Search

Security Updates

Wednesday, 29 May 2019
New vulnerability affecting Windows 7 and earlier versions

ICTS has been made aware of a new vulnerability affecting the Remote Desktop Service (RDS) on Windows 7, XP, Server 2003 and Server 2008. RDS allows you to access your UCT computer when you are off campus and logged into the UCT VPN, provided you previously set it up to do so.

Vulnerability impact

The attack takes place undetected using pre-authentication. Once connected to the device, the attacker can use it to spread malware and exploits, as well as install programs, view, change, or delete data, or create new accounts with full user rights.

What do I need to do?

Due to the severity of the vulnerability, Microsoft has released updates via the Microsoft Update Catalog and WSUS, despite some of the affected Windows versions no longer being supported.

If your computer is set up to accept updates via WSUS, it will automatically receive the update at 2pm today and be protected. Your Windows computer may be forcibly restarted to apply patches to the operating system.

If your computer is not set up to accept updates via WSUS, we encourage you to install the required update as soon as possible to ensure your machine as well as the UCT network remains protected. Once installed, follow these recommended remediations tips provided by Microsoft:

  • Disable Remote Desktop Services if not required
  • Regularly run a full anti-virus scan on your machine
  • Ensure the anti-virus on your machine is up-to-date
  • Keep your firewall turned on
    Note: This could affect the remote desktop functionality of your machine.
Monday, 13 August 2018
Shaming scam just another way to get access to your money

In recent days, media outlets have been reporting on the Belarus shame scam in which cybercriminals target individuals – asking them to pay a hefty ransom fee to avoid “compromising” personal information being made public.

How it works

A potential victim receives an email, WhatsApp, or Facebook message from a cybercriminal. The message claims that the criminal used malware to get incriminating or embarrassing information about the victim. If the victim doesn’t immediately pay a ransom fee, the criminal threatens to publish the information online, or share the information with the victim’s contacts.

To make the scam seem even more legitimate, the criminal includes the victim’s username and password for an online account. In actual fact, they have taken these login details from a previous security breach – where the victim’s account has been compromised. That account might not even be used by the victim anymore.

Safeguard yourself

These kinds of attacks are becoming more common in South Africa, so it’s crucial to always remain vigilant.

One of the most important ways you can protect yourself from such attacks is to use a different password for each of your accounts. That way, if one account is compromised, the others will remain secure. You can use a password manager to help you remember your passwords.

In addition, please remember these security tips:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. By replying, you are confirming your email address as valid and will only encourage more spam.
  • Don't forward chain letters or marketing material.
  • Don't respond to emailed competitions.
Monday, 13 August 2018
Beware of latest SARS phishing attack

There is currently a South African Revenue Services (SARS) phishing attack doing the rounds on campus. Emails entitled “SARS eFiling” are being sent by various @sun.ac.za email addresses asking you to login to your eFiling account to view an EMP Statement of Account.  

The UCT Computer Security Incident Response Team have put the necessary security measures in place, and have blocked the links. Additionally, the UCT CSIRT team has been in contact with Stellenbosch University’s CSIRT to inform them of the phishing attack, and they are taking steps to stop it from happening.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your SARS eFiling password. 

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. Please:

  1. On a device that you know to be free of malware and infection, change your SARS eFiling password. 
  2. Inform SARS about this phishing attack and that you have provided your details.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Monday, 3 October 2016
Security News Updates

Pages