SEARCH

  • [:en]Recent Posts[:af]Onlangse bydraes

  • [:en]Categories[:af]Kategorieë

  • [:en]Archives[:af]Argiewe

Security

« Older Entries
Newer Entries »

[:en]External emails not delivered[:af]Eksterne e-posse onafgelewer[:]

Thursday, May 6th, 2021

[:en]

Since Friday, 30 April, many external emails have not been delivered to SU staff and student mailboxes. These messages have been placed under quarantine by Microsoft for security reasons.

The issue was reported to Microsoft earlier this week and is receiving urgent attention from both Microsoft’s engineers as well as our own system engineers. 

We realise that important messages might have been queued and therefore we will release all pending messages tomorrow ((Friday, 7 May) afternoon at 16:00 as a temporary solution to the problem.

Please take note that messages could include spam or phishing emails and you need to be extra careful when dealing with these particular messages.

We apologise for the inconvenience and hope that the situation will be resolved soon. 
Any enquiries regarding this can be logged on the ICT Partner Portal.

[:af]

Sedert verlede Vrydag, 30 April, was daar gevalle waar eksterne e-pos boodskappe nie in US personeel en studente se posbusse afgelewer is nie.  Hierdie boodskappe word deur Microsoft onder kwarantyn geplaas om sekuriteitsredes. Die probleem is aangemeld by Microsoft en ontvang dringende aandag van die Microsoft-ingenieurs, sowel as ons eie stelseladminstrateurs. 

Ons besef dat daar waardevolle boodskappe in die tou lê en sal daarom, as `n tydelike oplossing, hierdie boodskappe vanaf môremiddag (Vrydag, 7 Mei) 16:00 vrystel sodat dit in plaaslike posbusse afgelewer kan word.

Neem kennis dat daar ook spam en phishing tussen die boodskappe mag wees. Wees dus asseblief uiters versigtig wanneer hierdie boodskappe hanteer word.

Ons vra om verskoning vir enige ongerief en hoop dat die probleem so gou moontlik opgelos sal word.
Enige navrae in hierdie verband kan aangeteken word op die ICT Partner Portal.

[:]

Email

Posted in News, Notices, Security | Comments Off on [:en]External emails not delivered[:af]Eksterne e-posse onafgelewer[:]

[:en]POPIA: How valuable is personal information?[:af]POPIA: Hoe waardevol is jou persoonlike inligting?[:]

Thursday, April 15th, 2021

[:en]

Personal information has value—to the individual, to researchers, to the University, and to malicious attackers. The first step towards appropriately securing personal information involves building a proper understanding of the value of the personal information you use for institutional processes and research projects.

The Division for Information Governance has launched an online privacy impact self-assessment tool. The assessment allows you to quickly assess the value of personal information based on legislative definitions and how the information may be abused by malicious users. The assessment results provide further guidance on addressing the risks associated with working with higher value personal information.

For the more complex or higher value institutional processes and research projects, the Division offers facilitated impact assessments. For more details, visit www.sun.ac.za/privacy or contact privacy@sun.ac.za.

Also read our previous article, “Getting ready for the Protection of Personal Information Act”  here.

[Article provided by Division for Information Governance]

[:af]

Persoonlike inligting het waarde – vir die individu, die navorser, die Universiteit, asook vir die kwaadwillige aanvallers.  Die eerste stap na die volledige beveiliging van persoonlike inligting behels ʼn behoorlike begrip van die waarde van die persoonlike inligting wat vir institusionele prosesse en navorsingsprojekte gebruik word. 

Vir die doel het die Afdeling Inligtingsoorsigbestuur ʼn aanlyn- instrument vir selfassessering van privaatheidsimpak geloods.  Met die instrument kan die gebruiker die waarde van die persoonlike inligting op grond van wetlike definisies bepaal asook hoe die inligting kwaadwillig misbruik kan word.  Die resultate bied verder ook riglyne vir die hantering van risiko’s verbonde aan die gebruik van persoonlike inligting met toegevoegde waarde. Die Afdeling bied gefasiliteerde impakassesserings vir meer komplekse en hoër prioriteit institusionele prosesse en navorsingsprojekte. 

Vir meer inligting besoek www.sun.ac.za/privaatheid of kontak privacy@sun.ac.za.

Lees ook ons vorige artikel, “Maak gereed vir Die Wet op Beskerming van Persoonlike Inligting” hier.

[Artikel verskaf deur Afdeling Inligtingsoorsigbestuur]

 

[:]

Email

Posted in News, Security | Comments Off on [:en]POPIA: How valuable is personal information?[:af]POPIA: Hoe waardevol is jou persoonlike inligting?[:]

[:en]Change your password online[:af]Verander jou wagwoord aanlyn[:]

Thursday, February 25th, 2021

[:en]

In the past, the IT Service Desk was your first stop when you forgot your password (we know, it happens to us too!) or had to change your password. Unfortunately, due to various security risks, as well as the very strict new data protection acts, the Service Desk is no longer allowed to change or reset your password for you. (You can read more about the university’s own Data Privacy Regulation here)

We would like to encourage staff and students to use the Password Selfhelp website in future. We realise that this might be inconvenient, but for your and our own protection, we will have to follow this procedure. 

 The Password Selfhelp website (www.sun.ac.za/password) offers two options: 

  1. Change Password for users who know what their password is and want to change it. 
  2. Reset Password for users who forgot their password. 

To use the online Password Selfhelp, your cellphone number or an alternative email address has to be on the HR records, otherwise, you will not be able to change your password. You can update this information by logging onto SUN-e-HR though the staff portal,  http://my.sun.ac.za or contacting your department’s HR contact person. 

Select the My Profile link – Personal Information

Log on to SUN-e-HR.

Select Basic Details – Update, Other, Personal Email Address 

or

Select  Phone Numbers – Update

During the password change process a PIN code, consisting of 8 numbers, will be SMSed or emailed to the user (depending on which option he/she selected) Please use this PIN to change your password on the self help website. As soon as the password has been changed, the user will be notified by means of SMS or email.

If you have not requested a password change, please notify the IT Service Desk immediately at 808 4367.

IMPORTANT!

If you are working from home you will also need to follow these instructions after you’ve changed your password to ensure that it sync properly across devices and accounts.

[:af]

In die verlede was die IT Dienstoonbank die eerste plek wat jy gekontak het as jy jou wagwoord vergeet het (ons weet, dit gebeur met ons ook!) of as jy dit sommer net wil verander. Deesdae kan die Dienstoonbank ongelukkig nie meer wagwoorde verander nie weens sekuriteitsrisikos en baie streng data beskermingswette. (Jy kan hier meer lees oor die universiteit se eie Dataprivaatheidsregulasie)

Ons wil graag personeel en studente aanmoedig om voortaan van die Wagwoord Selfhelp webwerf gebruik te maak. Ons besef dat dit ongerieflik mag wees, maar dis belangrik dat ons hierdie prosedure volg vir beide julle en ons beskerming.

Die Wagwoord Selfhelp webwerf (www.sun.ac.za/password) bied twee opsies: 

  1. Change Password vir gebruikers wat weet wat hulle wagwoord is en dit wil verander.
  2. Reset Password vir gebruikers wat hulle wagwoord vergeet het.

Om die aanlyn Wagwoord Selfhelp funksie te gebruik, is dit belangrik dat jou selfoonnommer of `n alternatiewe e-posadres op Menslike Hulpbronne se rekords is. Daarsonder sal jy nie jou wagwoord kan verander nie. Hierdie inligting kan jy opdateer deur aan te teken op SUN-e-HR via die personeelportaal, http://my.sun.ac.za. of deur jou Menslike Hulpbronne kontakpersoon te vra.

Kies die My Profile skakel en dan Personal Information

Teken aan by SUN-e-HR.

Kies Basic Details – Update, Other, Personal Email Address 

of

Kies  Phone Numbers – Update

Tydens die wagwoord veranderingsproses word ‘n pinkode, bestaande uit 8 syfers, aan die persoon geSMS of met e-pos gestuur is (afhangende van die opsie wat gekies is). Die pinkode moet gebruik word op die wagwoord selfhelp webbladsy voordat ‘n nuwe wagwoord gekies kan word. Sodra ‘n wagwoord verander is, word die persoon per epos en sms daarvan in kennis gestel.

Indien die persoon nie die wagwoord verandering versoek het nie, moet hulle dadelik die IT Dienstoonbank kontak by 021 8084367.

BELANGRIK!

Indien jy tuis werk sal jy ook die volgende instruksies moet volg nadat jy jou wagwoord verander het om te verseker dat jou wagwoord op al jou toestelle en rekeninge gesinkroniseer is. 

 

[:]

Email

Posted in E-mail, Internet, Security | Comments Off on [:en]Change your password online[:af]Verander jou wagwoord aanlyn[:]

[:en]”PLEASE SUPPORT STIAS…” email causes a mail storm[:]

Friday, February 19th, 2021

[:en]

There is no reason to be worried or concerned about a mail that is being circulated with the subject line starting with “PLEASE SUPPORT STIAS…”

Although it is definitely spam (defined as unsolicited commercial e-mail) it does not appear have any dangerous content and was sent out by a university user to over 300 addresses one of which was the general IT Service Desk email address. Because it was sent to the address which automatically logs service requests the account automatically emailed all the recipients with “Cancellation” e-mails, who then replied, etc. This was no fault on the side of the IT Service desk as it is an automatic process of the Jira logging software that IT uses to track its calls.

This is known as a mail storm in IT jargon when somebody replies to a single e-mail sent to a mailing list and inadvertently replies with a personal message to the entire mailing list leading to a snowball effect or a mail storm. It is like a dog chasing its own tail!

If you receive a mail with the subject line ICT-338035 FW: PLEASE SUPPORT STIAS – PLAN YOUR NEXT MEETING, WORKSHOP AND OR CONFERENCE WITH US”  or “PLEASE SUPPORT STIAS – PLAN YOUR NEXT MEETING, WORKSHOP AND OR CONFERENCE WITH US” just delete it. 

If you want to take it further and set up a mail filter to delete all mails with that particular Subject, then you can do so. However do not blacklist the sender or report it to the help@sun.ac.za address or it will just perpetuate the spam, and you could block legitimate e-mails from IT or the original sender.

Stay safe out there and thank you to everyone who flagged this email. It is encouraging when we have such observant and enthusiastic users.

[ARTICLE BY DAVID WILES]

 

[:]

Email

Posted in E-mail, News, Security | Comments Off on [:en]”PLEASE SUPPORT STIAS…” email causes a mail storm[:]

[:en]Warning: Sextortion scam[:]

Monday, February 1st, 2021

[:en]

There is a “sextortion” email making the rounds at the moment and with many personnel and students still working andstudying from home, many are concerned about the risks.
 
“The device has been successfully hacked” is a new ‘sextortion’ email scam for 2021. This email scam, like most sextortion scams, relies on “social engineering”, a process through which the scammers induce shame, panic or guilt. The scammers (the authors of the email) claim that they obtained material compromising the user (because of a computer hack, email account hack, router hack, etc) and threaten to publish it if the ransom is not paid. None these claims are true in any way; they are just deception.
 
The “The device has been successfully hacked” email message says that someone successfully hacked the recipient’s device and monitored it for a long time. The hacker claims that this was made possible by a virus installed on the device when the user visited the adult site. Using this virus, the hacker was able to record a video that compromises the user, and gained access to the user’s personal contacts, instant messengers, and social networks. If the recipient pays $1300 in Bitcoin, the hacker promises to delete all the data. Next, the scam email contains the bitcoin address to which the ransom should be transferred. This email is just a sextortion scam, and all the statements are fake. 
 
What to do when you receive the “The device has been successfully hacked” SCAM:

  • Do not panic.
  • Do not pay a ransom.
  • If there’s a link in the scam email, do not click it, otherwise you might unwittingly install malware or ransomware on your computer.
The mail will come from several e-mail addresses, which might very from user to user. Scammers use thousands of “throw-away” e-mail addresses to send out these scams.
 
If you do get such an e-mail use one of the two methods below to report it to IT Cyber Security as soon as possible. This way IT can filter and block the senders

By reporting it on the ICT Partner Portal.​​

Go to https://servicedesk.sun.ac.za/jira/servicedesk/customer/portal/6/create/115. 

Fill in your information and add the email as an attachment. Your request will automatically be logged on the system.​​

If you have accidentally responded to the phisher and already provided them with your personal details, it is vitally important that you immediately go to the USERADM page (either http://www.sun.ac.za/password or www.sun.ac.za/useradm and change your password immediately.)

Make sure the new password is completely different and is a strong password that will not be easily guessed, as well as changing the passwords on your social media and private e-mail accounts, especially if you use the same passwords on these accounts. Contact the IT HelpDesk if you are still unsure.

[ARTICLE BY DAVID WILES]

[:]

Email

Posted in E-mail, News, Security | Comments Off on [:en]Warning: Sextortion scam[:]

« Older Entries
Newer Entries »