Information Security

 

April 2016

Phishing Campaign Targeting the University WebAuth

OxCERT have received reports of a convincing phishing email campaign targeting the University WebAuth. The email contains a link that redirect users to a fake web page. The fake web page is a copy of the University WebAuth login page.

If you receive an email with the subject line "Important : Oxford Server Overload Notice", please report it to OxCERT at phishing@it.ox.ac.uk

An example of the email can be seen below:

Posted in
Unsupported QuickTime for Microsoft Windows

According to the following US-CERT report, Apple Inc. will no longer be providing security updates for QuickTime for Microsoft Windows:

https://www.us-cert.gov/ncas/alerts/TA16-105A

 

Posted in
Badlock vulnerability

The "Badlock" vulnerabilities previously mentioned have now gone public. Updated versions of Samba have been released and are available from https://www.samba.org/

OxCERT bulletins for Samba and for Microsoft's April updates should follow tomorrow.

Posted in
Badlock vulnerability: 12 April updates for Windows and Samba

On 12 April a critical vulnerability in both Samba and in Microsoft Windows will be disclosed, and updates will be released.  This is believed to be serious so please be prepared to apply updates promptly.  Please note that Samba 4.1 and earlier are no longer supported by the Samba project, and will not receive updates.  Please note that co-ordinated disclosure will be at 1800 BST, in accordance with Microsoft's regular update cycle but not our regular working hours.

Posted in