Information Security


January 2016

Phishing "Tax Refund" e-mails

We've been alerted to a fresh batch of phishing e-mail claiming to be about tax refunds. Whilst relatively common at this time of year, these are more professional than usual and as such pose a higher risk of fooling unwary targets.

An example is shown below. Please would you pass on appropriate warnings to vulnerable user groups.

Posted in
Malware attachments to e-mails

OxCERT is aware of fresh reports of staff receiving emails with attachments which are suspected to contain malware.

An example of a recent email which was accompanied with an infected .doc file (MS-word) is given below:

Posted in
Phishing campaigns targeting students

Many universities have reported seeing evidence of a phishing campaign targeting students during 2015. Emails arrive in student inboxes claiming to be from the ‘finance department’ or the ‘Student Loans Company’ and congratulating students on be being eligible for additional funds. The emails urged students to sign up to collect the funds and helpfully providing a link to do so. The emails can be well written, sound official and mention sources of authority; the university, the student loans company, and the government but they are a scam.

Posted in
Fortinet OS SSH Backdoor

If you have a Fortinet device running an elderly version of FortiOS 4.x or 5.x, there is a reasonable chance your device is vulnerable to a hardcoded 'interactive login vulnerability', more commonly called a 'backdoor'.

Posted in
End of life for Windows 8 and old Internet Explorer versions

As of today, Windows 8 and old versions of Internet explorer are unsupported. This means that if any new vulnerabilities are discovered they will not receive security updates. It is thus vital that you upgrade as soon as possible, if you have not done so already.

More information on the Windows 8 end-of-live are available on our previous post at

Posted in
End of life for Windows 8

Whilst it may come as somewhat of a surprise, Windows 8 will be unsupported as of next Wednesday (13th January).This comes about due to the fact that Microsoft classifies Windows 8.1 as a service pack and not a full new version of Windows, and as such requires it to be installed in order to continue receiving security updates. Furthermore, because Windows 8.1 is not delivered by Windows Update (it’s in the Windows Store) many people are completely unaware of its existence and will not realise they need to install it.

Posted in