Information Security Bulletin

Posted: 09/09/2022

Bad actors are utilizing phishing campaigns to obtain credentials of faculty, staff and students. Once they have credentials, they will capitalize on user-error to gain access via a multi-factor authentication message (Duo prompt). After gaining access to the victim’s email, they begin to spam other organizational users with a “job offer” that requires a payment up front and bank information for “equipment”. Or, more frighteningly, they will use the victim’s account credentials to change employment payment information, such as bank routing numbers, so future pay checks are sent to the attacker’s account. 

This is actually a combination of up to three different attacks or scenarios:

• The first two is a straightforward attempt to get more credentials.
• The second is to spam out the false job offers, hope to make money from unsuspecting recipients.
• The third and last is changing direct deposit information in the payroll system (such as OneUSG Connect).

While we have many mitigations in place to protect UNG against such attacks, we need your help. Never approve a Duo prompt that you did not initiate. If you’re not actively logging in to an application, you should not receive a Duo prompt. 

Additionally, remain vigilant concerning phishing, especially unsolicited MFA logon screens, and if you suspect something suspicious, change your passwords immediately and notify the UNG IT Helpdesk at helpdesk@ung.edu or 706-864-1922.

Posted: 08/18/2022

Apple recently announced a significant vulnerability that affects both their computers and phones/tablets. Apple and CISA encourage you to check and apply applicable updates on devices as soon as possible.

For macOS Monterey, iOS, and iPadOS, this vulnerability allows for an attacker to execute arbitrary code with kernel privileges. With Kernel privileges, this arbitrary code has total access to the hardware the system is running on. It has the ability to run commands at the CPU level, as well as memory, allowing for an attacker to potentially do anything with the machine.

For Safari, this vulnerability allows for potential attackers to force your browser to process maliciously crafted web content that may lead to arbitrary code execution. This arbitrary code execution may allow for attackers to potentially install programs under your user account for nefarious purposes. Think viruses, botnets, sniffers, etc.

Vulnerable versions: macOS Monterey 12, iOS 15, iPadOS 15, and Safari 15.

For those interested, further details can be found at the Cybersecurity and Infrastructure Security Administration’s posting

Contact UNG's IT Service Desk at helpdesk@ung.edu or by phone at 706-864-1922 if you ever have any concerns!

Have a great week!

Posted: 08/17/2022

The modern age of computing has drastically changed the way we work, shop, bank, and live. Any activity we do on a computer, or even with a computer nearby, requires some of our information to be shared and stored. It is important then to be mindful of what information we are sharing, and with who, which is where cybersecurity comes in. This bulletin will serve as a source of information from UNG's Office of Information Security on cybersecurity news, tips, and alerts that we feel our university community should be aware of. With this first bulletin, here's a few basic cybersecurity tips that you can practice to drastically reduce your risk with phishing attacks!

 Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computer with viruses or malware, creating vulnerability to attacks. Phishing emails may appear to come from a real financial institution, e-commerce site, government agency, or any other service, business, or individual. The email may also request personal information like account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access their accounts.

• When in doubt, throw it out: Links in email and online posts are often the way cybercriminals compromise your computer. If it looks suspicious – even if you know the source – it's best to delete or, if appropriate, mark it as “junk email.” Contact the company directly (via phone) to be sure the email is not legitimate.
• Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
• Use stronger authentication: Always opt to enable stronger authentication and enable multi-factor authentication (2FA/MFA) when available, especially for accounts with sensitive information including your email or bank accounts. Multi-factor authentication or 2FA helps verify a user has authorized access to the online account. For example, it could be a one-time code texted to a mobile device, providing an added layer of security beyond the password and username. Visit www.lockdownyourlogin.com for more information on stronger authentication.
• Make passwords long and strong: Combine capital and lowercase letters with numbers and symbols to create a more secure password.