Alerts

Security Alert
Apr 1, 2014 - 11:13 am

There have been multiple sightings of a variation on the "View a Google Doc" phishing email, this one with the subject line "View project document!" Do NOT do so. Instead, if you haven't already deleted it, mark it as phishing.

Below is an example of this email. Note that like similar ones, the TO field is blank. It unfortunately looks like it can be real because it comes from a Brown address, which has probably been compromised. Read more about phishing http://www.brown.edu/go/phishing.

Security Alert
Mar 31, 2014 - 9:15 am

Symantec has reported a "sophisticated scam" targeting Google Docs and Google Drive users. Like similar ones already reported at Brown, the phishing email urges the receiver to click on a link to view an important Google Doc.

What to look out for: The link doesn't go to Google Docs, but redirects you to a log-in screen that doesn't recognize you as a Google user, asking you to login again. If this seems strange, it is and a big clue that this is fake and to go no further.

Google's response when alerted about this: "We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password."

Related Links
http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam
http://gizmodo.com/beware-of-this-dangerously-convincing-google-docs-phish-1546278702/@whitsongordon

Security & Google
Gmail security checklist: https://support.google.com/mail/checklist/2986618?rd=1
Compromised Gmail account: https://support.google.com/mail/answer/50270?hl=en
Using two-factor authentication:  http://www.google.com/landing/2step/

Security Alert
Mar 19, 2014 - 12:21 pm

Several people have reported seeing a red warning bar at the top of today's Morning Mail. There is no cause for alarm as it was probably due to Gmail's increased sensitivity for anything remotely suspicious plus some combination of words in the message (with several in all caps) that may have triggered it. If you did get a red bar, we suggest that you click on the 'Ignore, I trust this message' option.

Security Alert
Mar 18, 2014 - 3:07 pm

Be on the lookout for the latest phishing scam, supposedly sent from Blackboard (sender is notify @ blackboard.com) and attempts to get you to click on the link provided.  DO NOT click on it.  Instead, alert Gmail to this phish (use the Report Phishing option) or simply delete it.

Service Outage
Mar 17, 2014 - 9:48 am

As of now, the problem with Kronos has been resolved and it should be fully functional. 
If you continue to experience problems with this service, please report them to the Help Desk at (401) 863-4357. 

____________________________________________________________________

We are aware of a problem with Kronos and are working to identify and resolve the issue.  Functionality that may be impacted by this problem includes:  view up-to-date hours on the web application Workforce Central, ability to verify punches from the clocks on the web, ability for the clocks to send punches to the database. Punches will still be accepted to the time clocks, and they will show up on the time cards when the system is back up.  

If you experience problems other than the ones mentioned above, or problems with another service, please report them to the Help Desk at (401) 863-4357.  We apologize for any inconvenience this may cause.
Thank you for your patience,Computing and Information Services

Security Alert
Mar 13, 2014 - 1:15 pm

Continued reports of the latest phishing attempt that surfaced last week, asking you to view an attached document. Do NOT do so. Instead, if you haven't already deleted it, mark it as phishing.

Below is an example of this email. Note that like similar ones, the TO field is blank. It unfortnately looks like it can be real because it comes from a Brown address, which has probably been compromised. Read more about phishing at http://www.brown.edu/go/phishing.

=====================================
From: XXX@brown.edu>
Date: Thu, Feb 27, 2014 at 11:29 PM
Subject: New Project Proposal!
To:

Kindly, review the Project proposal document attached using Google drive and get back to me, your urgent attention is needed.

Thank you 

Security Alert
Mar 3, 2014 - 2:44 pm

A phishing email from "IT Service Desk" has been making the rounds today. It asks you to click on a link to "Validate your account." Do NOT do so. Instead, if you haven't already deleted it, mark it as phishing.

Below is an example of this email. Note that like similar ones, the subject is blank, it has grammar errors, and contains the threat that "You will not be able to receive new mails until you Re-Validate your Email Account." Read more about phishing at http://www.brown.edu/go/phishing.

Security Alert
Mar 3, 2014 - 2:43 pm

Patches are now available for the security flaws in iPhone, iPad, AND OSX devices. Last Friday Apple released iOS 7.0.6 to address a security flaw and provided these details on that fix:

iOS 7.0.6 | Data Security | CVE-2014-1266

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

Since this flaw is easily exploitable, ISG recommends that you upgrade to 7.0.6 as soon as you can. It is an unfortunate reminder that Apple products can be vulnerable and its users need to stay current with all security patches.

The same flaw existed in desktop and laptop computers powered by its OS X operating system. The OS X Update 10.9.2 is now available, which includes the security fix.

Related Links:
Apple's Security Update page: http://support.apple.com/kb/HT1222
About the security content of iOS 7.0.6:  http://support.apple.com/kb/HT6147
About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001:  http://support.apple.com/kb/HT6150
SANS Internet Storm Center: https://isc.sans.edu/forums/diary/IOS+SSL+vulnerability+also+present+in+OS+X/17702
Brian Krebs blog post: http://krebsonsecurity.com/2014/02/ios-update-quashes-dangerous-ssl-bug/

Security Alert
Feb 24, 2014 - 5:06 pm

Adobe has issued an emergency update for its Flash Player 12.0.0.43 and earlier versions for both Windows and Macintosh. Adobe recommends that users update their software installations by following the instructions found at http://helpx.adobe.com/security/products/flash-player/apsb14-04.html. To determine whether or not you need to update, visit http://www.adobe.com/software/flash/about/ to find your version number.

Reference:  
http://krebsonsecurity.com/2014/02/adobe-pushes-fix-for-flash-zero-day-attack/
http://get.adobe.com/flashplayer/
http://support.apple.com/kb/HT5655

Service Degradation
Feb 24, 2014 - 11:32 am

Google has notified us that a specific list of people may have been affected by a recent issue in Gmail that caused some actions while viewing a message to be inadvertently applied to a different message. We have notified that list of people directly, but are posting this as a confirmation that our notification was a legitimate message.