College of Engineering |

DECS works to provide a secure network environment to ensure the safety and continuity of resources we all need. The landscape of threats has changed since 2017 with a sharp increase in operating system vulnerabilities which are trivial enough to allow worms which  could spread ransomware. In order to avoid becoming a victim of a network worm, spreading malware to other victims, or as a jumping point for further attacks internally, it is essential to keep operating systems updated on a frequent basis. DECS recommends monthly updates and reboots, if not each time a computer notifies you.

Outside email accounts have been impersonating other Engineering people in an attempt to scam you for iTunes gift cards. They start by asking if you are available and then request you buy gift cards for an urgent task. It is likely a false identity and they are trying to steal money from you in the form of gift cards. Do not buy gift cards or prepaid credit cards as a favor for other people.

In April 2019, the popular social planning and e-invitation website, Evite, became aware of possible unauthorized activity on their systems. After an investigation concluding in May, they determined that since February of 2019 a hacker had obtained the names, usernames, email addresses and passwords of customers, and if the customers had provided them, their birthdays, phone numbers and mailing addresses. The hacker posted this information as for sale on the dark web.

In July of 2019 the public was made aware of a security vulnerability in the popular video conferencing app, Zoom (used by MSU) on Macs. If the Zoom app is installed on a Mac, then any website can open a video-enabled call since the Zoom app installs a web server on Macs that accept requests other browsers wouldn't. Even if you uninstall the app, the web server still exists and can reinstall Zoom without your knowledge.

Capital One announced on July 30, 2019 that they suffered a data breach which exposed 106 million customers information in the United States and Canada. The breach occurred on March 22 and 23 of this year, with the hacker stealing the information of customers that applied for a credit card between 2005 and 2019. The FBI has arrested the hacker.

Microsoft is ending support for Windows 7 and Windows Server 2008 R2 operating systems on January 14, 2020.

What does this mean?

What happened?
At approximately 6:00 AM July 11th, MSU IT enabled the new MSU Mail Protection service to safeguard “@msu.edu” email accounts. This service is designed to enhance the user experience while also greatly reducing spam, phishing, and malicious emails. MSU IT Services is closely monitoring all mail flows to ensure the tools are performing as expected with no interruptions to service.
 
How will this affect spam and malicious emails?

Hola VPN is a popular Firefox and Chrome extension that allows a person to watch access content. However, there are several issues with the service. The Hola VPN turns your computer into an exit node which allows other Hola users to use your network connection. Other people using your connection could be causing abuse or doing something illegal and you could be held accountable. By installing and using the Hola VPN, you will also be granting people outside the University access to our network. This means, you could be exposing the network to outside threats.

As you may have heard, there is a major cyberattack affecting several major organizations across the world.  This cyberattack is called Wanna Cry Ransomware. This Ransomware is leveraging a known vulnerability in the Microsoft operating system. There are some reports that the ransomware is being spread by email attachments. The Division of Engineering Computing is taking several steps to help protect you.

What can you do to protect your computer?

On May 7th, the Popular software Handbrake reported that if you have recently downloaded the video transcoder app handbrake on your mac, there are chances that your computer is infected. According Handbrake, Anyone downloading handbrake on Mac between May 2nd, 2017 and May 6th, 2017, may be infected. If you installed the software during this time frame, you should check your OSX activity Monitor application. If there is a process called activity_agent, then, your Mac is infected. You can removed the malware by the following steps: