Blog

Ransomware Outbreak

What happened?

A large number of computers around the world have been infected with the WannaCry Ransomware. It has been seen in over 70 countries and impacted thousands of computers. 

What is the risk?

Ransomware encrypts the data on your computer, making it impossible to recover without the key. To get the key, you must pay a ransom. In this case, the attackers are demanding roughly $300 USD. The ransomware works by exploiting a vulnerability in Microsoft Windows, a vulnerability that has been patched since March 2017 Read more about Ransomware Outbreak

Google Phishing Campaign

 

What Happened?

A large-scale phishing campaign was discovered yesterday, May 3rd. The objective of the attacker was to gain access to the victim’s Google account. The messages appeared to come from addresses known to the recipient.

What Is the Risk?

Within an hour, Google disabled the accounts associated with this attack. The phishing websites associated with the attack have been taken offline. For those users who clicked the link, logged into their Google account, and granted account permissions, Read more about Google Phishing Campaign

LastPass Security Updates

 

What happened?

Two vulnerabilities were discovered in the LastPass browser extension.

 

What is the risk?

In certain circumstances, these vulnerabilities could be used to steal passwords or run malicious code, though there have been no confirmed incidents of stolen data or passwords.

 

What has LastPass done? 

All versions of the LastPass browser extension have been updated to fix these vulnerabilities and are being pushed to clients. Instructions for checking your update Read more about LastPass Security Updates

Apache Struts2 Vulnerability

What happened?

A vulnerability has been discovered in Apache Struts2, a framework for providing application services through a web server. 

What is the risk?

When successfully exploited, this vulnerability gives a cyber attacker the ability to run commands on the web server running the affected software. Exploiting this vulnerability does not require sophisticated technical skill. Active exploits have been widely detected across the Internet. 

What is Harvard Information Security doing?

Harvard Information Read more about Apache Struts2 Vulnerability

Harvard Branded Phishing Campaign

What happened?

Phishing emails which may appear as official Harvard communications were sent to internal and external recipients. These messages encourage a user to click a link or download a file. 

What is the risk?

Clicking the link exposes the user to malicious code which may install malware on their computer. Once installed, malware provides an attacker access to files and passwords on the computer.

What can I do?

Click Wisely. Click only links and files that are expected, and only from people you trust. Read more about Harvard Branded Phishing Campaign

Yahoo Account Information Breach

What Happened?

In late 2014, state-sponsored hackers obtained account information (including names, phone numbers, security challenge questions with answers, and hashed passwords) for 500 million Yahoo accounts.

What is the Risk?

While the passwords exposed were hashed, weak or short passwords will be compromised over time by password cracking tools.

Despite the fact that Yahoo has invalidated them on their servers, exposed security questions and answers may be used to reset passwords for other Read more about Yahoo Account Information Breach

Dropbox Password Leak

While Dropbox is not approved for Harvard data, we realize many members of the community use it for personal data. For University data, you may use departmental shares or Harvard’s instances of Google Drive, OneDrive, and SharePoint.

What Happened?

A security incident at Dropbox in 2012 resulted in the breach of 60+ million email addresses and password has. Dropbox has forced password resets for affected users.

What is the Risk?

While the risk to Dropbox accounts has been removed by Dropbox’s password reset, any Read more about Dropbox Password Leak

Why do I Need Two-Step Verification?

This article describes the purpose of two-step verification at Harvard. For information on activating, configuring, and using two-step, visit the official HUIT page, http://huit.harvard.edu/twostep.

What is it?

Two-step verification is a security feature that allows you to approve account access using your mobile phone or other device. For HarvardKey, this feature is provided by Duo. When someone attempts to use your HarvardKey from a new device, you will be prompted to approve the login. Without Read more about Why do I Need Two-Step Verification?

LastPass Security Update

What Happened?

LastPass has been in the news recently after the disclosure of two vulnerabilities in the LastPass browser plugin. At this time, both vulnerabilities have been fixed. The first was disclosed and addressed a year ago. The second was disclosed and patched two days ago (July 26).

The more recent vulnerability potentially allowed an attacker to harvest passwords from LastPass users who visited a malicious website while using a FireFox browser and provided passwords to that site, directly or through LastPass’s form fill or auto login functionality Read more about LastPass Security Update

Harvard Targeted Phishing Campaign

Harvard Information Security has been made aware of a phishing email scam targeting the Harvard community. The attackers are posing as Harvard University representatives asking for account information, including HarvardKey credentials, and linking to a fake Harvard login screen. We believe the goal of this phishing attack is to access personal information including W-2s. Harvard Information Security is reaching out directly to any individuals who have been affected by this attack and we are taking other protective steps. 

Read more about Harvard Targeted Phishing Campaign