Hello everyone.

 

Happy New Year, even if the first month is already gone! Hopefully everyone had a great, safe, and healthy holiday season.

 

Happy Data Privacy Day

Did you know that January 28 is Data Privacy Day? The first Data Privacy Day was first celebrated in the US and Canada on January 28, 2008, but began as Data Protection Day on January 28, 1981. This international event is currently observed in the US, Canada, Israel, and 47 European countries, with the purpose being to raise awareness and promote privacy and data protection best practices.

 

This year individuals are encouraged to “Own Your Privacy” by doing the following:

  • Personal information is like money: Value it. Protect it.
  • Keep tabs on your apps.
  • Manage your privacy settings on web services and apps.

 

And please be aware of UT’s Privacy Notice.


External Email
It seems that just when you get used to something in the world of technology, it has to go and change! Well, the “External Email” tag that has been used to identify those troublesome external emails has gone away. OIT found that this tagging interferes with additional controls in place for analyzing email for tampering.

OIT says that they will continue to filter large amounts of spam, scams, and malware before it reaches you, however they point out that some fraudulent messages will slip through. I will continue working with UT System Administration to find an agreeable solution for either having emails sent from UT entities if a third-party is working with them (e.g., McLean Company for surveys) or notifying all Campus and Institute CISOs of mass emails that are about to be sent.

As always, Don't Click; Don't Connect; Don't Reply if you are not expecting the email. You can follow the instructions for Reporting Phishing Attempts. And you can certainly ask me anytime you have a question about an email.


Cyber Threats for 2021

Threats never seem to stop when it comes to cyber security. Security Magazine recently posted an article naming the top five cyber threats to watch for in 2021:

  1. Increased social engineering attacks (e.g. phishing, spear phishing, etc.)
  2. Exposure of known and unknown internet-facing vulnerabilities
  3. Exploitation of system administration tools
  4. Lack of instrumentation and monitoring of critical systems
  5. Human-operated ransomware on the rise

 

Some of these threats may seem familiar because they are. They are constant threats that may change when the hacker finds a new way to trick you. Other threats, such as lack of monitoring, are being handled behind the scenes but we can’t post details because if they fell into the wrong hands, that would be like a recipe for getting our data.

 

I will say that if you remain vigilant and question those emails, pop-ups, etc., then you are doing the right thing. Contact me any time you have questions or concerns and I will help you. And please keep your data backed up and not on your computer’s hard drive. If you use an external hard drive for backups, keep it locked away at a different location when not doing a backup. This one tip will keep you from having to ever deal with the bad side of ransomware!



Current Threat Alert  

Lastly, MS-ISAC has sent an alert that there are multiple vulnerabilities in Apple products that could allow for arbitrary code executive. Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

 

The systems that are affected are below, but remember that all OSes for any system are to be updated when a new update is available. Please be sure your personally-owned devices stay updated, as well.

  • iOS versions prior to iOS 14.4
  • iPadOS versions prior to iPadOS 14.4
  • tvOS versions prior to tvOS 14.4
  • watchOS versions prior to watchOS 7.3
  • Xcode versions prior to Xcode 12.4

 

Please keep an eye on https://UTIAsecurity.tennessee.edu for other information on current threats.

 

Thank you all for all that you do!

 

Sandy


​​