Search

Home > Security News Updates

Security News Updates

Monday, 1 February 2021
Beware of latest file sharing phishing attempt - Feb 2021

The UCT Computer Security Incident Response Team (CSIRT) is investigating a new phishing attempt that asks you to open a shared file. The email contains a PDF attachment as well as a link to a shared document. By clicking on either you’re redirected to a webpage that resembles the Microsoft login page.

What do I do?

If you receive such an unexpected email request, even if it looks like it is from one of your contacts or a legitimate company, please do not click the attachment or link. First contact the individual to verify that they sent it.

If they did not send it, please inform the IT Helpdesk immediately by sending the email on to icts-helpdesk@uct.ac.za. You can then delete the email. The same advice applies to any suspicious emails you receive on your UCT account.

If you have already clicked the attachment or link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your UCT password

What happens if I clicked the attachment or link and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password
  2. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Wednesday, 14 October 2020
Latest phishing attempts pretend to be from UCT Vice-Chancellor

The UCT Computer Security Incident Response Team (CSIRT) and IT Helpdesk are currently investigating two new phishing attempts that appear to be sent from the Vice-Chancellor. The first one entitled Mamokgethi Phakeng shared “UCT Forthcoming Projects” with you requests that you click the provided link. The second one entitled Projects and Agenda, requires that you open the attached PDF file.

What do I do?

  • DO NOT CLICK THE ATTACHMENT OR LINK IN THE EMAIL.
  • If you receive any of these emails or observe suspicious activity on your UCT account, please inform the IT Helpdesk immediately by sending an email to icts-helpdesk@uct.ac.za
  • If you clicked the attachment or link in the email, DO NOT enter your details if prompted. Instead, run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your password

What happens if I clicked the attachment or link and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password
  2. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Thursday, 27 August 2020
Latest phishing attack: Update your mailbox

The UCT Computer Security Incident Response Team (CSIRT) is currently investigating a new phishing attempt, which pretends to be from Microsoft. The email entitled Your mailbox requires update urges you to update your mailbox before 28 August 2020, or else it will be deactivated.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you clicked the link, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your password

What happens if I clicked the link and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password
  2. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Friday, 15 May 2020
Copyright violations are a serious offence

Since the start of the national lockdown, the UCT CSIRT has noted a significant increase in illegal downloads, such as movies and series, from various websites.

We understand that the national lockdown has left you with limited entertainment options, but UCT continues to respect copyright law and requires that all staff and students abide by the law too.

If it’s copyrighted, don’t download it

All copyrighted content is protected by laws and you may not download it without permission from the owner. If you are caught illegally downloading copyrighted content, you could face disciplinary and/or legal action. Your UCT network account will also be disabled should you be found to be in contravention of copyright laws and offend a second time.

Some illegal downloads may contain malware, which could infect your computer and the UCT network. To guard against this, use our remote working safety guide to ensure your device and home network are secure and not easy targets for cybercriminals.

Additionally, because UCT is listed as the offending institution, the university could get a bad reputation for allowing illegal downloads, and in extreme cases, UCT could be subjected to legal action. Furthermore, Internet Service Providers (ISP) and other organisations may choose to block UCT IP addresses. This would have an adverse effect on teaching, learning and research activities at UCT, which rely on national and international co-operation with other educational and research institutions.

Ensure that you abide by UCT’s policies and guidelines

The UCT Policy and Rules on Internet and Email use outlines the conditions that staff and students need to abide by when using these resources. Failure to comply with these conditions will be handled in accordance with procedures established for staff or student discipline. As an ISPA member, UCT is expected to abide by their policies around illegal content downloads and circulation via our network.

Let’s all work together to ensure we respect copyright.

Friday, 15 May 2020
Beware. Phishing emails are on the rise

We have seen a spate of phishing emails being sent to campus with the most recent attempt requesting staff to click a link to approve a salary increase. Upon clicking the link, either a PDF file is downloaded or the sender is redirected to a malicious website where they are required to enter their UCT username and password.

Other phishing emails that have also been doing the rounds include:

  • Some students have been contacted by people pretending to be mobile service provider employees. The caller claims that their mobile number is being used by someone else on their system, and to rectify the error, students are asked to create a new PIN.
  • Some academic staff have also received spear phishing emails from a malicious individual who pretends to be a person in authority. In most cases, the spoofed email is that of a Dean. Most of the time, the spoofed email address contains some aspects of the senior leader’s UCT email address, such as name.surname, but ends with gmail.com or outlook.com. Upon responding to their email, the sender indicates that they urgently need the person to buy some form of voucher.

Tell-tale signs of a phishing email

  • The email address is not legitimate.
  • The cautious banner that appears in the header of external emails, is visible in an email from an alleged @uct.ac.za or @myUCT.ac.za email address.
  • The message may be poorly written.
  • The nature of the request is highly unusual and is emphasised as being urgent.

View our phishing infographic for more signs.

Managing unusual or suspicious email messages

All of these emails require you to either download an attachment or click a link and enter your UCT username and password.

In the case of an email attachment:

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the attachment and run a full anti-virus scan of your machine.

Where links are provided:

  • DO NOT CLICK THE LINK. Instead, delete the email.
  • If you clicked the link and/or entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please do the following:
  1. Change your password immediately, on a device that you know to be free of malware and infection.
  2. Run a full anti-virus scan of your machine.
  3. Send an email to the IT Helpdesk informing them that your details may have been compromised, but that you’ve changed your password and completed the scan.

Please remember:

  • Don't ever reply to emails, messages, or calls that request personal information – especially usernames and passwords.
  • NEVER share your password or PIN with anyone – not even an ICTS representative, or representatives of your bank, mobile network, or other service providers.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the IT Helpdesk at icts-helpdesk@uct.ac.za. You can report any other cybersecurity issues to the CSIRT at csirt@uct.ac.za.
Tuesday, 7 April 2020
Using video conferencing safely and securely

Video conferencing has become a core part of staying connected to each other. It is being used to conduct meetings locally and abroad, and will soon play a critical role in teaching and learning at South African universities.

That’s why we all need to play our part in ensuring that we take the necessary security measures when using the wide array of available tools – including Skype for Business, Zoom, Microsoft Teams, and others.

Safety recommendations

Video conferencing tools allow you to interact via audio, video, and instant messaging. You can also share your screen and collaborate on files in real-time. Each tool has a range of functions to help you work effectively. However, cybercriminals are aware of these too, and depending on your remote work setup, they could intercept information via your home wireless network.

We have compiled a list of things to remember when setting up or participating in web conferences.

  • Set up meetings using a secure option such as Outlook. It is reliable, works and has the option to set up meetings via Skype for Business or Microsoft Teams. If you’re using any other application, simply include the login instructions at the bottom of the meeting invitation.
  • Avoid sharing online meeting links on public websites or social media.
  • Choose your video conferencing tool carefully when discussing confidential information. Rather stick to those supported by ICTS, and don’t discuss sensitive matters with those not privy to that information.
  • Ensure that only invited delegates are part of the video call. If you’re using a platform that doesn’t automatically list participants’ names, ask each participant to identify themselves. Alternatively, if you’re using Zoom, provide attendees with a password to participate or use the waiting room functionality.
  • Mute your mic when not speaking during a video conference call. This ensures that there are no distracting background noises, and that you and others can clearly hear the speaker.
  • Use headphones when in public spaces, especially if sensitive information is being discussed. You never know who could be listening. Alternatively, sit in a private room where you can’t be overheard.
  • Check your camera placement before partaking in a video call. Try to only show your face, so that no private or confidential information can be seen by participants. Some applications such as Microsoft Teams include a ‘blur background’ feature you can use.
  • Before sharing your screen, make sure that only the document or application that you want to show is visible. This way, participants won’t be able to see what else you’re working on.
  • Control who can participate in the meeting (i.e. share content, request screen sharing access, publicly speak, etc.) using the tool’s provided settings.
  • Always ensure that your video conferencing tools are up to date to minimise any loopholes for cybercriminals to violate your privacy.

Remember: it is up to each one of us to ensure that our data and the UCT network remains secure.

Tuesday, 28 January 2020
New Internet Explorer vulnerability

We are aware of a new vulnerability affecting some versions of Microsoft’s web browser, Internet Explorer.

Cybercriminals are exploiting this vulnerability by creating a website and sending an email encouraging you to visit it. When visiting this website via Internet Explorer, the cybercriminal implements commands without the user’s knowledge. These include installing programs, editing existing user rights, and deleting data.

Microsoft is currently working on a solution

Microsoft is currently working on a fix for this vulnerability and will release it in their next round of software and patch updates scheduled for Tuesday, 11 February 2020. 

In the meantime, we ask that you please be wary of emails that request you to visit websites that you’re unfamiliar with.

You can report all suspicious emails sent to your UCT or myUCT mailbox to icts-helpdesk@uct.ac.za.

Remember these security tips

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. By replying, you are confirming your email address as valid and will only encourage more spam.
Wednesday, 25 January 2017
Scam Week

Cyber criminals are always on the lookout for opportunities to con people into sharing their information, or even worse getting their hands on your hard-earned money. Sometimes they use scams which are obvious that you can spot aren’t real. Other times though, they tend to be a bit more sophisticated in their attempts, which could lead you to believe you’re in trouble with the law.

One of the most common tactics that they use, is to scare you into giving them what they want. They would contact you and say that they are from the South African Revenue Service (SARS), from a reputable company, or the traffic department and make certain demands. If you don’t comply, they threaten to have you arrested, or pay a heavy fine.

If you get an email or phone call from a company, government department or organisation that makes you uneasy about action that you need to take, rather err on the side of caution, and verify that this is a genuine email. Make notes of what was said during the conversation and who you spoke to. Thereafter, contact the entity directly by using their contact details that is listed on their website or telephone directory. Never use the email address or phone number provided by the person who contacted you.

If you receive a suspicious email in your UCT mailbox, you can forward it to the UCT Computer Security Incident Response Team (CSIRT) at uctcsirt@uct.ac.za.

Remember these security tips

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. By replying, you are confirming your email address as valid and will only encourage more spam.
  • Don't forward chain letters or marketing material.
Wednesday, 29 May 2019
New vulnerability affecting Windows 7 and earlier versions

ICTS has been made aware of a new vulnerability affecting the Remote Desktop Service (RDS) on Windows 7, XP, Server 2003 and Server 2008. RDS allows you to access your UCT computer when you are off campus and logged into the UCT VPN, provided you previously set it up to do so.

Vulnerability impact

The attack takes place undetected using pre-authentication. Once connected to the device, the attacker can use it to spread malware and exploits, as well as install programs, view, change, or delete data, or create new accounts with full user rights.

What do I need to do?

Due to the severity of the vulnerability, Microsoft has released updates via the Microsoft Update Catalog and WSUS, despite some of the affected Windows versions no longer being supported.

If your computer is set up to accept updates via WSUS, it will automatically receive the update at 2pm today and be protected. Your Windows computer may be forcibly restarted to apply patches to the operating system.

If your computer is not set up to accept updates via WSUS, we encourage you to install the required update as soon as possible to ensure your machine as well as the UCT network remains protected. Once installed, follow these recommended remediations tips provided by Microsoft:

  • Disable Remote Desktop Services if not required
  • Regularly run a full anti-virus scan on your machine
  • Ensure the anti-virus on your machine is up-to-date
  • Keep your firewall turned on
    Note: This could affect the remote desktop functionality of your machine.
Monday, 13 August 2018
Shaming scam just another way to get access to your money

In recent days, media outlets have been reporting on the Belarus shame scam in which cybercriminals target individuals – asking them to pay a hefty ransom fee to avoid “compromising” personal information being made public.

How it works

A potential victim receives an email, WhatsApp, or Facebook message from a cybercriminal. The message claims that the criminal used malware to get incriminating or embarrassing information about the victim. If the victim doesn’t immediately pay a ransom fee, the criminal threatens to publish the information online, or share the information with the victim’s contacts.

To make the scam seem even more legitimate, the criminal includes the victim’s username and password for an online account. In actual fact, they have taken these login details from a previous security breach – where the victim’s account has been compromised. That account might not even be used by the victim anymore.

Safeguard yourself

These kinds of attacks are becoming more common in South Africa, so it’s crucial to always remain vigilant.

One of the most important ways you can protect yourself from such attacks is to use a different password for each of your accounts. That way, if one account is compromised, the others will remain secure. You can use a password manager to help you remember your passwords.

In addition, please remember these security tips:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. By replying, you are confirming your email address as valid and will only encourage more spam.
  • Don't forward chain letters or marketing material.
  • Don't respond to emailed competitions.

Pages