Educause Security Discussion mailing list archives
Re: neuralgic.net
From: Paul Chauvet <chauvetp () NEWPALTZ EDU>
Date: Thu, 11 Feb 2016 00:57:15 +0000
We also received a notice from them, and it let us know about one of our Wordpress sites (that is not managed by the normal server group) that was out of date. As others have said, it was a valid report and was useful, but still surprising to see it out of the blue like that. It was sent to our technical and administrative contacts on our whois record. Paul Chauvet Information Security Officer State University of New York at New Paltz 845-257-3828 chauvetp () newpaltz edu [http://www.newpaltz.edu/identity/toolbox/emlogo.png] ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Hillhouse, Bob (Bob) <bob () UTK EDU> Sent: Wednesday, February 10, 2016 12:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] neuralgic.net We received the same notice and did a bit of investigation into both the monitoring service and the findings of the report. It was accurate. It's also pretty revealing when you look at the reports for other universities and government agencies that have been hacked. We didn't seek out the service but pursue the findings. - Bob Hillhouse, CISSP Associate CIO & Chief Information Security Officer The University of Tennessee, Knoxville bob () utk edu<mailto:bob () utk edu> 865-406-8981 (cell) 865-974-8445 (office) Keep your NetID information secure. Don't reply to any email or click on a link that asks for your personal information. Report any suspicious requests to the OIT HelpDesk at (865) 974-9900. From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of "Frazier, William S [ITSYS]" <frazier () IASTATE EDU<mailto:frazier () IASTATE EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, February 10, 2016 at 10:48 AM To: <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] neuralgic.net We got this today. Sent to our admin and tech mailing addresses. I don't believe it is something we sought but we are going to validate and, if valid, pursue. Bill ---------------------------------------------- William Frazier Iowa State University frazier () iastate edu<mailto:frazier () iastate edu> From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Patricia Malek <pamalek () LOYOLA EDU<mailto:pamalek () LOYOLA EDU>> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, February 10, 2016 at 9:31 AM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] neuralgic.net Good Morning, I am wondering if anyone has received an alert from an organization called Neuralgic (www.neuralgic.net<http://www.neuralgic.net>) regarding vulnerabilities they specifically identified on your websites? According to their website, they define their organization as: Neuralgic crawls and detects specific hack patterns such as code injections hitting the safety, the integrity and the notoriety of university and government websites in order to help CISO and webmasters to discover, clean it up and enhance the cybersecurity of their organization. Neuralgic has been thanked by CERTs and Universities from 5 continents. I hoping to get some feedback regarding the legitimacy of the organization and if anyone has signed up for their service. Thank you for your attention in this matter. Patricia Malek, CISSP, GSEC Director of Security Technology Services Loyola University Maryland Office - 410-617-5533 pamalek () loyola edu<mailto:pamalek () loyola edu> Security Alert: Loyola Technology Services will never ask for your password. Please do not share it with others.
Current thread:
- neuralgic.net Patricia Malek (Feb 10)
- Re: neuralgic.net Greg Williams (Feb 10)
- Re: neuralgic.net Frazier, William S [ITSYS] (Feb 10)
- Re: neuralgic.net Hillhouse, Bob (Bob) (Feb 10)
- Re: neuralgic.net Paul Chauvet (Feb 10)
- Re: neuralgic.net Jimenez, Julio (Feb 10)
- Re: neuralgic.net Hillhouse, Bob (Bob) (Feb 10)