This Week’s Cybersecurity News, 09/15/2022

Share on

This week’s e-newsletter lets you know that there is a current non-threat and it is the annual UT employee survey. Spear Phishing is pretty active again. And there are several updates you need to make sure you have.

Current Non-Threats

  • McLean & Company
    • The subject is Please Respond: University of Tennessee Employee Survey.
    • The sender is survey@mcleanco.com.
    • The email and survey are legitimate.
    • This is a survey sent on behalf of UT System.
    • UT President Randy Boyd has asked that everyone participate before the survey is closed on Wednesday, 09/28/2022.

Current Threats

  • Spear Phishing or Business Email Compromise (BEC)
    • We are still getting plenty of spear phishing attempts, so I just wanted to give you some reminders of what to avoid.
    • The messages look like they come from a supervisor or other member of leadership.
    • The messages are very brief.
    • The messages have a sense of urgency.
    • The sender’s reply-to address almost always is from @gmail.com.
    • If you reply, you will most likely be asked to go buy gift cards and email the cards’ codes. (Do NOT go buy gift cards!!!)
    • Don’t reply.
    • If you are unsure of the email, forward it to me or pick up the phone and call the person who supposedly sent it and ask before doing anything else.

Brower, OS, and Software Updates

  • Microsoft
    • Microsoft has released security updates to address vulnerabilities in Microsoft software.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure your reboot right away to ensure all available updates have been applied.
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.

  • Adobe
    • Adobe has released security updates to address vulnerabilities in multiple products.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure your reboot right away to ensure all available updates have been applied.
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.

  • Apple
    • Apple has released security updates for multiple products to address a vulnerability.
    • Please make sure you have applied all available updates for these products:
      • iPhone 8 or later –  iOS16
      • iPhone 6s and 7 – iOS 15.7
      • iPad Pro, iPad Air2 or later, iPad 5th gen or later, iPad mini 4 or later, iPod touch 7th gen – iPadOS 15.7
      • mac OS – Big Sur 11.7 or Monterey 12.6
      • Safari browser on macOS Big Sur and macOS Monterey – Safari 16
      • Apple TV 4K, Apple TV 4K (2nd gen), Apple TV HD – tvOS 16
      • Apple Watch Series 4 and later – watchOS 9
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.

Thanks for all you do to protect the Institute and its data. As always, if you need me and I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time.

Have a great rest of the week!

Sandy