This Week’s Cybersecurity News, 01/25/2023

Share on

Happy Data Privacy Week 2023! We used to have Data Privacy Day, but there is so much to focus on when it comes to privacy this has become the National Cybersecurity Alliance’s second annual Data Privacy Week. This is an international event focusing on protecting data privacy across sectors. Throughout the Institute of Agriculture we have so many state and federal regulatory compliance requirements when it comes to protecting data and our stakeholders’ privacy. Please stay aware and keep protecting!

This week I have a few non-threats and threats, some of which we have seen in the past, but they return often and at different times of the year. There are also some Apple updates you need to be sure you have.

Current Non-Threats

  • Gallup Survey
    • On Monday evening I sent an email about this one, but wanted to include it here.
    • The sender is Gallup <noreply@qemailserver.com>.
    • The subject is Invitation: UT Knoxville – Gallup Campus Survey
    • The email says Gallup and UT Knoxville would like to invite you to take an important survey about your experience at UTK.
    • This email and survey are legitimate.
    • On 01/19, President Randy Boyd sent an email letting everyone know the survey was going to be sent this past Monday.
    • If you have questions or concerns, UITK’s Office of Information Technology has recommended that you contact the President’s Office.
    • The phone number is (865) 974-2241.
  • Retirement Emails
    • There are various emails that circulate regarding retirement.
    • This external sender is one that I can verify as a legitimate sender.
    • The email is from University of Tennessee Benefits Team+ALEX <reply@meetalex.com>.
    • This email is legitimate and has been sent on behalf of UT Benefits.
    • I am not giving a subject at this time because it varies greatly.
    • If you get one of these emails and you have questions, just forward it to me and I will take a closer look.

Ongoing Threat

  • Retirement Emails (phishing)
    • The greeting is typically, “Employee <lastname>.”
    • The email implies that this program is through UT as it usually starts out saying, “As an employee of The University of Tennessee, Knoxville, each year you are eligible to receive a complimentary appointment with a licensed representative for answers to your specific state, federal and individual retirement benefit questions.”
    • Near the end of the email it says that representatives are licensed by the State Department of Insurance.
      • This department for the State of Tennessee is actually called “Department of Commerce and Insurance.”
    • UT’s Benefits and Retirement, as well as Payroll, have verified that these emails and services are in no way affiliated with or endorsed by the University of Tennessee.
    • After some investigating, I have found that other universities in various states have also reported these types of emails as phishing scams.
    • Do not click on any links in these emails.
    • Please use Reporting Phishing Attempts to forward the message and its Internet headers to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.

Browser, OS, and Software Updates

  • Apple
    • Apple has released security updates for multiple products to address vulnerabilities.
    • Please make sure you have applied all available updates for these products:
      1. Safari 16.3
      2. iOS 12.5.7
      3. macOS Monterey 12.6.3
      4. macOS Big Sur 11.7.3
      5. watch OS 9.3
      6. iOS 15.7.3 and iPodOS 15.7.3
      7. iOS 16.3 and iPadOS 16.3
      8. macOS Ventura 13.2
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.

Thanks for all you do to protect the Institute and its data. I am here to help you, so don’t hesitate to let me know if you have questions or concerns.

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include it. I do this as a blind copy so student names and addresses will not show up!