Changes to the Information Security Webpage (09/11/2019)
The Information Security department has redesigned the main page and streamlined navigation for easier information lookup. The items that were previously in the left sidebar have been moved and organized into modules on the homepage. The modules are as follows:
- Breach & Incident Response – This page contains information about how to report a security incident such as lost or stolen CSUN-owned devices, unauthorized or accidental disclosure of Level 1 and 2 data, and Identity Theft. Selecting the “Submit a Security Incident Response” button will direct you to a form. Please complete this form in the event of a security incident.
- Security Awareness Training – This page contains information, tips, and guides on how to access the mandatory security awareness training for staff and faculty.
- Anti-Phishing – This page features tips and guides on how to identify, report, and prevent phishing attempts. Please take 30 seconds to watch the FBI video on phishing emails.
- Risk Management – This page contains information about CSUN Risk Assessments and walks the user through the entire process. Information such as what is risk assessment and when it is required is also made available.
- Vulnerability Management – This page contains information about the CSUN Vulnerability Assessments and walks the user through the entire process. Information such as what is vulnerability assessment and when it is required is also made available.
- Policies & Standards – This page contains a table with links to every CSU and CSUN Information Security policy, standard, procedure, and guideline. Access forms such as Administrative Access and USB Exception and other resources related to our policies can be found here.
- Tips & Guides – Access information for securing your personal and school devices, as well as learn about ransomware, copyright, certificates (SHA-2 and Intermediate), and other Information Security topics.
- Security Blog – Access past security alerts and security articles.
Please contact the Information Security office at (818) 677-6100 or send an email at iso@csun.edu for any further inquiries.
Back to School Security Tips (08/16/2019)
Typical Scams in the beginning of the year:
- Phishing email containing “important information about your CSUN account,” or “problems with your enrollment” or “problems with financial aid”
- Scams specifically designed to cheat students out of money, such as scholarship scams, fake “tuition payment processors”, textbook rental or book-buying scams, housing scams, tutoring scams, and work-from-home scams
- Tech support call scams impersonating “the CSUN Help Desk”, Microsoft, Apple, etc. telling you there’s a problem with your computer
- IRS impersonators demanding that students or their parents wire money immediately to pay a fake "federal student tax"
- Messages with links to fake login pages, some containing CSUN logos.
- Messages asking for your login information. CSUN will never ask for your password.
- Fake friend requests on Facebook, Instagram or other social media
- Fake Box, DocuSign, Adobe Sign or Google Doc notices.
How to keep your information safe:
- Always think twice before clicking on links or opening attachments, even if they look like they're from someone you know. If you’re not sure, contact the sender by a method you know is legitimate to confirm they sent it.
- Don’t trust contact information in suspicious e-mails or phone calls.Google the establishment and continue communication using the information you find. If you’re on the phone, hang up and call them back.
- Approach unexpected messages, offers, and phone calls with a healthy skepticism.
- Use a long, unique password for every account that matters. Reused passwords are a hacker’s dream. Site breaches like Facebook, Roll20, and Instagram’s take your login information and dump it on the dark web. 8-character passwords can be cracked by a hacker in a few minutes, while a 25-character password would take that same hacker centuries. The longer the password, the more possible combinations there are to consider.
- Use a password manager. Password managers can randomly generate long, unique passwords and remember them for you. It can save all of your passwords so you only have to remember one, strong password to log in to the app or plug-in.
CSUN will be implementing multi-factor authentication (MFA) for students this year. Look for announcements.
Additional Information About Specific Scams:
Info from the IRS about fake "federal student tax" (from 2016, still relevant)
Tuition payment processor scams (from 2016, still relevant)
Fake login page scam specifically targeting university login pages
CamScanner App Discovered to be Trojan Malware (08/28/2019)
An app in the Google Play store was discovered to be Trojan malware. Trojan malware is a malicious program that disguises itself as something harmless or useful, so the user believes that the app is safe to provide sensitive information and access. CamScanner was considered a useful scanning and document management app and had been downloaded 100 million times before it was discovered to be a Trojan. An update to the app contained malicious ads that opened vulnerabilities. The developers of CamScanner are able to download and execute programs without restriction on the infected devices. Since the discovery, Google has removed the CamScanner app from its app store. If you still have the app downloaded, it is highly recommended that you uninstall the application.
As a rule of thumb, always read reviews and research the app before downloading it. Be cautious of permissions the app is requesting for use of microphone, contacts, camera, etc.
Source: IBTimes
Ransomware Attacks on Government Systems (08/23/2019)
In the past few months, state and local government agencies have been hit with targeted ransomware attacks. Ransomware is a malicious software that blocks access to a computer’s system or files so an attacker can demand “ransom” or money for it to be unlocked. Sometimes the ransomware can be disguised as an anti-virus software that won’t “remove viruses” until a sum is paid. New types of ransomware are discovered every year.
Local and state governments have been incidental victims of ransomware in the past, however this appears to be the first time where a string of them have been specifically targeted. Hackers are actively looking for vulnerabilities in government systems, and the number of government targeted ransomware is on the rise.
Some tips to protect yourself from ransomware:
- Be wary of e-mail attachments from unfamiliar sources. If you are asked to “enable macros” to view attachments from an unknown source, delete the e-mail.
- Back up data with an external drive or cloud service.
- Keep software updated, including your operating system. Outdated systems and software are most vulnerable to attacks.
- Don’t pay the ransom. Ransomware attackers are criminals, so there is no guarantee they will unlock your device or give back your information after they are paid. They may ask you to pay another sum, and another, and then never release your data.
- Contact the authorities. Call the Information Security Office at (818) 677-6100 and your local FBI office.
For more information, please refer to our Ransomware page.
Source: Threatpost
Back to School Security Tips (08/16/2019)
Typical Scams in the beginning of the year:
- Phishing email containing “important information about your CSUN account,” or “problems with your enrollment” or “problems with financial aid”
- Scams specifically designed to cheat students out of money, such as scholarship scams, fake “tuition payment processors”, textbook rental or book-buying scams, housing scams, tutoring scams, and work-from-home scams
- Tech support call scams impersonating “the CSUN Help Desk”, Microsoft, Apple, etc. telling you there’s a problem with your computer
- IRS impersonators demanding that students or their parents wire money immediately to pay a fake "federal student tax"
- Messages with links to fake login pages, some containing CSUN logos.
- Messages asking for your login information. CSUN will never ask for your password.
- Fake friend requests on Facebook, Instagram or other social media
- Fake Box, DocuSign, Adobe Sign or Google Doc notices.
How to keep your information safe:
- Always think twice before clicking on links or opening attachments, even if they look like they're from someone you know. If you’re not sure, contact the sender by a method you know is legitimate to confirm they sent it.
- Don’t trust contact information in suspicious e-mails or phone calls.Google the establishment and continue communication using the information you find. If you’re on the phone, hang up and call them back.
- Approach unexpected messages, offers, and phone calls with a healthy skepticism.
- Use a long, unique password for every account that matters. Reused passwords are a hacker’s dream. Site breaches like Facebook, Roll20, and Instagram’s take your login information and dump it on the dark web. 8-character passwords can be cracked by a hacker in a few minutes, while a 25-character password would take that same hacker centuries. The longer the password, the more possible combinations there are to consider.
- Use a password manager. Password managers can randomly generate long, unique passwords and remember them for you. It can save all of your passwords so you only have to remember one, strong password to log in to the app or plug-in.
CSUN will be implementing multi-factor authentication (MFA) for students this year. Look for announcements.
Additional Information About Specific Scams:
Info from the IRS about fake "federal student tax" (from 2016, still relevant)
Tuition payment processor scams (from 2016, still relevant)
Fake login page scam specifically targeting university login pages
Google Play Store Apps and Malware (08/14/2019)
Many apps in the Google Play Store (app store for Android phones) are actually malware or are bundled with malware. These apps have been downloaded and installed more than 100 million times. The malware is hidden or bundled with common apps such as dictionaries, online maps, audio players, and bar code scanners. The suspected app is developed with such sophistication that a user is unable to identify apps that contain malware from legitimate apps. The malware is designed to start its attack approximately 8 hours after the app launch. Google also found that millions of Android phones come with pre-installed malware posing as legitimate apps. These apps download other apps and plug-ins in the background without the phone owner’s permission, send costly text messages, and generate ad fraud.
In an attempt to fight malicious apps, Google has developed and built Google Play Protect. Play Protect regularly checks the apps and device for harmful behavior, and if any security risks are found, it will notify the phone owner. For more information on how to use Google Play Protect refer to the Google Help Page.
How to Protect my Phone:
- Make sure that Google Play Protect is enabled.
- Only download apps that have the “Verified by Play Protect” tag.
- If there are any pre-installed applications on your device that you don’t need or find suspicious, uninstall or disable them. Be careful to not uninstall or disable any Android operating system services, as this can cause your phone to not function properly. Research the app/service name before you disable or uninstall.
- Understand what you are giving permission to. When you first install an app, it will most likely request permission to access phone components such as camera, location, microphone, and storage. If a calculator app is requesting permission to access your phone camera, then that is a red flag.
- Always keep your phone up to date with the latest updates. These updates can contain monthly security updates.
Getting Started in Cybersecurity (08/9/2019)
Have an interest in information security and not sure where to start? Certificates are a great way to get your foot in the door. There are several road-maps online that detail what order you should complete the training courses for your desired cybersecurity path, but one thing each path has in common is that you should start with the beginner CompTIA Security+ certificate.
Security+ evaluates baseline, hands on security and network skills needed to start in the IT and Security industry.
CSUN offers free access to LinkedIn Learning (formerly Lynda.com) which offers CompTIA resources. There are a variety of courses and learning plans offered by contributors to help you figure out your path and get started. Affordable books for CompTIA prep can also be found on Amazon.
Other ways to expand your knowledge:
- Join Layer8 – CSUN's Cybersecurity club that offers lectures, courses, and participates in competitions like CCDC
- Apply for a job – There are on-campus and off-campus opportunities for jobs and internships in Information Technology
- Study at home – Set up a lab at home with virtual machines, watch YouTube videos, and follow industry professionals on Twitter
- Participate in beginner cybersecurity competitions – National Cyber League offers registry yearly. The competition is beginner friendly and has training and learning opportunities.
Emails Impersonating Staff and Faculty (8/7/2019)
CSUN continues to be targeted by phishing emails due to compromised accounts. Phishing is the fraudulent act of impersonating a well-known establishment or contact to obtain personal information such as passwords and credit card numbers. The most recent phishing attempts at CSUN are emails impersonating a member of staff or faculty, offering a paid job or an internship. As soon as Information Security is informed of the fraudulent emails, the compromised account of the faculty or staff is suspended and the compromised account holder's password is reset.
Phishing e-mails impersonating staff typically have the following characteristics:
- Poor grammar and spelling
- Vagueness
- E-mail address and name of sender are inconsistent
- Offers that seem too good to be true
- Request to continue correspondence elsewhere (asked for personal e-mail, home address, phone number)
If you receive a suspicious e-mail, forward it to abuse@csun.edu to ensure we take the appropriate steps. If you were a victim of fraud that resulted from the compromised account, please contact the CSUN Department of Police Services at (818)-677-1200. Please also refer to our phishing page for more examples and tips on avoiding e-mail scams.
Equifax Breach Settlement (07/30/2019)
The Equifax Data Breach of 2017 involved hackers accessing client information like social security numbers and driver’s license. If your personal data was among those exposed, you may now get back money spent on services purchased to protect yourself from identity theft, like credit monitoring services. Payouts are capped at 20,000 per person and credit monitoring services alone can have a claim filed to receive up to $125. The deadline to file a claim is 01/22/2020.
To submit a claim:
- Check to see if your information was impacted by the security breach. You will need to provide your last name and the last six digits of your SSN.
- File a claim on the Equifax Data Breach Settlement page. Multiple claims may be submitted.
- Gather documents showing proof of expenses lost due to the breach and other relevant information or losses, including protection services paid for, fraudulent charges, and freezing accounts.
Zoom Video Conference Software Vulnerability (07/10/2019)
Two vulnerabilities in the Zoom video conference software have been discovered, which if exploited affects a user’s privacy. A hacker can disguise a Zoom video conference link with a website URL or include it within an advertisement. When clicked on, it will forcibly join the user to the hacker’s call without their permission. When users connect to the hacker’s call, it will also automatically enable the user’s video camera. Another vulnerability allows a hacker to perform a local Denial of Service (DoS) attack that affects the user’s ability to use their machine by sending them an endless number of meeting requests. Deleting Zoom software does not fix the issue because the uninstallation process does not remove all the Zoom components (local web server) from the computer.
Am I Affected?
Mac users running Zoom software version 4.4.2 or earlier are affected. If you have previously installed and uninstalled Zoom software, your computer will still have the Zoom local web server installed, which can reinstall the Zoom software without any interaction from you besides clicking on the malicious URL.
What Should I Do?
- Make sure your Zoom software is the latest version. Versions prior to 4.4.2 are affected. A CSUN-owned device that is managed centrally by IT will automatically receive an update. All personal computers should be updated manually to the latest version. You can download the latest version from the Zoom Downloads page.
- Check the “Turn off my video when joining a meeting” option from Zoom settings. This will disable the video camera when you join a meeting until you give Zoom permission to access your camera.
More information about the vulnerability is available at the Zoom Blog and the Medium page. If you need assistance with updating your Zoom application please contact the IT Help Center.
World Password Day (05/02/2019)
May 2nd is known as World Password Day—a day to raise awareness of the importance of strong login credentials. However, passwords in general are no longer a secure way to protect your accounts. Here is why:
Too many easy, reused passwords - Passwords are needed for almost everything, meaning we must keep track of several unique combinations of letters and symbols. A common solution to this task is making something easy to remember and reusable. "123456," "123456789," "qwerty," and "password" remain the most popular password choices. More than 50% of users rely on the same password across multiple accounts. Reusing passwords leaves you vulnerable to Credential Stuffing: an attack where previously breached username and passwords are used to gain access to multiple websites where the user has the same credentials. It is one of the most common techniques to take-over user accounts.
Phishing attacks - Phishing, fake e-mails that impersonate a known business and urgently request you verify your credentials, remains the leading method of attack. CSUN has had several instances of attackers attempting to hijack student accounts through impersonation. For more about Phishing attacks, refer to our information page on Fraud E-mails.
Corporate negligence - Every year there are cases of compromised accounts due to corporate negligence. Big companies like Facebook, who compromised millions of Instagram passwords just this year, are not immune. Billions of e-mails and millions of passwords are stored on hacker forums.
Protect your account by looking out for phishing attacks, setting up multi-factor verification when available, and using a password manager. Password managers are a secure way to store and autofill all of your credentials with one master password. They can even generate strong, unique passwords for the user that they never need to memorize.
If you think your data may be compromised, please file an Incident Report with Information Security.
Fraudulent Email from Wells Fargo (04/01/2019)
An email from Wells Fargo Advisors was received by some campuses on April 1st 2019. The email message indicated that there is a security update and requires the email recipient to click on the link provided in the email, to update their information to keep the account active.
If you receive an email from Wells Fargo Advisors, do not click on any links in the email. If you feel the need to contact Wells Fargo, please do not use the phone number listed in the email. Instead, visit www.wellsfargo.com directly and call the customer service number listed on the website.
This email is a phishing scam that attempts to lure users to click on a link and give up their information. For more phishing examples, visit the Phishing Examples page.