Cyber Security Awareness Month

Information Security

  1. Home
  2. Departments
  3. Computer Services Center
  4. Information Security

Mission Statement

The Information Security Office is committed to lowering the risk profile of the University’s electronic information by implementing industry best practices to protect the confidentiality, integrity, and availability of student, faculty, and staff information. We uphold the University’s compliance obligations by developing information security policies, providing security awareness training, and overseeing the implementation of strategic information security initiatives.

Scam of the Week

This Isn't Your Pal, It's a Phish

In this week’s scam, cybercriminals are using a clever trick that makes their phishing emails seem more real than ever. You receive an email from a real PayPal email address. The email contains an invoice for a large purchase you did not make, and a phone number for you to call if you want to dispute the charge. Even though the email comes from a real PayPal email address, this is actually a scam.

Cybercriminals create a PayPal account and use it to send you a fake payment invoice. The email you receive is real, but the invoice is not, and if you call the phone number in the email, you will not be connected to PayPal's support team. Instead, your call will be answered by a cybercriminal who will pretend to work for PayPal support. They will try to trick you into giving them your credit card information for a "refund," or trick you into paying a fee to fix your account!

Follow these tips to avoid falling for this phishing scam:

  • If you receive an unexpected PayPal invoice, log in to your account on the official website or app to verify if it is legitimate.
  • Remember to be wary of unusual emails, even if they come from what appears to be a genuine email address. Be suspicious of any unexpected bill or urgent request for money.
  • Don’t call the phone number listed in a suspicious email. If you have any questions or concerns, always use the official customer support number on the organization's real website.
     

 
View More
 

Time It Takes a Hacker to Brute Force Your Password in 2023

Number of Characters Number Only Lowercase Letters Upper and Lower Case Letters Numbers, Upper and Lowercase Letters Numbers, Upper and Lowercase Letters, Symbols
4 Instantly Instantly Instantly Instantly Instantly
5 Instantly Instantly Instantly Instantly Instantly
6 Instantly Instantly Instantly Instantly Instantly
7 Instantly Instantly Instantly Instantly Instantly
8 Instantly Instantly Instantly Instantly 1 sec
9 Instantly Instantly 4 secs 21 secs 1 min
10 Instantly Instantly 4 mins 22 mins 1 hour
11 Instantly 6 secs 3 hours 22 hours 4 days
12 Instantly 2 mins 7 days 2 months 8 months
13 Instantly 1 hour 12 months 10 years 47 years
14 Instantly 1 day 52 years 608 years 3k years
15 2 secs 4 weeks 2k years 37k years 232k years
16 15 secs 2 years 140k years 2m years 16m years
17 3 mins 56 years 7m years 144m years 1bn years
18 26 mins 1k years 378m years 8bn years 79bn years

 

  Latest News
QR Code Phishing - 'Quishing'
QR Code Phishing - 'Quishing'
Saturday - September 20, 2025
Malicious QR Codes are being utilized by cyber threat actors to exploit growing trust in QR code technology.
Read more
Phishing Click Rates Triple in 2024
Phishing Click Rates Triple in 2024
Wednesday - January 8, 2025
The rate at which enterprise users clicked on phishing lures nearly trebled in 2024, according to new research by Netskope.
Read more
The Most Dangerous Pop Culture Passwords in 2024
The Most Dangerous Pop Culture Passwords in 2024
Monday - June 3, 2024
In a world where over 2,200 cyberattacks are made per day, passwords are an internet user's baseline defense against digital ne'er-do-wells.
Read more
more news updates

Cyber Security Alerts

What is being exploited?
Vulnerability in Windows CryptoAPI that allows malicious executables using a spoofed code-signing certificate to appear as if it was from a trusted source.

What does this affect?
Attackers can conduct man-in-the-middle attacks and decrypt confidential information on user connections to spoofed software that appears legitimate.

Which Operating Systems does this affect?
Windows 10, Windows Server 2016, and Windows Server 2019

How to mitigate this?
Apply critical patches to affected systems as soon as possible.

For more information:
CVE-2020-0601

What is being exploited?
Vulnerability in Windows Remote Desktop Gateway (RD Gateway) that allows specially crafted requests to execute arbitrary code on the target system.

What does this affect?
Attackers can gain access to the target system with full user rights that would allow them to install programs; view, change, or delete data; or create new users.

Which Operating Systems does this affect?
Windows Server 2012, Windows Server 2016, and Windows Server 2019

How to mitigate this?
Apply critical patches to affected systems as soon as possible.

For more information:
CVE-2020-0609 & CVE-2020-0610

What is being exploited?
Vulnerability in Windows Remote Desktop Client that allows the server to execute arbitrary code on the target system after an unsuspecting user connects to it.

What does this affect?
Attackers can trick the user into connecting to a compromised server and gain access to the target system with full user rights that would allow them to install programs; view, change, or delete data; or create new users.

Which Operating Systems does this affect?
Windows 7, Windows 8, Windows 10, Windows RT, Windows Server 2008, Windows Server 2012, Windows Server 2016, and Windows Server 2019

How to mitigate this?
Apply critical patches to affected systems as soon as possible.

For more information:
CVE-2020-0611

Windows 10 & Windows Server 2016 and newer
1. Search: Check for Updates

2. Click “Check for Updates” then install all updates

Windows 8 and older & Windows Server 2012 and older
1. Navigate: Control Panel > System and Security > Windows Update

2. Click “Check for Updates” then install all updates