Computing Services

The department behind IT services at the University of Bath

Topic: Security

Twitter Counter App hacked

  ,

📥  Computing Services, Security

The Twitter Counter App used with Twitter accounts appears to have been compromised and has been used to post spam messages to users' feeds. The messages are written in Turkish and appear to target Holland. Twitter accounts for Amnesty International, Forbes and any other users with high post and follower counts seem to have been targeted. The company Twitter Counter have acknowledged the breach of their service and taken steps to secure it, however the breach appears to mirror an earlier one from November 2016.

Twitter account holders who made use of Twitter Counter should revoke access for it in line with Twitters instructions.

https://support.twitter.com/articles/76052#

Whilst Twitter account details should not have been compromised, in the event of any connected breach it is good practice to review the security of all Twitter accounts and make sure they:

  • have a new strong password
  • ensure that any mobile phone numbers associated with the account are current
  • use login verification where possible
  • review the access for third party Apps and revoke those that aren’t needed

More advice is available from Twitter on Account Security tips - https://support.twitter.com/articles/76036#

 

Phishing attempt: Email regarding payroll

  

📥  Security

We have been made aware that several users and RT queues were sent an email regarding a payroll notification. Please be aware that this is a fake phishing attempt. Please do not click any links, fill in any documents or enter any personal information. If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket for further advice.

The junk email filter has picked this up but there may be cases (for example, RT queues) where it has ended up in your inbox.

Below is an example of the phishing email:

Dear Member
1 New Notification Regarding Your Payroll

[LINK TO FRAUDULENT SITE]

Thank You,
University of Bath

 

 

Further advice on University pay rise phishing scam.

  

📥  Security

The Police have issued further advice regarding the hoax phishing emails being sent to universities regarding fake pay rises. Action fraud have updated their website with more details.   

If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket for further advice.

 

 

Phishing attempt: Email from HR about a pay rise

  

📥  Security

We have been made aware that over the weekend of Saturday 4 and Sunday 5 of February several users were sent emails about about a 13.86 % payrise. Please be aware these are fake phishing attempts. Please do not fill in any documents or enter any personal information. If you are concerned, you can forward any emails to the team at phishing@bath.ac.uk and they will advise.

If you have clicked on the link and filled out the documentation, please visit the Service Desk on Level 2 of the Library, or log a help ticket  for further advice.

Below is an example of the phishing email:

Subject: Your 13.86% Salary Raise Documents

The salary structure for 2017 Fiscal Year (FY '17) was reviewed
and it was noticed that you are due for a 13.86% salary raise on
your next paycheque starting February 2017

The salary raise documents are enclosed herewith.

All prorated bonuses and deductions are also advised therein

 

 

 

Phishing attempt: Please ignore and delete

  

📥  Computing Services, Security

We are getting reports of a phishing e-mail that has beeen sent to students and staff. If you receive this e-mail please be aware that it is fake. Please ignore and delete it.

Example of the phishing e-mail is below:

Subject: Pending Message

Sender: account@bath.ac.uk

 

phishingspoof

If you are concerned about any e-mails you receive you can forward it to phishing@bath.ac.uk and the team will advise.

 

Account deactivation phishing email - 24 November 2016

  

📥  Computing Services, Email, Security

We are aware that some users have received a phishing email with the subject line: Deactivation Request. We have made steps to prevent further instances of this email being received.

If you receive one of these emails, delete it and do not open the link.   If you opened the link and completed any information then please get in touch with our Service Desk at go.bath.ac.uk/it-help-form.

Read our advice on phishing emails.

Example content of the phishing email

Subject: Deactivation Request

Dear Customer,

We received a request to terminate your Email and process has started, kindly give us 24.00 hours to complete your request.

If you did not make this request Please here: undo deactivation request [LINK]

All information on your account will be deleted and access to your online access will be denied.

Thanks,

IT Service

 

 

Yahoo user security

📥  Computing Services, Security

As a result of the security incident involving Yahoo that has recently come to light, we are aware that some of you may have used the same security questions for both the Yahoo and University systems.

If this is the case, as well as securing your Yahoo account, we recommend that you change your security questions to protect the integrity of your University account. You can do this by going to https://www.bath.ac.uk/account/manager/

 

 

Apple Mac & iOS Security - September 2016

  ,

📥  Apple, Computing Services, Security

Last week, Apple released urgent security updates for all Mac and iOS products. We advise you to install these as best practice, in order to ensure the security of your devices.

  • iOS 9.3.5
  • OS X 10.11.6  2016 - 001 (El Capitan)
  • OS X 10.10.5 2016 - 005 (Yosemite)

For your iPhone, iPad or iPod Touch, navigate to Settings > General > Software Update.  If you use a Mac, go to the App Store, and click updates in the top right.

September Security Update

Three previously unknown vulnerabilities were discovered by the Citizen Lab and Lookout Security, which if exploited could seriously compromise the security of the devices concerned.

The security flaw first came to light when an iOS user received a suspicious text message containing a link.  Had the user clicked the link, sophisticated malware (dubbed 'Pegasus') could have been used to remotely control the device, giving the perpetrators access to highly confidential data from all apps and services.

A few days later it was reported that Mac computers were vulnerable to the same attack, leading Apple to issue a patch for OS X Yosemite and El Capitan.

More information can be found here:

Sophisticated, persistent mobile attack against high-value targets on iOS

 

 

 

Essential security updates for Mac and iOS

  , , ,

📥  Apple, Computing Services, Security

A critical vulnerability affecting both Apple iOS and OS X has been discovered that could attack a device simply through opening an infected image file.

It is important that you update your Apple hardware as soon as possible so as to protect yourself from being affected by this vulnerability. We'd like to stress that at this stage, this is merely a proof-of-concept and there's no evidence to suggest that this exploit has thus far, been used in the wild, but it's likely to only be a matter of time before this vulnerability is exploited, so get patching today in order to keep your devices and data protected.

It is comparable in terms of its severity and ease-of-infection to last year's Android vulnerability called Stagefright, which was described as "the worst Android vulnerability ever". Apple have released a fix in versions iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 but it is believed to be present in all previous versions, so the number of affected devices is significant.

The vulnerability was discovered by Cisco Talos who released the information to Apple so that they could fix the vulnerability before the information was made public to the world. A potential attacked could use a wide range of routes including iMessages, malicious web pages, MMS messages, or other malicious file attachments opened by any application that makes use of the standard Apple Image rendering library. More details are on this blog post.

 

 

 

Password hygiene

📥  Computing Services, Security

In the last year more than 642 million account details have been breached and leaked on the internet from services such as Tumblr, LinkedIn and Myspace; to name just a few.

If you are concerned that your credentials may have been exposed in the past then you can check this against a comprehensive list of previous breaches at haveibeenpwned.com.

Criminals are using the leaked data and extending attacks taking advantage when the same username and password from one of these services have been re-used elsewhere

This can lead to cases similar to iCloud, where users have had their devices maliciously held to ransom and wiped through iCloud after their account credentials were exposed, likely through using the same password on sites less secure than Apple's that were subsequently breached.

You can reduce your risk of this occurring in three simple steps:

  1. Ensure every set of account credentials that you create on different sites/services is different. Never re-use your passwords!
  2. Use strong passwords with a mix of lowercase & uppercase letters, numbers and symbols.
  3. Where available, make sure you use two-factor authentication. This is available for a number of services, including Facebook, Twitter, Google and iCloud, just to name a few.

By following these steps then should your account credentials be exposed in a future breach then you’ll only have to change your credentials for that specific service and you can rest-assured that your unique credentials for other sites and services will remain safe... for now!