As computers become exponentially more involved in our everyday working lives, security is an increasing concern.

It’s therefore essential for security conscious individuals to keep up to date with the latest news and trends. Twitter has emerged as an excellent way of doing this. By following a subsection of the biggest influencers in security, you can stay on top of the industry and any pressing developments — which is why we’ve compiled this list. Next to each recommended account, we’ve given a brief bio and explained what it is they Tweet about.

The List:

1. @mckeay is a Security Expert and Blogger who is very active on Twitter, his longstanding blog and his podcast. He tends to tweet about cybercrime, with a fair bit of security-based humour thrown in for good measure.

2. @gcluley has been working as a Security Expert since the 90s. A prolific Twitter user, Culey shares lots of industry news and articles of interest.

3. @thegrugq is an independent Information Security Consultant and Anti-Forensics Researcher. The Grugq has worked with Fortune 100 companies, leading information security firms, innovative start-ups and the public sector. The Grugq’s tweets are wide ranging: from the funny to the highly technical.

4. @Luis_Corrons has worked as Technical Director for PandaLabs since 1999. He’s a WildList reporter and sits on the AMTSO Board of Directors too. He shares a mixture of helpful security advice, his thoughts on the Panda Security blog and more.

5. @mikko has received many accolades, among them being voted one of the 50 most important people on the web by PC world magazine. @mikk is often a keynote speaker and has spoken for TED and Google. His tweets are wide ranging and occasionally technical. He shares lots of articles from the F-secure blog, where he has worked since 1999.

 

You may have seen recent reports of a significant ransomware incident at UCL. A small number of PCs were infected with malware which encrypted files stored both locally on the PCs and on network file shares. UCL’s Information Services suspect that the malware came from a compromised web site. To reduce the impact and risk of lost data, Information Services at UCL restricted their central file store to read-only whilst they dealt with the incident. As the university has backups and snapshots of the central file servers it looks like no data was lost.

To protect yourself from the risk of malware and losing important data:

· Ensure that software updates and patches are applied (if you see a pop-up stating that updates are ready to be installed, install them as soon as is convenient)

· Use central file shares or OneDrive for Business to store information (local files are not backed up and cannot be restored in the event of encryption by ransomware)

· Don’t fall for scam emails or web sites

· Contact the IT Service Desk if you are uncertain about the validity of an email message or web site

IT is providing everyone at the University of Reading with free 1TB cloud storage. Never lose your work files again!

What is it?

OneDrive for Business is a managed cloud storage that allows users to store and share files and folders online. This means that instead of that file sitting on your computer it is held on a server elsewhere, meaning your work is more secure and at less risk to cyber criminals. If someone gets access to your computer then those files are safe and secure on a server elsewhere, protected by Microsoft’s robust server system.

Where to get it

Simply login to Office 365 to gain access to OneDrive for Business:

loginbutt

Useful Links/Guides

Microsoft has provided some user guides to help you get up and running with OneDrive for Business:

Use of OneDrive

Ensure there are no contractual restrictions on use of Cloud Storage for the work you wish to store in One Drive. Use OneDrive for collaboration but be mindful that any documents used by a team will need to be moved should the owner of the document leave. Please read the University of Reading’s usage requirements regarding OneDrive.

Support

Microsoft has a comprehensive support section on their website which will answer most questions and queries.  If not, please use the IT Self Service Portal or call 0118 378 6262.

UPDATE (11:30):

Following a meeting of the Critical Incident Team at 11:00 the incident has been closed. This is due to the lack of open and ongoing problems. We are continuing to proactively monitor the situation and if the status changes we will reopen the incident.

Thank you for your patience on this incident.

IT

INITIAL (10:00):

Around 9 am this morning (25th May 2017) a critical incident affected a component of the network services provided to University of Reading Staff and Students. This component (DHCP – Dynamic Host Configuration Protocol ) is related to the provision of internet addresses to the computer and without an address network access is lost.

For further information or advice regarding this issue then please contact the IT Service Desk via the Self Service Portal (https://uor.topdesk.net/) or phone 0118 378 (6262).

IT

There have been a number of reports over the last few days of Scam phone calls targeting University of Reading staff. The caller purports to be from Microsoft saying that a PC is unsafe and asking for access. If access is given then they will most likely use this as a way of installing malware on your machine or as a way of asking for payment.

This is a scam and staff should terminate the phone call as soon as they determine it is not legitimate. You should then report this through the IT Portal.This will allow us to track numbers and ensure that we are able to respond to an increase in reports. No action will need to be taken following the call, unless you allowed the third party to install any software.

General advice to follow to prevent falling victim to these kind of scams:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • US-CERT and Microsoft also provide advice on avoiding social engineering and phishing attacks.

IT

The Information Technology department is currently working hard on mitigating the risks associated with the latest CyberSecurity incident: the WannaCry worm; the cyber-attack that affected a wide range of institutions last week.

What is it and what are the challenges affecting the University?

The worm affected computers that had not been properly patched, or that were running old operating systems. It follows a tradition of “worms” that have affected computers over a long period of time. The first worm was created in 1988 by mistake, but there have been many others that have affected the internet since and they continue to pose a threat today.

They all exploit vulnerabilities in operating systems: effectively where the code in a program has been poorly written and allows someone other than the intended user to access or control the program. When vulnerabilities are discovered, they can be “patched” – another piece of code is written to fix the code and remove the vulnerability. If the patch is not applied then the original program is left vulnerable to being attacked and the longer it is left the more likely it is that the vulnerability will be exploited and the software that is being used or the data that is being accessed will be compromised.

This is a particular challenge in environments where the management of computers is not well controlled – patching is disruptive (PCs often require a reboot) and time consuming – so machines and software are not always kept up to date. Also a University, like the NHS, will often have machines that are running expensive equipment (for example scanners, microscopes and other scientific equipment). These are often based on old operating system that cannot be easily upgraded and so the choice is to either buy a new piece of equipment or accept/mitigate the risks associated. This can be a very difficult decision to make.

What can you do to help?

There are a number of things that you can do to help:

  • Ensure that patches are applied. While the IT department will push patches out to machines, they often need to be rebooted to be applied. Make sure your machine is rebooted when prompted.
  • Use central file shares or OneDrive for Business to store information. The data is either backed up or previous versions are kept. In the event of a successful ransomware attack we can go back to an earlier version before the file was encrypted – if it is stored on a local drive it may not be backed up and will be lost.
  • Don’t fall for scam emails or websites. Be suspicious of anything you are not expecting and don’t open unexpected email attachments. If you are unsure then contact the sender, preferably by a different method (e.g. phone or text)
  • If you aren’t certain then contact the IT Service Desk they are there to help you with your questions and provide advice.

IT

UPDATE 2: Following a configuration change around midday we have seen an improvement to the service stability. This has continued to be monitored throughout the afternoon and has provided a consistent level of performance. Close monitoring will continue again tomorrow.

Thanks for your patience whilst we have been troubleshooting


UPDATE: We are currently still working on a permanent fix for this problem but have identified a workaround for this. Instructions on the workaround below:

  1. Go to: Control Panel -> Mail (32-bit) -> Email Accounts
  2. Double click on your username
  3. Go to: More Settings -> Connection -> Exchange Proxy Settings
  4. Un-tick ‘on fast networks…’
  5. Ensure ‘on slow networks..’ is ticked

Users are reporting that this workaround is correcting the problem. We are working on a more permanent solution.


We have had a recurrence of last weeks interruption to staff email. We are investigating the problem and working on a fix.

IT

UPDATE:

Remedial work on the affected infrastructure has been successful and most services are now restored. There are a few exceptions that are being investigated as a matter of priority: Timetabling, MyID and Comino. If there are other systems that are affected please let us know.

Work is ongoing and as such there may be the need for interruptions, but at the moment we do not anticipate the need for this. An incident review will be held over the next few days to investigate the cause, how we responded and how we can improve the processes for the future.


UPDATE:

Services are now being restored, but should be considered at risk and in a degraded state.

This will be experienced as slowness or in some cases a loss of service. Some services such as Blackboard, email and the main University of Reading website are still available and unaffected.


As a result of planned maintenance on the physical infrastructure we have experienced an unexpected interruption to service affecting a number of central services.

We are working to resolve these issues as quickly as possible and will be bringing services back online over the course of the morning.

Further updates to follow here, Twitter and TOPDesk

IT

UPDATE: A detailed article has been published on ‘Naked Security’, a popular informative website about online security. Check the article out for further information on this Phishing campaign.


We have had a few reports from people receiving the following email and other Universities have confirmed that they have also seen it.

If you receive this email do not open the attachment, it contains malware (a macro virus).

Please think carefully before clicking on links in emails or opening attachments.

If you receive one of these emails then you should delete it. If you have any concerns then you should contact IT on ex 6262 or at it@reading.ac.uk

IT

The email looks something similar to this:


Hello, xxxx!

I am disturbing you for a very critical matter. Allhough we are not familiar, but I have large ammount of information concerning you. The thing is that, most probably mistakenly, the information of your account has been emailed to me.

For example, your address is:

Xxxxx xxxxxx xxxxxx

Xxxxxx xxxx

xxxxx

Postcode: xxxxx

I am a law-obedient citizen, so I decided to personal details may have been hacked. I attached the file – Harvey.dot that I received, that you could find out what info has become obtainable for scammers. Document password is – xxxx

I look forward to hearing from you,

xxxxxxx

We are aware of an issue with Meteorology user accounts being locked out. We are working on a solution to this problem. If you are affected by this please contact IT and we will unlock your account. You can keep track of the issue by following on the status page.

Contact the IT Service Desk, either via the Self Service Portal (https://uor.topdesk.net/) or phone 0118 378 (6262).

IT

« Older entries