Cyber Threat Smackdown

World-renowned Identity Theft expert John Sileo returns to the UMass campus on October 22nd with NEW MATERIAL to discuss cyber threats to home and work devices.

Topics include mobile security, phishing, social engineering, intellectual property, and more. Registration is required ‘ visit http://www.massachusetts.edu/isocevents/lowell
Learn how to fight back and defend yourself against these common threats!

If you are unable to attend this event in person, we will be streaming live at http://gse.uml.edu/sileo

TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271,CVE-2014-7169)

The US-CERT has issued Shellshock as a critical vulnerability affecting Linux/UNIX operating systems and Apple’s MAC OS X. According to the US-CERT, if exploited, this vulnerability gives attackers the ability to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

Please read the attached link from the National Cyber Awareness System. Note this vulnerability is getting significant traction in the cyber security circles. Our Intrusion Prevention System (TippingPoint) filters have been updated as of 6:00a this morning, and we’ve been seeing increased activity throughout this morning.

Patches have been released to fix this vulnerability by major Linux vendors for affected versions. Solutions for CVE-2014-6271 do not completely resolve the vulnerability. It is advised to install existing patches and pay attention for updated patches to address CVE-2014-7169.

As of this morning, Apple has not commented on this vulnerability. Although individual workstations are not the primary target, we will keep an eye on this thread as more information becomes available. Please forward to staff who may have responsibility managing Linux-based systems.

https://www.us-certs.gov/ncas/alerts/TA14-268A

Security Notice: Heartbleed Bug Poses OpenSSL Vulnerability

WHEN April 7, 2014, ongoing
WHAT On Monday, April 7, 2014, the OpenSSL Project announced a serious vulnerability in OpenSSL, called Heartbleed, that can expose data on systems running OpenSSL.
OpenSSL is one of the most popular data encryption tools for Web traffic, and as a result, the effects of this vulnerability are wide-ranging.
OpenSSL has released a fix for Heartbleed, included in version 1.0.1g. Server administrators using OpenSSL should update their version immediately either through OpenSSL or their applicable vendor.
WHO IS Server Administrators, General Public
AFFECTED
NEXT STEPSWe recommend that Campus Server Administrators:
1.Update OpenSSL through OpenSSL or your vendor.
A list of vendors and their current status is available through US-CERT:
OpenSSL updates are available through their source page:
2. Generate a new private key for a new SSL certificate.
3. Install a new SSL certificate with the new key.
4. (As applicable) Notify users when service(s) is/are no longer vulnerable.
We recommend that students, faculty, and staff:
1.Do not change any passwords to UMass Central IT services until you receive notice later this week that all IT services have been patched. If you have already changed your password, you will need to change it again after UMass IT confirms that all services have been patched.
For any non-UMass IT services:
1.Do not change your passwords or transmit data to secure Web sites or services that you normally use until you have received an official announcement from them regarding a security update.
2.After you’ve confirmed that the site or service has installed a security update, change your passwords.
3.For at least the next week, monitor your sensitive online accounts (banking, email) for suspicious activity.
RELATED OpenSSL Security Advisory:
OpenSSL Updates:
Codenomicon Summary:
US-CERT Vulnerability Note:

IT Security Advisory – CryptoLocker Ransomware

Type: CryptoLocker Ransomware
Description: CryptoLocker is a new variant of ransomware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. CryptoLocker appears to have been spreading through fake emails designed to mimic the look of legitimate businesses and through phony FedEx and UPS tracking notices. The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives. If one computer on a network becomes infected, mapped network drives could also become infected.
What the University is Doing: The UMass Lowell Spamcatcher appliance and Intrusion Prevention System are detecting and blocking most malicious emails and links to download ransomeware.
Recommend Action: Do not open click on any links or any attachments contained in a message which you did not expect to receive. Doing so puts your computer, you and the university at risk of infection or data loss. IT recommends that all users delete any suspicious emails immediately.
What to do if your computer is infected: Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network.
Contact the UMass Lowell Help Center at 978-934-HELP for further assistance.
Questions: If you have any questions or concerns please call the Help Desk at 978-934-HELP or contact your department’s IT Administrator.

UMass Lowell Urges Vigilance in Wake of Adobe Security Breach

WHEN October 7, 2013
WHAT Adobe recently confirmed that nearly three million customers had their private information stolen during a “sophisticated” cyber attack on its network. The attackers accessed Adobe customer IDs, encrypted passwords, as well as customer names, encrypted credit or debit card numbers, and other information related to customer orders. In a separate incident, Adobe is also investigating illegal access to the source code for some of its popular products, including Adobe Acrobat and ColdFusion.
In response to the first attack, Adobe is currently notifying affected users on the steps they need to take to protect their personal information, including immediately resetting their Adobe password and monitoring their credit report. Adobe users can expect email notifications with more information on how to reset their passwords (if their login data was involved) and/or notification letters with details on how to protect themselves against identity theft (if their credit or debit card information was involved).
Note: Adobe software currently in use will continue to work.
WHO General public, students, faculty, staff, IT professionals, Adobe users
NEXT STEPS We recommend that Adobe users follow the instructions provided in the Adobe notifications. As a precaution, we also recommend that members of the University community:
 Beware of phishing scams providing ‘alternatives’ for resetting their Adobe passwords. If you have an Adobe ID account, please change your password only through the Adobe Web site. Do not enter your information on any third-party site.
 Only download Adobe software from trusted sources, such as the Adobe Web site or the campus IT Web site.
 Keep their Adobe software up-to-date and apply all available updates as soon as they are released.
RELATED CONTENT
Customer Security Announcement
http://helpx.adobe.com/x-productkb/policy-pricing/customer-alert.html