Patch Tuesday (2/14/2018)
As some of you might know, Microsoft releases its patches on the second Tuesday of the month and this has become known as Patch Tuesday. There are some serious issues fixed with the February release that have known exploits, including a nasty Outlook bug that could take over your computer if you open up an infected file. Please take this patch as soon as possible. IT will be pushing out the patches this Friday to CSUN computers. You should also update your home computer as soon as possible The SANS (SysAdmin,Audit,Network,Security) Institute has a very good summary of what it is in every patch.
Chrome Browser Scam/Ransomware (2/8/2018)
Security researchers are reporting that hackers are exploiting a bug in Chrome to try to extort money from unsuspecting users. The way it works is that upon navigating to a hacked or invalid web site, your browser may display a message telling you to call a number and then lock up the browser and eventually your Windows machine. If you do encounter this issue on Windows you may use Task Manager to kill the Chrome browser or you can reboot your machine. On MacOS your Mac will eventually tell you that your browser is unresponsive. Under no circumstances should you call the number popping up on your machine. Chrome has not yet issued a patch.
Another Flash Exploit (2/1/2018)
Adobe issued a security warning that attackers are exploiting a new security hole in its Flash Player software to hack into Microsoft Windows computers. Adobe said it will issue a fix in the next few days. Adobe is recommending that users turn on protected view in Windows to mitigate this issue. We recommend that all users turn on protected view on their computers.
File Taxes Early to Prevent Fraud (1/29/18)
Today January 29th is the first day you can file your 2017 tax return. A favorite tactic of scammers and hackers is to file a false tax return using your stolen identity and receive a large tax return. Tax return fraud impacts hundreds of thousands of US taxpayers annually and is expected to climb this year due to the Equifax breach. One way to prevent this fraud is to not wait until April 15th but file as early as possible.
If you were a victim of the Equifax breach you should should consider submitting an Identity Theft Affidavit (Form 14039) to the IRS. Also be aware that if you froze your credit due to the Equifax breach and you are required by the IRS to use a PIN to file electronically you have some extra steps to perform.
Malware Bytes Update Causes Major Problems (1/29/18)
Malwarebytes released a production update on Saturday that can cause spikes in CPU use, resulting in slow performing or crashed computers. If you are using Malwarebytes please see the Malwarebytes Forum for remediation steps.
Major Flaw in Hardware Leaves Computers, iPads and iPhones Vulnerable (1/08/18)
Two major flaws in computer chips have left a huge number of computers, iPads and smartphones vulnerable to hackers. These flaws have been titled Spectre and Meltdown. The flaws are specific to Intel chips.
The flaws could potentially allow an attacker to read confidential data stored in computer or mobile device memory such as passwords, or sensitive data. Although the flaws are hardware based the fixes to make your device secure are software based.
The fixes are listed below. Please apply as soon as possible to devices in your department. We will pushing out many of these via SCCM and Jamf.
Need Help with Information Security?
Contact the Office of Information Security at (818) 677-6100. To report incidents of abuse, send an email to email@example.com or: