Information Security is responsible for ensuring the confidentiality and data integrity of university computing assets, including university–owned computers, applications, servers, and the data residing on those devices. Information Security strives to maintain the security of university systems and data to prevent it from being used for unintended purposes by educating the campus community about security related issues, preventing the unwanted access of university records by intruders, and developing effective methods of responding to information security incidents.
Android Firmware Hack (11/15/16)
Kryptowire has identified several models of Android mobile devices that contained firmware that collected sensitive personal data about their users and transmitted this sensitive data to third-party servers without disclosure or the users' consent.
The firmware that shipped with the mobile devices and subsequent updates allowed for the remote installation of applications without the users' consent and, in some versions of the software, the transmission of fine-grained device location information. For more information or to see if your device is affected, visit Kryptowire.
Emergency Patch for Adobe Flash Player (10/28/16)
Adobe released an emergency Flash Player update in order to fix a vulnerability that attackers are taking advantage of. Hackers are targeting Flash Players on Windows 7, 8.1 and 10 systems.
Please upgrade to Flash Player 126.96.36.199 on Windows and Mac and to version 188.8.131.523 on Linux. All systems managed through SCCM and Parallels will have a patch automatically pushed. Other systems will need to be updated manually.
Please note that Google Chrome, Microsoft Edge or Internet Explorer 11 on Windows 10 and 8.1 have their own Flash player. Those should be updated automatically through those browsers' update mechanisms, so please ensure that these updates have taken place.
Yahoo Email Breach (09/22/16)
Yahoo has reported a breach of its email system. According to their report, hackers have stolen passwords and personal information. CSUN recommends that you change your Yahoo password and if you used the same or similar password for your CSUN account, then change your CSUN password as well. Your CSUN password should not be used for external sites.
iOS Security Patch Available (09/02/16)
Apple pushed out a small but critical security patch for iOS. If you use an iDevice, make sure you have the latest update by following these instructions from Sophos.
Dropbox Breach (08/31/16)
A Dropbox data breach that occurred in 2012 is still a threat to users who have not changed their password in the last four years. If you use your CSUN user ID, email address or password to access Dropbox, change your password immediately.
RSS Security Feeds
Top Security Tips
- NEVER share your password with anyone and report suspicious emails or phone calls that ask for your private information to firstname.lastname@example.org
- Use CSUN's encrypted wireless 'eduroam' network when connecting to campus Wi-Fi
- Follow these tips to secure your device and do not leave mobile devices unattended
- Learn how to identify fraudulent emails that ask for your password and other confidential information
- Use Box to securely share files with others and eliminate use of email and USB drives to transmit protected information
- Maintain current anti-virus software on all computing devices (including Macs)
- Don't get compromised. Get trained! Free Online Information Security Awareness Training is provided to ALL faculty, staff and university employees
Need Help with Information Security?
Contact the Office of Information Security at (818) 677-6100. To report incidents of abuse, send an email to email@example.com or: