The Information Security Group has received numerous reports of an email signed by David Swain (dswain@weavemail.com), supposedly representing the “Brown Collaborative Networks”. Please be aware that the sender has no affiliation with Brown, the “Brown Collaborative Networks” is not an official Brown sanctioned nor initiated effort, and represents an illegitimate use of the Brown trademark.
Phishing Alert: Brown Collaborative Networks Email
April 23rd, 2012 by pfalcon@brown.edu
Phishing Alert: Your Mailbox has exceeded . . .
April 17th, 2012 by pfalcon@brown.edu
Be on the lookout for email requests with the subject line “Your Mailbox has exceeded Its storage limit” that asks your to “re-validate” your mailbox. These are from the “Technology Department” but have nothing to do with Brown computing. DO NOT RESPOND.
Microsoft Alert – Vulnerabilities in Remote Desktop Protocol (RDP)
March 15th, 2012 by dmbello@brown.edu
If you missed Microsoft’s “Patch Tuesday” announcements this week, Microsoft reported that there is a vulnerability in the RDP service that may allow a remote unauthenticated attacker to execute arbitrary code on the host running RDP. This vulnerability is labeled critical.
The Internet Storm Center is warning that hackers will likely reverse engineer the patch to “understand the details of the bug and craft an exploit.” They estimate that a viable exploit will probably be available in less than 30 days.
It is imperative that you apply the patch for this vulnerability as soon as possible. First, many departments are still wide open to the Internet (i.e., not as yet behind a firewall) and secondly, being behind a firewall doesn’t protect you from a computer on our networks that is compromised. Successful exploitation may mean an attacker can install a backdoor onto your system, among other things.
Please consult the following links for additional information about this vulnerability.
http://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0002
http://isc.sans.edu/diary.html?storyid=12781&rss
Apple Order Scam
March 13th, 2012 by pfalcon@brown.edu
Several reports of a phishing email have surfaced this morning, supposedly confirming an Apple order. While it is an obvious fake — sent to a long list of names, has grammatical errors, is for an unusually large amount (4,545.54 USD ) and the URL is suspiciously not from Apple — it nonetheless offers the tempting “CLICK HERE” link.
Second Hand Scams
March 5th, 2012 by pfalcon@brown.edu
The Information Security Group is alerting the Brown community to numerous inquiries regarding “second hand scams.” According to reports, the scammers are going after legitimate professors/email addresses (whether they are looking for a job or not), who are sent phony job offers supposedly from Brown University. The email may include an attachment that contains the offer and terms of the position, along with contact information.
Flashback Trojan horse a threat to unpatched Macs
February 27th, 2012 by pfalcon@brown.edu
While there have been no sightings at Brown yet, Mac users should be alert to the Flashback Trojan variant, which could cause some damage to unsuspecting Mac users.
The security firm Intego, who first reported the Flashback Trojan horse this fall, has spotted a new variant that uses a three-prong attack strategy to infect Macs. According to Indego:
Phishing email links to Google form
February 21st, 2012 by pfalcon@brown.edu
Another variant on the common phishing theme of exceeding your mailbox quota has been reported. This one prompts readers to “updrade” their accounts by filling out a Google form that is linked from the email.
CISO Memo: 2011 Brought Many Changes
January 31st, 2012 by djsherry
Is it still admissible to say Happy New Year in February? I’ll take the position that it is, seeing that this is the first Information Security Group newsletter for 2012. The year 2011 saw many success stories for the group, as well as some changes and big plans for 2012. I’d like to take this opportunity to share some of what has been, and what will be, going on.
Read the rest of this entry »
Data Privacy Day Observed Feb 29th at Brown
January 31st, 2012 by pfalcon@brown.edu
Data Privacy Day is an annual international event designed to promote awareness about privacy, and to provide education on best privacy practices. It has been held each year on January 28th since 2008.
It is one response to a networked world where questions like “How can I protect my information from being misused?” “Who is collecting all of this data and what are they doing with it?” “With whom is it being shared?” are on everyone’s minds.
Read the rest of this entry »
Identity Finder
January 31st, 2012 by pfalcon@brown.edu
In late January, CIS announced the availability of the free tool, Identity Finder, which helps prevent identity theft and keeps Brown compliant with federal and state laws by detecting and securing sensitive data on your computer.
Outages & Alerts- Printsrv Issues May 15, 2012UPDATE: We’ve identified/isolated the problem, and printing appears to be back online. We are aware of a problem with the Printsrv and are working to identify and resolve the issue. Functionality that may be impacted by this problem includes: Printing to network printers. We will be posting all updates, including the resolution of the problem, […]
- Brown’s current Matlab license May 9, 2012UPDATE: If your Matlab installation uses the “Network Concurrent License” (CFARM), there is nothing you need to do at that client side. Once the license is updated on CFARM, which is scheduled for May 22, the warning messages will disappear. As you may be aware, Brown’s current Matlab license is about to expire. If you […]
- Resolved: Intermittent issues on www.brown.edu May 1, 2012UPDATE: Services have been restored. We thank you for your continued patience. ORIGINAL POST BELOW: We are aware of a problem with www.brown.edu and are working to identify and resolve the issue. Functionality that may be impacted by this problem includes: www.brown.edu accessibility. We will be posting all updates, including the resolution of the problem, […]
- Planned Outage – Brown’s ISP OSHEAN will be doing internet maintenance tonight April 24, 2012Subject: OSHEAN/Internet will be unavailable on 4/24/2012 from 2:00am to 3:00am. Due to scheduled maintenance, the internet may be unavailable on 4/24/2012 from 2:00am to 3:00am. During this time, you may not be able to get online to any internet sites using any of the Brown network connections. If you experience problems after 3am, please report […]
- Phishing Alert: Brown Collaborative Networks Email April 23, 2012The Information Security Group has received numerous reports of an email signed by David Swain (dswain@weavemail.com), supposedly representing the “Brown Collaborative Networks”. Please be aware that the sender has no affiliation with Brown, the “Brown Collaborative Networks” is not an official Brown sanctioned nor initiated effort, and represents an illegit […]
- Printsrv Issues May 15, 2012