Current Non-Threats, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 05/13/2025

Posted on May 13, 2025Share on

Combination lock with a four-digit number

Hello, everyone.

This week I want to remind you all about a current non-threat. I also need to remind you about the upcoming change to logging into your Windows computer.

Current Non-Threat

  • DUO Change (email)
    • Yesterday everyone should have received an email from Matt Williams, the UTSA Enterprise Chief Information Security and Technology Officer.
    • The subject is Update to DUO Authentication Process.
    • The message tells you that on Thursday, May 15, there will be a change to the way DUO authentication works.
    • Instead of receiving the usual push notification, on Thursday users will be given a three-digit code on their computer screens.
    • That three-digit code will then be entered in the DUO mobile app to complete the authentication process.
    • The reason for this change is due to the increasing numbers of phishing attacks exploiting the push notification method.
    • The current method allows a hacker to catch users off-guard by sending numerous push notifications requests causing users to accidentally approve a push notification, allowing the hacker to gain access.
    • Once a hacker has gotten that notification approval, it will allow them to change notifications to go to their own phone.
    • This new process is more secure and will greatly reduce the risk of unauthorized entry.
    • Remember to never share your authentication codes.
    • Also remember to only approve DUO requests when you are actively logging into an account that requires DUO authentication.
    • If you receive a code that you did not expect, do not enter it!
    • This will work with both Apple and Android watches by entering the three-digit code on your watch.
    • Please note that the hardware tokens will not be affected by this change.
    • If you did not get Matt’s email that included screenshots of the process, please let me know if you want it and I will forward it to you.

Current Threat

  • Health Advisory (phishing email)
    • The sender appears to be an actual UT employee, but the sender has no ties to anything with health and/or safety and is often located on another campus.
    • The subject is Advisory for All Staff, but will vary.
    • The email’s content tells you about monitoring and tracing efforts concerning an outbreak and goes on to say there are infected people at UT who have given a list of contacts.
    • The email may say that all staff members are required to complete a verification process to determine potential exposure and includes a link.
    • Please DO NOT click on the link, as it is not real.
    • If you hover over the link, you can see that it has nothing to do with UTK or HPAI tracing.
    • It also gives an email address for “utkcare@utk.edu” (this too will vary) but the address does not exist within the UT system and when you hover over it, the actual address has nothing to do with UT.
    • Finally, the email is signed by someone not associated with UT, although they claim to be.
    • But always remember that these kinds of health notices are not legitimate.
    • The names are always off and so is the department name and email.
    • The University cannot share information about specific people and their health conditions, so if you see a link that says you can click it to find out names, this is a definite sign it is not real.
    • You know you can always forward the email to me and I will check it out.
    • And as soon as you know it is a scam, please report it to OIT.
    • For details on reporting phishing or junk emails, see Reporting Phishing Attempts & Junk Email.

Important Information

  • Computer Login Change *REMINDER*
    • On 05/21/2025, UTK’s Office of Innovative Technologies Information Security team will implement a new secure login for all UT-owned and grant-funded computers.
    • When you start your Windows computer or activate it from sleep mode, you will have to start the login process by entering Ctrl+Alt+Delete on your keyboard.
    • I know you are familiar with using Ctrl+Alt+Delete to lock your computer screen, but on 05/21, this will also activate the login process from a locked computer.
    • By using this secure login process it will ensure that this is the only allowed login and no redirect can take place that could cause a compromise of your credentials.

I appreciate you all so very much and I am here for you any time you have any questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know that address and I can include it. I do this as a blind copy so student names and addresses will not show up!

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu