News and Alerts

Recent discovery found an active attack targeting over a million WordPress sites - WordPress themes and plugins (by AccessPress) downloaded may give the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes. These may contain malicious codes used as backdoor to penetrate/infect organization sites and data and allow attackers to carry out damages. We recommend anyone who uses WordPress with Themes and Plugins to verify your version from the Jetpack website to remediate your website immediately.

If you have questions, please email security@kent.edu

 

 

You probably have heard that many bad actors will send you package delivery notifications that trick you into entering personal sensitive information to a malicious site, but do you believe every package you receive is what you expected or a present?  We want you all to be vigilant that not all packages bear real gifts or good intentions. 

Some packages delivered may look like a real gift at glance that contains gift like "tricks" for receivers such as  thank you cards, counterfeit Amazon gift cards and even come with a USB device that contains malware to automatically inject a series of keystrokes to download and execute malware to deploy ransomware or viruses that could spread to entire network. This could have serious impact on our entire organization.  Please stay cautious and  inform your co-workers not fall into these tricks.  Do Not Connect it to your computer!

 Hackers use BadUSB to target defense companies with ransomware - News of America

A new, never before seen exploit (zero-day) has been identified in the Apache software.  Log4j, a component of many commercial java-based software applications, is a logging library maintained by the Apache Software Foundation.  Current versions Log4J 2.0 beta 9 through 2.16.0 are susceptible to this exploit that could result in remote code execution. Cyber criminals can use this remote code execution to install malicious tools like crypto-mining , cobalt strike/ransomware agents, perform denial of service attacks or exfiltrate data.  To fix this issue it is recommended that you update Log4j to version 2.15.0 to version 2.17 which will completely disable the vulnerable features of log4j. Please be sure to practice healthy patching methods to both scan and test all patches for systems prior to release in Production.  The KSU Cyber Security Incident Response Team is here to assist and advise.  Please send a list of all in scope applications and any steps you’ve taken to Security@kent.edu (Subject Line: “Log4J Concerns”).  If you’ve experienced a compromise of any kind, please contact the KSU Information Security Team immediately.    

Read more for more information regarding this issue, including steps to detect, remediate, and respond.

Read More

What should you be aware of?

In an effort to keep Kent State University a #CyberAware campus, the office of Security and Access Management will keep you up to date with the most recent scams to help prevent you from becoming a victim.

Gift card purchase scam

Be advised, we have received reports of an email scam targeting Kent State employees that impersonates supervisors and other trusted members of the University to request the purchase of gift cards.

If your department currently makes gift card or other purchases in this manner, you have a heightened risk of falling victim to this type of scam. Please avoid requesting these items or any monetary transactions via email. These requests should be done in a way that university employees can verify the legitimacy of the inquiry. If you do receive a request of this type, please verify with the sender of the email that the inquiry is legitimate through other trusted avenues (e.g. by verifying the request in-person/via phone call/via text etc.).

Becoming aware of common red flags will help you identify and report this threat:

  • The email will appear to come from the targeted employee’s supervisor/trusted source.
    • The attacker will change their “Send Mail As” address to appear as if it came from the supervisor/trusted source.
    • Please view the following for analyzing the “Send Mail As” address within the web browser version of Outlook and the Outlook client (notice that the email address does not match the sender’s name):

Web browser version of Outlook:

Outlook client:

  • The attacker will state that they are in a meeting or are otherwise unavailable and ask if the target is available for a favor/errand.
  • Once the target has responded to the initial email, the attacker will ask the staff member to purchase the gift cards and they will reimburse them once the supervisor/trusted source returns to the office.
  • There will be a sense of urgency (e.g. This is very important/get this done as soon as possible).
  • The email may include a copy of the supervisor’s email signature.

For additional information regarding this scam or if you have fallen victim, please read this article written by the Federal Trade Commission. If you do receive a request such as this via email, please report it immediately to our office by following these steps.

 

Latest Videos:

What is: Log4j