Kansas State University

search

IT News

Category: Security

K-State stops critical attack on software

by Information Technology Services

On Thursday, March 9, a critical exploit was executed around the world that enabled hackers to take control of web servers. At K-State, the software used to manage the Undergraduate Admissions and Scholarship Application and the Axio LMS (which is in limited use) was attacked. Within an hour of the exploit being known to the world, Information Technology Services (ITS) had an initial block of the attacks in place. Continue reading “K-State stops critical attack on software”

Learn what it takes to refuse the phishing bait!

Cybercriminals know the best strategies for gaining access to your sensitive data. According to IBM’s 2014 Cyber Security Intelligence Index, human error is a factor in 95 percent of security incidents.

A few K-State stats:

  • In January 2016, there were 60 phishing scams reported resulting in 9 compromised accounts. A compromised account means hackers were successful in getting a K-Stater to give up their eID and password.
  • In January 2017, there were 355 phishing scams reported resulting in 313 compromised accounts!

What does this tell us?

You are the first line of defense in protecting your personal identity information. The numbers of phishing scams are going to continue to increase and the best defense is you!

Learn how to identify phishing scams and don’t give your credentials up to these criminals.

How to identify phishing emails

Continue reading “Learn what it takes to refuse the phishing bait!”

IT Security Awareness: Keep what’s private, private

You exist in digital form all over the Internet. It is important to ensure that the digital you matches what you are intending to share. It is also critical to guard your privacy — not only to avoid embarrassment but also to protect your identity and finances!

Respecting privacy safeguarding data enabling trust

Following are specific steps you can take to protect your online information, identity, and privacy. Continue reading “IT Security Awareness: Keep what’s private, private”

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.

Beware: tis the season for holiday scams

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • File a complaint with the FBI’s Internet Crime Complaint Center (IC3).
    Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

Required IT security awareness training – You are K-State’s Best Defense

Our best defense to combat on-going threats to your personal information is you. Online security awareness training needs to be completed by all K-State faculty, staff and student employees by December 31. If you have not completed the training, you will receive an invitation in your email. You will have to sign in with your eID and password.
The training introduces basic computer security concepts and good security practices and takes approximately 20 minutes to complete.

IT Security Awareness training

Once you complete the training, your personnel record in HRIS will be updated. It will be listed under the Training Summary as IT Security Awareness (2016), with the course code WIT017.

For questions about your training record, please contact Samantha Roberts in Human Capital Services-Learning and Development at learning-develop-hr@ksu.edu or 532-1920. If you have questions about the security awareness training, contact the IT Help Desk at helpdesk@k-state.edu or 532-7722.

Office 365 feature: email safety tips

To help combat spam, malware, and phishing attacks, Microsoft has implemented a feature called Email Safety Tips.

If a message includes a safety tip, it is displayed at the top of your email. The messages have four color-coded categories:

  • Red – Suspicious safety level messages are either a known phishing message, have failed sender authentication, are a suspected spoofing message or have met some other criteria that Microsoft has flagged as fraudulent. Be cautious in reviewing the message. There is a chance that it could be a legitimate email and mismarked. Otherwise delete the email.

    suspicious_safety_tip

  • Yellow – Unknown safety level messages are marked as spam. You can click the It’s not spam link in the yellow bar of a junk mail item to move the message to your inbox.

    Unknown Safety Tip

  • Green – Trusted safety level messages are from domains identified by Microsoft as being safe.

    Trusted safety tip

  • Gray – Safe safety level messages are messages not filtered for spam because it is either considered Safe by the user’s organization, is on the user’s safe senders list or Microsoft marked the message as junk but the user moved it out of the junk folder to the inbox. The gray safety bar also appears when images within the message have been disabled.

    Safe Safety Tip

You will see all four types of Safety Tips when using Outlook on the web. However, Outlook clients will only show the Suspicious saftey tip.

If you have any questions, contact the IT Help Desk (helpdesk@k-state.edu or 532-7722.)

Reminder: Fall 2016 Shred Day is Tuesday, Oct. 11

Shred Day is scheduled 8:30-11 a.m. Tuesday, Oct. 11, to properly dispose of university paper records on the Manhattan and Salina campuses.

This year we are testing a limited service for shredding light storage media (floppy disks, flash drives, etc.). Hard drives will not be accepted. As in the handling of paper, the media must be delivered in boxes weighing less than 25 pounds each. The collected media will be destroyed by the vendor. iTAC reserves the right to refuse items that are unacceptable for transport, or too large for reasonable accommodation. For any questions regarding this service, please contact the iTAC reception desk at 785-532-4918.

K-State Shred Day - Oct. 11

Departments can place their paper documents with personal identity information (Social Security numbers, birth dates, credit card numbers, etc.) in designated bags and boxes to:

  • Manhattan campus:  Deliver to Mid-Campus Drive near the K-State Student Union.
  • Salina campus:  Deliver to the loading area between the east and west wings of the Technology Center.

Continue reading “Reminder: Fall 2016 Shred Day is Tuesday, Oct. 11”

Fall 2016 Shred Day is Tuesday, Oct. 11

Shred Day is scheduled 8:30-11 a.m. Tuesday, Oct. 11, to properly dispose of university paper records on the Manhattan and Salina campuses.

Departments can place their paper documents with personal identity information (Social Security numbers, birth dates, credit card numbers, etc.) in designated bags and boxes to:

  • Manhattan campus:  Deliver to Mid-Campus Drive near the K-State Student Union.
  • Salina campus:  Deliver to the loading area between the east and west wings of the Technology Center.

K-State Shred Day - Oct. 11

Continue reading “Fall 2016 Shred Day is Tuesday, Oct. 11”

iPhone, iPad emergency security patch iOS 9.3.5 from Apple

by Information Technology ServicesIphone_Logo_01

On Thursday, Aug. 25, Apple released an emergency security patch version iOS 9.3.5 after discovering a spyware that lets hackers take full control of any iPhone. The spyware lets hackers spy on your calls and messages.

To download and install iOS 9.3.5 security patch on your iPhone or iPad, go to Settings > General > Software Update > tap “Download and Install”.

For more information about the iOS 9.3.5 security update, visit support.apple.com. K-State Information Technology Services recommends that everyone with an Apple iOS device update to version 9.3.5 as soon as possible.

Required IT security awareness training – You are K-State’s Best Defense

Our best defense to combat on-going threats to your personal information is you. Information Security and Compliance has released online security awareness training that all K-State faculty, staff and student employees are required to complete. The training introduces basic computer security concepts and good security practices and takes approximately 20 minutes to complete.

IT Security Awareness training

To access the training:

  1. Go to www.ksu.edu/its/security.
  2. On the left menu, click Security Training.
  3. Sign in with your eID and eID password.

Once you complete the training, your personnel record in HRIS will be updated within 24 hours. It will be listed under the Training Summary as IT Security Awareness (2016), with the course code WIT017.

For questions about your training record, please contact Samantha Roberts in Human Capital Services-Learning and Development at learning-develop-hr@ksu.edu or 532-1920. If you have questions about the security awareness training, contact the IT Help Desk at helpdesk@k-state.edu or 532-7722.