Language:
SEARCH

  • Recent Posts

  • Categories

  • Archives

Security

« Older Entries
Newer Entries »

Windows 10 upgrade and McAfee

Wednesday, August 10th, 2016

Do not upgrade to the Windows 10 Anniversary Update without first verifying whether your McAfee product is compatible. This caution affects the products listed below:

McAfee Agent (MA) 5.0.x, 4.8.x

McAfee Application and Change Control 7.0

McAfee Client Proxy (MCP)

McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.x, 9.4, 9.3

McAfee Endpoint Security (ENS) Firewall, Threat Prevention, and Web Control 10.2, 10.1

McAfee Host Intrusion Prevention (Host IPS) 8.0

McAfee MOVE AntiVirus Multi-Platform 

McAfee Threat Intelligence Exchange (TIE) 1.x

McAfee VirusScan Enterprise (VSE) 8.8

McAfee Policy Auditor (PAU) 6.2

https://kc.mcafee.com/corporate/index?page=content&id=KB87536

Email

Posted in Security | Comments Off on Windows 10 upgrade and McAfee

Email from “IT” a scam

Friday, July 15th, 2016

 Phishing scams disguised as an e-mail from The IT Admin Desk, asking you to upgrade your e-mail, are nothing new. This week two more of these e-mails, from the same source, have been sent to SU staff’s mailboxes. One is from the ADMIN TEAM and another from IT SERVICE DESK.

Both e-mails ask you to “log in” to update or verify your account, using the link included. Both are sent from compromised e-mail accounts from Minnesota and Iowa educational institutions. One diverts to a server controlled by scammers in Brazil and the other California. However, both use a forged “login page” and the same details.

Do not respond to these e-mails or go to the site given in the e-mail. Do not fill in your username, password or other details on any site. Stellenbosch University Information Technology has no need for users to provide user names and passwords on any site other than www.sun.ac.za/useradm, where you can manage your network account. We are also able to upgrade or migrate your e-mail account without asking you to assist.

Our e-mails will always be branded and in Afrikaans and English. If you are unsure about an e-mail you received, speak to your local computer expert or ask the IT Service Desk (021-8084367 or helpinfo@sun.ac.za).

Here is an example of the phishing mail: 

From: I, Amscammer

Sent: Thursday, July 14, 2016 5:56 AM

To: 1,Amscammer

Subject: ADMIN TEAM/IT SERVICE DESK/IT HELPDESK/IT SUPPORT/WEBMAIL ADMIN (and all variations you could think of) 

Dear E-mail User:- 

Take note of this important update that our new webmail has been improved with a new messaging system from Owa/outlook which also include faster usage on e-mail, shared calendar,web-documents and the New 2016 Anti-Spam Version. 

Please use the link below to complete your update for our new Owa/outlook improved webmail.

Log on to Outlook Web Access<http://iam.aspammer.com> to update your mailbox.

ITS Help Desk
ADMIN TEAM
©Copyright 2016 Microsoft Outlook
All Right Reserved.

[INFORMATION SUPPLIED BY DAVID WILES]

Email

Tags:
Posted in E-mail, Security | 2 Comments »

New spam e-mail distributed on campus

Friday, July 8th, 2016

New spam e-mail distributed on campus asking you to validate your account, otherwise it will be deleted. Please ignore and delete this. IT will never ask you to validate your account in this way.

Also take note that the contact details are incorrect, the e-mail is vaguely addressed to “Dear Student/Member” and not personalised and there’s no reference to IT itself. All our e-mails are sent on a specific template and in both languages.

If in doubt, rather call us at x4367 to check if an e-mail is legitimate.

 

——– Original message ——–
From: “Espina, Juliette” <jae16c@my.fsu.edu>
Date:06/07/2016 12:38 (GMT+02:00)
To:
Cc:
Subject: NOTICE

Dear Student/Member,

Please note that we are canceling unused sun.ac.za email account to create more space for new accounts.

Kindly follow the link below to validate your account: 

http://bit.ly/2925RgV 

 

Thank you

Support Team.

Administration B building, 

Victoria Street, Stellenbosch

18° 51′ 47.536″ East 33° 56′ 1.327″

Email

Posted in E-mail, Security | Comments Off on New spam e-mail distributed on campus

Even Zuckerberg uses weak passwords

Thursday, June 9th, 2016

Over the past weekend Mark Zuckerberg, tech giant, Facebook mogul and you-would-think tech genius, had his Twitter and Pinterest accounts hacked.

Of course, he’s an easy, convenient target – who wouldn’t want to boast about hacking Mark Zuckerberg’s accounts? Ironically, not much skill was needed to achieve this target. The Zuck made two classic mistakes. 

His first was to use an incredibly simple and easy password consisting of only two unique characters, namely “dadada”. No caps, no special characters, no problem to hack. His second was using the same password for his Twitter and Pinterest accounts. Subsequently, hackers could access both accounts with minimum effort.

What we’re trying to say is, don’t feel bad if you use simple passwords because it’s easy to remember. Even Mark Zuckerberg does it. However, we would advise that, for your own safety, you start using unique, unusual passwords and not 123456 for all your accounts.

If it’s a challenge to remember different passwords for different accounts or if passwords with odd characters, capital letters and punctuation confuse you, consider using password management tools like KeePass and LastPass. 

The good news is that Google is working on an alternative method for users to access their accounts on Android phones. It will be more secure and doesn’t use passwords. 

Google recently announced Project Abacus, which will recognise a user by, what they call a Trust API – the way they type, their location, facial recognition, voice and other biometric markers. Google plans to complete work on this project by the end of this year. 

More articles on passwords.

[SOURCES: http://qz.comhttp://www.nytimes.com]

 

Email

Posted in Security | Comments Off on Even Zuckerberg uses weak passwords

So did you also get an e-mail from Pravin Gordhan?

Wednesday, May 25th, 2016

Every day, countless phishing emails are sent to us at Tygerberg Campus and to the Main Campus. This one (see below) is so outlandish that it is an obvious fraud, but others can be a bit more convincing. Using this as an example, there are a number of things that you can look for.

Here are 10 of them:

1: The message contains a mismatched URL: If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

2: URLs contain a misleading domain name: Phishers try to convince their victims that a message came from the government or a company like Microsoft or Apple.

3: The message contains poor spelling and grammar: Reading this mail I attach as an example should leave no doubt.

4: The message asks for personal information: No matter how official an email message might look, it’s always a bad sign if the message asks for personal information. Your bank doesn’t need you to send your account number, neither does the government.

5: The offer seems too good to be true: If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

6: You didn’t initiate the action: If you get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

7: You’re asked to send money to cover expenses: One telltale sign of a phishing email is that you will eventually be asked for money or provide data to release the money.

8: The message makes unrealistic threats: Here the “minister” says if you don’t respond the government will take the money. (That should bring a smile to your face!)

9: The message appears to be from a government agency: Phishing artists who want to use intimidation don’t always pose as a bank. Sometimes they’ll send messages claiming to have come from a government agency or SARS.

10: Something just doesn’t look right: Professionals in the security business are taught to look for anything that is “JDLR” – (Just Doesn’t Look Right)  If you receive a message that seems suspicious, it’s usually in your best interest to avoid acting on the message.

[ARTICLE BY DAVID WILES]

 

 

 

From: Pravin Gordhan [mailto:praving@treasury.gov.za]
Sent: Tuesday, 24 May 2016 14:36
Subject: FOR YOUR URGENT ATTENTION-FROM THE OFFICE OF HONORABLE MINISTER OF FINANCE.

Attention,

I write in respect of a fund brought to the department of National Treasury earlier today from Reserve bank under your name.

From the reports contained in the file having your information attached to the fund, the fund was supposed to be transferred to you from Reserve bank, but was not due to some reasons that were not mentioned in the file.

The fund is 9.5m USD. Are you aware of the fund?

This notification stands as the first and final notice to you for you to claim your fund and after 5 working days of this notification, if I do not hear from you, I will have no option than to declare the fund government’s fund.

Please re-confirm the following details;

1, Your full name and address.

2, Your age and occupation.

3, Your cell phone number.

Revert back to me as soon as get this email, so that we can process the release your fund to you.

Yours Sincerely.
Pravin Gordhan
Honorable Minister of Finance,
Republic of South Africa.

Email

Posted in Security | Comments Off on So did you also get an e-mail from Pravin Gordhan?

« Older Entries
Newer Entries »
 

© 2013-2025 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.