Educause Security Discussion mailing list archives
Re: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171)
From: "Jim A. Bole" <jbole () STEVENSON EDU>
Date: Wed, 11 Sep 2019 13:28:24 +0000
Ben, Is legacy auth still enabled? In my previous job we had to keep legacy auth enabled when we turned on MFA due to some older apps. We didn't realize it had been left enabled. We saw several attackers able to bypass MFA simply by using an older Outlook client that didn't have modern auth.... Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Cecka, Benjamin Sent: Tuesday, September 10, 2019 4:03 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171) ________________________________ We also had a near hit at our campus yesterday with a phished email account and solid attempt at paycheck redirection. It was caught via non-technical controls and we're still investigating how O365 MFA was bypassed. The attempt also pointed to an Amex bank as others in this thread have reported. Ben Cecka Information Security Manager Clark College, IT Services bcecka () clark edu<mailto:bcecka () clark edu> 360.992.2194 ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of SECURITY automatic digest system <LISTSERV () LISTSERV EDUCAUSE EDU<mailto:LISTSERV () LISTSERV EDUCAUSE EDU>> Sent: Tuesday, September 10, 2019 12:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171) There are 10 messages totalling 10701 lines in this issue. Topics in this special issue: 1. Fake Direct Deposit Forms (8) 2. Secrets management and PAM 3. Job Opportunity: Senior IT Security Compliance Analyst position at the University of Oregon (UO) ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829790358&sdata=EraQzjUEi%2BuiFK4s4NlIGvdCqNc8zid3WNFX8kOheG8%3D&reserved=0> ---------------------------------------------------------------------- Date: Tue, 10 Sep 2019 15:14:29 +0000 From: "King, Ronald A." <raking () NSU EDU<mailto:raking () NSU EDU>> Subject: Fake Direct Deposit Forms As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829790358&sdata=QiFel35NRQvO%2B%2BgVY%2FXOti5EoXnGHlX0xbx6H1JVfrI%3D&reserved=0>> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829800352&sdata=G7jsD2TAvdGYclPJKwt9c1qnYDcgbLPJZJJlPN%2BJJbk%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 16:02:19 +0000 From: "Stevenson,Katherine Talia" <katherine.stevenson () LOUISVILLE EDU<mailto:katherine.stevenson () LOUISVILLE EDU>> Subject: Re: Fake Direct Deposit Forms We received a warning about this sort of scam from Kentucky Homeland Security just this morning. The attack seems to be targeting government and edu sectors. -- Katherine Talia Stevenson (she/her/hers) (what's this?<https://www.glsen.org/article/pronouns-resource-educators<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.glsen.org%2Farticle%2Fpronouns-resource-educators&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829810344&sdata=BJOe6S9sRslr%2FIK%2BoOn5VKdR36wMv0DD3Y9NcEfyDlA%3D&reserved=0>>) Executive Director - Enterprise Technology Services Member - Commission on the Status of Women University of Louisville - Information Technology Services Phone: +1 (502) 852-2767 ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of King, Ronald A. <raking () NSU EDU<mailto:raking () NSU EDU>> Sent: Tuesday, September 10, 2019 11:14 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Fake Direct Deposit Forms CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nsu.edu_&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=oaCVfIRmSScohVwOIkCsmezEn3b8HWPyG2WkHUdmmyg&e=<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829810344&sdata=9hvo26TDJ1RS6zItXLh8GZ0UvTTZjS%2FoC95sxaBagU4%3D&reserved=0>> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=Q0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0&e=<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity%3Chttps%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFAg%26c%3DOAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY%26r%3DUIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg%26m%3DjOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y%26s%3DQ0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0%26e%3D&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829820346&sdata=d8bAGWA1eYJGqBRqBf7Xy7UQjUnY0pcJowaq3%2B7Ew3A%3D&reserved=0>> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829820346&sdata=2%2F59ZMbeewUDpNCbscnwNV%2FWM%2ByNBFTXCcCNgnh1NuQ%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 16:25:47 +0000 From: "Barton, Robert W." <bartonrt () LEWISU EDU<mailto:bartonrt () LEWISU EDU>> Subject: Re: Fake Direct Deposit Forms We've been seeing this for a while now. We moved to a) confirming with the requestor in an email that is not a 'reply to' and b) requiring additional documentation. When we do find a request for forms that is fraudulent, I've responded with a fake form; it has a [Image result for emoji tongue out] emoji on it (for those not receiving the pic...tongue out face). We've seen less attempts lately. Executive Director of Information Security and Policy Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Stevenson,Katherine Talia Sent: Tuesday, September 10, 2019 11:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Fake Direct Deposit Forms We received a warning about this sort of scam from Kentucky Homeland Security just this morning. The attack seems to be targeting government and edu sectors. -- Katherine Talia Stevenson (she/her/hers) (what's this?<https://www.glsen.org/article/pronouns-resource-educators<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.glsen.org%2Farticle%2Fpronouns-resource-educators&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829830338&sdata=vY2EhigX8RVRvuF48Qn%2BpQ8phSzKnBX1Drrd4c529bc%3D&reserved=0>>) Executive Director - Enterprise Technology Services Member - Commission on the Status of Women University of Louisville - Information Technology Services Phone: +1 (502) 852-2767 ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> on behalf of King, Ronald A. <raking () NSU EDU<mailto:raking () NSU EDU<mailto:raking () NSU EDU%3cmailto:raking () NSU EDU>>> Sent: Tuesday, September 10, 2019 11:14 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> Subject: [SECURITY] Fake Direct Deposit Forms CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.nsu.edu_&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=oaCVfIRmSScohVwOIkCsmezEn3b8HWPyG2WkHUdmmyg&e=<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829840338&sdata=S6NlRUa%2FWVIG9U0PCl8U5NTw2xK7eX23Sq85bzHnBmc%3D&reserved=0>> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.educause.edu_community&d=DwMFAg&c=OAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY&r=UIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg&m=jOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y&s=Q0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0&e=<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity%3Chttps%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_community%26d%3DDwMFAg%26c%3DOAG1LQNACBDguGvBeNj18Swhr9TMTjS-x4O_KuapPgY%26r%3DUIHCRdveYdNkGYqs6orGB0fUHNEtsbB2WxrUlA1OViWePznXjbTl5iT3G1fau4Kg%26m%3DjOAebUmI8m9mTBrPJUutfRIXXHa0YZknqN8eOPORM3Y%26s%3DQ0akRg5syNQ5WS_Ci1XqnZn9XkLgckz-LDgDIzeE4s0%26e%3D&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829840338&sdata=Khb3q1%2Bhr0H2B3QWIBP0Vj5kJXj8E20tcGKXcUDD2eQ%3D&reserved=0>> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829850328&sdata=eOkrPHAI4kZ734VeIQbJahFe00STlbNfikiFFOQahCY%3D&reserved=0> This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829850328&sdata=eOkrPHAI4kZ734VeIQbJahFe00STlbNfikiFFOQahCY%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 16:29:20 +0000 From: "Manjak, Martin" <mmanjak () ALBANY EDU<mailto:mmanjak () ALBANY EDU>> Subject: Re: Fake Direct Deposit Forms Ron, You're not. We had an incident last week where an account was compromised and used to send the DD change request to our HR department. The fake check and form also referenced an American Express National Bank account. In our case, the A/C# was 6220124014299. It was flagged because our form requires state assigned employee IDs, not SSN. The emails were sourced from QuadraNet, Inc colocation centers in Atlanta, LA, and Huntsville. The mystery we haven't solved yet is how the employee's email was compromised. No spam was sent, just the DD change request. They did set up an In box rule that marked any responses from HR as read and moved to the Delete folder to prevent the victim from being tipped off. Marty Manjak CISO University at Albany From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of King, Ronald A. Sent: Tuesday, September 10, 2019 11:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Fake Direct Deposit Forms As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829860321&sdata=tLeYadWuuK%2Fle7ddN%2FS26wulDHHDbJVpe38vIZDAfU8%3D&reserved=0>> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829860321&sdata=s1qcOJcdomHIa%2F16X4on6g25UEOW5VxRkoagjdd%2F0VA%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829870317&sdata=5jX7g6Z67oSiprXyn7MPyekUalwdQ9B9QUNvJJaCmoA%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 09:33:23 -0700 From: Sam Horowitz <samh () UCSB EDU<mailto:samh () UCSB EDU>> Subject: Secrets management and PAM We currently have multiple instances of Thycotic Secret Server in use across our campus. We're looking at possibly consolidating some of those and extending service to disparate departments that have no shared password management solution in place. I'm looking for examples of operating processes and service level objectives for any secrets management or PAM solutions. Specifically, I'm interested in procedures that include "break-glass" access in the event of a disaster where the owners of secrets are not available and methods for access in the event of a network outage. How do you determine who administers the service? Are the secrets managed from a central place, or do you distribute access to different groups? If you have a generic schema for how passwords and other secrets are organized and access is distributed, that will also be helpful. Feel free to respond off-list if you consider anything sensitive. Thanks! Sam ------------------------------------------- Sam Horowitz, CISSP, CISM Chief Information Security Officer Office: (805) 893-5005 Email: samh () ucsb edu<mailto:samh () ucsb edu> [image: UC Santa Barbara] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829880309&sdata=F4IQPpOqaPHM9CvBrEQCcXK0Hbj2aUarf7kZI1lKzFU%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 16:43:09 +0000 From: "Tanner, Andrea" <atanner3 () CCBCMD EDU<mailto:atanner3 () CCBCMD EDU>> Subject: Re: Fake Direct Deposit Forms Ron, We have been seeing something similar here. It is not exactly the same but the attempts are coming in and starts with an email asking how the DD can be changed. Andrea Pronouns: She/Her/Hers Andrea Tanner, M.S. | Senior Director, Technology Support | Community College of Baltimore County Phone: 443-840-4155 | Catonsville Campus CLLB 104B | atanner3 () ccbcmd edu<mailto:atanner3 () ccbcmd edu> CCBC. The incredible value of education. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of King, Ronald A. Sent: Tuesday, September 10, 2019 11:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Fake Direct Deposit Forms CAUTION: This email originated from outside of CCBC. Do not click links or open attachments unless you recognize the sender and know the content is safe. As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Catanner3%40CCBCMD.EDU%7C006209c251734d3538f408d73601959e%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637037252759604822&sdata=DlKLQobAAA9sDQPBpWtNlSSU3QCmrUCAFp1lwAX7QxY%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829880309&sdata=VAqf4jKsl7Ll1TDX7t2mqsmE0LXIU7DKwltr0rQHDmU%3D&reserved=0>> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Catanner3%40CCBCMD.EDU%7C006209c251734d3538f408d73601959e%7C2afa200077264920a9570397c340fc3d%7C0%7C0%7C637037252759614820&sdata=PAYmSj9oljOYc3W9EBR7rXnViOTs%2B8agq%2B4%2BFqVRSyU%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity%3Chttps%3A%2F%2Fnam02.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fwww.educause.edu%252Fcommunity%26data%3D02%257C01%257Catanner3%2540CCBCMD.EDU%257C006209c251734d3538f408d73601959e%257C2afa200077264920a9570397c340fc3d%257C0%257C0%257C637037252759614820%26sdata%3DPAYmSj9oljOYc3W9EBR7rXnViOTs%252B8agq%252B4%252BFqVRSyU%253D%26reserved%3D0&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829890311&sdata=FBw7ML%2FrE1hD6ubXQDryWarIjb3G8rM8Ni4pUvY7Y00%3D&reserved=0>> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829890311&sdata=m08GTYsHQtdN74agrE53Xi09IIm3pMohAyE9xSt2WlQ%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 09:56:21 -0700 From: Rich Lang <richard.lang () DOMAIL MARICOPA EDU<mailto:richard.lang () DOMAIL MARICOPA EDU>> Subject: Re: Fake Direct Deposit Forms Greetings Ron, We have seen similar attempts with complete user data provided by the actors. Thanks, Rich RICHARD C. LANG, CSSLP MARICOPA COMMUNITY COLLEGES Director Information Technology, Security & Planning - Red Team 2419 West 14th Street, Tempe AZ 85281 480.731.8873 | 480.731.8850 richard.lang () domail maricopa edu<mailto:richard.lang () domail maricopa edu> www.maricopa.edu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.maricopa.edu&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829900306&sdata=S2TuODtjCfStdunAxqX75M5FX6VoII%2BGdF4bg4TFIgU%3D&reserved=0> Shuttle Tydirium "Do they have a code clearance?" "It's an older code sir, but it checks out. I was about to clear them." On Tue, Sep 10, 2019 at 8:14 AM King, Ronald A. <raking () nsu edu<mailto:raking () nsu edu>> wrote:
As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron *Ronald King* *Chief Information Security Officer* *Office of Information Technology* (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829910299&sdata=Kew1yjmukgVMVu2%2BJWQzdnNuL%2FvjtUkatWJjAmDkaMs%3D&reserved=0> @NSUCISO (Twitter) [image: NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829910299&sdata=6NfLs%2BoFA4tPW0XHNT1UgEwfCi%2BrAvabw6Dm7EEBR%2BA%3D&reserved=0>
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829920300&sdata=3kF8tk6pyu9fHBh7Kh6vyC8u%2Ba1U6jwYE4KWVl7ndaw%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 18:21:19 +0000 From: "Henderson, Daniel C." <dchenderson () CCIS EDU<mailto:dchenderson () CCIS EDU>> Subject: Re: Fake Direct Deposit Forms We have had these types of attacks occur off and on for the past few years. Our payroll office had to alter their processes to ensure none of the fake DD attempts were successful. The one and only time one went through, the bank account that the attacker had set up was already closed by the time we contacted the bank in California. We found that most the time an account was compromised by a phishing email that harvested user credentials, and the attacker used our portal to login and use fill out the proper form for a new DD location. We have increased our security awareness training to try and prevent account compromises, with multiple phishing exercises yearly and knowbe4 training once a year. We have seen some success, but we know it won't be 100%. We would like to start using MFA to help in this effort as well, and hope to move towards some kind of MFA in the next few years. Caine Henderson Director of Cyber Security, Web Development, and Investigation Columbia College 573-875-4608 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Manjak, Martin Sent: Tuesday, September 10, 2019 11:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Fake Direct Deposit Forms CAUTION!: This email originated from outside of Columbia College. Ron, You're not. We had an incident last week where an account was compromised and used to send the DD change request to our HR department. The fake check and form also referenced an American Express National Bank account. In our case, the A/C# was 6220124014299. It was flagged because our form requires state assigned employee IDs, not SSN. The emails were sourced from QuadraNet, Inc colocation centers in Atlanta, LA, and Huntsville. The mystery we haven't solved yet is how the employee's email was compromised. No spam was sent, just the DD change request. They did set up an In box rule that marked any responses from HR as read and moved to the Delete folder to prevent the victim from being tipped off. Marty Manjak CISO University at Albany From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of King, Ronald A. Sent: Tuesday, September 10, 2019 11:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Fake Direct Deposit Forms As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829920300&sdata=vml4F8Ny2FMGKOj2fnVrNg8E35yNSqSESM%2FPd9LPAZw%3D&reserved=0>> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829930296&sdata=%2Bcl00hrkJpngh9XqHqgj2kkzSHdASpr8ccMjNdLW%2BDo%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829940289&sdata=K%2B349LdhAUr6lUvytST2xjOEcICXMW7ZRioZ1JRdhx4%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829940289&sdata=K%2B349LdhAUr6lUvytST2xjOEcICXMW7ZRioZ1JRdhx4%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 19:54:09 +0000 From: Jose Dominguez <jad () UOREGON EDU<mailto:jad () UOREGON EDU>> Subject: Job Opportunity: Senior IT Security Compliance Analyst position at the University of Oregon (UO) Hello everyone. The Information Security Office (ISO) at UO is looking to fill a position for a Senior IT Security Compliance Analyst. This is a senior-level Security Analyst position with the ISO. The UO has embarked on an Information Security strategic planning process, highlighting many opportunities where information security professionals can thrive. The UO is located in Eugene, OR, a great town and state to live in. If you are interested or know of anyone who is looking for a change, please visit http://careers.uoregon.edu/cw/en-us/job/524466/senior-it-security-compliance-analyst<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcareers.uoregon.edu%2Fcw%2Fen-us%2Fjob%2F524466%2Fsenior-it-security-compliance-analyst&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829950282&sdata=jKE8HSBfLT78dcNm1Wr%2FjmTuc94OiaEoCSJvi63O3mY%3D&reserved=0> and submit an application. Thank you, José. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829950282&sdata=bxx9jtCmo8UmQVfYbJNYsf3CV994v91%2FaSa5e0FGXzI%3D&reserved=0> ------------------------------ Date: Tue, 10 Sep 2019 19:44:24 +0000 From: "Dickey, A. (Antoinette)" <Antoinette.Dickey () VOYA COM<mailto:Antoinette.Dickey () VOYA COM>> Subject: Re: Fake Direct Deposit Forms I checked with the manager of our Threat Intelligence team. He provided this information: This article is from March, but the technique is as old as office 365 e-mail has been around, and google g suite too. https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.proofpoint.com%2Fus%2Fthreat-insight%2Fpost%2Fthreat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829960281&sdata=lCxqpC0u%2FJXVQn4l6hAipE0X72ZEV6fHsdIbpX5enH8%3D&reserved=0> - Legacy email access protocols are enabled by default and do not support MFA (IMAP protocol has no support for a second form of authentication). Albany.edu has its email through office 365, so there is a chance this is how the bad guys got it. Toni Dickey, CISA, CRISC Sr. Security Specialist - Office of the CISO Technology Risk & Security Management Voya Financial(tm) One Orange Way A4S, Windsor, CT 06095 Office: (860) 580-1997 Email: Antoinette.Dickey () voya com<mailto:Antoinette.Dickey () voya com> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Henderson, Daniel C. Sent: Tuesday, September 10, 2019 02:21 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Fake Direct Deposit Forms We have had these types of attacks occur off and on for the past few years. Our payroll office had to alter their processes to ensure none of the fake DD attempts were successful. The one and only time one went through, the bank account that the attacker had set up was already closed by the time we contacted the bank in California. We found that most the time an account was compromised by a phishing email that harvested user credentials, and the attacker used our portal to login and use fill out the proper form for a new DD location. We have increased our security awareness training to try and prevent account compromises, with multiple phishing exercises yearly and knowbe4 training once a year. We have seen some success, but we know it won't be 100%. We would like to start using MFA to help in this effort as well, and hope to move towards some kind of MFA in the next few years. Caine Henderson Director of Cyber Security, Web Development, and Investigation Columbia College 573-875-4608 From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of Manjak, Martin Sent: Tuesday, September 10, 2019 11:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] Fake Direct Deposit Forms CAUTION!: This email originated from outside of Columbia College. Ron, You're not. We had an incident last week where an account was compromised and used to send the DD change request to our HR department. The fake check and form also referenced an American Express National Bank account. In our case, the A/C# was 6220124014299. It was flagged because our form requires state assigned employee IDs, not SSN. The emails were sourced from QuadraNet, Inc colocation centers in Atlanta, LA, and Huntsville. The mystery we haven't solved yet is how the employee's email was compromised. No spam was sent, just the DD change request. They did set up an In box rule that marked any responses from HR as read and moved to the Delete folder to prevent the victim from being tipped off. Marty Manjak CISO University at Albany From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of King, Ronald A. Sent: Tuesday, September 10, 2019 11:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU%3cmailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [SECURITY] Fake Direct Deposit Forms As an FYI, I have had three reports of fake Direct Deposit requests. Two of them included completed forms. The forms included the victims correct address and social. Both would have redirected full paychecks to American Express National Bank in Salt Lake City. Attached is an image of the electronic check. Given the size of the Equifax breach and the loss of the pertinent info, we cannot be the only institution seeing this. Ron Ronald King Chief Information Security Officer Office of Information Technology (757) 823-2916 (Office) raking () nsu edu<mailto:raking () nsu edu> www.nsu.edu<http://www.nsu.edu/<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.nsu.edu%2F&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829970271&sdata=ZWURu9vuDZ58r%2B4ixeJRwTDYtZp3KJlmCJpFB1qWt1Y%3D&reserved=0>> @NSUCISO (Twitter) [NSU_logo_horiz_tag_4c - Smaller] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829970271&sdata=DJ3Ph1y9CQNAgZgly2N75rCuRrJ8PRWARkaNY7OhupU%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829980272&sdata=%2F8hs616%2BxntElV0lMd7nDes2Ut12xkn12SnQo8O9YM8%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829990267&sdata=EzZ7OemmxqzK9WNOyDZ6038lBEksxzI0pnbFN3FLQvI%3D&reserved=0> --------------------------------------------------------- NOTICE: The information contained in this electronic mail message is confidential and intended only for certain recipients. If you are not an intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication and any attachments is strictly prohibited. If you have received this communication in error, please notify the sender by reply transmission and delete the message without copying or disclosing it. ============================================================================================ ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431829990267&sdata=EzZ7OemmxqzK9WNOyDZ6038lBEksxzI0pnbFN3FLQvI%3D&reserved=0> ------------------------------ End of SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171) ****************************************************************************** ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C93e5e1e7955242279ed908d7362b46d4%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637037431830000264&sdata=wAkLCi5sLsBoj4oLKRhiVR2Et3UwHrztnLAKtqB3S9U%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Re: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171) Cecka, Benjamin (Sep 10)
- Re: [EXTERNAL] SECURITY Digest - 6 Sep 2019 to 10 Sep 2019 - Special issue (#2019-171) Jim A. Bole (Sep 11)