Current Non-Threats, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 04/08/2025

Posted on Apr 08, 2025Share on

Internet security showing a shield with a padlock surrounded by files, mobile devices, and other items to be protected online

Good morning, everyone.

This week I want to tell you about one current non-threat and a current threat. I also want to remind you about UT Vault 2.0 that will be released tomorrow.

Current Non-Threat

  • Whova (email)
    • This week I was asked about an mail that appears to be coming from Whova Team, <event-reply[@]whova.io>.
    • The subject is Validate your profile for <conference name>.
    • The message tells you that Whova is the official app of the upcoming conference you will be attending.
    • The message tells you that Whova has prepared a draft profile for you to help you network at the event more effectively.
    • The message tells you to download the Whova mobile app or access the event via the web portal and it give you instructions for signing up for a Whova account.
    • This email is legitimate.
    • I have attended multiple UT-sponsored conferences and they all have used Whova.
    • This app helps keep you notified about the agenda and speakers, but it also allows you to network with other attendees.
    • In addition to networking with others, there are many opportunities to gain points for networking and prizes may be given out at the end of the conference.

Current Threat

  • DropSend (email)
    • Near the end of the workday yesterday an email was sent out to several people in varying areas of UTIA.
    • The From address is Stefan Maupin <noreply[@]dropsend.com>.
    • The Subject is Proposal From Tennessee Soybean Promotion Board.
    • The message has a download link and the file name is Tennessee Soybean Proposal.pdf, but please do not click it.
    • This email has been verified as a phishing scam.
    • The problem is that users who have received the email probably know the sender.
    • The sender has let some people know that his account has been compromised and he is getting that remediated.
    • For some of you who saw the email shortly after it was sent, but found that it disappeared, it is because several users immediately reported it as phishing and the email administrators were able to promptly pull the email from everyone’s inboxes.
    • If you did click on the link, please change your password immediately by going to https://ds.tennessee.edu/passwords/ and choosing “Change your Password.”
      • This will ask you to log in with your NetID and password, then you can make the change.
      • It would be better to change it on a different computer than the one you were using when you logged in, if at all possible.
    • Once you change your password, you will need to run a full scan with Defender.
      • Go to the bottom right corner of the system tray (along the bottom of the screen), then click the “^” so you can click on the Windows Security shield.
      • A screen will appear that shows “Security at a glance” and you will see “Virus & threat protection,” so click on that.
      • The screen will now show you the last time a scan was run, as well as the date, time, and type of scan.
      • Click on “Scan options” here.
      • When the screen shows your options, click the button beside of “Full scan” and then click the “Scan now” button.
      • This scan will take longer than the Quick scan, but it will scan every file on the hard drive, instead of a limited selection, and you can continue to work during the scan.
      • If the scan finds threats, please let me know right away if Defender did not clean or contain them.
      • Even if nothing is found I highly recommend running another scan this week and one next week, just to make sure something wasn’t waiting in the background to start.

Upcoming Change *REMINDER*

  • UT Vault 2.0
    • Tomorrow, 04/09/2025, UTK’s Office of Innovative Technologies will be releasing a new secure file transfer service.
    • Also tomorrow, the current UT Vault service will be retired along with its current URL https://vault.utk.edu.
    • UT Vault 2.0 will have a new look and a new URL, https://utvault.tennessee.edu.
    • Please make sure that today you review any files you are presently sharing in the current UT Vault and download anything you need to keep.
    • Any files left in the current UT Vault will be deleted on April 09, 2025.
    • UT Vault 2.0 will continue to be one of the easiest and safest ways to share files with others who have a need to know.
    • UT Vault 2.0 will continue to encrypt data in transit and at rest.
    • One important change to note is that files will no longer remain available for 20 days with UT Vault 2.0, but will be available for only 14 days.
    • Another change is that with UT Vault 2.0, you will not be able to receive notifications when a message is opened like you can now, although this feature has been requested of the developer and may be added later.
    • Keep in mind that when you need to send an encrypted email via Microsoft Outlook, you may do that by simply adding the word encrypt to the subject line.

Thank you so much for all you do to keep the Institute’s data safe. I am always here whenever you have any questions or concerns and I certainly appreciate it when you let me know about potential threats.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know that address and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu