Duke ITSO Alerts

Microsoft has released four security bulletins, one of which is marked Critical along with three Important addressing seven vulnerabilities in Microsoft Windows and office.

 

http://technet.microsoft.com/en-us/security/bulletin/ms14-Jan

 

Adobe also released security updates for Flash Player and Reader/Acrobat.

 

http://helpx.adobe.com/security/products/flash-player/apsb14-01.html

http://helpx.adobe.com/security/products/flash-player/apsb14-02.html

The ITSO has been notified of a phishing attack purportedly from the "Help Desk". If you've received a message similar to the one below, please note that it is not from Duke:

 

 

Clicking the link above redirects to a non-Duke (this is not a "Help Desk" at Duke page):

 

 

 

If you received the message above, please do not click through to the page above and do not offer any credentials. Also, please notify the OIT Service Desk at 919.684.2200 immediately.

 

Another phishing attack was reported this afternoon. The message below is a repeat of an attack identified earlier this month:

 

 

Clicking the "access-page" points you to a non-Duke hosted form on the bravesites domain. As of this posting that form has been suspended so there is no screenshot of the form.

 

We're asking that anyone who received the message, clicked the link, and provided credentials pleas notify the OIT Service Desk immediately at 919.684.2200

 

Update (1/16):

We're seeing an influx of the same attack - "quota" related message - coming from various location and various compromised accounts. Each message seems to link to a newly hosted form and the attackers are using different domains. The most recent, seen this morning links to a Google Docs file. We've submitted an abuse complaint to Google but until they address the complaint, the form will remain accessible. Please be advised that this is not legitimate communication coming from Duke.

 

 

 

The IT Security Office was notified of a phishing attack purporting to be from Apple, see a screenshot of the message below:

 

 

This "Verify Billing" links you to the non-Apple related form (shown below):

 

 

If you've received the message, clicked the link, and provided information please contact the OIT Service Desk at 919.684.2200

A report of the following phishing attack was received earlier this morning:

 

 

If you've received this message and click through to the "access-page" link, you'll be prompted with the following form designed to harvest credentials (notice the non-Duke site):

 

 

We ask that anyone who has received the message, clicked the link, and provided account info to please contact the OIT Service Desk immediately at 919.684.2200

We've received multiple reports this evening of a phishing attack purporting to be related to a webmail upgrade related to "spam arrest software". This email should be discarded as it is not legitimate and the link redirects to a non-Duke hosted form, intended to harvest credentials. See the screenshot below for an example of the message:

 

 

The phpforms link takes you to this page:

 

 

We ask that anyone who has received the message, clicked the link, and supplied info to the form to please contact the OIT Service Desk immediately at 919.684.2200

We've received reports of a phishing attack purporting to be a "compulsory employee account verification" which redirects the recipient to an out-of-country, non-Duke hosted form created to harvest credentials. If you've received an email similar to the one shown below, please discard immediately:

 

 

Clicking that link will take you to the following form:

 

 

We ask that anyone who received the message, clicked the link, and provided credentials to contact the OIT Service Desk immediately at 919.684.2200 

Reports of a phishing attack purportedly associated with account upgrades after exceeding mailbox size were in circulation yesterday evening. If you received a message similar to the one below, please discard:

 

 

The form appears to have been taken down, though it's unclear at this time if the site remediation occurred before or after the emails were distributed. If you received the message, clicked through to the external link, and provided credentials please contact the OIT Service Desk immediately at 919.684.2200

We've received multiple reports of the following phishing attack, purporting to be from the "DUKE IT Alert <itipalert@duke.edu>" instructing the recipient to "confirm your login details." In spite of the authentic appearance of the page being linked to, this message is not legitimate. If you've received the following email, please discard immediately:

We've received multiple reports of the following phishing attack, purporting to be from Duke University instructing the recipient to confirm their membership. If you've received the following email, please discard immediately:

Pages