Student Phishing Alert – April 6, 2022

• April 6th, 2022
• in Security Alert

Wednesday, April 6 many UA students received a phishing email with the subject “Crimson email Portal Login”. Below is a screenshot of the message.

This phishing email used urgent language to trick students to steal login credentials. If you did click on the link and provide credentials, please change your myBama password immediately.

Remember to notice the red flags of phishing emails. Watch for grammar and spelling errors, review the sender’s email address, and hover over links before you click to see the web address.  If you are not a DUO two-factor authentication user, please activate your account today. DUO can help protect sensitive information in your UA accounts.

If you received one of these emails, mark it as spam and delete it. If you have any questions or concerns, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

Tech Services – Restricted Countries and Regions

• March 2nd, 2022
• in Security Alert

This week, Duo and Zoom have published that they no longer, or will soon no longer, offer service in certain countries and regions to comply with U.S. regulations. Duo and Zoom are both restricting service from users whose IP addresses originate in a country or region subject to economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control.

OFAC restrictions relevant to Zoom currently apply to the following countries or regions:

• Cuba
• Iran
• North Korea
• Syria
• Ukraine (Crimea, Donetsk and Luhansk regions)

For more information on Zoom restrictions, visit the Zoom Support website.

OFAC restrictions relevant to Duo currently apply to the following countries or regions:

• Cuba
• North Korea
• Iran
• Sudan
• Syria
• Crimea region
• Sevastopol region
• Donetsk region
• Luhansk region

Beginning May 5, 2022, users attempting to authenticate to a Duo-protected application from an access device with an IP address originating in an OFAC-regulated country or region will be blocked from completing their login and receive an error message. For more information on Duo restrictions, visit the Duo Support website.

Update Apple OS

• February 11th, 2022
• in Security Alert

Apple has recently released updates to its various operating systems. These updates address multiple vulnerabilities, the most severe of which could lead to code execution that could resulting in installing malicious software or even viewing, changing or deleting data.

OIT recommends all Apple users install updates as soon as possible.

SYSTEMS AFFECTED:

• iOS and iPadOS prior to 15.3.1
• macOS Monterey prior to 12.2.1
• Safari prior to 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8)

For Mac OS, users are often prompted to the latest version. However, users should not upgrade to Monterey without the latest version of McAfee antivirus software. If you’re not sure, please upgrade to the latest version of your current operating system. This is Big Sur for many users. Click More info to see upgrade options, then select to upgrade Big Sur and Safari. See the screenshots attached for further guidance.

Update Adobe Creative Cloud Applications

• February 9th, 2022
• in Security Alert, Software News

Adobe has recently released security updates for Adobe Creative Cloud apps for both Windows and Mac. These updates address multiple vulnerabilities, the most severe of which could lead to arbitrary code execution. Please update Adobe Creative Cloud apps on your devices as soon as possible.

SYSTEMS AFFECTED:

• Adobe Premiere Rush 2.0 and earlier versions for Windows.
• Illustrator 2022 26.0.2 and earlier versions for Windows and macOS.
• Illustrator 2021 25.4.3 and earlier versions for Windows and macOS.
• Photoshop 2021 22.5.4 and earlier versions for Windows and macOS.
• Photoshop 2022 23.1 and earlier versions for Windows and macOS.
• Adobe After Effects 22.1.1 and earlier versions for Windows and macOS.
• Adobe After Effects 18.4.3 and earlier versions for Windows and macOS.
• Creative Cloud Desktop Application (Installer) 2.7.0.13 and earlier versions for Windows.

To update, open the Adobe Creative Cloud application, Click “Updates” in the left panel menu bar, then “Update all” at the top.

Apple Updates

• January 28th, 2022
• in Security Alert

Apple has recently released updates to its various operating systems. These updates address multiple vulnerabilities, the most severe of which could lead to code execution that could resulting in installing malicious software or even viewing, changing or deleting data.

OIT recommends all Apple users install updates as soon as possible. These apply to iPhones, iPads, Macs, Apple Watch, Apple TV and Safari. Visit your device’s settings to update.

SYSTEMS AFFECTED:

• iOS and iPadOS prior to 15.3
• macOS Monterey prior to 12.2
• macOS Big Sur prior to 11.6.3
• macOS Catalina prior to security update 2022-001
• watchOS prior to 8.4
• tvOS prior to 15.3
• Safari prior to 15.3

For Mac OS, users are often prompted to the latest version. However, users should not upgrade to Monterey without the latest version of McAfee antivirus software. If you’re not sure, please upgrade to the latest version of your current operating system. This is Big Sur for many users. Click More info to see upgrade options, then select to upgrade Big Sur and Safari.

Update Adobe Acrobat

• January 24th, 2022
• in Security Alert

Adobe has recently released security updates for Adobe Acrobat and Reader for both Windows and Mac. These updates address multiple vulnerabilities, the most severe of which could lead to arbitrary code execution. Please update Adobe Acrobat on your computer as soon as possible.

To update, open the Adobe Acrobat or Reader application, Click “Help” in the menu bar, then “Check for Updates.”

More information is available on Adobe’s Security Bulletin.

Spam Alert – Jan. 20, 2022

• January 20th, 2022
• in Security Alert

Thursday, January 20, many UA students, faculty and staff received a spam email with the subject “[EXTERNAL] select your own University of Alabama alumni Life Insurance cost” This email is an email scam, not a legitimate email from the UA Alumni Association.

Remember to notice the red flags of phishing emails. Look at the from email address of the email, and hover over links before you click to see the web address. Emails outside of UA are also flagged with [EXTERNAL] in the subject line.

If you have any questions, please contact the IT Service Desk at 205-348-5555 or itsd@ua.edu.

EXTERNAL Labeling Added to UA Crimson Accounts

• December 1st, 2021
• in Security Alert

To better alert UA students and alumni of possible phishing emails, OIT tags incoming emails from external sources. OIT implemented this for student and alumni Crimson accounts beginning Dec. 1.  All emails sent from external sources will be tagged with [EXTERNAL] in the subject line.

Duo Mobile Launching App Update

• October 13th, 2021
• in Security Alert

Beginning this month, Duo will be rolling out an updated version of the Duo Mobile app! Once the app is updated, users will notice a new, clean design. Push notifications, passcodes and phone calls will continue to work as usual, the update is only a design change. Duo’s biggest change will be swapping the position of the green “Approve” and red “Deny” buttons.

What is changing?

• The position of the Approve/Deny buttons will change so that Approve is on the right, a “thumb-friendly” location.
• Duo is improving the accessibility of the app, including adding a landscape view, variable font sizes, and improved color contrast.
• The new app provides clear guidance on restoring accounts if you get a new device.
• Duo is making it easier to find and manage your accounts with a simpler interface.

What is not changing?

The core functionality of Duo Mobile is not changing. You will continue to be able to:

• Receive a Duo Push.
• Use passcodes, which don’t require an internet connection.
• Add, edit, reorder, and remove accounts.
• Backup and restore accounts.
• Use dark mode.
• And anything else you can do in the current version of the app.

When the redesigned Duo Mobile launches, will I need to do anything?

It depends. If you have enabled automatic app updates on your device, Duo Mobile will update automatically. You can also manually update Duo Mobile on your device.

Will I need to restore my accounts or settings once Duo Mobile is updated?

No. All of your protected accounts will be automatically present in Duo Mobile after the update. You do not need to re-add anything. In addition, all of your existing settings, such as settings for Duo Restore for third-party accounts such as Instagram or Facebook, will also carry over automatically.

Cybersecurity Town Hall Event

• September 27th, 2021
• in Security Alert

Join the OIT Security Team Wednesday, Oct. 20 at 2pm for a virtual Town Hall Meeting.

Ransomware is a term you’ve seen a lot in the news lately, but do you know how to protect yourself, your computer and your sensitive information from a ransomware attack? Join the OIT Security Team Wednesday, Oct. 20 at 2pm for a virtual Town Hall Meeting to ask questions of the team and learn how to be cyber secure.

UA CISO Ashley Ewing will provide a brief presentation on cybersecurity practices at UA and offer tips on how you can protect sensitive information. The team will then answer questions from the audience! Email meg@ua.edu to submit a question to the team in advance! More information about the event is available on the UA Events Calendar.

The Town Hall will be held on Microsoft Teams.