Security Tip of the Week
September 26th, Tip of the Week | Every plugin or add-on you install in your browser can expose you to more danger. Only install the plugins you need and make sure they are always current. If you no longer need a plugin, disable or remove it from your browser via your browser’s plugin preferences.
MFA Fatigue Attack
September 19th, Tip of the Week | A recent security breach at Uber perfectly illustrates how individual users are the last line of defense in network protection. The New York Times recently reported that a hacker had sent a text message to an Uber employee and was able to persuade the staff member to reveal their password, after claiming to be part of their Information Technology team. With login credentials now in hand, the hacker then repeatedly sent the user multi-factor authentication (MFA) requests, according Wired reporting. After more than an hour of prompts, the hacker contacted the employee and indicated the notifications would stop once the user approved the login. Once past this second and critically important layer of protection, the hacker gained full access to Uber’s systems. As a rule, never give out your password to anyone who requests it and never approve a Duo prompt that you didn’t initiate yourself. Should you receive a similar request(s), be sure to contact the ITS Helpdesk (firstname.lastname@example.org) to report the incident.
September 12th, Tip of the Week | When you forward an email to others or copy new people to an email thread, review all the content in the entire email and make sure the information contained in it is suitable for everyone. It is very easy to forward emails to others, not realizing there is highly sensitive information in the bottom of the email that people should not have access to.
Phishing that Targets Online Gamers
September 5th, Tip of the Week | Phishing threats aren’t limited to scammers targeting your email inbox. Those who play online games also need to be aware of increased threats. According to research from Kaspersky, when downloading the games from untrustworthy sources, players may receive malicious software that can gather sensitive data like login information or passwords from the victim’s device. It was found that from July 1, 2021 through June 30, 2022, the TOP 5 game titles that cybercriminals used as a lure to distribute secret-stealing software included Valorant, Roblox, FIFA, Minecraft, and Far Cry. When downloading “add ons” for your games, be sure to only use known app stores and avoid those tempting free offers.