This Week’s Cybersecurity News, 04/06/2022

Share on

This week’s news is a combination of information for Institute-owned IT assets, as well as personally-owned devices and accounts. Most of the information I usually give seems more slanted toward the Institute’s data, but please think of how it can help you at home, as well. I have had people in the past ask if they could forward my information to family members and, recently, to clients. I think of the Institute as one big family and would love for you to help protect your family and clients. That said, I would be honored for you to share information with those you know and work with outside the direct UTIA family.

Current Threats

  • Text Messages from Yourself
    • A new smishing (SMS text phishing) attempt began last week, but this bears repeating again.
    • It looks like the message comes from you and is sent to you.
    • There is a link to retrieve a “gift,” but do NOT click, as the link may take you to a Russian state sponsored site.
    • To read more, check out the UTIAsecurity feature from March 30.
  • Text Messages from Anyone Else
    • There are so many text messages the last couple of weeks that have links for you to receive more information.
    • I personally don’t trust any link unless I know the sender personally and know for certain they sent the link.
    • I recommend blocking the number and deleting these kinds of messages.
  • Social Media
    • This week many people have been experiencing compromised social media accounts.
    • Most often, the accounts are being taken over by someone who wants to sell your posts and information back to you or to others.
    • My recommendation is to not buy the account back, but create a new one.
    • Before your account can become compromised, turn on two-factor authentication (2FA) for any social media account that allows it.
    • Once you turn on 2FA you will need an authenticator, so go to your appropriate app store and search for Google Authenticator, if you do not already use one. It will allow just about any non-UT account to receive a six-digit passcode all within one app.
  • Mozilla Firefox Security Updates
    • Mozilla has released security updates to address vulnerabilities in Firefox.
    • These vulnerabilities could allow an attacker to take control of an affected system.
    • Since your browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not close your Firefox browser regularly, you may not have the updates.
    • In your browser, go to Settings (the three lines in the upper right-hand corner and scroll down to Help.
    • Click on Help and click on About Firefox.
    • A window will open to show you if your browser is up to day and what version you should have.
    • If you don’t have version 99.0, you need to restart the browser.
  • Chrome Security Updates
    • Google has released Chrome version 100.0.4896.75 for Windows, Mac, and Linux.
    • The new update version addressed vulnerabilities that could allow an attacker to take control of an affected system.
    • Follow along with the Firefox instructions, as they vary only slightly.

I certainly hope this information has been helpful. If you ever have questions or comments, please let me know.