Duke ITSO Alerts

We've received a report of the following phishing attack purportedly related to Duke WebMail.

 

 

The "CLICK MY ACCOUNT" link above will redirect to a non-Duke hosted page (on the t15.org domain) which has been crafted as a clone to the University Email Web Access page. See the screenshot below:

 

 

We ask that anyone who has received the message, clicked the link, and supplied credentials to the page to please notify the OIT Service Desk immediately by calling 919.684.2200

Adobe has released three vulnerabilities addressing vulnerabilities in 3 Adobe products:

 

 

The ITSO advises users and administrators to udpate these applications quickly.  Vulnerabilities in Reader are being actively exploited, and both Reader and Flash have vulnerabilities that allow for remote code execution.

 

 

 

 

 

 

Microsoft has released 6 updates addressing 37 vulnerabilities (25 for Internet Explorer).  Two of these updates are rated Critical by Microsoft due to the potential for remote code execution:

 

  • Cumulative Security Update for Internet Explorer (MS14-051)
  • Vulnerability in Windows Media Center Could Allow Remote Code Execution (MS14-043)

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Security Bulletin Summary:  https://technet.microsoft.com/library/security/ms14-aug
SANS ISC Analysis:  https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+-+August+2014/...

 

 

 

 

 

We've received reports of a phishing message that is targeting Duke
users and asking for Blackboard account info. If you have received this
message, followed the link, and submitted information, please contact
the OIT Service Desk at (919)684-2200 *immediately*.

The emails look like the following:

--------------------------------------------------------

From: Blackboard <driscolai@oregonstate.edu<mailto:driscolai@oregonstate.edu>>
Subject: New Course Online Semester Available
Date: August 8, 2014 at 1:26:58 PM EDT
.
Blackboard System Online Course New Semester Available - (user@duke.edu<mailto:user@duke.edu>)
.
Course: System Announcements
.
New Semester Online Announcements<http://www.wptutions.com/jason/webinar1/blackboardlearn.htm>
.
New Online Course - user@duke.edu<mailto:user@duke.edu>
.
This is an automatically generated notification from Blackboard. You can change your notification settings at any time by going to Settings, Edit Notification Settings<http://www.wptutions.com/jason/webinar1/blackboardlearn.htm>. Please do not reply.

--------------------------------------------------------

Following the link takes you to the following web page. Note that Duke
no longer used Blackboard and the server URL is not HTTPS
(without a padlock icon):

--------------------------------------------------------

Again, anyone who has received this message, followed the link, and
submitted information should *immediately* notify the OIT Service
Desk at (919)684-2200.
 

We've received reports of a phishing message that is targeting Duke users and asking for Duke account info. If you have received this message, followed the link, and submitted information, please contact the OIT Service Desk at (919)684-2200 *immediately*. The emails look like the following:
--------------------------------------------------------

--------------------------------------------------------
Following the link takes you to the following web page. Note that the server address is *not* a Duke address and the URL is not HTTPS (without a padlock icon):
--------------------------------------------------------

--------------------------------------------------------
Again, anyone who has received this message, followed the link, and submitted information should *immediately* notify the OIT Service Desk at (919)684-2200.

Another phishing attack reported during lunch today, purportedly from "Library Resources" is captured below:

 

 

Clicking the link in this message redirects the recipient to the following non-Duke hosted form:

 

 

We strongly advise anyone who has received the message, clicked the link, and supplied credentials to immediately notify the OIT Service Desk at 919.684.2200

A phishing attack targeting staff and faculty has been reported. A screen capute of the email text can be seen below:

 

 

Clicking the links in that message will direct the recipient to the non-Duke hosted form seen below:

 

 

We strongly advise anyone who has received the message, clicked the link, and supplied credentials to immediately notify the OIT Service Desk at 919.684.2200

We've received reports of a new phishing message that is targeting Duke users and asking for Duke account info. If you received this message, clicked on the link, and provided information please contact the OIT Service Desk at (919) 684-2200 immediately. 

The emails look like the following:

--------------------------------------------------------

--------------------------------------------------------

Following the link takes you to the following web page (Note that the server address is *not* a Duke address and the URL is not HTTPS, without a padlock icon):

 

 

Anyone who has received the message, clicked the link, and supplied credentials should immediately notify the OIT Service Desk at 919.684.2200

We've recieved reports of a new phishing message that is specifically targetting Duke users and is asking for bank account info.  If you received this message, clicked on the link, and provided information please contact the OIT Service Desk at (919) 684-2200 immediately. 

The emails look like:

----------------------------------------------

 

From: DUKE-HR <employeebenefits@duke.edu<mailto:employeebenefits@duke.edu>>
Date: July 19, 2014 at 11:54:32 EDT
Subject: Important Salary Update

Hello,

The University is having a salary increment program again this year with an average of 2.5%

The Human Resources department evaluated you for a raise on your next paycheck.

Click below to confirm and access your salary revision documents:

Click Here <hxxp://dk42.ru/www.duke.edu/Login.htm> to access the documents

Sincerely,

Human Resources

Duke University

--------------------------------------------------

 

The link in the page (note that the url points to a Russian server instead of http://duke.edu/) points to a page that looks like the following.

Note the field asking for bank account info.

Microsoft has released 6 updates addressing  29 vulnerabilities (25 for Internet Explorer).  Two of these updates are rated Critical by Microsoft due to the potential for remote code execution:

 

Cumulative Security Update for Internet Explorer (MS14-037)
Vulnerability in Windows Journal Could Allow Remote Code Execution (MS14-038)

 

The updates are now available via Microsoft and Windows Update.  We recommend that these patches be deployed as soon as possible.

 

Microsoft Security Bulletin Summary:  https://technet.microsoft.com/library/security/ms14-jul

Pages