Current Non-Threats, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 10/02/2025

Posted on Oct 02, 2025Share on

shadow of a man in front of a cybersecurity emblem

Good afternoon, everyone.

Today I have one current non-threat to remind you about and I have one recent threat that I want to discuss. And once again, I need to remind everyone that Windows 10 end of support is just 12 days away.

Current Non-Threat

  • UT Employee Survey (Reminder)
    • It’s time for the University of Tennessee 2025 Engagement survey.
    • You should receive an email from McLean & Company <survey@mcleanco.com>.
    • The subject is Please Respond: University of Tennessee Employee Survey or Reminder – Please Respond: University of Tennessee Employee Survey.
    • The survey is again being administered by McLean & Company on behalf of UT System.
    • On 09/18, UT System sent two emails about the survey, with the second one clarifying that only UT staff, not faculty, will receive this year’s survey.
    • The survey closes on 10/07/2025 at 11:45pm EDT.
    • The link provided is a personal link intended only for the recipient and should not be shared, as everyone receiving the email will have their own link.
    • As always, I recommend hovering over the link, right-clicking and choosing Copy Hyperlink, then pasting the link into your browser.

Current Threat

  • Zoom Bombing
    • Last week we had a Zoom bombing incident that occurred during a meeting that was offered to both internal and external participants.
    • I have not been notified of any new Zoom bombings since 2022, when these terrible acts were happening frequently.
    • Due to global negativity and hateful rhetoric, the digital landscape once again is used to disrupt normal activities by those who want to drive such negativity.
    • Zoom bombing became prominent during COVID-19, while everyone was working remotely and Zoom meetings became the new norm.
    • Today we are still using Zoom to include more people in our work- and school-related discussions, but bad people are once again using the platform to display inappropriate and hateful content.
    • It may seem like a prank, but there is often no way of knowing if someone in or something about the meeting is specifically being targeted.
    • Please know that Zoom bombing is considered a hate crime if both of these things have been done:
      • An underlying crime: Zoom bombing is not a hate crime by itself but can involve other crimes, such as threatening communications, computer intrusion, or disruption of a public meeting.
      • Bias motivation: The perpetrator must be motivated, in whole or in part, by bias against the victim’s actual or perceived:
        • Race
        • Religion
        • Disability
        • Sexual orientation
        • Ethnicity
        • Gender or gender identity 
    • If you are hosting a Zoom meeting or session, there are several things you need to know.
      • Always designate someone as the co-host so they can keep an eye on activity during the course of the Zoom meeting or session.
      • Strongly consider using the Waiting Room option, choosing “Everyone” to be in the waiting room until the host or co-host allows them in.
      • If someone has registered for the meeting, but their information is “off” you don’t have to allow them into the meeting.
      • Require a passcode when scheduling new meetings.
      • Require a passcode for participants joining by phone.
      • Allow only the Host to be able to screen share.
      • If a participant needs to be removed from the meeting, hover over the participant’s name and choose “Remove” from the options.
    • If your session was a part of a Zoom bombing, please make sure you do the following as soon as possible:
      • Notify me by emailing sandy@tennessee.edu and including the following information:
        • Meeting ID
        • Session and time of session
        • Attendees list, including email addresses (this should all be in the registration information)
        • Description of what happened, including chat log if possible, so I can work with the UTK Zoom administration team.
      • Contact UTPD’s non-emergency line at (865) 974-3114, to report the crime.
        • Make sure you provide UTPD with the content used (refer to the information above about what is considered a hate crime) or they will not investigate.
        • Law enforcement does require that the person involved, usually the host, contact them.
        • UTPD will likely ask for the same information you gave me (above).
        • UTPD may do the investigation, or they may turn it over to other law enforcement based on the details.
      • File a complaint with IC3, the Internet Crime Complaint Center, which is the FBI’s central hub for reporting cybercrime.
    • You can find more information specific to Zoom in the UTIAsecurity knowledge base by going to https://utiasecurity.tennessee.edu/tag/zoom/.
    • I am currently working to update the UTIA Best Practices for Zoom Meetings since many of OIT’s processes have changed or no longer exist, and the settings in Zoom are different now.

Important Reminders

  • Windows 10 End-of-Support Is Almost Here
    • Windows 10 is officially reaching end of support on October 14, 2025.
    • After this date, Microsoft will no longer provide free software updates, technical assistance, or security patches for Windows 10.
    • Without these updates and security patches, your computer will become more vulnerable to all security threats.
    • If you are using a PC, to find which version of Windows you are using, do the following:
      • Go to the Search box on the taskbar (right beside of the Start button) at the bottom of your screen.
      • In the box, type winver and click Enter.
      • A window will then show what version you are running.
    • If you are still running Windows 10 you need to upgrade to Windows 11 soon.
    • If you are with the UT College of Veterinary Medicine, the CVM Support group will help you will this.
    • If you are with UT Extension or UT AgResearch and Education Centers across the state, your regional IT staff will help you with this.
    • If you are located on the Knoxville campus or one of the Knoxville-area locations that gets assistance from the UTK OIT Desktop Support, please call (865) 974-9900 to request help.
    • This upgrade must be done before 10/14/2025.
    • If you have a computer that is out of warranty, it is likely too old to allow Windows 11 to be installed.
    • Please remember that UTIA UT01xx – System and Services Acquisition Standard states that the Institute has a technology refresh schedule of a maximum of five years for replacing hardware, which is in place due to older systems not being able to be updated and secured properly.
    • Security Awareness Training and TSU Employees
      • While all UTIA employees and many TSU employees have been assigned the 2025-2026 UTK Compliance Training that is required of all employees on an annual basis, I have been asked by several TSU employees why they don’t have the assignment.
      • When UT HR decided to include the IT Security Awareness Training as a part of the overall annual compliance training a couple of years ago, I no longer have “ownership” of that specific training, which means that I cannot assign it to individuals as I used to.
      • I have contacted EESD and UT System Employee Engagement and Organizational Development (EEOD) to see when the assignment would be made for the TSU employees who have not gotten it.
      • EEOD told me a couple of weeks ago that it had been assigned, but I have found that there are still people who do not have the training assignment.
      • If you have not gotten the assignment yet, you can email uteod@tennessee.edu to tell them you need the assignment, or you can contact me and I will be more than happy to pass the information along.
      • I cannot thank you all enough for asking about it!

    Thank you for all you do to protect the Institute and its data, students, employees, clients, and yourself. Please let me know anytime you have any questions or concerns.

    Sandy

    Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!

    Sandy Lindsey
    Chief Information Security Officer
    Information Technology Services
    The University of Tennessee
    Institute of Agriculture

     

     

    G061​ McCord Hall
    2640 Morgan Circle Drive
    Knoxville, Tennessee, 37996
    Phone: (865) 974-7292; (865) 806-5224
    sandy@tennessee.edu