Service Announcements

Wednesday, 8 August 2018
Beware of latest Standard Bank phishing attack

We are aware of a new Standard Bank phishing attack which is currently doing the rounds. The cybercriminals are spoofing Standbard Banks’s ibsupport@standardbank.co.za email address, to make this attack seem legitimate. However, the links provided in the email will take you to malicious websites.

The subject lines used in this attack include:

  • Payment confirmation
  • YOU A PENDING DEPOSIT

A screenshot of a social media postDescription generated with very high confidence

The UCT Computer Security Incident Response Team have put the necessary security measures in place, and have blocked the links.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your online banking password. 

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. Please:

  1. On a device that you know to be free of malware and infection, change your online banking password. 
  2. Inform your bank about this phishing attack and that you have provided your details.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.

 

Friday, 27 July 2018
New phishing attacks underway

There are currently several phishing attacks doing the rounds on campus. An email titled “Validate your Email” claims that you need to upgrade your Office365 email now, to avoid your account from being terminated.

A different attack is titled “Current Results Notification”, and claims to be a newsletter with updates about last semester's exams.

A different variation is titled "REMINDER: UCT GRANT APPLICATION".

After clicking the link, you are taken to a web page which asks you to enter your UCT credentials.

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the page and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your password

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password
  2. Send an email to the IT Helpdesk informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Please check the announcements on the ICTS and CSIRT websites for the latest alerts. If your suspicious email differs to the one in the announcement, please report it to the CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Monday, 16 July 2018
Network renewal and monthly maintenance this weekend

As part of the UCT Network Renewal project, several services will be unavailable this weekend. ICTS's regular maintenance slot will also be in effect this Sunday.

Details and impact

  • Dates: Saturday 21st July (08:00 a.m.) until Sunday 22nd July (11:00 p.m.)
  • Services: The following services may be unavailable during this time:
    • eduroam
    • All internet connectivity (including wired)
    • All services hosted in the Upper Campus Data Centre

What you need to do

Please plan ahead so that you can minimise any inconvenience. For example, if you rely solely on eduroam for internet access, please arrange alternate connectivity – such as mobile data.

Going forward, please review the schedule of work so that you have an idea of further interruptions that may occur in the coming months.

We thank you for your patience and understanding as we undertake this crucial project to improve network performance and equip UCT to meet the challenges of the coming years.

Monday, 9 July 2018
New malware attack: don’t open attachments from unknown senders

Dear UCT colleagues and students,

We are aware of a new malware attack currently doing the rounds on campus. This attack usually comes from a Gmail address, and could be entitled Receipt for payment or something similar.

When you open the attachment, a blank screen is shown. You won’t immediately see any result, and you won’t be asked to enter any details – but malicious code will begin running in the background.

The UCT Computer Security Incident Response Team (CSIRT) is working together with our service provider to put the necessary security measures in place to prevent further spreading of this message.

What do I do?

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • Send an email to the UCT Cybersecurity Incident Response Team, informing them that you received this email.
  • Delete the message from your Inbox, then delete it from your Deleted Items folder.

What happens if I clicked the attachment?

If you opened the attachment, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. Disconnect your computer / device from the UCT network. You could shut down the computer, pull out the network cable (if you’re on a wired connection), or disable wireless communication (if you’re using WiFi).
  2. Using a device that you know to be free of malware and infection, immediately change your UCT password using Password Self-Service.
  3. Send an email to the UCT Cybersecurity Incident Response Team informing them that you have opened the attachment, but that you have disconnected the compromised computer / device, and changed your UCT password.

Please remember

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list. Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at uctcsirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Tuesday, 7 August 2018
Certain ICT services unavailable this weekend

As part of the UCT Network Renewal project, some services will be unavailable this Sunday.

Details and impact

  • Sunday 12th August (08:00 a.m. to 11:00 p.m.):
    • Eduroam
    • All internet connectivity (including wired)
    • All services hosted in the Upper Campus Data Centre

What you need to do

Please plan ahead so that you can minimise any inconvenience. For example, if you rely solely on eduroam for internet access, please arrange alternate connectivity – such as mobile data.

Going forward, please review the schedule of work so that you have an idea of further interruptions that may occur in the coming months.

We thank you for your patience and understanding as we undertake this crucial project to improve network performance and equip UCT to meet the challenges of the coming years.

Tuesday, 19 June 2018
New malware attack: Don't open attachment from compromised alumni account

Dear UCT colleagues and students,

There is currently a malware attack doing the rounds on campus. This attack, which contains a malicious attachment, specifically targets staff and student email accounts. Upon clicking on the attachment, you are redirected to a malware site, pretending to be Microsoft OneDrive, where your UCT credentials may be compromised.

The UCT Computer Security Incident Response Team (CSIRT) has blocked the account to prevent further spreading of the message.

The message is currently being sent from a compromised alumni account with the subject line “Review Docs”. The message may appear as follows:

Email from Duduzile Dlamini, with the subject line "Review Docs". The attachment is a PDF named "DOC18062018.pdf". The message text says: "Please see the attached. If you have any questions please email me and I will be happy to respond.  Kind Regards,  Duduzile"

What do I do?

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the attachment and run a full antivirus scan of your machine. Then, on a device that you know to be free of malware and infection, change your password.

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. On a device that you know to be free of malware and infection, change your password.    
  2. Send an email to the UCT Cybersecurity Incident Response Team informing them that your details were compromised, but that you have changed your password.
  3. Run a full antivirus scan on the machine you used to enter your details.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Monday, 28 May 2018
UCT CSIRT investigating life threatening phishing email

The UCT Computer Security Incident Response Team (CSIRT) is aware of a phishing email that has been sent to some UCT staff members indicating that their lives are at risk. The necessary security measures have been put in place to block this sender, and to prevent any replies from being sent to this email address.

We take these sort of phishing emails very seriously and will be conducting the necessary investigations. If you receive any future suspicious emails, please forward them to uctcsirt@uct.ac.za.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at uctcsirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Thursday, 17 May 2018
New phishing attacks: Don't give out your username and password

Dear UCT colleagues and students,

There are currently a number of phishing attacks doing the rounds on campus. These attacks, which contain a malicious attachment, specifically targets staff and student email accounts with messages such as this one:

 

 

What do I do?

  • DO NOT CLICK THE ATTACHMENT IN THE EMAIL.
  • If you did click the attachment in the email, DO NOT enter your details on the page. Instead, please close the attachment and run a full antivirus scan of your machine.

What happens if I clicked the attachment and entered my details?

If you've entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. Change your password immediately on a device that you know to be free of malware and infection.    
  2. Send an email to the UCT Cybersecurity Incident Response Team informing them that your details were compromised, but that you have changed your password.

Please remember:

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise where the link directs you.
  • Don't reply to spammers asking them to remove you from their mailing list.  Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at csirt@uct.ac.za. You can also report any other cybersecurity issues to the same address.
Tuesday, 15 May 2018
McAfee upgrades to commence from Tuesday, 15 May 2018

Over the next few days, ICTS will be upgrading the McAfee security products for machines that connect to the UCT network. The upgrades will bring your software up to the latest available versions.

Upcoming upgrades

  • From Tuesday, 15 May 2018: The McAfee agent for Windows, Linux and macOS will be upgraded.
  • From Wednesday, 16 May 2018: The latest versions of the Endpoint Protection products for Windows and Linux will be upgraded. McAfee has not yet released an update for macOS. During this upgrade, you may see two McAfee shield icons appear. The old icon  will be replaced by this new icon.

What do you need to do

While this is mostly an automated process, at the end of business on Wednesday, 16 May 2018, please:

  1. Open Chrome, Internet Explorer or Firefox and enable the new Endpoint Security add-ons when prompted to do so. We recommend that you enable these add-ons as they will provide you with an extra layer of security when browsing the internet.
  2. Restart your machine.

Update McAfee Endpoint Protection home edition

The home editions for Windows and Linux will be available on the ICTS Downloads section from Friday, 18 May 2018. To keep your machine secure, please download these updates as soon as they become available.

Remain vigilant against security threats

While the anti-virus solution updates will enhance your level of protection, remember that you are personally responsible for keeping your machine secure, so please remain vigilant against security threats.

Monday, 23 April 2018
New phishing attack: Don’t give out your username and password

We are aware of a new phishing attack currently doing the rounds on campus.  This attack, which contains a malicious link, specifically targets staff and student email accounts with a message such as this one.

From: ROBIN SARMIENTO

Sent: Sunday, April 22, 2018 11:03 PM

To: ROBIN SARMIENTO

Subject: Admin Help Desk

All staff/Employee email address will be transitioned from Microsoft Outlook email to Google's Gmail. CLICK HERE Fill and Submit to Update or You can't send Mail

Thank You

Help Desk

What do I do?

  • DO NOT CLICK THE LINK IN THE EMAIL
  • If you have already clicked on the link in the email, DO NOT enter your details on the page. Instead, please close the webpage and run a full anti-virus scan of your machine or mobile device.

What happens if I clicked the link and entered my details?

If you’ve entered your details, your account may be compromised. This puts the UCT network and UCT assets at risk. Please:

  1. Change your password on a device that you haven’t previously used to access the UCT network or that you know to be free of malware and infection.
  2. Send an email to the UCT Computer Security Incident Response Team informing them that your details were compromised, but that you have changed your password.

Remember these security tips

  • Don't ever reply to emails that request personal information – especially usernames and passwords.
  • NEVER share your password with anyone – not even an ICTS representative.
  • Do not open attachments unless you can verify the sender and the nature of the attachment.
  • Don't open emails of unknown origin.
  • Don't click on links in emails if you cannot recognise the URL that the link directs you to.
  • Don't reply to spammers asking them to remove you from their mailing list. Replying just confirms your email address as valid, which encourages them to send you more spam.
  • Don't forward chain letters or marketing material.
  • Report any incidence of this or other phishing attacks of cyber security issues to the UCT CSIRT at uctcsirt (AT) uct (DOT) ac (DOT) za. You can also report any other cybersecurity issues to the same address.

Pages