SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

News

« Older Entries
Newer Entries »

[:en]Oracle email sent to staff[:]

Wednesday, May 20th, 2020

[:en]

Some of you may have received an e-mail during the past few days with this heading “Oracle Fusion Applications Welcome E-mail”.

Visions, our SUNFin implementation partner, was busy with a configuration exercise which involved setting up different users on the development environment of SU’s new financial system – SUNFin. Unfortunately, during this setup, these e-mails were mistakenly sent to some of you.

We apologise for any confusion and inconvenience that this may have caused, especially given all the spam e-mails we are receiving these days. Rest assured that this was not spamming and that you can safely ignore and delete the e-mail you might have received.

Visions have assured us that they will rectify the sending of these e-mails as they continue to configure our SUNFin system.

Please email sunfin@sun.ac.za if you have any questions or comments regarding the SUNFin project. Please visit www.sun.ac.za/sunfin for more information regarding the project.

 

[:]

Email

Posted in News, Notices | Comments Off on [:en]Oracle email sent to staff[:]

[:en]Phishing scam from a forged email[:]

Thursday, May 14th, 2020

[:en]

We are almost all in lock down and less careful with cyber security. The scammers know this and are launching numerous attacks taking advantage of the “work-from-home” situation we find ourselves in. A number of personnel have reported getting e-mails from “Prof. Jimmy Volmink” asking for assistance and are not spotting the tell-tale signs of a phishing scam.

Here is the mail:

  1. Notice that although it looks like Prof Volmink sent it, the email address is not correct.
  2.  Secondly Prof Jimmy is a very approachable person, but he is always professional in his communication so he would never say “Are you free for now”. Nor would he say something like this: (if you did respond to his mail)
    “I am currently in a meeting and I don’t know when the meeting will round off. I would have called you but phone is not allowed. I will want you to handle something for me right away and I will be glad if you can do that for me as soon as possible”.

This is a spear-phishing attack where an institution is directly attacked by impersonating prominent or public figures within the university (like the Dean) to gain access to the university network. This is an especially effective means of attack with everybody at home in lock down, where our guard is down and we are more relaxed. There was a very similar attack in September 2019, using the same tactics.  

Prof Volmink’s account has not been compromised. Phishers are just trying to fool us into thinking that prominent members in our leadership are emailing us asking for assistance, but they are not. It is a scam.

Over the next few days be on the lookout for similar mails that look like they coming from other people within the university.

If you do get mail like this be sure to report it to IT ASAP so they can block the attack and help people who have become victims.

Please immediately report such phishing scams and spam by reporting it on the ICT Partner Portal.​​

Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115.​​

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you have accidentally clicked on the link and already given any personal details to the phishers it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password  or www.sun.ac.za/useradm ) and change your password immediately. Make sure the new password is completely different, and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts.

 

[:]

Email

Tags:
Posted in E-mail, News, Notices, Security | Comments Off on [:en]Phishing scam from a forged email[:]

[:en]Sun email for personal purposes[:af]Sun e-posse vir persoonlike doeleindes[:]

Tuesday, May 12th, 2020

[:en]

Recently some staff have been caught off-guard by emails from cyber criminals trying to exploit them by threatening to release sensitive video material. The sender of this email does not have any video material, but tries to be psychologically manipulative and convince the receiver that he does. Unfortunately he also refers to the email receiver’s sun email address and a password they used at some stage.

This is not because the university’s network has been compromised. It happens because staff and students also use their sun address in a personal capacity. We highly discourage you to do this. In this case someone used their sun address on a website, for example Ster Kinekor, whose database was, at some stage, compromised. Subsequently cyber criminals gained access to the username and password. This gave them access to the person’s Ster Kinekor’s (or whichever site it was) information, but also – and this is more dangerous – to the person’s potential information everywhere he reused the email address and specific password. This includes Stellenbosch University sites and applications, including the financial and HR system. Of course, it the password has been changed over time, it will be useless. However, this remains an enormous risk.

Please note the following: 

  1. Never use your sun email address for anything except for University applications. If you need to send personal emails, rather consider getting a free email account, for example, Gmail. Separating your business and personal activities is better security practice in the long run and will protect you and the University network.
  2. Keep in mind that according to the Electronic Communication Policy which all staff and students agree to when they register their usernames each year, you’re not allowed to use your sun address for personal communication and that the University owns any communication sent via email. If needed, University management has the right to access any material in your email or on your computer.  
  3. If you receive an email as mentioned above, for safety sake, go and change your login details and passwords on any sites where you are registered with your @sun address.

[:af]

US-personeel is onlangs onkant gevang met dreigende e-posse van kuberkriminele. Spesifiek e-posse met die doel om die ontvanger te oortuig dat die kuberkrimineel sensitiewe videomateriaal van die ontvanger het waarmee hy afgepers kan word. Natuurlik het die persoon nie sulke materiaal nie, maar dit lei tot paniek by die e-pos ontvanger. Om verdere paniek te veroorsaak verwys die persoon ook na ʼn wagwoord wat die ontvanger voorheen saam met sy sun-adres gebruik het.

Insidente soos die gebeur nie omdat dit Universiteit se netwerk gekompromitteer is nie. Dit vind plaas omdat personeel en studente sun-adresse ook vir persoonlike doeleindes gebruik op potensieel onveilige webwerwe. Ons wil aanbeveel dat dit ten alle koste vermy word.

Met die strikroof-poging het iemand hulle sun-adres gebruik op ʼn eksterne webwerf (Ster-Kinekor, Facebook, ens.) en op kuberkrakers het toegang tot die eksterne webwerf se databasis verkry. In die proses het hulle toegang gekry tot e-posadresse en wagwoorde, onder andere sun-adresse. Alhoewel die persoon se inligting nie noodwendig krities is nie, is dit wel gevaarlik indien die persoon nie net dieselfde sun-adres gebruik het nie, maar ook dieselfde wagwoord as op die Universiteit se platforms. Sodoende het ʼn kuberkraker dalk toegang tot die Universiteit se netwerk, webwerwe en toepassings, insluitende die finansiële en Menslike Hulpbronne-platforms. 

Indien dit ʼn verouderde wagwoord is en intussen verander is, sal dit nie kan misbruik word nie. Die risiko bly egter steeds hoog.

Onthou asb: 

  1. Moet nooit jou sun e-posadres vir enigiets anders gebruik behalwe Universiteitsplatforms nie. Indien jy persoonlike e-posse wil stuur of erens wil aanteken, kry ʼn gratis e-pos adres, byvoorbeeld Gmail. Op die lange duur is ʼn duidelike onderskeid tussen werk- en persoonlike aktiwiteite beter sekuriteitspraktyk en sal dit jou en die Universiteit beskerm. 
  2. Volgens die Elektroniese Kommunikasiebeleid, waarvoor alle personeel en studente instem elke jaar wanneer gebruikersname heraktiveer word, word jy nie toegelaat om jou sun-adres vir persoonlike kommunikasie te gebruik nie. Alle kommunikasie vanaf ʼn sun-adres behoort aan die Universiteit en indien nodig, het die Universiteitsbestuur die reg tot toegang op enige materiaal op jou toestelle.  
  3. Indien jy e-posse ontvang wat verwys na ʼn ou of bestaande wagwoord, verander asb. jou kontakdetails op die webwerwe waarvoor jy @sun gebruik het, sowel as jou wagwoord. 

[:]

Email

Tags:
Posted in News, Notices, Security | Comments Off on [:en]Sun email for personal purposes[:af]Sun e-posse vir persoonlike doeleindes[:]

[:en]Illegal software on SU devices[:af]Onwettige programmatuur op batetoerusting[:]

Tuesday, May 12th, 2020

[:en]

Stellenbosch University devices are equipped with the necessary software for our staff to perform their work effectively. This includes the latest operating system; all the Microsoft applications (Office 365, including Word, Excel, PowerPoint, etc.), Adobe Acrobat Professional, TeraTerm and the necessary Antivirus software. Licenses for specialist software can also be purchased through the IT department, will fall under the University’s educational license and therefore be less expensive than a license bought in a personal capacity. These include Adobe Creative Cloud; MatLab and Statistica, among others.

Installing and using this software is essential for staff, however some of our staff use their SU devices for their own personal use and subsequently download and install non-supported as well as illegal software on their PCs.  This includes games and illegal series or movies.

Not only does this put the University’s network at a high risk security-wise, it also puts the University at risk legally. Even if Information Technology does not install the software, we are still being held responsible for it if it’s an SU asset and it runs on our network. 

The fight against illegal software and piracy is mainly fought by the BSA. The Business Software Alliance (BSA) confronts companies that use or distribute illegal
software. Read BSA’s statement on illegal software. 

Therefore we kindly request that you ensure that if you install software, it’s safe and legal to use. Otherwise it might have implications for you and the University.

[:af]

Universiteit Stellenbosch rekenaars en ander toestelle word toegerus met die nodige sagteware om te verseker dat personeel hulle werk effektief kan verrig. Dit sluit die nuutste bedryfstelsel, alle Microsoft-applikasies (Office 365, insluitende Word, Excel, PowerPoint, etc.), sowel as Adobe Acrobat Professional, TeraTerm en die nodige anti-virus sagteware. 

Lisensies vir spesialis-programmatuur kan ook deur die IT-afdeling aangekoop word. Aangesien dit onder die Universiteit se spesiale lisensie vir opvoedkundige instansies val, sal dit ook goedkoper wees as om dit self aan te koop. Dit sluit, onder andere, Adobe Creative Cloud; MatLab en Statistica in. 

Die installasie en gebruik van hierdie programmatuur is essensieel vir personeel. Sommige personeel gebruik daarbenewens egter ook US-toerusting vir persoonlike doeleindes en installeer programmatuur wat IT nie ondersteun nie of selfs onwettig is. Dit sluit dikwels speletjies en onwettige reekse of flieks in.

Hierdie tipe programmatuur en materiaal is ʼn hoë sekuriteitsrisiko vir die Universiteit se netwerk, sowel as vanaf ʼn wetlike perspektief. Selfs al installeer Informasietegnologie nie die programmatuur nie, word ons steeds verantwoordelik gehou wanneer dit ʼn US-bate is en op ons netwerk aanteken.

Die bekamping van onwettige programmatuur en rowery word deur die BSA aangevoer. Die Business Software Alliance (BSA) konfronteer maatskappye wat onwettige programmatuur gebruik of versprei.  Lees die BSA se standpunt oor onwettige programmatuur. 

Ons versoek dus dat, voordat jy enige programmatuur self installeer, jy sekermaak dat dit beide veilig en wettig is om te gebruik. Andersins mag dit verreikende implikasies hê vir beide jou en die Universiteit. 

[:]

Email

Posted in News, Notices, Security | Comments Off on [:en]Illegal software on SU devices[:af]Onwettige programmatuur op batetoerusting[:]

[:en]Phishing attack from compromised staff account with attached “Secure Message”[:]

Wednesday, May 6th, 2020

[:en]

With most students and personnel all working from home during the national lockdown, and with the reduced security (and watchfulness) of home computers and personnel/students in their home environment, and with many forced to use unfamiliar means of communication and collaboration like Teams, Zoom, Skype and Skype For Business, the environment is ripe for exploitation by phishers.

The following e-mail (with an infected attachment) is making its rounds at the moment from  a staff email.

If you get an email that look like the following do not open or respond to it. It is quite likely that the personnel doesn’t even know his account is compromised.

Please be careful when opening up attachments “sent” by colleagues especially if they are unannounced or the e-mail makes you feel a bit suspicious. Always trust your instincts.

[:]

Email

Tags:
Posted in E-mail, News, Security | Comments Off on [:en]Phishing attack from compromised staff account with attached “Secure Message”[:]

« Older Entries
Newer Entries »