Duke ITSO Alerts

At least one report so far this morning of a new phishing attack, purportedly related to Blackboard (see message screen capture below):

 

 

As seen above, the destination URL of the "Click Here" link points to a non-Duke hosted site (see below for a screen capture of the hosted form/login page):

 

 

Anyone who has received this message, clicked the link, and supplied login information should immediately contact the OIT Service Desk at 919.684.2200 for assistance.

Reports of a new Duke targeted phishing attack began coming in shortly after lunch this afternoon. The message is captured below:

 

 

The target of the link above points to what appears to be an Exchange/Outlook Web App login screen. Notice the landing page reflects the verbage "exchange.duke.edu" yet the site is actually hosted on a .nz domain:

 

 

Anyone that received this message, clicked the link, and supplied credentials to the page above should notify the OIT Service Desk at 919.684.2200 immediately.

The ITSO has received multiple notifications of a Phishing email in the Duke Community. This email is constructed very well in an attempt to steal you login credentials. Please be aware this email is malicious and should be discarded if received. If you received the email, clicked the link and submited your username and password then we recommend you contact the OIT Service Desk immedaitley for assistance with updating your account information, they can be reached at 919.684.2200.

Note the URL in the email links to a website hosted at "1edu.in" and not at "duke.edu".

The URL above redirects to the url show in the image below  which is hosted at "login1.in" and again not "duke.edu". Also note the spelling of OIT "oiit", we have also seen another variation of this same attack hosted at shib.oit.edu/login1.

The Duke ITSO has received notices of an email that may be going through the Duke Community. This email is a Scam and should be discarded if you receive it. This sort of Scam is an attempt to get you to give them your personal information eventually in an attempt to receive some sort of payment. If you replied to this email and received a response back with any information that may assist in identifying the source then we ask that you forward it to us @ security@duke.edu.

 

Reports have been received this afternoon concerning the phishing attack seen below:

As always, you should never send sensitive information like your password or SSN through e-mail, and no Duke employee or service will *ever* ask you for your password in an e-mail. If you've received this message and replied with Duke credentials, please contact the OIT Service Desk at 919.684.2200 immediately for assistance.

Reports have been received this afternoon concerning the phishing attack seen below:

 

 

As indicated above, clicking the Link redirects to a non-Duke domain. In this particular case, that site then redirects to yet another non-Duke site configured to clone an Outlook Web App login page (see below):

 

 

If you've received this message, clicked the link, and supplied Duke credentials to the form, please contact the OIT Service Desk at 919.684.2200 immediately for assistance.

The IT Security Office is receiving reports of a phishing attack aimed at Duke users.  If you've received a message similar to the one below, please be advised that it is a phishing attack and should be discarded immediately. If you've received the message, clicked the link, and supplied credentials, please immediately contact the OIT Service Desk at 919.684.2200 for assistance.

Below is a copy of the email that has been sent out.


 

The link in the email forwards to a website that it not hosted at Duke, not the domain is creadoresenmovimiento.org instaead of duke.edu.

The ITSO has received multiple notifications this afternoon of a new phishing attack. A copy of the message is provided below:

 

 

As seen above, mousing over the link "Click Here To Read", one will be redirected to a page hosted on a non-Duke site.

 

 

The form above has cloned an Outlook Web Access login page. Entering credentials into this page will result in a compromised account. We ask that anyone who has seen this email, clicked the link, and entered their NetID/password to please contact the OIT Service Desk at 919.684.2200 immediately for assistance.

The ITSO has received notices of a malicious email that is being sent out to multiple users in the Duke Community. The email claims to be from Microsoft and is referring to Volume Licensing . **Beware** The URL in the email directs to a website that downloads a malicious file to your device and could result in a compromised device.

If you received this email and clicked on the URL then we recommend you contact the OIT Service Desk or your local support group immediatley to have your device scanned and cleaned.

 

Microsoft has released 8 updates addressing 8 vulnerabilities.  One of these updates are rated Critical by SANS Internet Storm Center due to the potential for remote code execution (servers).

 

  •     Vulnerability in Windows Application Compatibility Cache Could Allow Elevation of Privilege (MS15-001)
  •     Vulnerability in Windows Telnet Service Could Allow Remote Code Execution (MS15-002)
  •     Vulnerability in Windows User Profile Service Could Allow Elevation of Privilege (MS15-003)
  •     Vulnerability in Windows Components Could Allow Elevation of Privilege (MS15-004)
  •     Vulnerability in Network Location Awareness Service Could Allow Security Feature Bypass (MS15-005)
  •     Vulnerability in Windows Error Reporting Could Allow Security Feature Bypass (MS15-006)
  •     Vulnerability in Network Policy Server RADIUS Implementation Could Cause Denial of Service (MS15-007)
  •     Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (MS15-008)

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Advisories: https://technet.microsoft.com/library/security/ms15-jan

 

SANS ISC Analysis: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2015+R...

Pages