September 10, 2018, by UNH Information Security Services
FileZilla, a free cross-platform FTP/SFTP solution used to upload files to servers, has been deemed unsafe for use on UNH devices and the UNH network.
At the end of August, Microsoft System Center Endpoint Protection (SCEP)/Windows Defender, along with other mainstream anti-malware tools, began flagging FileZilla as infected with malware. This is the latest in a series of issues with the security of this open source tool.
After a review of the tool’s history and an assessment of the risk...
January 5, 2018, by UNH Information Security Services
Meltdown and Spectre are two different, but related critical vulnerabilities found in most modern processors that make it possible to steal data being processed on a computer. Although programs are not usually permitted to access data from other programs, malicious software can use these two vulnerabilities to do just that, making it possible to steal sensitive, private information.
Meltdown, which impacts almost every Intel processor in use today, is easier to exploit...
September 22, 2017, by UNH Information Security Services
On Monday, September 18th 2017, Cisco Systems’ Talos group determined that the versions of the widely-used CCleaner application listed below were compromised in a sophisticated manner. A version of the application’s code contained a backdoor that was installed alongside the application. The compromised version contains the Floxif malware, which collects information about a victim’s system and can download additional malware.
The information collected by the malware includes information such as...
September 14, 2017, by UNH Information Security Services
WHAT IS IT?
BlueBorne is the name given to a group of eight vulnerabilities that were disclosed September 13, 2017. When exploited, these vulnerabilities allow attackers to execute code remotely, take over susceptible devices, and perform man-in-the-middle (MiTM) attacks. These vulnerabilities were discovered by Armis Labs and reported to all affected vendors prior to public disclosure.
WHAT IS THE IMPACT?
BlueBorne is said to impact at least 5.3 billion Bluetooth-enabled devices, including...
September 8, 2017, by UNH Information Security Services
As Houston continues to deal with the damage left by Harvey and Florida prepares for the arrival of Irma, it is easy to want to do what you can to help those impacted by these disasters. However, before you open your wallet or log in to your PayPal account, make sure you know who you are giving to, and that you are only giving what you intend to give.
The awful truth is that natural disasters cause spikes in charity fraud. These criminals will go to great lengths to get you to give them your...
March 7, 2017, by UNH IT Staff
With the state and federal tax season in full swing, phishing emails claiming to contain tax info or ask you to update your personal information are abundant. UNH IT has received reports of a phishing attempt with the subject line, “Your online W-2 form is now available”, and appears to be from the University System of New Hampshire.
The message attempts to gain access to your UNH credentials by linking to a webpage that asks for your UNH username and password.
If you received this message,...
November 28, 2016, by UNH IT Staff
Back when the Grinch Who Stole Christmas was created, the internet was a far distant vision. People shopped in brick-and-mortar stores, and although getting scammed was still entirely possible, it was much harder to master.
The holidays are a busy time, distracting, and hectic. With many of us now doing our holiday shopping online, it’s easy to let your guard down in favor of the convenience.
In the world of internet crime, scammers look for these very opportunities to take advantage of our...
April 19, 2016, by UNH IT Staff
Caller ID spoofing is a growing trend in social engineering. This occurs when a caller deliberately falsifies the information transmitted to Caller ID, disguising their identity. Spoofing is often used as part of an attempt to trick someone into revealing personally-identifiable information so it can be used for fraudulent activity or sold illegally. U.S. law and FCC rules prohibit most types of Caller ID spoofing.
For more details on Caller ID spoofing, read this article provided by the FCC...
April 12, 2016, by UNH IT Staff
Adobe recently released a critical update for its Flash Player after a vulnerability in the application was discovered which allowed for malicious parties to install ransomware on affected computers. Ransomware is an aggressive form of malware, where, once installed (usually through clicks on malicious websites) allows criminals to encrypt a user’s computer and demand money to unlock it.
Adobe released a statement on its website, saying in part that the “updates address critical vulnerabilities...