News

Zero-Day Vulnerability in Microsoft Word

Published:April 12th, 2017
Category:Collegewide

 

Attackers have been actively exploiting a zero-day vulnerability in Microsoft Word to infect computers with malware.  The first reports about the attacks came Friday from antivirus vendor McAfee after their researchers discovered some suspicious Word files spotted earlier.  They found that the files were exploiting a vulnerability that affects “all Microsoft Office versions, including the latest Office 2016 running on Windows 10.”

The flaw allows exploitation of code that executes anything downloaded from the Internet.  Attackers are downloading and installing malware, viruses, and other threats to take over your computer. “The successful exploit closes the ‘bait’ Word document, and pops up a fake one to show the victim,” the McAfee researchers said. “In the background, the malware has already been stealthily installed on the victim’s system.”

After additional reports it was confirmed that Microsoft had been previously notified of the exploit and had been preparing a patch. Microsoft released that patch this past Tuesday and we are actively pushing it to IT Shared Services workstations. For unmanaged and/or home computers make sure to visit Windows Update to get the latest updates.

"Protected View" available from Word's "Trust Center"
Word 2016’s “Protected View”

This isn’t the first time something like this has been discovered and, thus, underscores the importance of being hesitant about opening attachments from unknown sources. Additionally, new features in Microsoft Word 2016, if enabled, can block attacks of this type.  This feature is called ‘Office Protected View’ and is enabled from Word’s File -> Options -> Trust Center.  Scroll to Protected View and make sure the options you want are enabled (checked).

Office Protected View will allow you to view a document but prevents it from launching macros – thereby preventing it from injecting malware into your system.  By default files downloaded from the Internet open in Protected View, as do files still in your browser cache, and attachments opened in Outlook.  However, a user can sometimes unknowingly turn off this feature (Word will notify the user when something is blocked and allow the user to turn off the feature).

 

Related Articles

Tagged as: , ,

UF Exchange Retention Policies

Published:March 6th, 2017
Category:Collegewide

During routine UF Exchange maintenance UFIT has found a number of mailboxes that do not have proper retention policies set.  If your mailbox was one of those found you will receive an email from us about this with some additional information about your mailbox.

Retention policies are set on various mail folders within your mailbox to automatically delete messages after they reach a certain age.  The three year retention policy on your Inbox and Sent Items folders will undoubtedly be the most important for you to understand.  Any messages within these mail folders, or their hierarchy, will self-delete after they have been left unchanged for three years. In order to keep these messages you should move them to a new folder directly under your Mailbox.

UFIT is targeting close-of-business on Friday, March 17th, 2017 to apply the retention policy to all mailboxes.  This means that any messages older than March 17th, 2014 within the Inbox or Sent Items folders (or subfolders) will be deleted unless they are moved to another folder.

Contact your local IT if you need help with this.

The following information came from the UF Exchange website at https://www.mail.ufl.edu

Retention Periods

What are the retention periods used in UF Exchange?

Exchange Server Operating System 28 days
Mailbox store 7 days
Log message tracking 7 days
Deleted Mailbox 7 days
Deleted Item retention 7 days
Deleted Item Folders items 30 days
Junk E-Mail Folder items 14 days
Inbox and Sent Item Folders 1095 days
User created folder under Mailbox user set

Retention of the operating systems and mailbox stores are done on off-line tape and are used solely for the purpose of restoring system services.  UF Exchange does not provide restoration of individual mailbox contents from tape.

Tagged as: , ,

Phishing… Again!

Published:February 1st, 2017
Category:Collegewide

There has been a dramatic increase in phishing attacks directed at the UF community since the start of this calendar year (2017).

Email messages, websites, and phone calls that are designed to steal money either by tricking you into installing malicious software or revealing personal information about yourself or stealing it from your computer are commonly called phishing. It is estimated that 91% of all cyberattacks begin with some sort of social engineering attack like this and can lead to substantial financial losses. Last year alone phishing contributed to approximately $3 billion in fraudulent tax return filings.

Since January 1st, 2017 phishing attacks directed against UF have become substantially more sophisticated. Already there have been more than 100 Gatorlink accounts compromised through at least 13 unique, UF branded phishing attacks. These UF-branded attacks have used complete, and accurate, clones of the UF Login page and have copied/pasted language directly from UF’s IT Alerts page into their own emails. The malicious actors are also increasingly aware of UF procedures and are attempting to edit individuals W2 and payroll direct deposit information.

As you can see, these attacks are becoming more common and harder to recognize. They not only lead to security compromises to UF information but can directly, and immediately, impact your pocketbook.

UF is constantly reviewing and improving recognition of these attacks. Additional safeguards in UF processes are in the works now. The best defense, however, is an educated and aware user community so here are a few tips for recognizing a phish attack on your own:

Click to enlarge.
  • Look for bad spelling and grammar. Cybercriminals are not known for their grammar and spelling since they don’t have the staff of copy editors that larger organizations and companies would have for their mass mailing campaigns. If you notice mistakes in an email, it may be a scam.
  • Pay attention to links in email. If you see a link in a suspicious email message, first, and foremost, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s real web address.
  • Disregard emails with threats (out of quota, expiration of account, etc). Have you ever received a threat that your account would be closed if you didn’t respond to an email message or if you didn’t verify your account at a webpage? Cybercriminals often use threats that your security has been compromised. So, watch out for fake alerts.
  • Watch out for spoofs of a popular website or company. Scam artists use graphics in email that appear to be connected with legitimate websites but actually take you to phone scam sites or legitimate-looking pop-up windows. They also use web addresses that resemble the names of well-known companies but are slightly altered or misspelled.

UF Information Security and Compliance publishes alerts about these attacks routinely on the UF IT Alerts website: https://alerts.it.ufl.edu/.  At the time this article was first posted there were 5 alerts related to Phishing Scams listed on this page.  Additionally, they have some of their own information about phishing available on their website (https://security.ufl.edu/resources/email-safety/phishing/) and also offer two classes that go into the above tips, and much more, in greater detail. You can find them through myTraining in the UF portal.

Cyber Security at UF course UF_ITT100_I in myTraining
Cyber Safeguards for Restricted Data https://training.it.ufl.edu/training/items/cyber-safeguards-for-restricted-data.html

Tagged as: ,

Dropbox for Staff!

Published:December 16th, 2016
Category:Collegewide

UF has extended its license for Dropbox for Education to staff. At this time all UF faculty and staff are capable of using UF’s Dropbox for Education license for storing and sharing files in the Cloud. Each UF user has a 1TB quota within Dropbox. More information can be found at:

https://cloud.it.ufl.edu/uf-dropbox/

The process for signing up under the UF license is relatively simple:

  1. Goto the URL above to check your eligibility.
  2. If you are eligible you will be directed to start some training about the license (Click here to start link).
  3. Read the training and take/pass the three question quiz.
  4. Click the link provided after passing the quiz to get an email invitation to UF Dropbox for Education.
  5. Complete the sign-up by going to the link provided in the email invitation. This will open a web browser window to www.dropbox.com signup screen using your [gatorlink]@ufl.edu email address for the account (you cannot change the account, email, or name information on this screen). You will also need to agree to dropbox terms.  After that is done you can click the Create Account button.

Other items to note about the UF Dropbox for Education license:

  • Dropbox considers @[domain].ufl.edu accounts that were already created as personal accounts. Dropbox will not attempt or offer to merge / migrate it to the UFL / business account.
  • Dropbox will not let you create any new personal accounts using any emails that end in ufl.edu (this includes your [gatorlink]@ufl.edu address or any departmental / third-level domains such as @eng.ufl.edu). Dropbox doesn’t, however, prevent you from logging into one of these accounts that was previously created.
  • I have not yet seen what happens if you already have a [gatorlink]@ufl.edu based Dropbox personal account and then signup using the GatorCloud link for an account using the UFL license.  Apparently you get an interface that recognizes the Dropbox account you already have using your [gatorlink]@ufl.edu address and are asked if you want to migrate that to the UFL license or if you want to reassociate that Dropbox Personal account with a different, personal, email address.
  • You can associate your personal Dropbox and your business/UFL Dropbox accounts into the same login (so you can have access to both when you login). When you try to access one when logged in with the other you are asked to login.
  • There doesn’t seem to be an easy mechanism to move files from the personal account to the UFL account.  At this time it looks like you’ll have to download everything from one Dropbox and upload it to the other.

Tagged as: ,

New UF Login Page

Published:October 13th, 2016
Category:Collegewide

An updated UF Login page will go live on Sunday, November 6th.  It has been redesigned to match the new UF web template and brand standards launched by University Relations in spring, 2016.  Upgrading the login page to the new template required moving some popular links from their current locations.  Please preview the new page here:  https://demo.login.ufl.edu/.

Tagged as:

Risk Management Training Beginning Now

Published:September 27th, 2016
Category:Collegewide, Engineering IT Workers

At the IT@UF meeting, during the presentation about the Risk Management Process Cheryl mentioned they would start up regular training regarding the new process.  The first notification about that training is included below.  There will be weekly training up to Nov  9th on Wednesdays from 10:00-11:30 at the Hub, Room 221.

Subject: UF IT Risk Management Presentation Follow-up

 

As promised at the September IT@UF meeting we will begin offering a weekly training for IT Risk Assessment and an open lab for the Archer tool. The training will be on Wednesday, starting Oct. 5th, from 10:00-11:30 at the Hub, Room 221.

 

Agenda

  • 10:00-11:00   – Why Risk Management and Tool Navigation Training
  • 11:00-11:30    – Open Lab

We have this time slot scheduled for every Wednesday until Nov. 9th, 2016 and then we will be offering the training once a month until March, 2017. If this time is not good for you please send email to ciso-isr@mail.ufl.edu and we will be happy to schedule a 1-1 or 1-many training for you and your area.

 

Thanks,

Cheryl Granto

Tagged as: , , ,

Access to UFX shared mailboxes by O365 users.

Published:September 22nd, 2016
Category:Collegewide, Engineering IT Workers

We just had a need to provide access to a shared mailbox to student users who have mailboxes in Office 365 (O365).  We have tried to do this, or something similar, in the past and had mixed results.   For instance, it would work for access to a user mailbox but it wouldn’t work for a shared mailbox.  Additionally, the O365 user would have access through an Outlook profile but wouldn’t have access through OWA (https://mail.ufl.edu/owa/[email-address]).

Because of the recent use case we have worked through the issues and have it working now.  Make sure to set the following on the shared mailbox:

  1. Insure that the [alias]@uflorida.mail.onmicrosoft.com email address is on the shared mailbox.
  2. Insure that the [alias]@ufl.edu email address is on the shared mailbox.  The [alias] MUST follow the format of [UNIT]-[Name] where [UNIT] is your UFAD prefix, the dash (-) character must exist, and [Name] is the specific name for the mailbox.  The @ufl.edu address will not work for email delivery unless you enter a ticket with UFIT (again, the address is only supported if you follow the correct format).
  3. Update the UserPrincipalName (UPN) of the object to [alias]@ufl.edu.

Changes between UFX and O365 take up to an hour to sync to the cloud.  By doing this the students (O365 mailbox users) should be able to access the UFX shared mailbox through OWA using the https://mail.ufl.edu/owa/[email-address] URL.  If there are continued problems after making these changes it may be necessary to convert the mailbox back to a Regular mailbox so the user object is no longer disabled.

Tagged as: , ,

New Semester… Time to Phish

Published:August 23rd, 2016
Category:Collegewide

It’s a new semester which means a lot of new people are coming to the University. These new people are unfamiliar with University systems and procedures which means it is a prime time to try to trick them into revealing their account credentials. We can expect an influx of phish attempts as the semester gets underway as a result.

Phishing is any attempt to acquire sensitive information such as usernames, passwords, credit card details, and banking information (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy source in electronic communication.  Mostly phishing occurs in email but text messages (sms/mms), instant messages (Skype & Lync), and social networking (Facebook, Twitter, and Instagram) have all been known to propagate phish attempts.  Feel free to review the “Phishing Email” information available on UF’s Information Security & Compliance (ISC) webpage at https://security.ufl.edu/learn-information-security/protect-yourself/email/id-theft-scams/phishing-email/. The information here can help you determine if something is legitimate or not.

Additionally, ISC posts alerts to the IT Alerts page at https://alerts.it.ufl.edu/ whenever new phishing attempts are seen at the University.  At the time this article was posted there were two alerts regarding phishing: “Dear UFL Student and “University email update. If you receive something that you think just doesn’t look right, you should check IT Alerts first since chances are someone has already seen it and reported it to ISC.  Additionally, you can always forward it to us for review or report suspicious emails directly to UFIT by forwarding the message to abuse@ufl.edu.

If you have questions or comments regarding this feel free to call (392-9217) or email (mis@eng.ufl.edu).

Tagged as: ,

Cyber Self-Defense

Published:August 8th, 2016
Category:Collegewide

UFIT’s Information Security & Compliance Office (ISC) has announced that their next Cyber Self-Defense course will be held Friday, August 26th in Hub 221.  Space is limited; so, register for the workshop as soon as possible online (registration is now closed for these classes however new classes are always being announced and registration can be done through myTraining in the PeopleSoft myUF Portal, search for class UF_GET199_ILT).

A couple times a year the Information Security & Compliance Office teaches this useful course.  It is designed to raise awareness of faculty and staff on topics including safe web browsing, e-mail safety, social media, encryption, and wireless security.  The class is interactive with discussion topics that get the participants thinking about how to protect their personal computers both at the office, at home, and while traveling.  The course is constantly updated to account for the ever evolving landscape of computing devices.  We encourage everyone to take this class, or retake it if it has been awhile, since it gives a good foundation of basic, safe computing rules to live by.

More information about the Cyber Self-Defense course can be found within myUFTraining.

Tagged as:

New UF Login Page

Published:June 23rd, 2016
Category:Collegewide

UFIT announced a new look for the login.ufl.edu page which incorporates the standard UF theme and style elements. Go live has been put on hold in order to allow adequate time for review and holistic revamping of other user facing login screens (such as ADFS – GatorCloud). We do not currently have a time table for rollout of changes but it will be communicated once scheduled.

Please contact Warren Currey (whcurry@ufl.edu) or Tina Velez (kvelez@ufl.edu) with any questions.

Tagged as:

<< Newer   Older >>