Yahoo Announces Email Password Compromise

On Jan 30th, 2014, Yahoo announced that a number of their email users usernames and passwords were compromised.  According to the company, the accounts were exposed through a data breach of a third party database.   Yahoo has not released any information about who the third party is or how many accounts were affected.  Yahoo is urging users to change their passwords.  They are also notifying affected users of the compromise via email or SMS Text Messaging.   At present, it is unknown whether any information other than username and password was taken.  Yahoo is working with federal law enforcement to investigate this breach. Recommendations: Change passwords for all Yahoo email accounts. Change passwords for all accounts that user the same user id or password as was used for the Yahoo email account. Use unique passwords for every site/system and change passwords on a periodic basis. Create passwords that are long (at least 8 characters), complex (utilize at least 3 of the 4 … [Read more...]

Tech Support Phone Scam

Some members of the UMW community are reporting receiving calls from a person that claims to be from "Windows technical support".  They explain that a virus is "coming from your IP address".  This is to try and get you to install software on your computer and allow them remote access. Please, note the phone number you receive the call from and hang up.  After you hang up please report the incident to the IT Help Desk or IT Security noting the time and phone number. DO NOT give them any information and DO NOT initiate a connection. Remember, if you are ever in doubt, hang up and call the IT Help Desk directly. 540-654-2255. Thank you for your assistance in keeping UMW safe! … [Read more...]

Internet Explorer Vulnerability

The following is information pertinent to our users from Commonwealth Security and Risk Management: CSRM has been monitoring a recently announced unpatched vulnerability in Internet Explorer that is being actively exploited.  The exploit allows an attacker to infect an user using a malicious website that has been specifically crafted to take advantage of this vulnerability.  When the user visits the site, the malware is downloaded to their PC.  The malware is then installed the next time the user logs into their system. The vulnerability affects Internet Explorer versions 6 – 9.  Microsoft has not released a patch for this vulnerability, however, they have released a security advisory with several workarounds that can be used until a patch can be released.  Users should consider using a different web browser if possible.  The workaround identified in the Microsoft security advisory are as follows: Deploy the Enhanced Mitigation Experience Toolkit Set Internet and Local … [Read more...]

Vulnerabilities affecting Java

Information Security is encouraging users on both PCs and Macs to update Java due to a security vulnerability. Users can upgrade to the latest version of Java at: http://java.com/ More details regarding the security vulnerabilities may be located at: https://blogs.oracle.com/security/entry/security_alert_for_cve_20121 … [Read more...]

Be Alert for A Questionable Email Related to Employee Benefits Programs

bad email

Notice from DHRM: The message below is being distributed to state employees, and apparently originated in the United Kingdom (the British Isles).  This email has no connection to any of the state benefit programs, including the health care plans. Please advise your employees not to click the links within this message. As always, thank you for your assistance.   … [Read more...]

SPAM Messgae: Health Benefits E-News Extra – June 29,2012

SPAM message

The Commonwealth has notified us of the following spam email being sent to state employees.  If you get this email, PLEASE delete and do not respond to it or click any links. Please contact the IT Help Desk (x2255) if you have any questions. … [Read more...]