Devices that use WiFi are vulnerable to a newly discovered and serious flaw, dubbed KRACK, in a commonly used wireless security protocol, WPA2.

Even on correctly configured wireless networks, attackers can potentially use KRACK — short for Key Reinstallation Attack — to read information that was previously assumed to be safely secured. WiFi access points as well as devices are impacted by this significant weakening of these wireless security protections.

How it works 
Devices can be tricked into installing an encryption key that allows for some or all wirelessly transmitted data to be read.

What to do 

  • Limit any potentially sensitive activities performed on wireless networks, or utilize the UAB VPN as a way to protect communications when on wireless at UAB or at home. 
  • Use wired networks if possible.
  • Update all wireless devices to address the vulnerability. This will depend on vendors creating and releasing the updates for various devices, including routers and access points as well as phones, tablets and laptops.
  • Ensure any activities on that must be performed on wireless networks are done via secure channels (HTTPS websites, SSH, S-FTP). Avoid unencrypted channels such as HTTP websites, Telnet, FTP.
  • Watch for suspicious individuals in a close proximity to your wireless network.
Want free ice cream? UAB IT is hosting a free ice cream social for students to kick off its second annual free Laptop Checkup for students.

The events are part of the celebration of National Cyber Security Awareness Month, which serves to remind everyone of the importance of information security. The ice cream social will be held Monday, Oct. 9, from 10 a.m. to 2 p.m. in room 318 at the Hill Student Center. Stop by for games, information and, of course, free ice cream.

Then come back Tuesday through Thursday, Oct. 11-12, for the free Laptop Checkup. Our tech experts wil ltake a look at your laptop to make sure it is free of viruses and other security risks.
MultiplyingPhish
When a suspicious email hits your inbox, it is sometimes followed by even more — but why so many?

If one person at UAB falls for a phishing email, their account can become compromised — and send out dozens or hundreds of similar phishing emails, all from that legitimate but compromised account. Because the phish comes from what appears to be a legitimate account, more people are apt to click links or attachments in the email.

And if more people fall for the phish, the emails continue to spread.

When phishing reports are made to UAB IT, the Information Security team acts quickly to recover compromised accounts and block the senders and suspicious URLs. That's why reporting a phishing email — through the PhishMe Reporter button in Outlook or by forwarding to phishing@uab.edu — is so important to stopping the spread of malicious emails.

Learn more about phishing and how to recognize a phish at uab.edu/phishing.
A new phishing email attempt is circulating among UAB students, faculty and staff. The email claims that your BlazerID is about to expire.

The email looks similar to the one below. Some emails may even come from valid but compromised UAB email accounts.

BlazerID AbouttoExpire
If you receive a similar email, please report it using the "PhishMe Reporter" button on your Outlook, or forward to phishing@uab.edu

To avoid phishing scams, pay close attention to the sender and any links in the email. If they look unusual, ignore them. You can always log in to a known web site — such as the BlazerID web site — instead of clicking on the link.

The video below gives more tips on how to catch a phish.

A new ransomware cyberattack called “Petya” is spreading globally and infecting computers, allowing malicious attackers to demand ransom payments to restore data.

The attack is similar to the WannaCry ransomware attack that spread a few weeks ago. Experts believe the initial infection comes from an email attachment, possibly a Microsoft Word attachment.

Some tips to avoid falling for Petya (also called Petwrap):

  • Patch your Windows-based computers and update your Microsoft Office suite. Contact AskIT if you have any questions.
  • Be extremely vigilant when opening email from anyone with whom you are not familiar.
  • If you receive email from an unknown sender, be cautious about replying, opening an attachments or clicking on links or graphics in the email.
  • If you believe you have received a suspicious email, click the “PhishMe Reporter” button in your Outlook or forward the email to phishing@uab.edu.
  • Be cautious about attachments you were not expecting. Even if you receive an email from someone you know, that person’s email may have been infected with ransomware. Contact the sender by phone to make sure the attachment is legitimate.
  • Be wary of emails with incorrect grammar or spelling, or messages in which the signature does not match the sender’s name.
  • Do not click links in messages that ask you to log in. Type a trusted web address in your browser, or Google for the web site if you don’t know the address.
Phishing emails that purport to be a "payroll notification" are actually an attempt to steal your password or personal information. Delete the emails; do NOT open the attachments or enter your BlazerID or password on any links enclosed.

The emails looks similar to the images below:

Phish 012117phish payrollnotification 012317


This email is not related to the campus-wide simulated phishing campaign that UAB IT is using as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
Research Data –The classification of research data depends on several factors such as type of data, and/or contractual elements and thus may fall into any of the classifications defined herein. Likewise, time of release and collaboration effect the classification of research data. As such, certain unpublished research data may be classified as private or sensitive until such time the research is published. 

Likewise, intellectual property that has not been disclosed to or protected by the IIE may need to be classified as sensitive. Additionally, federal laws, rules and regulations (including but not limited to FISMA, HIPAA, FERPA, and Export Controls), sponsor requirements, and UAB policies and guidelines will necessitate a certain classification.  

It is incumbent upon the Researcher to know the type of data, the circumstances governing the data, and classify it accordingly.  Once classified, the Researcher will need to maintain the data using the appropriate UAB system of record or database with the appropriate access and security controls aligning to the classification standard. For example, not all UAB data storage options are recommended for sensitive data. 

Research data shall also be maintained in accordance with UAB’s Record Retention Policy and record retention schedule. For more information about protected research data please refer to the UAB OVPRED or the UAB IT Data Officer.
University of Alabama at Birmingham

DATA CLASSIFICATION

December 19, 2016

Related Policies, Procedures, and Resources


1.0 Overview

The objective of this data classification requirement is to assist the UAB community in the classification of data and systems to determine the appropriate level of security.


2.0 Scope and Applicability

All UAB data stored, processed, or transmitted must be classified in accordance with this requirement. Based on classification; users are required to implement appropriate security controls.


3.1 Classifying data
All UAB data must be classified into one of the three following categories.

  Public Data:  Data that may be disclosed to the general public without harm.

  Examples: public phone directory, course catalogs, public research findings, enrollment figures, public web sites, general benefits data, press releases, newsletters, etc.

  Sensitive Data:  Data that should be kept confidential. Access to these data shall require authorization and legitimate need-to-know. Privacy may be required by law or contract.

  Examples: FERPA, budgetary plans, proprietary business plans, patent pending information, export controls information and data protected by law.

  Restricted/PHI Data:  Sensitive Data that is highly confidential in nature, carries significant risk from unauthorized access, or uninterrupted accessibility is critical to UAB operation. Privacy and Security controls are typically required by law or contract.

  Examples: HIPAA PHI, Social Security numbers, credit card numbers (PCI DSS), GLBA data, Export Controlled data, FISMA regulated data, log-in credentials, and information protected by non-disclosure agreements.

Note regarding Classification of Research Data: The classification of research data depends on several factors that can and often do change as research progresses. It is incumbent upon the Researcher to know the type of data, the circumstances governing the data, and classify it accordingly.  Click here for more information.

   
Responsibilities for protection and security of these data may be found in the Data Protection and Security Policy.
Abbreviations used: FERPA (Family Educational Rights and Privacy Act), HIPAA (Health Insurance Portability and Accountability Act), PHI (protected health information), PCI DSS (Payment Card Industry Data Security Standard), GLBA (Gramm-Leach-Bliley Act), and FISMA (Federal Information Security Management Act.)


A new phishing email claiming to be from UAB President Dr. Ray Watts purports to include an "important announcement" but is actually a phishing attempt. Delete the email; do NOT open the attachment or enter your BlazerID or password on any links enclosed.

The email looks similar to the image below:

Email Watts

This email is not related to the campus-wide simulated phishing campaign that UAB IT is launching this month as a tool to educate campus users about phishing attacks that attempt to steal personal or financial information. Please visit uab.edu/phishing to get up-to-date information about the latest phishing attempts and tools to help you protect your information. Campus users can also download the PhishMe Reporter tool for one-click access to report phishing attempts. Follow UAB IT on Twitter for alerts on phishing attacks.

If you receive an email with a link such as “Click Here,” do the hover test. Hover your mouse over the link and look at the lower left pane to see where the link leads. Even if the page looks familiar, verify the URL or type in a URL you know before entering your information.

Look at the URL of the website you are visiting. 

To report suspected spam to AskIT, please follow the instructions here or download the PhishMe Reporter button for one-click reporting.

Follow these additional tips to avoid being a phishing victim:

  • Do NOT click links in messages that ask you to log in. Type a trusted Web address in your browser or Google for the Web site if you don’t know the address.
  • Never type personal, sensitive information (such as passwords or account numbers) on Web sites without verifying the Web site’s authenticity and security — look for an “https” in the address bar.
  • Verify the address. Malicious web sites may look identical to a legitimate site, but the address may use a variation in spelling or a different domain (.com vs. .edu).
  • Misspellings and grammatical errors can be a dead giveaway in phishing emails and subject lines.
  • If you are unsure whether a request is legitimate, contact the company directly. Do NOT use contact information provided in the request.
  • Don’t open attachments. They may contain viruses or malware that can infect your computer.
  • Protect your password. Information security and IT officials at both the university and UAB Hospital will never ask users for passwords or any other sensitive information.
  • Report suspicious activity. If you have any questions or you receive a suspicious email that you want to report, university employees and students can call the AskIT Help Desk at 205-996-5555. Hospital employees can call the HSIS Help Desk at 205-934-8888.
The "OneClass" Chrome extension behaves like malware and can attempt to steal user names and passwords. It can affect users of several learning management systems, including Canvas; however, OneClass is not affiliated with Instructure (Canvas) in any way.

When a user installs the OneClass Chrome extension, the plugin asks for permission to "read and change all your data on websites you visit." If a user grants this permission, the plugin places a button in the user's LMS (Canvas or other) labeled "Invite your classmates to OneClass." If the user clicks this button, OneClass sends messages to all of the other users enrolled in the course vis the LMS message system (for Canvas, that's Conversations). Each message says:

Hey guys, I just found some really helpful notes for the upcoming exams for [school name] courses at [OneClass link]. I highly recommend signing up for an account now. That way, your first download is free!

We strongly recommend that you NOT install or use the OneClass Chrome extension or that you remove the plugin if you have already installed it. The “invite your classmates” message acts as a phishing attempt, and the permission the extension prompts users to grant could result in their information being stolen.

To uninstall a Chrome extension, please follow these instructions from Google Chrome.