Last week, OIT notified the campus of a successful phishing campaign targeting the SMU community. In this campaign, we noted that cybercriminals had begun using a new technique where they repeatedly send Duo requests to users who have shared their username and password to annoy users into approving the two-factor request.
This technique, referred to as “MFA fatigue,” has become increasingly common, and over the next several weeks, OIT will begin implementing measures to combat this trend. In the meantime, we recommend you take the following actions if you notice something suspicious: Continue reading Protect Yourself: Fighting MFA Fatigue
In an effort to strengthen password security, starting December 19, 2022, any new password may not contain all or part of the user’s account name, common passwords, or words related to an SMU campaign that are vulnerable to password-guessing attacks. Continue reading University Moves to Restrict Common Words for Passwords
On Tuesday, January 4, 2022, a security change was made in Duo, preventing the “call me” or SMS passcode options by the SMU community, as these factors were susceptible to vulnerability and fraud.
How does that apply to me?
An alternate method for two-factor authentication is now required, either by using a hardware token or by installing the Duo Mobile app on your mobile device.
If you previously used the “call me” or SMS passcode options as your primary method to two-factor, please complete the following steps: Continue reading Recent Changes Made to Duo Security
The Verge is reporting this week that the web host and domain registrar GoDaddy is dealing with the fallout of a recent security breach that resulted in the exposure of over one million customer email addresses. This breach primarily affected customers of GoDaddy’s WordPress blog hosting services. GoDaddy has stated that the hackers utilized a compromised password to gain access, which is all too common with the proliferation of phishing scams and other nefarious methods. Continue reading GoDaddy Customer Email Addresses Compromised in Recent Breach
We’ve talked about cybersecurity in the office and at coffee shops. Let’s wrap up the month of Cybersecurity Awareness Month chatting about cybersecurity at home!
First up is personal devices for work. This one’s easy: don’t use them! But if you do, make sure to get them approved by our security team first. Continue reading Don’t Be Outsmarted by Your Smart Devices 🧠