Information Security Alerts

IT Help Center Anderson Academic Commons
Room 270 2150 E. Evans Ave. Denver, Colorado 80208.
IT Support Call 303-871-4700 | Request Help Online | Search the IT Online Knowledge Base

Important information about LastPass

LastPass is a popular password management tool used to create, store, and manage passwords. University of Denver provides licensing for LastPass to its employees and students. If you use LastPass, carefully read the following announcement and recommendations to protect your personal and business accounts and DU's confidential information and systems access.

On December 22, LastPass notified their customers of a cybersecurity incident that may put passwords stored in LastPass at risk. Although this incident was not specific to DU, due to its severity, your LastPass master password may be at risk. We recommend that you take the following action if you use LastPass and have not changed your LastPass master password to a strong password in the last four weeks: 

  • Change your LastPass master password to a strong password consisting of at least 15 randomly selected characters
  • Change the passwords for individual accounts in LastPass, prioritizing your email, financial, and DU accounts.
  • Enable two-factor authentication (2FA) for LastPass and individual accounts. Reject any 2FA prompts that you did not initiate. 
  • Monitor your financial accounts for fraudulent transactions.

Also, be aware that there is an increased likelihood of phishing and social engineering attempts referencing LastPass that aim to trick you into following a link, downloading an attachment, or providing information. Be vigilant. If an email is suspicious, do not follow links, download attachments, or reply. Even if you do not use LastPass, you may still be targeted by these phishing attacks. If you suspect you have received a phishing email, use the Report Phish button in Outlook.

For more information, please read Important Information about LastPass.

 

Smishing (SMS / text based phishing ) attacks are on the rise

As email filtering and user education around phishing gets better, cyber-criminals are turning to different ways to trick users into entering credentials or providing access to sensitive data. One method that is being used more and more often is "smishing" or sending scam messages as SMS/text messages to your smart phone.

Smishing messages are designed to create a sense of urgency and trick you into either clicking on a link, calling a fake phone number, or into responding with personal details and information. 

You can read more about smishing and what to look for in this article

If you receive what you suspect is a smishing message, you should contact the company that is being spoofed to report the message via a trusted phone number, website or application.  Never click on links or call phone numbers contained in a suspected smishing message.

 

Increase in Job Scam Emails

Like many Universities, the Information Security Team is seeing an increase in job scam emails.  For an overview of what these emails commonly look like and how the scams work, please read School of Hard Knocks: Job Fraud Threats Target University Students.

Russia/Ukraine Conflict

As the situation continues to deteriorate in the Russia-Ukraine conflict, DU IT wants to ensure the University community that we are taken the necessary steps to protect students, faculty, staff, and overall compute environments from potential cyber events.

While there is no single action we can take to protect us against nation state-sponsored cyber operations and their commonly used tactics, techniques, and procedures for cyber-attacks; we are taking the following steps that help provide broad protection against a possible cyber incident.

  1. We have collected and evaluated the latest intelligence on this crisis from a variety of sources, focusing particularly on recently discovered breach attempts to other higher-education institutions.  
  2. Our managed service of elite cyber threat hunters constantly monitor our environment and can detect and disrupt intricate threats immediately.
  3. Our Security Operation Center’s defense platforms have received near-daily updates to ensure we have the best protection possible. This include blocking hundreds of malicious domain names, IP addresses, URLs, malware, and vulnerabilities related to newly discovered attack vectors.

Should you see anything that looks odd or an anomaly, don’t take any chances, let us know right away at Info-Security@du.edu

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however you connect. The theme for the month is “Do Your Part – Be CyberSmart” and University of Denver is proud to be a champion and support this online safety and education initiative this October. The DU Information Security Team will be sending weekly emails throughout the month with relevant cyber security learning materials, stay tuned...

Unemployment Fraud Scheme

Identity theft occurs when criminals steal your personally identifiable information (PII) and use it to commit fraud, such as making unauthorized transactions or purchases.  
Please visit Unemployment Fraud page for more information.

Apple OS "Pegasus"

You may have seen recent reports of a new malicious code called “Pegasus” that is impacting all Apple operating systems including those on iPads, iMac, Macbooks, and Apple Watches. According to reports, the malware could allow hackers to install Spyware on your device without your knowledge. Apple has released a software update that addresses this issue and recommends all users install it.  More information on the vulnerability and available remedies can be found by clicking on the links below:

USA Today Pegasus
Apple Security Update

Copyright © 2023.  All rights Reserved.