on campus, including illicit requests by scammers for copies of employee W2s. The IRS press release is available at https://www.irs.gov/uac/Newsroom/IRS-Warns-Washington-DC-Maryland-Virginia-Residents-of-New-Phishing-Scam-Targeting-National-Capital-Area.

Security tips from the IRS and US-CERT for handling heightened phishing scam risk during this tax season is available at https://www.us-cert.gov/ncas/tips/ST15-001.

More information about recognizing phishing scam emails is available at  http://www.csuchico.edu/isec/basics/spam-and-phishing.shtml.