Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

Security

Protect your equipment against power outages

Sunday, March 31st, 2019

By now we’re used to the unpredictable nature of our electricity supply and started making changes to ensure our daily routine can continue in spite of it.

But have you considered the effect these irregular power surges might have on your appliances at home and the office? To ensure you don’t suffer any serious damage, there are a few measures you can take.

the-light-bulb-371652_6401. Regularly check the load shedding schedule.
This is important since you can’t protect your appliances if you’re not sure when power will be shut down. There are various ways to do this, including Eskom’s Twitter feed, website, as well as various apps. 

2. Switch off and unplug
Before scheduled load shedding, turn off and unplug or disconnect all your electrical appliances. By doing this, you will avoid a sudden strong surge of power to your device which could damage sensitive electronic circuitry.

It is also important to unplug computer power cables from plugs, as well as telephone cables.

3. Use surge protectors
As mentioned above, power surges could damage your appliances. To prevent this, you can also fit plugs equipped with surge protectors which will lessen the surge. Just remember, even if you use surge protectors, it’s still safer to unplug devices entirely.

4. Get a power bank
These useful little things are portable chargers which you can charge your phone and any other USB device with. With their help, you won’t be stuck without your cell phone or tablet while the rest of the world is shrouded in darkness.

They are readily available at online stores like Takealot and are not that expensive considering the convenience.

5. Get a UPS
A UPS or Uninterruptible Power Supply functions as a surge protector, but with also has a built-in battery, and can provide a constant power output for up to an hour. A UPS is merely a backup system to buy you time to protect appliances and save data. 

6. Backup
Backing up your data shouldn’t be done only when load shedding is prevalent. It should be part of your weekly routine. If you know load shedding will take place, do regular backups while working or before the scheduled power outage. This will ensure you don’t lose important work.

 

[SOURCE: www.eskom.co.za, www.mg.co.za, www.fin24.com, www.mweb.co.za, www.property24.com]

 

Protecting yourself from spearphishing attacks

Tuesday, March 12th, 2019

For a large enterprise like Stellenbosch University phishing attacks are the most common cybercrime.

In the late 1990s and early 2000s, we were all inundated with spam emails, selling everything from fake pharmaceuticals to cheap perfumes. With spam, cybercriminals use a blanket approach sending emails to as many people as possible, hoping a few gullible customers will be funding further spam emails.

General “shotgun” phishing is still a problem today, but the past 18 months have seen a rise in a more sinister form of cyberattack,  spearphishing, which is much more targeted to an individual or an enterprise’s email system.

Spearphishing is similar to phishing, it’s also a vector for identity theft where cybercriminals try to get users to hand over personal and sensitive information without their knowledge.

Cybercriminals view phishing attacks as a profitable and an easy way to gain access to an enterprise enabling them to launch more sophisticated attacks, for example, spearphishing attacks. Humans are, after all,  the weakest link and thus the most effective target for criminals looking to infiltrate a network like the university.

Even though spearphishing is more focused than its less-sophisticated relative phishing, everyone can apply the following principles to protect yourself and the university against cybercriminal activity:

Use common sense when it comes to phishing attacks
Be sensible and smart while browsing online and checking your emails. Never click on links, download files or open attachments in email or social media, even if it appears to be from a known, trusted source. You should never click on links in an email to a website unless you are absolutely sure it’s authentic. If you have any doubt, open a new browser window and type the address into the address bar. Always be wary of emails asking for confidential information – especially if it asks for personal details or banking information. The university and your bank will never request sensitive information via email. They do not need it. They have it all already.

Watch out for shortened links
Pay particularly close attention to shortened links, especially on social media. Cybercriminals often use Bit.ly, Tinyurl.com, Goo.gl or Tr.im to trick you into thinking you are clicking a legitimate link when in fact, you are being inadvertently directed to a fake site. Always place your mouse over a web link in an email (known as “hovering”) to see if you’re being sent to the right website.

Does the email look suspicious? Read it again
Many phishing emails are obvious. They will be filled with plenty of spelling mistakes, CAPITALISATION and exclamation marks. They will also have impersonal salutations – e.g. ‘Dear Valued Customer’ or ‘Dear Sir/Madam’ salutations – and will have implausible and generally suspicious content. Cybercriminals will often intentionally make mistakes in their emails bypass spam filters and improve responses. 

Be wary of threats and urgent deadlines
Sometimes the university does need you to do something urgently, however, this is an exception rather the rule. For example, you all have been getting reminders to reactivate your network account by the end of March. Threats and urgency, especially coming from what claims to be a legitimate company, are a giveaway sign of phishing. Some of these threats may include notices of a fine or advising you to take action to stop your account from being closed. Ignore the scare tactics and rather contact the company via phone.

Browse securely with HTTPS
You should always, where possible, use a secure website, indicated by https:// and a security “lock” icon in the browser’s address bar, to browse. This is particularly important when submitting sensitive information online, such as credit card details.

Never use public, unsecured Wi-Fi, including MatiesWiFi, for banking, shopping or entering personal information online. Convenience should never be more important than safety. When in doubt, use your mobile’s 3/4G or LTE connection.

[ARTICLE by David Wiles]

Formjacking: a new threat to cybersecurity

Thursday, February 28th, 2019

Believe it or not, cybercriminals are contributing to the growth of the English language, by annually introducing new words to the dictionary.  Forget phishing and ransomware. Formjacking is the cybercriminal’s new flavour of the month

Formjacking is a type of malicious code injection when criminals hack a site and take over the functionality of its form page. Data is then collected from the user through the malicious form, forwarding it to the virus authors.

The uncomfortable truth is that users voluntarily surrender their information in a form they believe to be legitimate and secure. Once the information is stolen, it is used for identity theft, bank fraud and other criminal activities. Many companies and enterprises, like the university, use web forms to collect user information and complete transactions. We have all learned to trust the web form systems and our trust makes formjacking an instant success for cybercriminals.

Symantec has observed significant growth of formjacking attacks and found several big companies have already fallen victim to this new form of social engineering including Ticketmaster, Newegg, British Airways and Feedify.

The global statistics collected by Symantec are rather sobering. Since August 2018, Symantec detected and blocked 248,000 formjacking incidents.

All companies, enterprises and legal entities operating a website or online payment transactions are at risk from formjacking, including the university.

Currently, the only way to protect a website from formjacking is for the website administrators to maintain a high level of regular auditing of the code. Formjacking essentially changes the functionality of the text boxes of a web form, and careful, regular auditing should provide enough hints that the original code has been changed, indicating that the site is tampered by outsiders.

More information can be found in Symantec’s 2019 Internet Security Threat Report.

[ARTICLE BY DAVID WILES]

Free WiFi – not always a good deal

Monday, February 11th, 2019

Do you lurk in the shadows at night in your neighbourhood, looking for a neighbour who forgot to secure his Wi-Fi with a password? When times are rough and the need for internet is desperate, anything is possible.

At least the Wifi at the Wimpy or Mugg & Bean is free AND legal. But even this Wi-Fi might not be the best option.

Using Wi-Fi in itself isn’t the actual problem – it depends on what you do with it.

Public Wi-Fi hotspots are shared with other people. This means anyone, like you, with access to the same hot spot, can technically access your data and monitor your online activity

And you don’t need to be a hacker to be able to do this. Anyone with access to the right software, like Firesheep, can become an instant cybercriminal if he wants to.

In September 2014 Finn Steglich from German company SySS set up a test Wi-Fi access point in London’s financial district. The experiment was attempted to establish how many people would willingly connect to a completely insecure and unknown device. The results were unsettling.

Never conduct any bank transactions or financial business on an open Wi-Fi connection. Not even online shopping – even if you’re panicking you’ll miss Takelot’s daily deal.

Before you use any Wifi hotspot, make sure it’s the establishment’s official spot. cybercriminals set up Wifi hot spots with copies of Twitter, Facebook, etc. to encourage unsuspecting users to log on and thereby provide their login info. Using the same password for multiple websites makes it even easier for them to access other websites with more of your personal information.

There are ways to use Wifi without putting yourself at risk. Kaspersky has a few suggestions.

Phishing attempt: “SARS eFiling Letter notification”

Thursday, January 31st, 2019

An email with the subject “SARS eFiling Letter Notification” was sent from a staff email to staff and students on campus. The email asks you to click on a link to download your SARS documents (See example below)

This is not a legitimate SARS email, but a phishing attempt from a compromised sun email account.

SARS will never ask you to provide any personal information by means of email. By clicking on links and providing your information, you give criminals access to your personal information and your accounts.

If you clicked on the link in this phishing email, immediately change your password on www.sun.ac.za/password. For enquiries contact the IT Service Desk by logging a request or calling 808 4367. More information on phishing is available on our blog and Twitter.

Click for a larger version.
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.