Security & Policy at LSU
Text OnlyLogin to PAWS Baton Rouge, Louisiana | Search
LSU
LOUISNetworking & InfrastructureResearch IT EnablementUniversity Information SystemsUser Support & Student IT Enablement
VCIT Home
ITS
Security & Policy
FITS (Flagship IT Strategic Plan)
Business Office
Faculty Liaison

SECURITY & POLICY

Newest Vulnerability: Phishing Attempts - Webmail Account
University IT professionals have seen e-mail phishing attempts claiming to be from Information Technology Services notifying individuals that a database and the e-mail account center are currently being upgraded. Individuals are then informed that their webmail account will be affected and that all unused webmail accounts are being deleted to create space for new accounts. Individuals are finally instructed to confirm their e-mail identity by providing their respective username and password.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 07.09.08

Newest Vulnerability: Microsoft July 2008 Security Bulletin Summary
Microsoft has released important updates to address vulnerabilities that affect Microsoft SQL Server 2000, Windows, and Windows Server. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Please see Microsoft Security Bulletin Summary for July 2008 and US-CERT for additional information.

Users should install updates as soon as possible. Please note that systems joined to the LSU Active Directory automatically receive updates when available.

This announcement posted 07.08.08

Newest Vulnerability: Phishing Attempts - Bank of America
University IT security professionals have seen e-mail phishing attempts from Bank of America notifying individuals that they have a new message. Individuals are then instructed to follow a link that appears to be a page for Bank of America where they are prompted to enter their username and password.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 06.24.08

Newest Vulnerability: Microsoft June 2008 Security Bulletin Summary
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, and Internet Explorer. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Please see Microsoft Security Bulletin Summary for June 2008 and US-CERT for additional information.

Users should install updates as soon as possible. Please note that systems joined to the LSU Active Directory automatically receive updates when available.

This announcement posted 06.10.08

Newest Vulnerability: Apple Updates for Multiple Vulnerabilities
Apple has released Security Update 2008-003 and OS X version 10.5.3 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, or cause a denial of service. Please see US-CERT and Apple for additional information. Users should install updates as soon as possible.

This announcement posted 05.30.08

Newest Vulnerability: Debian/Ubuntu OpenSSL Advisory
A critical vulnerability has been announced in Debian, Ubuntu and other Debian-based Linux distributions. This information, paired with a recent increase in SSH scanning activity, is cause for concern. If you have any Debian or Debian-based installations please visit the distribution site as soon as possible. Fixed packages have been developed and are available for affected installations. From the Debian advisory:

DSA-1571-1 openssl -- predictable random number generator

the random number generator in Debian's OpenSSL package is predictable due to an incorrect Debian-specific change to the "openssl" package (CVE-2008-0166).

After installing updated packages for your distribution, it is *vitally important* to regenerate any cryptographic keys that may have been generated with the erroneous OpenSSL package. This includes SSH host and client keys; note that, after regeneration, client applications will warn about potential "man-in-the-middle" attacks. Always make sure that the fingerprints match before accepting such changes.

Note that the Ubuntu updates for the "openssh" package will automatically do this regeneration for you; Debian is not (at this time) automating this step, but should soon have information on this page to aid users:

http://www.debian.org/security/key-rollover/

Please install the fixed packages as soon as possible to minimize the risk of compromise, and make sure to regenerate any keys that may be vulnerable.

This announcement posted 05.13.08

Newest Vulnerability: Microsoft May 2008 Security Bulletin Summary
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows and Office. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Please see Microsoft Security Bulletin Summary for May 2008 and US-CERT for additional information.

Users should install updates as soon as possible. Please note that systems joined to the LSU Active Directory automatically receive updates when available.

This announcement posted 05.13.08

Newest Vulnerability: Phishing Attempts - Department of the Treasury
University IT security professionals have seen e-mail phishing attempts from the Department of the Treasury notifying individuals that records indicate that they are qualified to receive the 2008 Economic Stimulus Refund. Individuals are then instructed to follow a link that appears to be a page for the Internal Revenue Service where they are prompted to enter their SSN, credit card, bank routing number and checking account number with the promise that the rebate will be directly deposited into their checking account.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 05.09.08

Newest Vulnerability: Phishing Attempts - IRS Stimulus Payments
University IT security professionals have seen e-mail phishing attempts from the IRS notifying individuals that records indicate that they are qualified to receive the 2008 Economic Stimulus Refund. Individuals are then instructed to follow a link where they are prompted to enter their bank routing number and checking account number with the promise that the rebate will be directly deposited into their checking account.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 04.24.08

Newest Vulnerability: Phishing Attempts - Del Norte Credit Union
University IT security professionals have seen e-mail phishing attempts from Del Norte Credit Union notifying individuals that their account has recently been updated with a new security enhancement and that for security reasons their debit card has been temporary suspended. Individuals are then instructed to call a phone number to activate their account.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 04.23.08

Newest Vulnerability: Phishing Attempts - Hancock Bank
University IT security professionals have seen e-mail phishing attempts from Hancock Bank notifying individuals that they can complete a quiz for a chance to win $500. Individuals are then instructed to follow a link to proceed.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 04.18.08

Newest Vulnerability: Microsoft April 2008 Security Bulletin Summary
Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Office. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. Please see Microsoft Security Bulletin Summary for April 2008 and US-CERT for additional information.

Users should install updates as soon as possible. Please note that systems joined to the LSU Active Directory automatically receive updates when available.

This announcement posted 04.08.08

Newest Vulnerability: Phishing Attempts - ASI Federal Credit Union
University IT security professionals have seen e-mail phishing attempts from ASI Federal Credit Union notifying individuals that security software is being updated and that their account information needs to be verified. Individuals are then instructed to click on a link to start the verification process.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 03.27.08

Newest Vulnerability: Phishing Attempts - University Accounts
University IT security professionals have seen e-mail phishing attempts that are variations of:

Dear XXXX.edu Subscriber,

To complete your XXXX.edu account, you must reply to this e-mail immediately and enter your password here (*********).

Failure to do this will immediately render your e-mail address deactivated from our database.

You can also confirm your e-mail address by logging into your XXXX.edu account at webmail.XXXX.edu.

We apologize for any inconveniences, but trust you understand that our primary concern is for our customers to be totally secure.

Thank you for using XXXX.edu !
THE XXXX.edu TEAM

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately.

This announcement posted 03.24.08

Newest Vulnerability: Apple Updates for Multiple Vulnerabilities
Apple has released the Apple Security Update 2008-002 and Apple Safari 3.1 to correct multiple vulnerabilities affecting Apple Mac OS X, Mac OS X Server, and Apple Safari. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, execute cross-site scripting attacks or cause a denial of service. Please see US-CERT and Apple for additional information. Users should install updates as soon as possible.

This announcement posted 03.19.08

Newest Vulnerability: Microsoft March 2008 Security Bulletin Summary
Microsoft has released updates that address vulnerabilities in Microsoft Office, Outlook, Excel, Excel Viewer, Office for Mac, and Office Web Components. Please see Microsoft Security Bulletin Summary for March 2008 and US-CERT for additional information.

Users should install updates as soon as possible. Please note that systems joined to the LSU Active Directory automatically receive updates when available.

This announcement posted 03.11.08
Fraudulent E-mail Alert
University IT security professionals have seen e-mail extortion/spam attempts notifying individuals that harm will be done to them if they do not comply by paying thousands of dollars. Individuals are then instructed not to contact the police or tell anyone.

These messages are fraudulent. The IT Security & Policy Office and LSUPD are recommending that users ignore this e-mail message and contact LSUPD if they receive any additional correspondence. In addition, users may file a complaint with the Internet Crime Complaint Center (IC3) at http://www.ic3.gov/ .

This announcement posted 03.06.08

Newest Vulnerability: Phishing Attempts - La Capitol Federal Credit Union
University IT security professionals have seen e-mail phishing attempts from La Capitol Federal Credit Union notifying individuals that their account information needs to be verified in order to receive uninterrupted service. Individuals are then instructed to click on a link and sign in to verify their account information.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 02.27.08

Newest Vulnerability: Microsoft February 2008 Security Bulletin Summary
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, Visual Basic, Internet Information Services (IIS) and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system. Please see Microsoft Security Bulletin Summary for February 2008 and US-CERT for additional information.

Users should install updates as soon as possible. Please note that systems joined to the LSU Active Directory automatically receive updates when available.

This announcement posted 02.11.08

Newest Vulnerability: Apple Updates for Multiple Vulnerabilities
Apple has released Mac OS X v10.5.2 and Security Update 2008-001 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. Attackers could exploit these vulnerabilities to execute arbitrary code, gain access to sensitive information, surreptitiously initiate a video conference, or cause a denial of service. Please see US-CERT and Apple for additional information. Users should install updates as soon as possible.

This announcement posted 02.11.08

Newest Vulnerability: Phishing Attempts - Navy Federal Credit Union
University IT security professionals have seen e-mail phishing attempts from Navy Federal Credit Union notifying individuals that their respective account has been suspended due to a billing failure. Individuals are then instructed to complete an account update so their respective account can be unlocked.

These messages are fraudulent. Cyber criminals are attempting to steal your personal information. Users should delete such messages immediately. Legitimate businesses rarely do account confirmations and/or update requests online.

This announcement posted 02.05.08

Newest Vulnerability: Microsoft January 2008 Security Bulletin Summary
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system. Please see Microsoft Security Bulletin Summary for January 2008 and US-CERT for additional information.

Users should install updates as soon as possible. Please note that systems joined to the LSU Active Directory automatically receive updates when available.

This announcement posted 01.08.08






IT Policies
Best Practices
Data Management
Data Recovery & Forensics
Threat Alerts
Helpful Links
Public Key Infrastructure
EFS
Security Breach Notification
IT Security Audit
Incident Response
Report Incident
Contact Info

Chief Information Office
Louisiana State University
Baton Rouge, LA 70803
Phone: 225-578-3700
Fax: 225-578-6400

Internet 2 University Member



Copyright © 2008. All Rights Reserved. Official Web Page of Louisiana State University.
Search this Site | About this Site