Duke ITSO Alerts

We've recieved reports of a new phishing message that is targeting Duke users and asking for Duke account info. If you received this message, clicked on the link, and provided information please contact the OIT Service Desk at (919) 684-2200 immediately. 

The emails look like the following:

--------------------------------------------------------

--------------------------------------------------------

Following the link takes you to the following web page (Note that the server address is *not* a Duke address and the URL is not HTTPS, without a padlock icon):

 

 

Anyone who has received the message, clicked the link, and supplied credentials should immediately notify the OIT Service Desk at 919.684.2200

We've recieved reports of a new phishing message that is specifically targetting Duke users and is asking for bank account info.  If you received this message, clicked on the link, and provided information please contact the OIT Service Desk at (919) 684-2200 immediately. 

The emails look like:

----------------------------------------------

 

From: DUKE-HR <employeebenefits@duke.edu<mailto:employeebenefits@duke.edu>>
Date: July 19, 2014 at 11:54:32 EDT
Subject: Important Salary Update

Hello,

The University is having a salary increment program again this year with an average of 2.5%

The Human Resources department evaluated you for a raise on your next paycheck.

Click below to confirm and access your salary revision documents:

Click Here <hxxp://dk42.ru/www.duke.edu/Login.htm> to access the documents

Sincerely,

Human Resources

Duke University

--------------------------------------------------

 

The link in the page (note that the url points to a Russian server instead of http://duke.edu/) points to a page that looks like the following.

Note the field asking for bank account info.

Microsoft has released 6 updates addressing  29 vulnerabilities (25 for Internet Explorer).  Two of these updates are rated Critical by Microsoft due to the potential for remote code execution:

 

Cumulative Security Update for Internet Explorer (MS14-037)
Vulnerability in Windows Journal Could Allow Remote Code Execution (MS14-038)

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Security Bulletin Summary:  https://technet.microsoft.com/library/security/ms14-jul

Wordpress 3.8.2 has been released, addressing 5 security issues and 9 bugs.  Wordpress is advising to update sites immediately.  From the release:

 

This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress security team.

 

It also contains a fix to prevent a user with the Contributor role from improperly publishing posts. Reported by edik.

 

This release also fixes nine bugs and contains three other security hardening changes:

 

Pass along additional information when processing pingbacks to help hosts identify potentially abusive requests.

 

Fix a low-impact SQL injection by trusted users. Reported by Tom Adams of dxw.

 

Prevent possible cross-domain scripting through Plupload, the third-party library WordPress uses for uploading files. Reported by Szymon Gruszecki.

 

 

A new phishing attack has been reported this afternoon:

 

 

The "click here" link takes the recipient to a Yolasite hosted form:

 

 

Please be advised, this is a phishing attack. This is not a legitimate communication from Duke. The purported virus alert if false. Anyone who has received the message, clicked the link, and provided information should contact the OIT Service Desk at 919.684.2200 immediately.

We've recieved reports of another phishing attack taking place.  The email users recieve looks like:

 

-----------------------------------------

From: Library Alert <alerts@library.com<mailto:alerts@library.com>>
Date: Wednesday, June 25, 2014 at 1:11 PM
Subject: School Article Published

Good Morning,

Your school has successfully posted an article which has been saved in the School Library.

Click here to review the article now<hxxp://acc.msu.ac.th/eng/home/media/school-library.edu.htm>

Note: Your information has been mentioned in the article, comments and notifications will be sent directly to you.

Thank you,

Library Notifications.
----------------------------------------------

Which leads to a login page that looks like:

 


 

If you know of anyone who followed the link and may have submitted their credentials to the form, please advise them to contact the service desk to change their password as soon as possible.

A new report of a phishing attack this afternoon:

 

 

The attachment in this message pulls up the following form:

 

 

Please be advised, submitting the information does not go to a Bank of America owned site.

The following phishing attack from earlier this week, purportedly related to a secure web upgrade, was reported to the ITSO:

 

 

The "CLICK HERE" link in the above message redirects the user to a wix.com hosted form:

 

We ask that anyone who received the message, clicked the link, and supplied Duke credentials to the form seen above to please notify the OIT Service Desk immediately at 919.684.2200

A new report of a phishing attack this morning, while not specifically targetting Duke credentials the hosted form attempts to fool the recipient into supplying banking and other sensitive info including DoB and SSN.

 

The original email message:

 

The phishing form (not an Amazon hosted page):

 

 

Adobe has released an update addressing vulnerabilities in Adobe Flash:

 

Adobe Flash - http://helpx.adobe.com/security/products/flash-player/apsb14-16.html

 

The ITSO advises users and administrators to udpate these applications quickly.  The vulnerabilities in Flash allow for remote code execution.

Pages