Recent discovery found an active attack targeting over a million WordPress sites - WordPress themes and plugins (by AccessPress) downloaded may give the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes. These may contain malicious codes used as backdoor to penetrate/infect organization sites and data and allow attackers to carry out damages. We recommend anyone who uses WordPress with Themes and Plugins to verify your version from the Jetpack website to remediate your website immediately.

If you have questions, please email security@kent.edu. 

A new, never before seen exploit (zero-day) has been identified in the Apache software.  Log4j, a component of many commercial java-based software applications, is a logging library maintained by the Apache Software Foundation.  Current versions Log4J 2.0 beta 9 through 2.16.0 are susceptible to this exploit that could result in remote code execution. Cyber criminals can use this remote code execution to install malicious tools like crypto-mining , cobalt strike/ransomware agents, perform denial of service attacks or exfiltrate data.  To fix this issue it is recommended that you update Log4j to version 2.15.0 to version 2.17 which will completely disable the vulnerable features of log4j. Please be sure to practice healthy patching methods to both scan and test all patches for systems prior to release in Production.  The KSU Cyber Security Incident Response Team is here to assist and advise.  Please send a list of all in scope applications and any steps you’ve taken to Security@kent.edu (Subject Line: “Log4J Concerns”).  If you’ve experienced a compromise of any kind, please contact the KSU Information Security Team immediately.    

Read more for more information regarding this issue, including steps to detect, remediate, and respond.

Read More

You probably have heard that many bad actors will send you package delivery notifications that trick you into entering personal sensitive information to a malicious site, but do you believe every package you receive is what you expected or a present?  We want you all to be vigilant that not all packages bear real gifts or good intentions. 

Some packages delivered may look like a real gift at glance that contains gift like "tricks" for receivers such as  thank you cards, counterfeit Amazon gift cards and even come with a USB device that contains malware to automatically inject a series of keystrokes to download and execute malware to deploy ransomware or viruses that could spread to entire network. This could have serious impact on our entire organization.  Please stay cautious and  inform your co-workers not fall into these tricks.  Do Not Connect it to your computer!

 Hackers use BadUSB to target defense companies with ransomware - News of America

How Aware Are You?

Can you tell the difference between a legitimate email and a phishing scam? Is your password as hack-proof as you think?  Here are a few basic cybersecurity trainings to increase your cyber IQ.

Begin Training

Phishing Quiz

This phishing quiz runs you through 8 email messages and notification. Some are legitimate, and some are examples of real phishing emails that are trying to steal your passwords. One of the best security defenses in protecting your online accounts and your password is being able to spot and recognize phishing emails. This quiz will show you how to check email addresses and URLs to identify scams.

Phishing Quiz

Please contact us with any questions or concerns you might have. Also, remember to report anything that seems suspicious!

Email: security@kent.edu
Phone: 330-672-5566

We are open Weekdays from 8AM-5PM