A new, never before seen exploit (zero-day) has been identified in the Apache software.  Log4j, a component of many commercial java-based software applications, is a logging library maintained by the Apache Software Foundation.  Current versions Log4J 2.0 beta 9 through 2.16.0 are susceptible to this exploit that could result in remote code execution. Cyber criminals can use this remote code execution to install malicious tools like crypto-mining , cobalt strike/ransomware agents, perform denial of service attacks or exfiltrate data.  To fix this issue it is recommended that you update Log4j to version 2.15.0 to version 2.17 which will completely disable the vulnerable features of log4j. Please be sure to practice healthy patching methods to both scan and test all patches for systems prior to release in Production.  The KSU Cyber Security Incident Response Team is here to assist and advise.  Please send a list of all in scope applications and any steps you’ve taken to Security@kent.edu (Subject Line: “Log4J Concerns”).  If you’ve experienced a compromise of any kind, please contact the KSU Information Security Team immediately.    

Read more for more information regarding this issue, including steps to detect, remediate, and respond.

Read More

What should you be aware of?

In an effort to keep Kent State University a #CyberAware campus, the office of Security and Access Management will keep you up to date with the most recent scams to help prevent you from becoming a victim.

Gift card purchase scam

Be advised, we have received reports of an email scam targeting Kent State employees that impersonates supervisors and other trusted members of the University to request the purchase of gift cards.

If your department currently makes gift card or other purchases in this manner, you have a heightened risk of falling victim to this type of scam. Please avoid requesting these items or any monetary transactions via email. These requests should be done in a way that university employees can verify the legitimacy of the inquiry. If you do receive a request of this type, please verify with the sender of the email that the inquiry is legitimate through other trusted avenues (e.g. by verifying the request in-person/via phone call/via text etc.).

Becoming aware of common red flags will help you identify and report this threat:

• The email will appear to come from the targeted employee’s supervisor/trusted source.
  • The attacker will change their “Send Mail As” address to appear as if it came from the supervisor/trusted source.
  • Please view the following for analyzing the “Send Mail As” address within the web browser version of Outlook and the Outlook client (notice that the email address does not match the sender’s name):

Web browser version of Outlook:

Outlook client:

• The attacker will state that they are in a meeting or are otherwise unavailable and ask if the target is available for a favor/errand.
• Once the target has responded to the initial email, the attacker will ask the staff member to purchase the gift cards and they will reimburse them once the supervisor/trusted source returns to the office.
• There will be a sense of urgency (e.g. This is very important/get this done as soon as possible).
• The email may include a copy of the supervisor’s email signature.

For additional information regarding this scam or if you have fallen victim, please read this article written by the Federal Trade Commission. If you do receive a request such as this via email, please report it immediately to our office by following these steps.