Monthly Archives: May 2013← Older posts
Using a single password for multiple sites may be a convenient practice, but it is not a safe one. Most IT security experts recommend using a different password for each online account to prevent hackers from gaining access to all … Continue reading
Many people have reported receiving the following email. Be aware that it is phish, and the email address firstname.lastname@example.org was spoofed. Do not open the accompanying attachment or reply to the message. Delete the message from your inbox. From: USC Admin <email@example.com> … Continue reading
Apple released the latest version of iTunes (11.0.3) today, which includes a number of important security fixes. The update addresses one vulnerability in the Apple OSX version, and forty-one vulnerabilities in the Windows version. For more information, see About the security … Continue reading
Today is Patch Tuesday for May 2013. Microsoft released ten security bulletins addressing over thirty vulnerabilities. One critical bulletin addresses a recently discovered “zero-day” vulnerability in Internet Explorer 8 and, if you are using that browser, should be installed as … Continue reading
Many people received multiple copies of the following phish. They came from multiple source email addresses. There are many signs that the message was illegitimate. The senders are non-USC addresses and were most probably compromised accounts since it does not … Continue reading
Another over-quota phish. We do not delete accounts that are over quota. And they did not even bother to change the text of their phish from their previous victim site, East Tennessee State University.
Another your-email-will-be-disabled-unless phish. Sent from a compromised account at another institution. The link goes to an obviously unrelated site. Typo in Subject.
Phishers used a compromised faculty account to send Phish 2013-05-08 #1 to other USC addresses. They managed to send about 100 before we detected and blocked it. Phishers often use this technique because it bypasses blocks of external sites and … Continue reading
Another phish sent to around 100 people this morning. We were only forwarded the body of the phish so we do not have full headers. Mail logs show that the claimed sender was MaryJane.Hahner.firstname.lastname@example.org. They put some effort into this because … Continue reading
Many people received the following phish this morning: There are many signs that the message was illegitimate. The basic premise, used by many phish, is flawed. Users never need to “upgrade their email account”. email/webmail ugprades occur on the server. … Continue reading