Blog

Security Warning

Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution

OVERVIEW:

Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.


SYSTEMS AFFECTED:

  • Android OS builds utilizing Security Patch Levels issued prior to May 5, 2019.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate updates by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
  • Remind users to only download applications from trusted vendors in the Play Store.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

 

REFERENCES:

Google Android:

https://source.android.com/security/bulletin/2019-05-01

There has been an influx of emailPhishing scams recently that are targeting higher education institutions.  Please take a moment to review the Phishing scams below and contact IT if you have additional questions.


Secret Shopper – In this scam, a student will receive an email telling them that they will receive a check. The student is supposed to purchase gift cards with this check and send the code from the gift card back to the scammer. In reality, the scammer pulls the funds off the gift cards and the check they sent bounces.
 
Paper Writers – In this scam, a student will receive an email offering to help them write papers for school. The student is required to pay money in order to access or receive their paper, but in reality they never receive anything from the scammer.
 
If you receive these, or other suspicious email, you should not take action or pursue any offers. Instead, immediately report them to the IT department.


Protect yourself from scams

Email scams are created in crafty ways to imply urgency and generate trust. They often contain a link and make it appear as though the email is coming from The College or another trusted source, like a fellow student.
 
The following tips can help you identify and avoid malicious emails: 

  1. Don’t trust display names. Always check who the email is FROM.  If it looks suspicious, don’t open the email.
  2. Look but don’t click. Hover your mouse over any links embedded in the body of the email. If the link address looks unusual, don’t click on it.
  3. Check for spelling mistakes. Reputable brands are careful about the email they send. Watch for spelling mistakes or poor grammar – they are clues to malicious email.
  4. Don’t give out personal information. Legitimate banks and most other companies will never ask for personal credentials or personal information via email. Companies will not ask for personal information such as login credentials, social security numbers, bank information or addresses through email. Don’t give out this information requested by email.
  5. Don’t believe everything you see. Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it is legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it. 

For more information and tips around phishing emails please read the following article:

https://blog.returnpath.com/10-tips-on-how-to-identify-a-phishing-or-spoofing-email-v2/

Of course, if you are uncertain if the email is legitimate or not, you can always contact the IT Department for assistance.

Banner On-Demand Training

LMC has purchased a site license for Banner On-Demand Training through the Ellucian Customer Support site (a.k.a. Ellucian HUB).  Please review the information page on the IT Service Desk Knowledge Base, under “Banner by Ellucian," for more information. 

The IT office will be working on server patching this weekend which will impact Banner, Degree Works and Wavelink for all users beginning Saturday, April 13th at 8:00 p.m. until Sunday, April 14th at 2:00 a.m.

The patching is anticipated to have no impact on usability when the applications are restarted.  

If you have any questions or concerns, please contact the IT Service Desk at 269-927-8189, or visit https://portal.mylmc.org to submit a ticket.

Another phishing scam has been discovered that targets individuals with the claim that their Office Business Essentials bill is unpaid. 

If you receive this email, or other emails you think are suspicious, please click the Phishing Alert button within your outlook application. This will remove the email from your mailbox and send it to IT for further review.

Below is an example of the email we've seen come through. We've notatedsome common issues that are often found in Phishing emails. 



If you feel that you have been tricked by a phishing email, please complete the following:

  • Immediately notify the IT department so we can complete a scan on your PC.
  • Immediately change your password, especially if you used your login information after clicking on a link in the email
  • Log into the KnowBe4 Training (https://training.knowbe4.com/login) and review the trainings on Phishing Scams and Spam emails


LMC IT Service Desk

Benton Harbor Campus, Suite 229

Submit a Service Request or search the Knowledge Base: Portal.mylmc.org

Service Desk Phone: 269-927-8189

Ellucian Customer Support has a Community thread related to a known issue related to the Firefox 66.0 and 66.0.1 release.  The URL for the thread is - https://ecommunities.ellucian.com/message/245242#245242

LMC is reviewing the information posted in the thread and will apply Banner updates as necessary. 

Please use Google Chrome as an alternate web browser if you are experiencing issues with Firefox and Banner 9.

There have been reports of a phishing scam arriving in email boxes that claim to have access to compromising information. The sender spoofs the user's email and demands Bitcoin in return for destruction of the compromising information. The scammer also claims that he or she has full access to your account and that an undetectable Trojan virus has been installed on your PC.  This is a scare tactic used by the scammer to scare the recipient into paying the ransom.  

What should you do if you receive the email? 


Do not respond to the email and do no pay the ransom.  Instead, click the Phish Alert icon on the home tab of your outlook (If you are on your mobile device, feel free to forward it to IT). It is also recommended that you change your password, in case you have been compromised and targeted through recent data breaches. You can see if you have been a victim of a data breach, and which companies were the source of the breach, by visiting https://haveibeenpwned.com and entering your email address. 

In addition, we recommend you take the security awareness training offered by LMC to learn helpful tips on securing your email and preventing becoming a victim to phishing scams https://training.knowbe4.com/login.

Here are some other helpful hints if you receive this email, or other phishing scams like it:

They have my password! How did they get my password?

Unfortunately, in the modern age, data breaches are common and massive sets of passwords make their way to the criminal corners of the Internet. Scammers likely obtained such a list for the express purpose of including a kernel of truth in an otherwise boilerplate mass email.

If your password was included in the email to you is one that you still use, in any context whatsoever,  STOP USING IT and change it NOW!

And of course, you should always change your password when you’re alerted that your information has been leaked in a breach. You can also use a service like Have I Been Pwned to check whether you have been part of one of the more well-known password dumps.

Should I respond to the email?

Absolutely not. With this type of scam, the perpetrator relies on the likelihood that a small number of people will respond out of a batch of potentially millions. Fundamentally this isn't that much different from the old Lottery scams, just with a different hook. By default they expect most people will not even open the email, let alone read it. But once they get a response—and a conversation is initiated—they will likely move into a more advanced stage of the scam. It’s better to not respond at all.

So,  I shouldn't pay the ransom?

You should not pay the ransom. If you pay the ransom, you’re not only losing money but you’re encouraging the scammers to continue phishing other people. If you do pay, then the scammers may also use that as a pressure point to continue to blackmail you, knowing that you are susceptible.

What should I do instead?

As said before, stop using the password that the scammer included in the phishing email, and consider employing a password manager to keep your passwords strong and unique. In addition, contact the IT department if you experience or suspect suspicious activity.


Thank you to Mathew and team for successfully upgrading the Firewall this past weekend.  The new firewall will help to keep the College's data safe and secure.

If you experience any issues accessing applications or websites, please submit a ticket with the error message you receive and any other pertinent details. Once received, we'll look into the issue and work to create a resolution.

The IT department will be replacing some networking equipment this Sunday morning, 3-24-19 beginning at 6:00 am.

Due to this change, there will be a brief outage of systems such as Wavelink, Canvas logon, the College website and Remote Access. Internet traffic for LMC computers will also be unavailable.

This outage will not affect Beckwith Hall or the guest wireless network.

Although the outage is expected to last only 30 minutes, we will be reserving 4 hours for the outage to allow ample time for troubleshooting and testing.


New Office Location

Come visit us in our new location on the second floor of the C-wing. 

The Service Desk and operations team is located in C-229 and the Banner ERP and management team is located in C-222.


Recent Phishing Emails

The IT Department has investigated a Phishing email targeting individuals within the college, claiming to come from Dr. Kubatzke that asks if the recipient is available.


Upon investigation, it was discovered that the email was coming from an external source with a “my.com” domain with the intent of coercing the recipient to purchase gift cards and provide the card numbers via email.


As a precaution, the IT Department has blocked the sender’s email address from contacting internal users and purged the phishing email from the system.


A Phishing Scam is an attempt to obtain sensitive information such as usernames, passwords, credit card details, or in this case Gift Card information, by claiming to be from a trustworthy entity within an organization.


Although not all phishing emails are easily identified, there are often tell-tale signs that the message is not legitimate.

1)      The email is not addressed directly to the recipient, but instead uses a generic greeting such as or does not identify the recipient by name.

2)      If the sender claims to be employed at the College, ensure the email address end with “@Lakemichigancollege.edu”. If it does not, the message is likely to be a phishing scam

3)      The message is designed to make you panic or put pressure on you to respond

4)      There is a suspicious or unexpected attachment

5)      There are grammatical errors and is poorly written

6)      It directs you to click on an external link

7)      It asks you to provide personal information or to purchase items such as gift cards


What should you do if you suspect an email is a phishing scam?

1)      Call the sender directly to verify the email’s legitimacy

2)      Report the email to the IT Department by forwarding the email to Abuse@Lakemichigancollege.edu or click the “Phish Alert” Button within Outlook


To learn more about how to prevent becoming a victim to Phishing emails and to increase your information security awareness, log into your KnowBe4 training account at https://training.knowbe4.com/login (You can use your LMC Credentials to sign in). In addition, you can participate in new trainings every month, as sent to you via email.

 

-This Friday, March 8th, after 6:00 p.m., the phones (both inbound and outbound) for Napier and Mendel will be unavailable, including 911, for approximately 2 hours

There also may be interruption in outbound Internet and external services we host for all sites, including Niles and South Haven. Beckwith Hall internet will be unaffected. Please contact the IT Help Desk at ext. 8189 if you have any questions.


-Banner and Wavelink will be unavailable this Saturday, March 9th from 7:00 p.m. until Sunday, March, 10th at 2:00 a.m. for database upgrade activities.

Please contact Marsha Griggs, Banner ERP Manager at ext. 6576 if you have any questions.

Intuit, the company behind tax preparation software TurboTax, said users’ accounts may have been accessed by an unauthorized party.

Threat actors used usernames and password combinations obtained from a non-Intuit source after an undisclosed number of TurboTax accounts were breached in a credential stuffing attack.

Tax returns from the prior year, current tax returns in progress, names, social security numbers, addresses, dates of birth, driver’s license numbers and financial information such as salaries and deductions were compromised, according to the notification

Intuit temporarily made the accounts of those unavailable and to protect their information from further unauthorized access and to help protect users, are offering a year of free identity protection, credit monitoring and identity restoration services. 

The breach was discovered in a security audit of its systems in the TurboTax data breach notification that was filed with the Office of the Vermont Attorney General.

Adam Laub, senior vice president of product management, STEALTHbits Technologies warns those that use the same password across different sites, you’re ripe for the picking.

“Credential stuffing ceases to be a viable attack technique when users leverage different, unique passwords across the various sites and services they log into,” Laub said. “However, our innate desire to remember as little information as possible in an age where all the information we may ever want to recall is literally at our fingertips continues to drive the use of the same username and password combination to everything we access, from our bank accounts and medical records to of course our tax returns.”

Laub explained that with just an ounce more effort and the use of any password management tool, this particular attack technique could become completely useless but until then we will continue to see these kind of attacks more often. Intuit has not yet responded to SC Media’s request for comment.

Intuit provided the following statement concerning the incident.

“To be wholly clear, there was no data breach of Intuit’s systems or any third party accessing Intuit systems.  

The notice referenced in a recent blog post is a notification Intuit sent to Vermont informing of Intuit discovering what it believes is unauthorized access of a customer’s account as a result of a fraudulent account log-in – an Account Takeover, not a data breach of Intuit. This notice is standard communication between Intuit and states and does not constitute notice of a systemic data breach.

After discovering what we believe is unauthorized access to an individual’s account, we conducted an investigation and took steps to secure our customers’ accounts and information.  We believe a third party used legitimate log-in credentials that were obtained from non-Intuit sources and used them to access an Intuit account. As someone in your field knows, an individual’s account login information may have been acquired from any number of sources other than Intuit.

The security of our products and our customers’ data is a top priority and we continue to invest in security and fraud protection, including:

o   Providing Suspicious Activity Reports for additional investigation based on risk scoring.

o   Developing third-party partnerships to provide knowledge-based authentication

o   Validating IP addresses to look for discrepancies in IP addresses and block high-risk transactions from suspect geographies

o   Implementing multi-factor authentication that requires customers to validate their identity in multiple ways to reduce the possibility of tax refund fraud.

o   Creating an end-to-end fraud resolution process to assist affected customers in resolving fraud and restoring their identity.

o   Linking federal and state returns and requiring them to be filed simultaneously.”

 

 

https://www.scmagazine.com/home/security-news/intuit-the-company-behind-tax-preparation-software-turbotax-alerted-users-their-accounts-may-have-been-accessed-by-an-unauthorized-party/?utm_source=newsletter&utm_medium=email&utm_campaign=SCUS_Newswire_20190226&hmSubId=RrwUNdAp5W81&email_hash=cf927a89d56e7ff6abd5e6cf676080cf&mpweb=1325-6061-193133