Category: Security

Security

NCSAM Week 5: Ransomware

Posted on by admin

October is National Cybersecurity Awareness Month. For week five CSU, Chico’s Information Security is focusing on Ransomware.

Ransomware comprises a class of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system’s hard drive (cryptoviral extortion) while some may simply lock the system and display messages intended to coax the user into paying.

What To Do if You Get Infected with Ransomware

  • Do NOT pay the “ransom” or attempt to contact the ransomware creator.
  • Immediately disconnect your computer from the wired or wireless network, to help avoid your computer from infecting others on the network.
  • Contact ITSS for assistance.

ISEC has recommendations for avoiding ransomware on their web page. Please read this information about ransomware and review all of the Cybersecurity Month content to stay safer and more secure online.

Security

NCSAM Week 4: Malware

Posted on by admin

October is National Cybersecurity Awareness Month. For week four CSU, Chico’s Information Security is focusing on malware.

Malware: Malware is short for malicious software, it is a software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.

Viruses: A computer virus is a form of malicious software that piggy backs onto code in order to spread and reproduce itself. It is deployed by an attacker to damage or take control of a computer.

Trojan: A Trojan is a type of malware that disguises itself as legitimate software to gain access into the users system.

Spyware: Spyware is software that enables a user to obtain convert information about computer activity by transmitting data covertly from their hard drive.

ISEC has recommendations for avoiding all types of malware on their web page. Please read this information about malware and follow along each week of Cybersecurity Month to stay safer and more secure online.

Security

NCSAM Week 3: Data Security

Posted on by admin

October is National Cybersecurity Awareness Month. For week three CSU, Chico’s Information Security is focusing on data security.

NCSAM banner

University data is grouped into three categories:

  • Level 1 – Confidential
  • Level 2 – Internal
  • Level 3 – General

Each of these levels should be protected to varying degrees detailed on ISEC’s Week 3 NCSAM page.

Please read this information about university data security levels, and follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

NCSAM Week 2: Phishing

Posted on by admin

October is National Cybersecurity Awareness Month. For week two CSU, Chico’s Information Security is focusing on Phishing.

Phishing is the act of sending an email to a user falsely claiming to be an established enterprise in attempt to scam the user into giving up private information for identity theft. ISEC has listed some tips for spotting phishing and what to do about phishing scams. This includes paying attention to the From email address, the formatting of the email, and the content.

Please read these tips to avoid becoming a victim of phishing, and follow along each week of Cybersecurity Month to stay safer and more secure online.

Phishing, Security

October is National Cybersecurity Awareness Month

Posted on by admin

National Cybersecurity Awareness Month (NCSAM) – observed every October – was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

This year’s Cybersecurity Awareness Month theme is “Own IT. Secure. IT. Protect IT.” with the following calls to action:

  • Own IT.
    • Never Click and Tell: staying safe on social media
    • Update Privacy Settings
    • Keep Tabs on Your Apps: best practices for device applications
  • Secure IT.
    • Shake Up Your Passphrase Protocol: create strong, unique passphrases
    • Double Your Login Protection: turn on multi-factor authentication
    • Shop Safe Online
    • Play Hard To Get With Strangers: how to spot and avoid phish
  • Protect IT.
    • If You Connect, You Must Protect: updating to the latest security software, web browser and operating systems
    • Stay Protected While Connected: Wi-Fi safety
    • If You Collect It, Protect It: keeping customer/consumer data and information safe

Additionally CSU, Chico Information Security has created weekly cybersecurity themes that will be detailed on their website at www.csuchico.edu/isec. The Week 1 NCSAM theme is Protecting Yourself Online. Surprising statistics, common risks, and cybersecurity best practices have been identified to help you protect yourself and CSU, Chico. Please follow along each week of Cybersecurity Month to stay safer and more secure online.

Security, Workstations

End of Support for Windows 7

Posted on by admin

After January 14th, 2020 Microsoft will no longer provide security updates or support for Windows 7. As part of CSU, Chico’s commitment to a secure computing environment, ITSS will be migrating existing Window 7 installations to Windows 10 on campus-managed computers by the end of this year.

If you use a campus Windows 7 computer, you can request a migration to Windows 10 at https://support.csuchico.edu/TDClient/Requests/ServiceDet?ID=8031. Please include “Upgrade Windows 7 to Windows 10” in the subject.

The process usually involves a complete erase and install of the computer. We’ll backup user data (if needed), change some firmware settings, install the new OS, and restore the user data.

Personal computers should also be upgraded to Windows 10 before Microsoft ends support. CSU, Chico employees and students can get Windows 10 at https://csuchico.onthehub.com.

Security, Workstations

Critical Windows Updates TODAY

Posted on by admin

Scheduled Change: Today, August 15th 5:00 PM
Services Impacted: All Windows desktops and laptops

Google Project Zero has disclosed a critical vulnerability in Microsoft’s Text Services Framework that allows an attacker to gain system level access to any computer. The patch for this vulnerability has been released to campus already, with the deadline for applying it set to next Thursday.

Since Google has now released a proof of concept attack based on this vulnerability it is highly likely that malicious versions will be created and deployed as malware in the next few days.

With this in mind, we have pushed up the deadline for applying this month’s security patches to today at 5pm. This means that the patches will begin applying after 5pm and computers will automatically reboot to apply the patches no later than 5pm tomorrow.

Please leave your computer on when you leave work today so the patches can be applied. If you turn your computer off for the weekend, the patches will apply first thing Monday morning and your computer will reboot once the patches are installed.

Campus technicians who have special exceptions to not have enforced updates should install these updates from software center manually as soon as possible. If you have a Windows computer at home, you should also be sure to check for and apply any updates from Microsoft.

Network, Security, Wireless

Wireless Network Update

Posted on by admin

Scheduled Change: Wednesday, July 24th 9:00 AM
Services Impacted: Campus Wireless

To ensure a secure campus wireless environment, devices that were configured more than a year ago need to be updated with the current network protocol.

We sent direct emails to those that we identified as using the older wireless protocol. If you are unsure if your device is configured correctly, you may re-run the Eduroam setup from your wireless device now by going to https://www.csuchico.edu/eduroam. Click on the “Join Now” button and follow the prompts.

Your wireless access may be interrupted on July 24th if your wireless configuration is not current.

Phishing, Security

Shipping PhishMe Campaign

Posted on by admin

CSU, Chico was recently targeted by an email scam that imitated a shipping & receiving notice. ITSS emailed faculty and staff to warn them about this scam in March.

We followed up on this scam in May by creating a PhishMe campaign with similar content:

The PhishMe campaign was sent to ~4,000 campus members. Below are the results of this campaign:

As you can see over 14% of employees were found susceptible to phishing. An alarmingly high number of people opened the file attached to this email. You should never open an attachment that you’re not expecting. If you are unsure of the validity of an email you should check with the sender before opening any attachments or links. Opening a malicious attachment can put you, your computer and files, the university, and university systems at risk.

More information about spam and phishing scams is available at https://www.csuchico.edu/isec/resources/avoid-threats/spam-phishing.shtml.

Security

Google Chrome Security Update

Posted on by admin

A vulnerability has been reported in Google Chrome, which can be exploited to potentially compromise a vulnerable system.

ITSS is immediately enforcing the auto update function within Chrome, and is enabling the Chrome browser notification agent that notifies users that the browser must be relaunched.

To check that Chrome is up to date (you should update your home computers as well) go to the “About Google Chrome…” window, accessible from the address bar using the special URL “chrome://settings/help”.

If you are prompted to Relaunch, please click the Relaunch button to do so.

When an update has been installed, it does not take effect until the browser is relaunched. Notification of a Relaunch will reappear every 4 hours until the browser has been relaunched.