MSU responds to the Heartbleed Bug
A major security vulnerability called the Heartbleed Bug was disclosed Monday night with serious implications for the entire web.What is the Heartbleed Bug?
A security defect was found in a component that is the foundation of security for a large percentage of Internet websites.
The security defect, in a component called OpenSSL, allows attackers to acquire random data from “secure” web servers without logging in. Read Full Article →
IT Services warns about CryptoLocker malware, cybersecurity
IT Services is warning computer users about a particularly vicious kind of malware, called CryptoLocker.How CryptoLocker works
CryptoLocker encrypts or freezes large parts of a Windows PC’s hard drive, then asks the user to pay to regain access.
Once CryptoLocker installs itself, it contacts a remotely operated server run by criminals, called a command-and-control server. Read Full Article →
MSU community warned to watch for phishing after attempted theft
The Michigan State University Police Department is investigating an attempted theft of employee direct-deposit payroll earnings.Direct-deposit incident
On Friday, October 18, two employees reported receiving email confirmation of a change in their direct-deposit designation.
Police say that valid credentials (MSU NetID and password) were used by a perpetrator to modify the employees’ banking information on the EBS HR/Payroll (SAP) system. Read Full Article →
MSU SecureIT celebrates National Cyber Security Awareness Month
October is National Cyber Security Awareness Month.
Michigan State University has an ongoing safe computing campaign called SecureIT to help educate the MSU community on safe computing practices.Tips to staying safe 1. Make sure your personal firewall is turned on.
MSU IT Services offers suggestions for handling Java-based vulnerability
Last week a serious Java-based vulnerability was identified by security experts. The vulnerability allows criminals to exploit the opportunity to silently install malware when a hacked site is visited while using the insecure browser plugin.
Users are advised to upgrade to the latest version of Java (currently, it is Version 7 Update 11) immediately, and to only allow Java code to run from known safe sources and that is properly digitally signed. Read Full Article →