This Week’s Cybersecurity News, 06/17/2022

Share on

Every year after the spring semester ends emails tend to go out to lots of people saying that faculty members are looking for students to work for the summer. I am going to let you know what to look for if you receive such emails. Adobe has released some updates that you should know about. And People’s Republic of China state-sponsored cyber actors have recently been observed conducting nefarious activities.

Current Threats

  • Phishing Attacks Aimed at Summer Job for Students
    • The sender is using a gmail account.
    • If the sender is advertising jobs for UT, it needs to come from a UT address.
    • The supposed available job positions vary, but they all tend to offer about $350 a week for remote work.
    • The biggest giveaway that the message is not legitimate is that the email is overloaded with the following kinds of errors:
      • Spelling
      • Grammatical
      • Punctuation
      • Formatting
    • We all make mistakes and I can’t help but cringe when I see my own, but these emails are comically bad to supposedly be from someone working for an institute of higher learning.
    • Please use Reporting Phishing Attempts to forward to OIT Abuse and me.

Adobe Updates Released

  • Adobe has released security updates to address vulnerabilities in multiple products.
    • Animate
    • Bridge
    • Illustrator
    • InCopy
    • InDesign
    • RoboHelp Server
  • An attacker could exploit some of these vulnerabilities to take control of an affected system.
  • Although these updates have most likely already been pushed to your computers, please make sure that there are no more updates.
    • Go to the “^” in the lower right portion of the system tray.
    • Click on the Creative Cloud logo and it will show you if there are any available updates.
    • If there are any updates, go ahead and run them.

Global Cybersecurity News

  • Chinese Malicious Cyber Activity
    • The Cybersecurity & Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the FBI released a joint advisory describing the ways in which the People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure.
    • PRC state-sponsored cyber actors are exploiting vulnerabilities to compromise unpatched network devices, such as Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices.
    • PRC state-sponsored cyber actors have conducted widespread campaigns to rapidly exploit publicly identified security vulnerabilities, also known as common vulnerabilities and exposures (CVEs).
      • This technique has allowed the actors to gain access into victim accounts using publicly available exploit code against virtual private network (VPN) services or public facing applications, without using their own distinctive or identifying malware, so long as the actors acted before victim organizations updated their systems. 
      • CISA, NSA, and the FBI have observed state-sponsored cyber actors monitoring network defenders’ accounts and actions, and then modifying their ongoing campaign as needed to remain undetected. 
      • PRC state-sponsored cyber actors often mix their customized toolset with publicly available tools, especially by leveraging tools that are native to the network environment, to obscure their activity by blending into the normal activity of a network.
    • Please make sure you keep an eye out for any unusual activity on your computer and contact me if you have any doubts or concerns.

I appreciate all that you do to protect the Institute and its data. I am always here to help you. If I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number.