On May 15, initial scanning of the K-State network for the WannaCry Ransomware threat identified over 560 vulnerable Windows systems. In collaboration with system administrators from across campus, there are now fewer than 100 vulnerable systems.
However, K-State continues to be at risk for infection due to vulnerable Windows systems. As of 5:00 p.m. May 25, vulnerable Windows systems were blocked from the K-State network as per University policy
Faculty, staff, and students who use those systems will NOT be able to access the network (wireless, email, Library databases, HRIS, shared drives, etc.) until their systems are patched and complete a security scan. Guests coming to campus also need to have their computers updated and patched.
Information Technology Services thanks system administrators for their quick response and assistance to protect against this vulnerability. For questions about the vulnerability, contact the IT Help Desk at 785-532-7722.
Hosting guests on campus? Inform them about the ransomware vulnerability, WannaCry, and ask them to have the latest software updates applied on their computers.
K-State continues to monitor the network for the ransomware campaign referred to as WannaCry. Unpatched machines, or computers without the latest security updates, coming onto campus are a risk to our network. This is especially concerning with the number of conferences, camps and orientation occurring on campus during the summer months. Therefore, all computers running the Microsoft Windows operating system must have the latest updates applied.
The specific Microsoft update is MS17-010 SMB vulnerability dated March 14, 2017.
Throughout the summer, the network will be scanned daily. Machines without the updates are subject to being blocked.
Guests can contact the IT Help Desk for assistance at 785-532-7722 or firstname.lastname@example.org.
To ensure that your computer is patched to mitigate the WannaCry Ransomware threat and other vulnerabilities, K-Staters on and off campus can set their computers to automatically apply the updates. Information on how to update your computer is available from K-State’s Software Update Service for Windows. K-Staters are encouraged to periodically restart their systems to complete the installation of system updates.
If you need assistance applying the patch, please talk to your technical support person or the IT Help Desk at 785-532-7722.
During this time of the semester, K-State gets hit hard with email scams. There have been 190 scams reported since Sunday resulting in 75 compromised accounts.
What can you do?
Stop and think before you click. YOU are the best defense against these scammers.
If something looks suspicious, do not click on the link. Period. You stop the scammers right in their shoes.
Be really suspicious of emails in your junk folder. Normally, it’s in the junk folder for a reason. When in doubt, throw it out! Continue reading “190 scams and 75 compromised accounts since Sunday!”
by Information Technology Services
CrashPlan, an alternative to traditional computer backups, is available by subscription for faculty and staff. CrashPlan will back up files on your workstation, laptop or desktop computer in a continuous, invisible, uninterrupted manner, and send you a periodic report of the status of your backup. CrashPlan encrypts your data, and then backs the data up to the cloud. Continue reading “CrashPlan subscriptions available for faculty and staff”
According to the US Department of Justice, more than 17 million Americans were victims of identity theft in 2014. EDUCAUSE research shows that 21 percent of respondents to the annual ECAR student study have had an online account hacked, and 14 percent have had a computer, tablet, or smartphone stolen.
At K-State during 2016, 2655 phishing scams were reported resulting in 1213 compromised accounts.
Online fraud is an ongoing risk. The following tips can help you prevent identity theft.
Continue reading “IT Security Awareness: Protect yourself and your identity”
by Information Technology Services
On Thursday, March 9, a critical exploit was executed around the world that enabled hackers to take control of web servers. At K-State, the software used to manage the Undergraduate Admissions and Scholarship Application and the Axio LMS (which is in limited use) was attacked. Within an hour of the exploit being known to the world, Information Technology Services (ITS) had an initial block of the attacks in place. Continue reading “K-State stops critical attack on software”
Cybercriminals know the best strategies for gaining access to your sensitive data. According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents.
A few K-State stats:
- In January 2016, there were 60 phishing scams reported resulting in 9 compromised accounts. A compromised account means hackers were successful in getting a K-Stater to give up their eID and password.
- In January 2017, there were 355 phishing scams reported resulting in 313 compromised accounts!
What does this tell us?
You are the first line of defense in protecting your personal identity information. The numbers of phishing scams are going to continue to increase and the best defense is you!
Learn how to identify phishing scams and don’t give your credentials up to these criminals.
Continue reading “Learn what it takes to refuse the phishing bait!”
You exist in digital form all over the Internet. It is important to ensure that the digital you matches what you are intending to share. It is also critical to guard your privacy — not only to avoid embarrassment but also to protect your identity and finances!
Following are specific steps you can take to protect your online information, identity, and privacy. Continue reading “IT Security Awareness: Keep what’s private, private”
US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:
If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
Report the attack to the police and file a report with the Federal Trade Commission.
- Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
- Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.