Security Notices

17-11-2017 We’re getting a lot of phishing emails with “Your University of North Carolina at Chapel Hill5 email account has been suspended. You must verify it immediately or your account will be closed or wouldn’t be able to send or receive mail” in the message body. Remember, ITS will not send out such messages and you should not click on links in email.

08-11-2017 There’s an artful phishing scheme which purports to be a Netflix suspension notice, tailored to individual user and using design elements from the Netflix site. Remember to now click on links in email–instead, go directly to the site before logging in. More info here: https://www.helpnetsecurity.com/2017/11/08/netflix-themed-phishing/

18-09-2017 Dou authentication will be required on the Campus VPN as a second factor starting on Monday, September 18th. ITS documentation on this starts here:
http://help.unc.edu/help/duo/

12-09-2017 Make sure to patch your phone or other linux/android devices or turn off bluetooth, there a new attack method that doesn’t require a user to click anything and can compromise any affected system at a distance. More info here and here.

11-09-2017 Please change your UNC Computer Science password BEFORE Wednesday October 11th, 2017. All Computer Science users must change their passwords between July 1st and October 11th to retain access to our systems. You received this email because you have not changed your password since July 1st, so you will need to change your password BEFORE October 11th, 2017.

IF YOU DO NOT CHANGE YOUR PASSWORD BEFORE October 11th, YOUR ACCOUNT WILL BE DISABLED on October 11th. If your password gets disabled you can change your Computer Science password based on knowing your Onyen. See the following URL more information:

http://cs.unc.edu/help-articles/webpass/

08-09-2017 Equifax was hacked in May of this year, private data of over 143 million people was exposed. More information on the breach (including a link to an Equifax site you can go to to see your data was comprised and to sign up for one year of monitoring) is here and here, but note that if you go to check on whether your data may have been exposed, you might be giving up your right to sue Equifax. Brian Krebs has a good followup article here

12-08-2017 ITS is requiring use of two factor authentication at the campus VPN starting the 18th of September. Here’s some info on two factor authentication.

21-07-2017  UNC is seeing a sharp increase in phishing attempt today. Here is some info on avoiding taking the bait: Norton 7 tips, PCI’s guide.

19-07-2017 Apple posts updates for many of their products. Some of the vulnerabilities patched allow remote code execution, so please check your apple devices for available updates.

14-05-2017 Wannacry ransomware: This has been very active in Europe, and can infect window machines via phishing schemes and worming over the network into machines lacking a systems patch. The exploit code is believed to be based on the EternalBlue exploit designed by the NSA and leaked to the public. The ransomware encrypts files on windows machine and mounted disks, and infected machine post a notice offering decryption for a $300 fee. Microsoft has released patches for this vulnerability for the no-longer-updated XP and 2003 operating systems.

What to do? These suggestions are specific to Windows systems, but the same basic practices are recommended for other operating systems.

1 – Make sure your system is patched, just open Window Updates and update your system. Do that now if you haven’t done this recently. Check the update history to see that updates are regularly successful.

2 – Open your anti-virus software and make sure that is also up to date.

3 – Make sure you have off line backups–an easy way to do this is get a couple of external USB drives. Connect one or the other to your machine every week or so and make a backup. If your machine is a Desktop, keep the drives at another location, if it is a laptop, keep one at work and one at home.