University of Southern California

Author Archives: Robert

← Older posts

“ITS Administrative Support” phish

Posted on by Robert

Many people received the following phish. Signs that this is not a legitimate email: It was sent from a non-USC address: dorismacdonald@conejousd.org. It is not our standard password expiration warning. The target link is not a USC site: hxxp://helpdesksecure.moonfruit.com/ We … Continue reading

Posted in Phishing |

Malware spam with subject “Invoice”

Posted on by Robert

Many people received the following email. The original malicious payload was replaced with the file “Replacement.txt” but the message was still delivered instead of quarantined. We are working with the department that runs the originating email server to resolve this … Continue reading

Posted in Malware |

Fake UPS/FedEx/DHL email

Posted on by Robert

Every year around this time, we see a significant increase in the volume of fake email claiming to be from UPS, FedEx, DHL, etc. Please examine these messages carefully before opening/saving an attachment or clicking on a link. The attachments … Continue reading

Posted in Hoaxes, Malware, Phishing | Tagged , ,

Bash Vulnerability

Posted on by Robert

A new vulnerability has been announced that may allow an attacker to run arbitrary commands on your server. This may result in loss of protected or sensitive data and/or service disruption. The easiest targets for a remote attacker are web … Continue reading

Posted in Malware, Security Breach | Tagged , , , ,

TrueCrypt is insecure

Posted on by Robert

The anonymous developers of TrueCrypt warned yesterday¬†“Using TrueCrypt is not secure” and that “the development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.”¬†They recommend using BitLocker on Windows and provide directions to migrate from TrueCrypt … Continue reading

Posted in Encryption, Security Updates | Tagged ,

eBay hacked

Posted on by Robert

eBay announced today that their internal and customer databases were compromised about two months ago. Names, addresses, birth dates and encrypted passwords were stolen. They will start prompting all of their users to change their passwords. See links for lifehacker, … Continue reading

Posted in Security Breach | Tagged

Heartbleed – vendor updates 2014-04-17 10:56

Posted on by Robert

Below is a partial list of vendors that have released updates to address the Heartbleed vulnerability.
This list will be updated as more information becomes available. Continue reading

Posted in Security Updates | Tagged

Server certificates and Heartbleed

Posted on by Robert

Cloudflare, a large web-hosting company, has a very detailed article on how server certificates are not (in the real world) extractable using the Heartbleed bug: http://blog.cloudflare.com/answering-the-critical-question-can-you-get-private-ssl-keys-using-heartbleed They set up a test server and challenged anybody to obtain the private key. … Continue reading

Posted in Password Security, Recommended Reading, Security Updates | Tagged

“IT Service” phish 2013-11-09

Posted on by Robert

Many people at USC received the following phish. There are several signs that this was not a legitimate message: Many grammatical errors. Exceeding your mail quota will prevent new mail from being delivered, but does not require a password/account reset. … Continue reading

Posted in Phishing |

Phish 2013-05-11 #1

Posted on by Robert

Many people received multiple copies of the following phish. They came from multiple source email addresses. There are many signs that the message was illegitimate. The senders are non-USC addresses and were most probably compromised accounts since it does not … Continue reading

Posted in Phishing | Tagged

← Older posts