Scam and phishing campaign continues at high volume. Aalto It Service has produced two sets of instructions for users to help to battle against this menace. The first is a top-10 list of how to recognize a malicious email and the other is a advisory on how to send the samples to us for analysis.
The first has been published earlier (our email lecture and latest ITS newsletter) but have been a lot shorter. This new version is more self-explanatory. The other is an advisory based on the counterpart from Sophos (producer of our junk email filter) and advices how to send samples to us in a specific form so we can pass the on to Sophos if needed. Sophos says our filter is a learning one and if we send them samples, it will be more efficient even against messages written in exotic languages like (bad) Finnish. After sending a bit less than 200 samples we have seen first signs of this and would like to keep on feeding them in the future too.
English translations of these two will be published later. The work has started but we saw the need to publish Finnish versions as soon as possible. Find the instructions in Finnish here and here.
Several companies have released updates lately. Microsoft released a big and important June update bundle. Adobe updated Flash Player with critical patches and OpenSSL got fixed too – again with very important pathces. Please, keep your boxes updated as the summer holidays are about to start (or have started for some).
More information:
- https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-046.html
- https://www.viestintavirasto.fi/kyberturvallisuus/haavoittuvuudet/2015/haavoittuvuus-2015-047.html
- https://www.us-cert.gov/ncas/current-activity/2015/06/12/OpenSSL-Patches- -Multiple-Vulnerabilities
Aalto IT services also inform that the LastPass service reports it has been hacked. As far as we know this service is not widely used in Aalto but we would like to pass this warning just in case. If it has been used, a password change is more than recommended .
More informatio: https://www.viestintavirasto.fi/kyberturvallisuus/tietoturvanyt/2015/06/ttn201506160944.html