We've been alerted to a fresh batch of phishing e-mail claiming to be about tax refunds. Whilst relatively common at this time of year, these are more professional than usual and as such pose a higher risk of fooling unwary targets.
An example is shown below. Please would you pass on appropriate warnings to vulnerable user groups.
OxCERT is aware of fresh reports of staff receiving emails with attachments which are suspected to contain malware.
An example of a recent email which was accompanied with an infected .doc file (MS-word) is given below:
Many universities have reported seeing evidence of a phishing campaign targeting students during 2015. Emails arrive in student inboxes claiming to be from the ‘finance department’ or the ‘Student Loans Company’ and congratulating students on be being eligible for additional funds. The emails urged students to sign up to collect the funds and helpfully providing a link to do so. The emails can be well written, sound official and mention sources of authority; the university, the student loans company, and the government but they are a scam.
If you have a Fortinet device running an elderly version of FortiOS 4.x or 5.x, there is a reasonable chance your device is vulnerable to a hardcoded 'interactive login vulnerability', more commonly called a 'backdoor'.
As of today, Windows 8 and old versions of Internet explorer are unsupported. This means that if any new vulnerabilities are discovered they will not receive security updates. It is thus vital that you upgrade as soon as possible, if you have not done so already.
More information on the Windows 8 end-of-live are available on our previous post at https://www.infosec.ox.ac.uk/current-alert/end-life-window-8.
Whilst it may come as somewhat of a surprise, Windows 8 will be unsupported as of next Wednesday (13th January).This comes about due to the fact that Microsoft classifies Windows 8.1 as a service pack and not a full new version of Windows, and as such requires it to be installed in order to continue receiving security updates. Furthermore, because Windows 8.1 is not delivered by Windows Update (it’s in the Windows Store) many people are completely unaware of its existence and will not realise they need to install it.