Kansas State University

search

IT News

Tag: IT security

LISTSERV policy change goes into effect Oct. 2

Posted on by Christine Doucette

by Information Technology ServicesStop Spam image

Currently, emails from K-State LISTSERV mailing lists bypass Spam check procedures. Beginning Monday, Oct. 2, LISTSERV emails will go through the same Spam check-in Office 365 along with the rest of our university emails. Information Technology Services (ITS) will only bypass emails from the spam checks if a reasonable case can be made for the need. The goal is to reduce K‑State’s exposure to spam and allow the spam protections in Office 365 to do their job.

You should periodically check your Junk Email folder to make sure
you are not losing important, safe emails. After Oct. 2, be sure to

look for messages from your LISTSERV lists in your Junk Email folder. If you find any, fill out this form to request a global settings change that will move those emails from your Junk Email folder into your Inbox folder instead. Requests will be considered on a case-by-case basis for approval.

If you have questions, contact Greg Dressman, director of Enterprise Server Technologies, dressman@ksu.edu.

Change to K-State’s LISTSERV allow list policy

Posted on by Christine Doucette

by Information Technology Services

To help ensure the proper delivery of emails to your K-State Inbox, Information Technology Services (ITS) maintains an Approved or Safe Sender allow list. A allow list is a list of email addresses, domains, and IP addresses that will not be blocked by K-State’s spam filters.

Allow list introduces additional cybersecurity risks. Spammers take advantage of allow lists which makes our K-State inboxes more susceptible to spam, phishing scams, and viruses. Spammers create spoofed emails from allow list email addresses, domains, and IP addresses, which will make their way to your Inbox. When you click on the spoofed emails and links, you will unknowingly expose the K-State network to viruses and harm.

Previously, emails from K-State LISTSERV lists were allow listed. Now, LISTSERV emails will go through the Spam check-in Office 365, and will not be allow listed. ITS will only allow list emails that have a business need. The goal is to reduce K-State’s exposure to spam and allow the spam protections in Office 365 to do their job.

The allow list change will go into effect on Oct. 2. After this date, periodically check your Junk Email folder to make sure you are not losing important, safe emails. If you are losing important emails, fill out this form to request a global settings change that will move those emails into your Inbox instead. Requests will be considered on a case-by-case basis for approval.

If you have questions, contact Greg Dressman, director of Enterprise Server Technologies, dressman@ksu.edu.

K-State stops critical attack on software

Posted on by Amanda Tross

by Information Technology Services

On Thursday, March 9, a critical exploit was executed around the world that enabled hackers to take control of web servers. At K-State, the software used to manage the Undergraduate Admissions and Scholarship Application and the Axio LMS (which is in limited use) was attacked. Within an hour of the exploit being known to the world, Information Technology Services (ITS) had an initial block of the attacks in place. Continue reading “K-State stops critical attack on software”

XcodeGhost iOS virus and what you need to know

Posted on by Eric Dover

A couple of weeks ago, it was discovered that some apps in the iOS app store had been infected by a virus called XcodeGhost. Information Technology Services has discovered some infected iOS devices (iPhone, iPad) on the K-State network. As these devices are identified, their access to the K-State wireless network is being blocked. If your IOS device has been blocked, go to the IT Help Desk in 214 Hale Library so that they can assist you in cleaning your device and requesting the network block be removed.

Apple has removed the infected apps from the App Store, but some of these apps may still be installed on iOS devices. For more information, see Apple’s XcodeGhost Q&A (Chinese version).

Dangerous phishing-scam emails steal more than passwords

Posted on by Betsy Edwards

by Information Technology ServicesK-State will never ask for your password in an email

K-State employees have recently been targeted by a “TIAA-CREF re-authenticate your account” email phishing scam that has been involved in at least three rounds of attacks.

On July 6, Human Capital Services emailed K-State employees with a TIAA-CREF account that K-State is blocking the URL in the scam, so computers on the university network cannot access the intended web address.

If you have replied to the TIAA-CREF email scam or any other email that asked for account information, contact the IT Help Desk as soon as possible (214 Hale Library, helpdesk@k-state.edu, 785-532-7722, toll-free 800-865-6143).

Simple rules will protect you from all kinds of scams: Never provide a password or personal identity information in response to email.  Never use your K-State eID password on any other account.  Continue reading “Dangerous phishing-scam emails steal more than passwords”

Update Java software now; computer attacks occurring

Posted on by Harvard Townsend (harv@ksu.edu)

A vulnerability in Java, a programming language used in many applications and installed on most computers on the K-State campus, is being actively exploited on the Internet to take over control of computers. K-State’s network is being attacked many times a day, looking for computers to compromise via this vulnerability in Java, and at least three K-State computers have been compromised recently by this exploitThis vulnerability affects version 6 Update 23 or older of the Java Runtime Environment (JRE).

K-Staters need to:

  1. Update JRE in Windows to the latest version, which at the time of this writing is 6 Update 25 (Update 24 actually fixed the bug, so that version is safe too). You can get the latest version from Oracle’s Java website, or update it from the Java Control Panel in Windows.
  2. Configure Java to automatically check for and download updates in that same control panel. If configured for automatic updates, the Java icon (above) will appear in your system tray (usually in the lower right corner of the screen) to alert you that an update needs to be installed.

Continue reading “Update Java software now; computer attacks occurring”