May 13, 2020, by Information Security Services
MS-ISAC CYBERSECURITY ADVISORY
MS-ISAC ADVISORY NUMBER:
Multiple Vulnerabilities in Adobe Acrobat and Adobe Reader Could Allow for Arbitrary Code Execution (APSB20-24)
Multiple vulnerabilities have been discovered in Adobe Acrobat and Adobe Reader, the most severe of which could allow for arbitrary code execution. Adobe Acrobat is a family of software developed by Adobe Inc. to view, create, manipulate, print, and manage files in PDF...
May 11, 2020, by Information Security Services
On May 1st, patches were released for two new critical vulnerabilities in SaltStack (versions prior to 2019.2.4 and 3000.2), which is an open-source remote task and configuration management framework. These vulnerabilities can be exploited remotely and allow the attacker to take control of the affected resource. Exploits for these vulnerabilities have been detected in the wild and there are indications that vulnerable instances of SaltStack at UNH are being actively exploited. Patches for...
January 14, 2020, by UNH IT Staff
This article is part three in our series on Five Ways You Help Keep the University Secure. This month, we discuss how to avoid email phishing attempts.
What is Phishing?
People often confuse phishing and spam, but these two types of unwanted emails are inherently different. While all are annoying, phishing is intrinsically malicious, while spam is harmless. Phishing is cybercrime, and the criminals who create phishing emails are trying to steal your identity, steal your money, or...
August 16, 2019, by UNH Information Security Services
On May 14, 2019 and again on August 14, 2019, Microsoft announced three zero-day vulnerabilities impacting computers with Microsoft operating systems called BlueKeep (May) and DejaBlue (August). A complete list of Windows platforms impacted by each vulnerability is provided at the end of this alert.
Both BlueKeep and DejaBlue have the potential to be very dangerous as they allow an unauthorized user to connect to and control a vulnerable device, like a desktop, laptop, or server,...
August 2, 2019, by UNH Information Security Services
In the wake of the announcements of the Capital One breach and the Equifax Breach Settlement, scams seeking to exploit these events are being reported. UNH community members should be vigilant in any dealings online, via phone call, or through email relating to the Capital One breach and/or making a claim in the Equifax settlement.
Capital One Breach
According to the FTC, the breach impacted 100 million people in the United States. Capital One indicates that most of the stolen information was...
July 9, 2019, by UNH Information Security Services
A new vulnerability in Zoom, the web conferencing and web classrom platform used at UNH, was announced yesterday that impacts Mac devices that have ever been used to access Zoom. This vulnerability makes it possible for unauthorized parties to start a meeting and automatically turn on a webcam without the device user's knowledge.
All Mac device owners who use Zoom or who have ever used Zoom need to update Zoom on all Mac devices.
Open zoom client.
Go to zoom.us menu > check for...
July 9, 2019, by UNH Information Security Services
On May 14, 2019, Microsoft announced a zero-day vulnerability impacting some computers with older Microsoft operating systems called BlueKeep along with patches to address the vulnerability. BlueKeep has the potential to be very dangerous as it allows an unauthorized user to connect to and control a vulnerable device, like a desktop or a laptop, without the involvement or knowledge of the device’s user. This capability means that an attack exploiting this vulnerability is “wormable”...
June 21, 2019, by UNH Information Security Services
Mozilla has released patches 67.0.4 and Firefox ESR 60.7.1.
Two vulnerabilities have been discovered that affect anyone using an older version of Firefox on Windows, MacOS, and Linux (Android, iOS, and Amazon Fire TV aren’t affected). These vulnerabilities could potentially allow attackers to execute code remotely on affected systems.
For anyone running Firefox on their desktop devices, it is recommended to update immediately.
Click the link below to learn how to update to...
April 29, 2019, by UNH Information Security Services
UNH Information Security Services (ISS) has been alerted by Google of a new version of Chrome for Windows, Mac, and Linux (74.0.3729.108). This new version addresses multiple security issues that an attacker could exploit to take control of an affected system.
WHAT IS VULNERABLE?
Any Chrome browser version before 74.0.3729.108.
HOW DO VULNERABLE DEVICES GET EXPLOITED?
Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context...
March 18, 2019, by UNH IT Staff
Phishing is a scam by which an Internet user is duped (as by a deceptive e-mail message) into revealing personal or confidential information which the scammer can use illicitly. (Source: Merriam-Webster)
UNH IT is currently migrating all faculty and staff over to Exchange Online, a process that will finish in Fall 2019. Once migrated, many new features will appear in Outlook. Chief among them, Report Phish makes it super easy to report malicious emails. This function is available for...