Information Security


Current Alerts

WPA2 key reinstallation attacks (KRACKs)

Security researchers have disclosed a vulnerability in the handshake mechanism unpinning the WPA2 (Wi-Fi Protected Access) protocol. The class of attack has been named 'key reinstallation attacks' (KRACKs) The vulnerability potentially allows an attacker to attack to decrypt packets sent by clients. Mitigation of the vulnerability will require patching software on clients (i.e. on laptops, phones, tablets). Linux systems notably Android are known to be vulnerable. The vulnerability does not allow the shared secure (password) to be compromised and equally although access point vendors... Continue reading

Posted in

End of Life for Microsoft Office 2007

This is a reminder that the end of life date for Office 2007 is October 10, 2017. When Office 2007 reaches its End of Life, Microsoft will no longer provide: Technical support for issues Bug fixes for issues that are discovered Security fixes for vulnerabilities that are discovered In addition, as of October 31, 2017, Outlook 2007 will be unable to connect to Office 365 mailboxes, which means Outlook 2007 clients using Office 365 will not be able to receive and send mail. For more information, see RPC over HTTP deprecated in Office 365 on October 31, 2017.... Continue reading

Posted in

End of mainstream support on Office for Mac 2011

On October 10, 2017, mainstream support will end on Office for Mac 2011. There will be no new security updates, non-security updates, free or paid assisted support options or online technical content updates after this date. Additionally, Office for Mac 2011 will no longer be an option for download through the Office 365 portal. Further information can be found on the Microsoft blog at:

Posted in

LDAP Amplification Denial of Service Attacks

OxCERT have been notified that a number of hosts within the University network have LDAP servers lisenting for requests on UDP port 389. Such hosts can be used in denial of service attacks against other hosts both internally and on the wider internet. Please see OxCERT Bulletin OSB2017-10 for more details.

Posted in

E-mail campaign distributing malware

A wave of malicious e-mail has recently come to our attention. Different variants have been seen, but all of them attempt to trick users into following a link which leads to a site used to install malware. A typical example is shown below: Good Day [User], Thanks for the mail. Pay your invoice here: We can help if you have any question related to this invoice. Thank you, [User] If you have received a similar e-mail and clicked the link please contact your local IT support immediately. See our guidance on spotting scam e-mail and...

Posted in
Subscribe to Current alerts listing