Information Security

 

Current Alerts

Critical zero-day vulnerability in Microsoft Office

A recently discovered critical zero-day attack is being abused to distribute malware. The attack exploits a currently unpatched vulnerability in Microsoft Office to download and execute malicious code on victims' computers. OxCERT would like to warn against opening Office attachments from unknown sources. It is believed, that using Protected View (https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653) is a good measure of protecting against the attack.   https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-... Continue reading

Posted in

End of life for Windows Vista

Windows Vista will exit the Microsoft extended support phase at the end of April 11th, and will no longer receive any support: https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet Systems which are still running Vista should be upgraded before this date, or mitigating controls put in place to guard against future vulnerabilities which will not be patched. Mainstream Vista support ended on 12th April 2012. [DMT]

Posted in

Red Hat EL 5 reaching its end of life March 2017

The Red Hat team has published a reminder that Red Hat Enterprise Linux 5 and its clones, such as CentOS, will reach the end of their supported life cycles at the end of March 2017 https://rhn.redhat.com/errata/RHSA-2017-0340.html As a guide, Red Hat Enterprise Linux 5 was released March 2007 (& superseded by RHEL 6 in November 2010), so it is a contender for being on systems that are 7 to 10 years old. If you have RHEL 5.X deployed you will need to make plans to migrate to a supported OS or purchase 'Extended Life Cycle Support' if you need cover out to 2020. [APL]

Posted in

Be careful with email

The Information Security and Information Compliance Teams have responded to several incidents this year where confidential data was exposed over email. In these cases individuals had failed to adequately protect documents before sending emails or not double-checked that the recipients were correct. These incidents create distress for individuals, divert resources away from core activities and ultimately put the University at risk. Remember that information security is everyone’s responsibility, so make sure you know how to stay safe on email. Check out our “I Want To…” on this topic for... Continue reading

Posted in

SHA1 proven to be insecure

It has been believed for several years now that SHA1 is not secure. It has now been proven that collisions can be generated and the method will be made publicly available. OxCERT recommend moving away from using any service that still relies on SHA1. Full article here: https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html  

Posted in
Subscribe to Current alerts listing