Information Security is a department within the division of Information Technology at California State University, Northridge. The department is responsible for implementing and maintaining campus-wide security policies and standards. Services provided by Information Security include Security Awareness Training, Breach & Incident Investigations, Vulnerability Assessments, and Risk Assessments. A major role of the department is to educate and advise campus faculty, staff, and students of the risks to the data. 

For detailed information on services provided, please refer to the resources below or contact Information Security at (818) 677-6100.

High Severity Dubbed Print Nightmare

A high severity vulnerability dubbed Print Nightmare, exploits a vulnerability in the Print Spooler service. This vulnerability can provide full domain access to a domain controller under a System context. To be able to use this exploit it requires that you authenticate as a domain user.

It should be not be confused with CVE-2021-1675. PrintNightmare is not the same not the same as CVE-2021-1675, which was fixed in the patch in June, there is currently no patch available for PrintNightmare..

This applies to all Windows Server versions (from Windows Server 2008 – 2019), and includes Windows 7 and 10 devices.

For all systems where the print spooler service is not required, (it is enabled by default) disable the service.

Additionally, enable PrintService/Operational logging for any servers/devices that need Print Spooler and and notify Information Security of the device name at iso@csun.edu.

Print Nightmare FAQs

Please visit the Print Nightmare FAQs page for more information. 

CSUN Students Targeted with an Invoice Payment Phishing Campaign 

CSUN students have been targeted with a phishing campaign that has a title of Financial Aid and references a "Derrick F. Satchell Leadership Award", do not click on any links or respond. If you have any questions please contact the Information Security team at iso@csun.edu 

COVID-19

The recent outbreak of COVID-19 is another opportunity that cybercriminals use as a tactic in their malicious activities. The overwhelming desire to know the latest information comes with the difficulty of running into unreliable sources. The MS-ISAC (Center for Internet Security) has seen malicious activity in all types of channels ranging from text messages to websites. Examples include:

• Inaccurate tests or cures -Individuals and businesses have taken advantage of the fear of others and have been selling fake “cures” or “test kits.” These kits are unreliable as they might be other products re-branded to sell to the public. Visit the U.S Food and Drug Administration for more information regarding false tests and cures.
• Illegitimate health organizations - Cyber Criminals will pose as affiliates of the World Health Organization or the Center for Disease Control, their goal is to have the users click or open malicious links, that will give them access to personal information.
• Malicious websites - False websites claim to share the latest information about COVID-19 but will seek to install malware, steal personal information, or cause other harm.
• Fraudulent charities - There has been a recent spike in the number of false charities asking for donations on the behalf of illegitimate organizations. Instead of donating the money, these false charities will keep the money for themselves.

Recommendations

It is recommended that users proceed with caution when handling any information regarding COVID-19. Cybercriminals will use subject lines, attachments, online apps, and web searches as a disguise for their malicious software. Cybercriminals like to evolve and adapt to the nation’s current situation and use it to their advantage. A few ways you can protect yourself are listed below:

• Avoid clicking links and attachments that do not come from a trusted source as well as any who claim to have information regarding the COVID-19 pandemic.
• Only utilize government websites for accurate news and information regarding the COVID-19 pandemic.
• Never give out personal information such as banking information, social security number, or other identifiable information either by phone or email.
• Verify a charity’s legitimacy before making any donations.

For further information regarding COVID 19 scams please visit What You Need to Know About COVID-19 Scams.

Report all Zoom-bombing events

It is extremely important that all Zoombombing events are reported so they can be investigated.

Report the event!

If someone bombs your meeting please report the event immediately. Send an email to  iso@csun.edu and provide 

• Your name and email address
• The date and time of the meeting
• The Zoom link and the meeting ID number
• The name of your course and (anything else like Course #)
• Describe what happened in as much detail as possible

Need tips on how to avoid Zoombombing? Please visit How To Keep Your Zoom Sessions Secure.

Fake Online Coronavirus Map Delivers Well-Known Malware

Fake Online Coronavirus Map Delivers Well-known Malware Health Sector Cybersecurity Coordination Center (HC3) Date: March 10, 2020

EXECUTIVE SUMMARY:

A malicious website pretending to be the live map for Coronavirus COVID-19 Global Cases by Johns Hopkins University is circulating on the internet waiting for unwitting internet users to visit the website. Visiting the website infects the user with the AZORult trojan, an information stealing program which can exfiltrate a variety of sensitive data. It is likely being spread via infected email attachments, malicious online advertisements, and social engineering. Furthermore, anyone searching the internet for a Coronavirus map could unwittingly navigate to this malicious website...

Expand Security Alerts

Information Security Guidelines For Working from Home

Why Working Remotely is Different 

Need Help with Information Security?

Contact the Office of Information Security at (818) 677-6100. To report incidents of abuse, send an email to abuse@csun.edu or: 

Submit a Security Incident Report