Re: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171)

["Jim A. Bole" <jbole () STEVENSON EDU>]

Ben,

Is legacy auth still enabled? In my previous job we had to keep legacy auth enabled when we turned on MFA due to some 
older apps. We didn't realize it had been left enabled. We saw several attackers able to bypass MFA simply by using an 
older Outlook client that didn't have modern auth....

Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu | O: 443-334-2696



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Cecka, Benjamin
Sent: Tuesday, September 10, 2019 4:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171)
________________________________
We also had a near hit at our campus yesterday with a phished email account and solid attempt at paycheck redirection. 
It was caught via non-technical controls and we're still investigating how O365 MFA was bypassed. The attempt also 
pointed to an Amex bank as others in this thread have reported.


Ben Cecka

Information Security Manager

Clark College, IT Services

bcecka () clark edu<mailto:bcecka () clark edu>

360.992.2194

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of SECURITY automatic digest system <LISTSERV () LISTSERV EDUCAUSE EDU<mailto:LISTSERV () 
LISTSERV EDUCAUSE EDU>>
Sent: Tuesday, September 10, 2019 12:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171)

There are 10 messages totalling 10701 lines in this issue.

Topics in this special issue:

  1. Fake Direct Deposit Forms (8)
  2. Secrets management and PAM
  3. Job Opportunity: Senior IT Security Compliance Analyst position at the
     University of Oregon (UO)

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829790358&sdata=EraQzjUEi%2BuiFK4s4NlIGvdCqNc8zid3WNFX8kOheG8%3D&reserved=0>

----------------------------------------------------------------------

Date:    Tue, 10 Sep 2019 15:14:29 +0000
From:    "King, Ronald A." <raking () NSU EDU<mailto:raking () NSU EDU>>
Subject: Fake Direct Deposit Forms

As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms 
included the victims correct address and social. Both would have redirected full paychecks to American Express National 
Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss 
of the pertinent info, we cannot be the only institution seeing this.

Ron

Ronald King
Chief Information Security Officer

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829790358&sdata=QiFel35NRQvO%2B%2BgVY%2FXOti5EoXnGHlX0xbx6H1JVfrI%3D&reserved=0>>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829800352&sdata=G7jsD2TAvdGYclPJKwt9c1qnYDcgbLPJZJJlPN%2BJJbk%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 16:02:19 +0000
From:    "Stevenson,Katherine Talia" <katherine.stevenson () LOUISVILLE EDU<mailto:katherine.stevenson () LOUISVILLE 
EDU>>
Subject: Re: Fake Direct Deposit Forms

We received a warning about this sort of scam from Kentucky Homeland Security just this morning. The attack seems to be 
targeting government and edu sectors.


--

Katherine Talia Stevenson

(she/her/hers) (what's 
this?<https://www.glsen.org/article/pronouns-resource-educators<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.glsen.org%2Farticle%2Fpronouns-resource-educators&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829810344&sdata=BJOe6S9sRslr%2FIK%2BoOn5VKdR36wMv0DD3Y9NcEfyDlA%3D&reserved=0>>)

Executive Director - Enterprise Technology Services

Member - Commission on the Status of Women

University of Louisville - Information Technology Services

Phone: +1 (502) 852-2767

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of King, Ronald A. <raking () NSU EDU<mailto:raking () NSU EDU>>
Sent: Tuesday, September 10, 2019 11:14
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Fake Direct Deposit Forms


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you 
recognize the sender and know the content is safe.

As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms 
included the victims correct address and social. Both would have redirected full paychecks to American Express National 
Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss 
of the pertinent info, we cannot be the only institution seeing this.



Ron



Ronald King

Chief Information Security Officer



Office of Information Technology

(757) 823-2916 (Office)

raking () nsu edu<mailto:raking () nsu edu>

www.nsu.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nsu.edu_&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=oaCVfIRmSScohVwOIkCsmezEn3b8HWPyG2WkHUdmmyg&e=<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829810344&sdata=9hvo26TDJ1RS6zItXLh8GZ0UvTTZjS%2FoC95sxaBagU4%3D&reserved=0>>

@NSUCISO (Twitter)

[NSU_logo_horiz_tag_4c - Smaller]



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=Q0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0&e=<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity%3Chttps%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFAg%26c%3DOAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY%26r%3DUIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg%26m%3DjOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y%26s%3DQ0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0%26e%3D&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829820346&sdata=d8bAGWA1eYJGqBRqBf7Xy7UQjUnY0pcJowaq3%2B7Ew3A%3D&reserved=0>>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829820346&sdata=2%2F59ZMbeewUDpNCbscnwNV%2FWM%2ByNBFTXCcCNgnh1NuQ%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 16:25:47 +0000
From:    "Barton, Robert W." <bartonrt () LEWISU EDU<mailto:bartonrt () LEWISU EDU>>
Subject: Re: Fake Direct Deposit Forms

We've been seeing this for a while now.  We moved to a) confirming with the requestor in an email that is not a 'reply 
to' and b) requiring additional documentation.  When we do find a request for forms that is fraudulent, I've responded 
with a fake form; it has a [Image result for emoji tongue out] emoji on it (for those not receiving the pic...tongue 
out face).  We've seen less attempts lately.

Executive Director of Information Security and Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Stevenson,Katherine Talia
Sent: Tuesday, September 10, 2019 11:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Fake Direct Deposit Forms

We received a warning about this sort of scam from Kentucky Homeland Security just this morning. The attack seems to be 
targeting government and edu sectors.


--

Katherine Talia Stevenson

(she/her/hers) (what's 
this?<https://www.glsen.org/article/pronouns-resource-educators<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.glsen.org%2Farticle%2Fpronouns-resource-educators&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829830338&sdata=vY2EhigX8RVRvuF48Qn%2BpQ8phSzKnBX1Drrd4c529bc%3D&reserved=0>>)

Executive Director - Enterprise Technology Services
Member - Commission on the Status of Women

University of Louisville - Information Technology Services

Phone: +1 (502) 852-2767

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> on behalf of King, 
Ronald A. <raking () NSU EDU<mailto:raking () NSU EDU<mailto:raking () NSU EDU%3cmailto:raking () NSU EDU>>>
Sent: Tuesday, September 10, 2019 11:14
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE 
EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>>
Subject: [SECURITY] Fake Direct Deposit Forms


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you 
recognize the sender and know the content is safe.

As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms 
included the victims correct address and social. Both would have redirected full paychecks to American Express National 
Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss 
of the pertinent info, we cannot be the only institution seeing this.



Ron



Ronald King

Chief Information Security Officer



Office of Information Technology

(757) 823-2916 (Office)

raking () nsu edu<mailto:raking () nsu edu>

www.nsu.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nsu.edu_&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=oaCVfIRmSScohVwOIkCsmezEn3b8HWPyG2WkHUdmmyg&e=<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829840338&sdata=S6NlRUa%2FWVIG9U0PCl8U5NTw2xK7eX23Sq85bzHnBmc%3D&reserved=0>>

@NSUCISO (Twitter)

[NSU_logo_horiz_tag_4c - Smaller]



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=Q0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0&e=<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity%3Chttps%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFAg%26c%3DOAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY%26r%3DUIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg%26m%3DjOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y%26s%3DQ0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0%26e%3D&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829840338&sdata=Khb3q1%2Bhr0H2B3QWIBP0Vj5kJXj8E20tcGKXcUDD2eQ%3D&reserved=0>>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829850328&sdata=eOkrPHAI4kZ734VeIQbJahFe00STlbNfikiFFOQahCY%3D&reserved=0>

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829850328&sdata=eOkrPHAI4kZ734VeIQbJahFe00STlbNfikiFFOQahCY%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 16:29:20 +0000
From:    "Manjak, Martin" <mmanjak () ALBANY EDU<mailto:mmanjak () ALBANY EDU>>
Subject: Re: Fake Direct Deposit Forms

Ron,

You're not. We had an incident last week where an account was compromised and used to send the DD change request to our 
HR department. The fake check and form also referenced an American Express National Bank account. In our case, the A/C# 
was 6220124014299.

It was flagged because our form requires state assigned employee IDs, not SSN.


The emails were sourced from QuadraNet, Inc colocation centers in Atlanta, LA, and Huntsville.



The mystery we haven't solved yet is how the employee's email was compromised. No spam was sent, just the DD change 
request. They did set up an In box rule that marked any responses from HR as read and moved to the Delete folder to 
prevent the victim from being tipped off.

Marty Manjak
CISO
University at Albany

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of King, Ronald A.
Sent: Tuesday, September 10, 2019 11:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Fake Direct Deposit Forms

As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms 
included the victims correct address and social. Both would have redirected full paychecks to American Express National 
Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss 
of the pertinent info, we cannot be the only institution seeing this.

Ron

Ronald King
Chief Information Security Officer

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829860321&sdata=tLeYadWuuK%2Fle7ddN%2FS26wulDHHDbJVpe38vIZDAfU8%3D&reserved=0>>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829860321&sdata=s1qcOJcdomHIa%2F16X4on6g25UEOW5VxRkoagjdd%2F0VA%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829870317&sdata=5jX7g6Z67oSiprXyn7MPyekUalwdQ9B9QUNvJJaCmoA%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 09:33:23 -0700
From:    Sam Horowitz <samh () UCSB EDU<mailto:samh () UCSB EDU>>
Subject: Secrets management and PAM

We currently have multiple instances of Thycotic Secret Server in use
across our campus. We're looking at possibly consolidating some of those
and extending service to disparate departments that have no shared password
management solution in place. I'm looking for examples of operating
processes and service level objectives for any secrets management or PAM
solutions. Specifically, I'm interested in procedures that include
"break-glass" access in the event of a disaster where the owners of secrets
are not available and methods for access in the event of a network outage.
How do you determine who administers the service? Are the secrets managed
from a central place, or do you distribute access to different groups? If
you have a generic schema for how passwords and other secrets are organized
and access is distributed, that will also be helpful. Feel free to respond
off-list if you consider anything sensitive.
Thanks!
Sam
-------------------------------------------
Sam Horowitz, CISSP, CISM
Chief Information Security Officer
Office: (805) 893-5005
Email: samh () ucsb edu<mailto:samh () ucsb edu>
[image: UC Santa Barbara]

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829880309&sdata=F4IQPpOqaPHM9CvBrEQCcXK0Hbj2aUarf7kZI1lKzFU%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 16:43:09 +0000
From:    "Tanner, Andrea" <atanner3 () CCBCMD EDU<mailto:atanner3 () CCBCMD EDU>>
Subject: Re: Fake Direct Deposit Forms

Ron,

We have been seeing something similar here.  It is not exactly the same but the attempts are coming in and starts with 
an email asking how the DD can be changed.

Andrea
Pronouns: She/Her/Hers

Andrea Tanner, M.S. | Senior Director, Technology Support | Community College of Baltimore County
Phone: 443-840-4155  | Catonsville Campus CLLB 104B       | atanner3 () ccbcmd edu<mailto:atanner3 () ccbcmd edu>
CCBC. The incredible value of education.

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of King, Ronald A.
Sent: Tuesday, September 10, 2019 11:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Fake Direct Deposit Forms

CAUTION: This email originated from outside of CCBC. Do not click links or open attachments unless you recognize the 
sender and know the content is safe.

As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms 
included the victims correct address and social. Both would have redirected full paychecks to American Express National 
Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss 
of the pertinent info, we cannot be the only institution seeing this.

Ron

Ronald King
Chief Information Security Officer

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Catanner3%40CCBCMD.EDU%7C006209c251734d3538f408d73601959e%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637037252759604822&sdata=DlKLQobAAA9sDQPBpWtNlSSU3QCmrUCAFp1lwAX7QxY%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829880309&sdata=VAqf4jKsl7Ll1TDX7t2mqsmE0LXIU7DKwltr0rQHDmU%3D&reserved=0>>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Catanner3%40CCBCMD.EDU%7C006209c251734d3538f408d73601959e%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637037252759614820&sdata=PAYmSj9oljOYc3W9EBR7rXnViOTs%2B8agq%2B4%2BFqVRSyU%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity%3Chttps%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.educause.edu%252Fcommunity%26data%3D02%257C01%257Catanner3%2540CCBCMD.EDU%257C006209c251734d3538f408d73601959e%257C2afa200077264920a9570397c340fc3d%257C0%257C0%257C637037252759614820%26sdata%3DPAYmSj9oljOYc3W9EBR7rXnViOTs%252B8agq%252B4%252BFqVRSyU%253D%26reserved%3D0&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829890311&sdata=FBw7ML%2FrE1hD6ubXQDryWarIjb3G8rM8Ni4pUvY7Y00%3D&reserved=0>>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829890311&sdata=m08GTYsHQtdN74agrE53Xi09IIm3pMohAyE9xSt2WlQ%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 09:56:21 -0700
From:    Rich Lang <richard.lang () DOMAIL MARICOPA EDU<mailto:richard.lang () DOMAIL MARICOPA EDU>>
Subject: Re: Fake Direct Deposit Forms

Greetings Ron,

We have seen similar attempts with complete user data provided by the
actors.

Thanks,
Rich

RICHARD C. LANG, CSSLP

MARICOPA COMMUNITY COLLEGES

Director Information Technology,

Security & Planning - Red Team

2419 West 14th Street, Tempe AZ 85281

480.731.8873 | 480.731.8850

richard.lang () domail maricopa edu<mailto:richard.lang () domail maricopa edu>

www.maricopa.edu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.maricopa.edu&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829900306&sdata=S2TuODtjCfStdunAxqX75M5FX6VoII%2BGdF4bg4TFIgU%3D&reserved=0>

Shuttle Tydirium
"Do they have a code clearance?"
"It's an older code sir, but it checks out. I was about to clear them."


On Tue, Sep 10, 2019 at 8:14 AM King, Ronald A. <raking () nsu edu<mailto:raking () nsu edu>> wrote:

> As an FYI, I have had three reports of fake Direct Deposit requests. Two
> of them included completed forms. The forms included the victims correct
> address and social. Both would have redirected full paychecks to American
> Express National Bank in Salt Lake City. Attached is an image of the
> electronic check. Given the size of the Equifax breach and the loss of the
> pertinent info, we cannot be the only institution seeing this.
>
>
>
> Ron
>
>
>
> *Ronald King*
>
> *Chief Information Security Officer*
>
>
>
> *Office of Information Technology*
>
> (757) 823-2916 (Office)
>
> raking () nsu edu<mailto:raking () nsu edu>
>
> www.nsu.edu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829910299&sdata=Kew1yjmukgVMVu2%2BJWQzdnNuL%2FvjtUkatWJjAmDkaMs%3D&reserved=0>
>
> @NSUCISO (Twitter)
>
> [image: NSU_logo_horiz_tag_4c - Smaller]
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829910299&sdata=6NfLs%2BoFA4tPW0XHNT1UgEwfCi%2BrAvabw6Dm7EEBR%2BA%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829920300&sdata=3kF8tk6pyu9fHBh7Kh6vyC8u%2Ba1U6jwYE4KWVl7ndaw%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 18:21:19 +0000
From:    "Henderson, Daniel C." <dchenderson () CCIS EDU<mailto:dchenderson () CCIS EDU>>
Subject: Re: Fake Direct Deposit Forms

We have had these types of attacks occur off and on for the past few years. Our payroll office had to alter their 
processes to ensure none of the fake DD attempts were successful. The one and only time one went through, the bank 
account that the attacker had set up was already closed by the time we contacted the bank in California. We found that 
most the time an account was compromised by a phishing email that harvested user credentials, and the attacker used our 
portal to login and use fill out the proper form for a new DD location.

We have increased our security awareness training to try and prevent account compromises, with multiple phishing 
exercises yearly and knowbe4 training once a year. We have seen some success, but we know it won't be 100%. We would 
like to start using MFA to help in this effort as well, and hope to move towards some kind of MFA in the next few years.


Caine Henderson
Director of Cyber Security, Web Development, and Investigation
Columbia College
573-875-4608



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Manjak, Martin
Sent: Tuesday, September 10, 2019 11:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Fake Direct Deposit Forms

CAUTION!: This email originated from outside of Columbia College.
Ron,

You're not. We had an incident last week where an account was compromised and used to send the DD change request to our 
HR department. The fake check and form also referenced an American Express National Bank account. In our case, the A/C# 
was 6220124014299.

It was flagged because our form requires state assigned employee IDs, not SSN.


The emails were sourced from QuadraNet, Inc colocation centers in Atlanta, LA, and Huntsville.



The mystery we haven't solved yet is how the employee's email was compromised. No spam was sent, just the DD change 
request. They did set up an In box rule that marked any responses from HR as read and moved to the Delete folder to 
prevent the victim from being tipped off.

Marty Manjak
CISO
University at Albany

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of King, 
Ronald A.
Sent: Tuesday, September 10, 2019 11:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE 
EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Fake Direct Deposit Forms

As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms 
included the victims correct address and social. Both would have redirected full paychecks to American Express National 
Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss 
of the pertinent info, we cannot be the only institution seeing this.

Ron

Ronald King
Chief Information Security Officer

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829920300&sdata=vml4F8Ny2FMGKOj2fnVrNg8E35yNSqSESM%2FPd9LPAZw%3D&reserved=0>>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829930296&sdata=%2Bcl00hrkJpngh9XqHqgj2kkzSHdASpr8ccMjNdLW%2BDo%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829940289&sdata=K%2B349LdhAUr6lUvytST2xjOEcICXMW7ZRioZ1JRdhx4%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829940289&sdata=K%2B349LdhAUr6lUvytST2xjOEcICXMW7ZRioZ1JRdhx4%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 19:54:09 +0000
From:    Jose Dominguez <jad () UOREGON EDU<mailto:jad () UOREGON EDU>>
Subject: Job Opportunity: Senior IT Security Compliance Analyst position at the University of Oregon (UO)

Hello everyone. The Information Security Office (ISO) at UO is looking
to fill a position for a Senior IT Security Compliance Analyst. This is
a senior-level Security Analyst position with the ISO. The UO has
embarked on an Information Security strategic planning process,
highlighting many opportunities where information security professionals
can thrive. The UO is located in Eugene, OR, a great town and state to
live in.

If you are interested or know of anyone who is looking for a change,
please visit
http://careers.uoregon.edu/cw/en-us/job/524466/senior-it-security-compliance-analyst<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcareers.uoregon.edu%2Fcw%2Fen-us%2Fjob%2F524466%2Fsenior-it-security-compliance-analyst&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829950282&sdata=jKE8HSBfLT78dcNm1Wr%2FjmTuc94OiaEoCSJvi63O3mY%3D&reserved=0>
and submit an application.

Thank you,

José.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829950282&sdata=bxx9jtCmo8UmQVfYbJNYsf3CV994v91%2FaSa5e0FGXzI%3D&reserved=0>

------------------------------

Date:    Tue, 10 Sep 2019 19:44:24 +0000
From:    "Dickey, A. (Antoinette)" <Antoinette.Dickey () VOYA COM<mailto:Antoinette.Dickey () VOYA COM>>
Subject: Re: Fake Direct Deposit Forms

I checked with the manager of our Threat Intelligence team. He provided this information:

This article is from March, but the technique is as old as office 365 e-mail has been around, and google g suite too. 
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829960281&sdata=lCxqpC0u%2FJXVQn4l6hAipE0X72ZEV6fHsdIbpX5enH8%3D&reserved=0>
 -

Legacy email access protocols are enabled by default and do not support MFA (IMAP protocol has no support for a second 
form of authentication).  Albany.edu has its email through office 365, so there is a chance this is how the bad guys 
got it.

Toni Dickey, CISA, CRISC
Sr. Security Specialist - Office of the CISO
Technology Risk & Security Management
Voya Financial(tm)
One Orange Way A4S, Windsor, CT 06095
Office: (860) 580-1997
Email: Antoinette.Dickey () voya com<mailto:Antoinette.Dickey () voya com>

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Henderson, Daniel C.
Sent: Tuesday, September 10, 2019 02:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Fake Direct Deposit Forms

We have had these types of attacks occur off and on for the past few years. Our payroll office had to alter their 
processes to ensure none of the fake DD attempts were successful. The one and only time one went through, the bank 
account that the attacker had set up was already closed by the time we contacted the bank in California. We found that 
most the time an account was compromised by a phishing email that harvested user credentials, and the attacker used our 
portal to login and use fill out the proper form for a new DD location.

We have increased our security awareness training to try and prevent account compromises, with multiple phishing 
exercises yearly and knowbe4 training once a year. We have seen some success, but we know it won't be 100%. We would 
like to start using MFA to help in this effort as well, and hope to move towards some kind of MFA in the next few years.


Caine Henderson
Director of Cyber Security, Web Development, and Investigation
Columbia College
573-875-4608



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of 
Manjak, Martin
Sent: Tuesday, September 10, 2019 11:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE 
EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Fake Direct Deposit Forms

CAUTION!: This email originated from outside of Columbia College.
Ron,

You're not. We had an incident last week where an account was compromised and used to send the DD change request to our 
HR department. The fake check and form also referenced an American Express National Bank account. In our case, the A/C# 
was 6220124014299.

It was flagged because our form requires state assigned employee IDs, not SSN.


The emails were sourced from QuadraNet, Inc colocation centers in Atlanta, LA, and Huntsville.



The mystery we haven't solved yet is how the employee's email was compromised. No spam was sent, just the DD change 
request. They did set up an In box rule that marked any responses from HR as read and moved to the Delete folder to 
prevent the victim from being tipped off.

Marty Manjak
CISO
University at Albany

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of King, 
Ronald A.
Sent: Tuesday, September 10, 2019 11:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE 
EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] Fake Direct Deposit Forms

As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms 
included the victims correct address and social. Both would have redirected full paychecks to American Express National 
Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss 
of the pertinent info, we cannot be the only institution seeing this.

Ron

Ronald King
Chief Information Security Officer

Office of Information Technology
(757) 823-2916 (Office)
raking () nsu edu<mailto:raking () nsu edu>
www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829970271&sdata=ZWURu9vuDZ58r%2B4ixeJRwTDYtZp3KJlmCJpFB1qWt1Y%3D&reserved=0>>
@NSUCISO (Twitter)
[NSU_logo_horiz_tag_4c - Smaller]


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829970271&sdata=DJ3Ph1y9CQNAgZgly2N75rCuRrJ8PRWARkaNY7OhupU%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829980272&sdata=%2F8hs616%2BxntElV0lMd7nDes2Ut12xkn12SnQo8O9YM8%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829990267&sdata=EzZ7OemmxqzK9WNOyDZ6038lBEksxzI0pnbFN3FLQvI%3D&reserved=0>

--------------------------------------------------------- NOTICE: The information contained in this electronic mail 
message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby 
notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is 
strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission 
and delete the message without copying or disclosing it. 
============================================================================================

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829990267&sdata=EzZ7OemmxqzK9WNOyDZ6038lBEksxzI0pnbFN3FLQvI%3D&reserved=0>

------------------------------

End of SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171)
******************************************************************************

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at 
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431830000264&sdata=wAkLCi5sLsBoj4oLKRhiVR2Et3UwHrztnLAKtqB3S9U%3D&reserved=0>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community