Critical Security Alert: Meltdown and Spectre Vulnerability

SpectreMeltdownOn January 3rd, something remarkable happened: the New York Times, CNN, and Fox News all ran front-page stories about a computer security vulnerability. The vulnerabilities, called Meltdown and Spectre, aren’t like other recent virus outbreaks and that’s part of why they are getting so much attention. These issues represent flaws in the way computer processors have been designed for the last twenty years. Continue reading Critical Security Alert: Meltdown and Spectre Vulnerability

Tech Tip: Using SMU’s Password Reset Tool

To ensure security of SMU’s data holdings, SMU account passwords must be changed every 180 days. For years, we have offered the online password reset tool at pwreset.smu.edu to make password changes easier while also assisting with lost passwords.

There have been a few changes to the reset tool in recent months, so we have updated our introductory video to show you how easy it can be to manage your account password in one place.

Fall 2017 Security Report Now Available

OITSecurity Awareness Report: Fall 2017

Our Fall 2017 edition of the OIT Security Report is now available to the SMU community. In this edition, we discuss cyber hygiene and the Internet of things, introduce a new “Ask Ms. Security” column, plus see how to spot fake news.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Summer 2017 Security Report Now Available

OIT Security Report 2017 Summer Edition

Our Summer 2017 edition of the OIT Security Report is now available to the SMU community. In this edition, we discuss the rise in ransomware, how scammers are now targeting you via text message, results of our Cybersecurity Survey, and some personal Identity Theft stories.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Phishing Alert: HSA Important Message Email

Phishing AlertSMU Human Resources has circulated a notice that several SMU employees were targets of a phishing campaign masquerading as the managing services for the University’s Health Savings Account (HSA). Unfortunately, the phishing incident occurred shortly before BenefitWallet sent legitimate direct emails about the member portal upgrade to SMU employees enrolled in an HSA.

Details from the original BenefitsU notice from HR is below: Continue reading Phishing Alert: HSA Important Message Email

Protecting yourself from Petya with CrashPlan

Hackers don’t take off for summer vacation.

Ransomware warningJust weeks after the WannaCry cyberattacks, a new ransomware outbreak called Petya is spreading across the globe. By this afternoon, it has already hit at least six countries and disabled business units. The malware is being delivered through emails disguised as business correspondence. The Office of Information Technology would like to remind you to be alert for suspicious emails/websites and to regularly update and backup your computer. Continue reading Protecting yourself from Petya with CrashPlan

Quarterly Security Update for April 2017 Now Available

OIT Quarterly Security Update (April 2017)

Our latest edition of the OIT Quarterly Security Update is now available to the SMU community. In this edition, we discuss how technology is helping the police in an interview with SMU Police Chief Rick Shafer, how the Clery Act reveals campus crime on college campuses, how campus lockdowns work, how toll tags can speed up your parking in the morning, and how the Access Control Initiative is improving the requesting and approving cards and codes.

To access the report, click the link below.

View Report

Authenticating to Box@SMU is required before viewing or downloading the report.
This report is confidential and not intended for distribution outside the University.

Browser Plugin Alert: OneClass Extension Behaves Like Malware

OneClassAt OIT we always recommend that you be careful when installing extensions and plugins for your web browser. This morning we received a warning from our friends at Canvas to let us know about a new Chrome extension, OneClass, that behaves suspiciously. Here’s what they had to say:

The “OneClass” Chrome extension behaves like malware. It can affect users of several LMSs, including Canvas. OneClass is not affiliated with Instructure [Canvas] in any way.

When a user installs the OneClass Chrome extension, it asks for permission to “read and change all your data on websites you visit.” If a user grants this permission, the plugin places a button in the user’s LMS (Canvas or other) labeled “Invite your classmates to OneClass.” If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course via the LMS’s messaging system (for Canvas, that’s Conversations).

Instructure, the parent company of Canvas, recommends that you do not install this OneClass plugin. If you ever see something suspicious in your web browser or have a question regarding browser add-ons, let the IT Help Desk know at help@smu.edu or 214-768-4357.

The Best Way to Authenticate with Duo

DuoIt has been several months since the University has required Duo Two-Factor Authentication to connect to secure services like my.SMU. While there are several ways to verify your identity with Duo Security, Duo has recently published an easy-to-read, one-page guide on why Duo Push with the Duo Mobile app is the best way to authenticate. Continue reading The Best Way to Authenticate with Duo