Ask Your CISO, Current Threats, Security Awareness Newsletters

This Week’s Cybersecurity News, 09/13/2023

Posted on Sep 13, 2023Share on

Computer with monitor and the monitor says "You have been hacked!"

Good afternoon, all.

Today I need to tell you about a malware attack that was been detected involving some of our IT assets. I will also answer a user’s question about retirement advisor invitations, tell you about new updates you need to make sure you have, and remind you about this year’s security awareness training and its changes.

Current Threat

  • SocGholish Malware (aka FakeUpdate)
    • This malware has been detected on some Institute-owned IT assets over the past few days.
    • SocGholish is delivered via injected JavaScript on compromised websites.
    • The potential victim of this threat will click on a link on the site and the browser page will tell you that you that a browser update is ready for you to install.
    • If the potential victim clicks to install the update, that person now is an actual victim, as the malware will be downloaded and installed.
    • Once the malicious payload has been executed, the third part of this attack begins within Windows.
    • It appears that the targeted victims may be those who have not gotten the latest update of the browser they are using.
    • Since our browsers are being managed by UTIA ITS, you should be getting the updates automatically.
    • If you do not completely close your browser regularly, you may not have the latest updates.
    • If you have not completely closed your browser recently you should do the following:
      • In your browser (all of them), go to Settings (the three lines or dots in the upper right-hand corner) and scroll down to Help.
      • Click on Help, then click on About <browser>.
      • A window will open to show you if that browser is up to date.
      • If the browser is not up to date, it will update and the browser will restart.
    • Please be sure you restart your browser regularly to ensure you are always getting those updates.
    • And please know that you should never click on anything telling you that you need to update your browser unless it is in the top right corner of the browser or if you receive a UTIA notification in the bottom right corner of your screen. I will also continue to remind you of browser updates via these newsletters.
    • Finally, the compromised website is currently unavailable and the department is working with their third-party web management vendor to remediate the compromise.

Ask Your CISO

  • I get a lot of emails inviting me to speak with an advisor about my UT pension and retirement. How do I know which ones are sponsored by UT?
    • There are a lot of different emails that are claiming to help you review your “UT Pension and Retirement” benefits.
    • There is only *one* company that is affiliated with RetireReadyTN, and that is Empower Financial Services.
    • Those emails are from Empower <no-reply@sfmc.empowermyretirement.com>.
    • The email will have the RetireReadyTN information, which is the State’s retirement program.
    • Empower’s link for meeting with an advisor should be https://treasury.tn.gov/Retirement/Information-and-Resources/Meet-with-an-Advisor.
    • If you receive an invitation from anyone other than Empower to meet with an advisor, even it mentions UT, please know that it is not affiliated with UT.
    • Don’t rely on just a logo, just a link, or just an email address because these can all be impersonations, so you can always ask me if you aren’t sure.

Browser, OS, and Software Updates

  • Apple
    • Apple has released security updates to address vulnerabilities in multiple products.
    • Please make sure you have applied all available updates for these products:
      • iOS 16.6.1 and iPadOS 16.6.1 (newer models)
      • iOS 15.7.9 and iPadOS 15.7.9 (older models)
      • macOS Ventura 13.5.2
      • macOS Monterey 12.6.9
      • macOS Big Sur 11.7.10
      • watchOS 9.6.2
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.
  • Microsoft
    • Microsoft has released updates to address multiple vulnerabilities in most Microsoft software.
    • Exploitation of these vulnerabilities could allow an attacker to obtain sensitive information.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure you reboot right away to ensure all available updates have been applied.
  • Adobe
    • Adobe has released security updates to address vulnerabilities in multiple products.
    • Exploitation of these vulnerabilities could allow an attacker to take control of an affected device.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure you reboot right away to ensure all available updates have been applied.

Security Awareness Training Reminder

  • The training was assigned on September 13.
  • The training will be due by December 30.
  • In an effort to streamline the two sets of required training, security awareness and compliance, these have been bundled into one “assignment” with one due date.
  • The overall training assignment should take about 2-1/2 hours, but you can see your status any time you log into K@TE <https://kate.tennessee.edu>.
  • The assignment and reminder emails are automated and will come from the Annual Compliance Team.
  • New employees who have already taken the training *may* see the assignment again. I have supplied EOD with a list of those new employees who have completed the training from 01/01/2023 through 09/06/2023, but it may still show up for a day or two.
  • Any user not completing the security awareness module by the deadline will still lose access to all Institute-owned and University-owned systems until the training has been completed.
  • If you have any questions or concerns, please don’t hesitate to let me know.

Thank you all so much for all you do to protect the Institute and its data. And a special thanks to all those have questions and notify me about potential scams. Please let me know any time you have any questions or concerns when it comes to IT security! I am here to help you, so please don’t hesitate to ask!

Sandy

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee
Institute of Agriculture

 

 

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone: (865) 974-7292; (865) 806-5224
sandy@tennessee.edu