Duke ITSO Alerts

It's time for an update!
 

Adobe has release their newest update to Adobe Reader, Adobe Acrobat Reader DC. In this update Adobe offers a free upgrade to their cloud solution which allows users to store their PDFs on Adobe’s cloud and access their PDFs on any device.

 

But should you use it?
 

Many of our business documents contain sensitive electronic information that should not be sent to cloud providers. Duke staff should be particularly careful with systems offering device syncing to make sure cloud sharing is allowed. Staff should familiarize themselves with the Duke Data Classification Standard (http://security.duke.edu/protect-your-information/data-classification-duke) and only sync documents classified Public.
 

More information about the new features included can be found on Adobe's site - https://acrobat.adobe.com/us/en/pricing/pricing-compare-plans.html
 

Contact the Duke IT Security Office @ security@duke.edu with any questions or concerns that you may have.

_____________________________________________________________________________________________________________________________________________________________________________________________________________

Reports of this new phishing attack began shortly after lunch:

 

 

The link in the message above redirects to the form seen below:

 

 

Anyone that received this message, clicked the link, and supplied credentials should immediately notify the OIT Service Desk at 919.684.2200

The Duke University IT Security Office has received multiple notifications of a recent Phishing email that is circulating through the Duke community. If you have received this email, clicked on the link, and provided your username and password, we strongly recommend that you contact the OIT Service Desk at 919-684-2200 who can assist you in updating your information.

 

Below is the email. Things to note that are typical of spam messages are the improper grammar ("We are upgrading new server ...") and misspellings ("website"). Also note (in the second picture) that the hover-text for the www.duke.edu URL is not Duke but another web site entirely.

 

  

 

The link in the above email leads to the page seen below. Note again that the phishing form is hosted at a non-Duke domain.

 

  

 

Again, if you have received this email, clicked on the link, and provided your username and password, we strongly recommend that you contact the OIT Service Desk at 919-684-2200 who can assist you in updating your information. Thank you.

 

Multiple reports were received this Monday morning concerning a couple of new phishing attacks. Two of the attacks (Subject lines: "New Maintenance" & "New Security Maintenance") appear to be an effort from the same attackers or atleast are related to the same compromised site as the landing pages (cloned Duke Shib Login pages) are hosted on the same site albeit different directories.

 

The two messages can be viewed below:

 

As you can see, both are very similar in the approach. As mentioned clicking one of the URLs in either message will take you to a cloned Duke Login page (only one screenshot provided below, both pages look the same only a slightly different URL):

 

If you received either message, clicked the link, and supplied credentials, please immediately notify the OIT Service Desk at 919.684.2200

The Duke University IT Security Office has received multiple notifications of a recent Phishing email that is circulating through the Duke community. If you have received this email, clicked on the link and provided your username and password then we recommend that you contact the OIT Service Desk at 919-684-2200 and they can assist you in updating your information.

Below is the email. A couple things to note are the misspelling of "account" and "website".

The link in the above email forwards to the page seen below. *Note* The Phishing form is hosted at the traveldart.net domain and not the duke.edu domain.

The Duke University IT Security Office has received multiple notifications of a recent Phishing email that is circulating through the Duke community. If you have received this email, clicked on the link and provided your username and password then we recommend that you contact the OIT Service Desk at 919-684-2200 and they can assist you in updating your information.

 

Below is the email that is being seen:

 

 

The link in the email redirects to a site that was hosted at wix.com which appears to have already been removed.

 

If you received the message, clicked the link, and supplied credentials, please notify the OIT Service Desk at 919.684.2200.

The Duke University IT Security Office has received multiple notifications of a recent Phishing email that is circulating through the Duke community. If you have received this email, clicked on the link and provided your username and password then we recommend that you contact the OIT Service Desk at 919-684-2200 and they can assist you in updating your information.

Below is the email that is being seen

 

.

 

The link in the email redirects to a site that is hosted at dd-racing.com.

 

Duo Product Security Advisory

Advisory ID: DUO-PSA-2015-002

Publication Date: 2015-04-06

Revision Date: 2015-04-06

Status: Fixed

Document Revision: 1
 

Overview
 

Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a successful Man-in-the-Middle (MITM) attack against the app's TLS connections, if they can otherwise manipulate the network traffic exchanged between the mobile app and Duo's cloud service.

This issue has been fixed in Duo Mobile 3.7.1; all iOS users should update as soon as possible.
 

Affected Product(s)
 

Duo Mobile for iOS, versions 3.4 - 3.7

Solution
 

Duo Mobile 3.7.1 was published to the iTunes App Store on April 6, 2015. This version ensures that certificate domain-name validation is performed for all TLS connections.

Users should upgrade to this version immediately to prevent the issues described above. Note that administrators can audit their users' Duo Mobile app versions in the "phones" section of the Duo administrative interface.

As noted above, there is a small risk that users' Duo Mobile credentials could be compromised, if an attacker captured network traffic from Duo Mobile during account setup. After users have upgraded, administrators may choose to forcibly invalidate any existing credentials by re-activating users' Duo Mobile accounts in the administrative interface.

 

 

The Duke University IT Security Office has received multiple notifications of a recent Phishing email that is circulating through the Duke community. If you have received this email, clicked on the link and provided your username and password then we recommend that you contact the OIT Service Desk at 919-684-2200 and they can assist you in updating your information.

 

Below is the email that is being seen.
----------------------------------
From: dderidder @mweb. co. za <dderidder @mweb. co. za>
Sent: Thursday, April 2, 2015 1:54 PM
To: "Undisclosed-Recipient:;"@domain.invalid
Subject: Admin
 
Your duke.edu account has been temporally suspended, and this means that you  will not be able to send and receive new email messages. This is because of the  on-going yearly web maintenance and deleting of inactive  duke.edu accounts. You are then requested to verify your  duke.edu  account below for upgrading.
 
Click Or Open this link to VERIFY your Account: CLICK HERE??????????<hXXp:// emailvalidation81. weebly. com>
------------------------------------

The link in the email redirects to a site that is hosted at hXXp:// emailvalidation81. weebly. com.

The Duke University IT Security Office has received multiple notifications of a recent Phishing email that is circulating through the Duke community. If you have received this email, clicked on the link and provided your username and password then we recommend that you contact the OIT Service Desk at 919-684-2200 and they can assist you in updating your information.

Below is the email that is being seen.

The link in the email redirects to a site that is hosted at gpgac.com.

Pages