This Week’s Cybersecurity News, 07/01/2026

Share on

Good afternoon, everyone.

Today I need to let you know about a current threat, although I could say it is a threat that will continue to exist. If you use Chrome, you must be sure you are running the latest version. There is a new Tennessee law in effect today that will change the purchase of technology. Finally, I have included a list of upcoming End of Support dates for Microsoft products.

Current Threat

  • Retirement/Pension Emails
    • The sender is using the domain @afortus.com.
    • The subject is Questions Tennessee employees often ask before retirement.
    • One of the key clues that jumped off the screen was the sentence beginning with, “As an employee of University-Tn Knoxville” because we know UT is not written like that.
    • There was a link near the bottom to schedule a meeting.
    • Please do not click this link.
    • Afortus is in no way associated with UT, but at least they mention this in the very small print at the bottom of the email.
    • I did a little research on the company and Afortus seems to be accredited by the Better Business Bureau, but they have had many complaints due to their commission-only structure and aggressive marketing tactics.
    • I can’t stress this enough, but it is best to ignore and report messages such as this one.
    • If you want to use an independent consultant, that is absolutely your choice.
    • However, that conversation should begin with you and not with someone who contacts you out of the blue.
    • If you receive this kind of email, you can report it using the red Report button at the top left on the Outlook ribbon.
    • For more information on reporting scams, please read Reporting Phishing Attempts & Junk Email.

Browser, OS, and Software Updates

  • Chrome
    • Google has released a new security update to address multiple vulnerabilities in Chrome, the most severe of which could allow for arbitrary code execution.
    • These vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.
    • The attacker could then install programs, as well as view, change, or delete data, and create new accounts with full user rights.
    • Since your browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • However, if you do not close your browser regularly, you may not have the latest updates.
    • In your Chrome browser, go to Settings (the three dots in the upper right-hand corner) and scroll down to Help.
    • Click on Help, then click on About Google Chrome.
    • A window will open to show you if your browser is up to date and what version you should have.
    • If you don’t have version 150.0.7871.46/47 (or higher) for Windows and macOS, or 150.0.7871.46 (or higher) for Linux, please restart the browser to get the update.
    • And please remember to reboot your browser regularly, as well as your computer, to help ensure you have the latest updates.

Important Information

  • Tennessee Procurement Protection Act
    • On July 1, 2026, the State of Tennessee has a new statute called the Tennessee Procurement Protection Act.
    • This law bans us from procuring information and communications technology from a foreign adversary company, as defined by the US Department of Commerce, https://www.ecfr.gov/current/title-15/subtitle-B/chapter-VII/subchapter-E/part-791/subpart-A/section-791.4.
    • Currently these foreign adversaries are defined as China (including Hong Kong), Russia, North Korea, Cuba, Iran, and Venezuela, but this is subject to change based on global situations.
    • The prohibited purchases include:
      • Computers, laptops, tablets, mobile devices, and peripheral equipment;
      • Software applications, operating systems, databases, and cloud-based services;
      • Internet and intranet websites, web applications, and digital content;
      • Telecommunications equipment and services, including voice, video, messaging, and data communications systems;
      • Electronic documents, multimedia, and audiovisual materials; and
      • Any related hardware, firmware, or embedded technology integral to the operation of the items listed above.
    • You will continue to use the Data and Technology Risk Review intake form for all information and communications technology purchases.
    • This law applies to purchases of any dollar amount including purchases made on p-cards. All software purchase requests, regardless of dollar amount or method of procurement, should follow the Data and Technology Risk Review Process before a purchase is made.
    • If any purchase or purchase request is for technology coming from one of the foreign adversaries, the purchase/request will be categorically denied, and zero exceptions will be approved.
    • To read the full text regarding this new law, please go to State of Tennessee Public Chapter 768.

Upcoming Microsoft End of Support Dates

  • If you are running any of these apps, please make sure you upgrade them before the support, which includes updates and patches, comes to an end.
    • SQL Server 2016 – 07/14/2026
    • SharePoint Server 2016 – 07/14/2026
    • Microsoft Publisher – 10/01/2026
    • Office LTSC 2021 – 10/13/2026
    • Windows Server 2012 / 2012 R2 – 10/13/2026 (this is the final year for paid Extended Security Updates)
    • Windows Server 2016 – 1/12/2027 (this is the final end for paid Extended Support)

Thank you so much for everything you do to protect the Institute, its data, students, employees, clients, and yourself! Happy Independence Day to you all!

Sandy

Important Note: Thank you so much for sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students will not get this information without someone sharing. If anyone has an email group for students who are not employees of your department, please let me know what that address is, and I can include it. I do this as a blind copy so student names and addresses will not show up!