University of Southern California

Monthly Archives: May 2013

← Older posts

Password Management Tools

Posted on by mbordas

Using a single password for multiple sites may be a convenient practice, but it is not a safe one. Most IT security experts recommend using a different password for each online account to prevent hackers from gaining access to all … Continue reading

Posted in Password Security, Recommended Reading | Tagged

Phish 2013-05-28

Posted on by mbordas

Many people have reported receiving the following email.  Be aware that it is phish, and the email address uscadmin@usc.edu was spoofed. Do not open the accompanying attachment or reply to the message.  Delete the message from your inbox.   From: USC Admin <uscadmin@usc.edu> … Continue reading

Posted in Phishing | Tagged

Security Updates for iTunes

Posted on by mbordas

Apple released the latest version of iTunes (11.0.3) today, which includes a number of important security fixes.  The update addresses one vulnerability in the Apple OSX version, and forty-one vulnerabilities in the Windows version.  For more information, see About the security … Continue reading

Posted in Security Updates | Tagged , , ,

Patch Tuesday Roundup for May 2013

Posted on by mbordas

Today is Patch Tuesday for May 2013. Microsoft released ten security bulletins addressing over thirty vulnerabilities. One critical bulletin addresses a recently discovered “zero-day” vulnerability in Internet Explorer 8 and, if you are using that browser, should be installed as … Continue reading

Posted in Patch Tuesday, Security Updates | Tagged , , ,

Phish 2013-05-11 #1

Posted on by Robert

Many people received multiple copies of the following phish. They came from multiple source email addresses. There are many signs that the message was illegitimate. The senders are non-USC addresses and were most probably compromised accounts since it does not … Continue reading

Posted in Phishing | Tagged

Phish 2013-05-08 #5

Posted on by Robert

Another over-quota phish.  We do not delete accounts that are over quota.  And they did not even bother to change the text of their phish from their previous victim site, East Tennessee State University.

Posted in Phishing | Tagged

Phish 2013-05-08 #4

Posted on by Robert

Another your-email-will-be-disabled-unless phish. Sent from a compromised account at another institution. The link goes to an obviously unrelated site. Typo in Subject.

Posted in Phishing | Tagged

Phish 2013-05-08 #3

Posted on by Robert

Phishers used a compromised faculty account to send Phish 2013-05-08 #1 to other USC addresses.  They managed to send about 100 before we detected and blocked it. Phishers often use this technique because it bypasses blocks of external sites and … Continue reading

Posted in Phishing, Security Breach | Tagged ,

Phish 2013-05-08 #2

Posted on by Robert

Another phish sent to around 100 people this morning.  We were only forwarded the body of the phish so we do not have full headers.  Mail logs show that the claimed sender was MaryJane.Hahner.2@nd.edu. They put some effort into this because … Continue reading

Posted in Phishing | Tagged

Phish 2013-05-08 #1

Posted on by Robert

Many people received the following phish this morning: There are many signs that the message was illegitimate. The basic premise, used by many phish, is flawed.  Users never need to “upgrade their email account”.  email/webmail ugprades occur on the server. … Continue reading

Posted in Phishing | Tagged

← Older posts