· Virus Alert - Hackers resort to ‘sick’ kidnap spam. Hackers are claiming they have kidnapped children in a bid to infect PCs with a Trojan Horse virus, said security firm Sophos. The security firm is warning users that emails entitled ‘We have hijacked your baby’ are being sent to Web users around the globe. As well as asking for a US$50,000 ransom for the ‘release’ of the child, the messages also contain an attachment supposed to be a photograph of the child. Instead the file actually contains a deadly Trojan Horse that will steal personal information. Source: http://www.pcworld.idg.com.au/index.php/id;1663778139
· Think Twice Before Opening That Email Attachment...This is a reminder to all email users to use caution when opening an email attachment. Though LMU’s email spam filter catches nearly 90% of all spam and email-based viruses, some do get through. Therefore, users should resist the urge to open attachments from emails especially if any of the following themes appear:
· Trend Micro Virus Clean Tool
· UPS Packet Service
· Simpson’s Movie
· Luke Perry stabbing
· Antivirus XP 2008
Furthermore, users should be aware of malicious links that may be in the body of an email message. Use extreme caution when clicking on links in your email. Remember the phrase “Think twice, Click once!” Some recent malicious email subject lines have included:
· Yahoo sold to Microsoft, record price
· Bush Down to 8 Friends on Myspace
· Al Qaeda Reports Declining Revenues in Fiscal ‘08
These tips and many others are available through the Security Awareness course taught by LMU’s Director of Information Security and Compliance through LMU’s HR technology workshops. Registration is available online at http://www.lmu.eduhttp://www.lmu.edu/about/services/hr/landd/Workshops__Technology.htm. For those wishing to review the online Security Awareness course, it is available at http://blackboard.lmu.edu.
· Password Protection Reminder. Under no circumstances should users disclose their passwords to anyone especially through email. It has come to our attention that some colleges and universities are experiencing targeted spam emails, also known as spear phishing, requesting users to send their email user ids and passwords in a reply email. The emails appear to originate from their respective campus Information Technology Services (ITS) department and provide a false context for the department requiring users to provide their email account credentials.
Loyola Marymount University has not received any of these types of emails at this time; however, the LMU ITS department wants to remind the campus community that the IT department will not ask users to provide their passwords in person, over the phone, or in an email. Furthermore, passwords can always be reset safely in Manegate (http://manegate.lmu.edu) or by using the change password command on Windows-based computers accessible by pressing the Ctrl-Alt-Delete buttons and clicking on the Change Password button.
As a reminder, passwords are required to be changed every 180 days with the exception of Oracle Finance passwords, which must be changed every 30 days.
If anyone ever asks you to disclose your password, please contact David Meske, Director of Information Security and Compliance at 310.338.5246 or secureit@lmu.edu.
· Security Awareness Training 2008
Click the link below to view information regarding Training Sessions.
Information Security Training Spring 08
· Information Security Awareness course now available for faculty and staff. The Information Technology Services Department has recently developed an online information security awareness course for LMU faculty and staff. The course provides an overview of the types of data to protect from unauthorized users and provides information on general safe computing practices. The LMU Information Security Awareness course is available in Blackboard at http://blackboard.lmu.edu. Faculty and staff can use their Manegate userid and password to log in. To complete the course, choose the LMU Information Security Awareness course from the list of available courses listed on the right. Certificates of completion will be provided to those that complete the quiz with an 80% or better.
For technical assistance with this course, contact the ITS helpdesk at x87777. Questions regarding information security can be addressed to secureit@lmu.edu or directly to David Meske, Director of Information Security and Compliance at dmeske@lmu.edu or x85246.
· Peer-to-Peer (P2P) Applications cause data leak for mortgage company. A mortgage company employee with a P2P application called Bearshare inadvertently shared three spreadsheets containing more than 5,000 Social Security numbers and other details about customers. This is a reminder that staff should not use P2P applications on computers containing Non-public Personal Information (NPI). If you handle social security numbers, driver’s license numbers, or student data such as grades, etc on your computer, do not use P2P applications unless it is for academic use only. (iTunes is not considered a P2P application) If you have any questions about P2P applications, please contact David Meske, Director of Information Security and Compliance at dmeske@lmu.edu or x85246.
· USB hard drives - Do not store non-public personal information especially educational records on USB drives. Lost and stolen USB drives and laptops are becoming a major reason for reported security breaches and data loss in the United States