CISO News and Alerts

November 16, 2018

BitLocker Ineffective on Self-encrypting Drives

Audience Summary How to tell if a computer is at risk What to do Configuring Group Policy Technical resources More Articles Audience This information is intended for Windows system administrators. End users may need assistance to implement these recommendations. Summary This vulnerability may render full disk encryption protections ineffective. Under certain circumstances, Microsoft’s BitLocker software…

October 15, 2018

Logging Cheat Sheets

In several of our Information Security Briefing sessions, we have heard about the importance of logging for anomaly detection and incident response. Below is a link to various “cheat sheets” for logging to help you enable and configure system logs. Please note this is not an endorsement of this vendor; we are posting for information…

July 18, 2018

FileZilla Vulnerability

Summary Background What is the issue? How does the riskware get installed? What can you do? More information More Articles Summary The Office of the CISO recently learned of suspicious processes created by the FileZilla SFTP program. While we do not consider the behavior to rise to the level of malware, it does have the…

May 22, 2018

Spectre Meltdown Update

More Articles Information security researchers have found two major security vulnerabilities, dubbed “Meltdown” and “Spectre,” that affect the processing chips in almost every computer made in the last 20 years (including mobile phones, embedded devices, cloud computers, etc.). These vulnerabilities could allow attackers to steal data, including passwords and other information previously thought to be…

May 18, 2018

Spear Phishing

Spear phishing targets particular individuals or groups in order to trick them into providing credentials that can be used to access (and in some cases steal) specific types of information. Read more about how spear phishing is being used to target universities in our new Risk Advisory. Go to Risk Advisory More Articles

September 20, 2016

Phishing Examples

How do you know if an email is legitimate if it asks you to: Click on a link, Provide personal information, Confirm an account, Type in login credentials, or Download a file? A common way cyber criminals gain access to valuable information at Universities is through deceptive emails known as “phishing” messages. See examples of…