Monthly Archives: July 2016

Security Alert: Ransomware Phishing Campaign

IMPORTANT NOTICE from ITS: one of our institutions was hit with a ransomware phishing campaign this morning which landed in about 7,000 inboxes. The attack profile consisted of a phishing message (in this instance) that used a forged “from” field and appeared to come from an institutional copier/printer. It appeared to come from copier@*.*.edu (e.g. copier@oit.usg.edu). It was sent to most/all of the attacked institution’s email subdomains. The message carried a .docm attachment. The attachment is the ransomware payload which in this instance installed a remote acess trojan. This is an active attack.

Do not open any emails from copier@columbusstate.edu

Pokémon Go Is a No-Go for Security

You can imagine the science-fiction episode: A video game suddenly appears in an unwitting society. The game proves so addictive that millions of people endanger themselves just to be able to keep playing it. The game gets so powerful that it can steal their secrets.

That’s actually not an episode of The Twilight Zone or Black Mirror. According to a security expert, it’s the story of Pokémon Go, the augmented-reality mobile game that’s the biggest fad of the summer so far.

In a widely shared blog post this afternoon, Adam Reeve highlighted that millions of Pokémon Go users might be giving the game’s developer, Niantic, access to their entire Gmail account. He writes that this means that Pokémon Go (or anyone with access to its user database) can:

  • Read all your email
  • Send email as you
  • Access all your Google drive documents (including deleting them)
  • Look at your search history and your Maps navigation history
  • Access any private photos you may store in Google Photos
  • And a whole lot more
  • Niantic responded to the security hole on Monday night. The company says it will soon undertake a fix itself and that users don’t need to do anything.In a statement provided to Recode, a spokesman said, in full:
  • We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.
  • You can see if you’ve granted access toPokémon Go on this Google page. If you’re an affected user, that page will say “Pokemon Go has full access to your Google account.”
  • “I obviously don’t think Niantic are planning some global personal information heist,” Reeve said in his original post. “This is probably just the result of epic carelessness. But I don’t know anything about Niantic’s security policies. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them all.

Reference:
[1] ] ROBINSON MEYER  JUL 11, 2016, The Atlantic

TAG Student Chapter is Participating in Bytes for Bites

 

BFB-TDOS-2016

TAG and Columbus State University have teamed up with the Georgia Food Bank Association to engage Georgia’s technology community in the fight against hunger through Bytes for Bites, a friendly food and fund drive competition. Over 1 in 4 children in Georgia are food insecure, meaning they don’t always know where their next meal is coming from. You can help!

Columbus State University is currently accepting food donations for the Bytes for Bites competition. You can find food collection bins placed on campus at the bottom floor of the CCT building.

Visit http://bitly.com/bytesforbites for more details!

B4B(CSU Chapter)Food Drive Poster PDF (1)

E.A.T. Summer Event

On Wednesday, June 29th, the UITS department held the E.A.T. (Engagement Activity Team) Summer Event. The event took place in the Recreation Center from mid-morning to late afternoon, and there were a variety of games available to help promote the professional development of the team. The games that were played included:

  • Minefield game, where teams had to concentrate and listen to their team member to avoid stepping on a “mine.”
  • Ping Pong to develop reactionary skills and prove that VP of IT/CIO Abraham George is indeed the best ping pong player in the department.
  • The entire UITS team was split into two groups to play Pictionary that provided team development interaction. The Orange/Green team won over the Pink/Yellow team. Congratulations!
  • Other games included: Cornhole, Scrabble, Connect 4, card games, and computer games.

Team members had the opportunity to win a variety of prizes at the event. A late lunch was provided and enjoyed by all. Team members who attended the event shared lots of laughs and camaraderie. Thank you to the E.A.T. team who organized our day!

EATsummer-1 EATsummer-27