Earlier today (27th July 2017) the IT department detected a substantial outbreak of Spyware (a malicious programme that aims to gather information from your computer) across the University affecting over 70 machines. While the programme is being prevented from running properly by the University’s Anti-Virus software, the machines them selves are still infected and there will be some disruption while they are cleaned and the outbreak is contained.

The software is spread via an email which does not have a standard text, but refers to either an email payment or an invoice that needs to be paid. Within the body of the email there is then a link, which when clicked on will mean that software is downloaded and the machine is infected. Two examples are:

Subject:   Please pay your invoice with id number: 539193

Good Day,

Thanks for the mail.

Click here to pay and see your payment details:

<link removed>

If you have any questions related to this attachment, we will be more than happy to assist you.

Sincerely Yours,

<name removed>

Subject: Email payment notification number: 25979

Greetings <name removed>,

Click here to pay and see your payment details:

<link removed>

If you need any further assistance or have queries regarding your invoice, please do not hesitate to contact us.


<name removed>

If you receive an email like this you should not click on the link, and should just delete the email. Please remember the normal IT Security advice and be suspicious of all links and attachments you receive by email.

If you have any more questions or require further advice then please contact IT.


IT’s new Academic Computing Team Manager, Ryan Kennedy, heads to Washington DC this week to represent the University of Reading at NEXT; a giant IT conference hosted by Nutanix. He will be speaking about how institutions can benefit from using a self-service approach to research computing. Audience members watching Ryan will include NASA, IBM and Intel.

Ryan is the Academic Computing Team Manager at the University of Reading, responsible for physical and technical infrastructure to support research across the University. In this role Ryan and his team look after multiple compute and storage clusters servicing the ever-expanding requirements of academics.

Ryan’s team is currently working creating a cloud based self-service portal for academics to request research computing. This new self-service system allows for quicker turn around on requests and will allow users to more easily see what is available to them. It also provides IT with a more efficient way to work, saving time and money. Ryan will be talking about this approach in Washington, educating huge companies on how they can use the same technology to improve their work.

“I hope to show people new ways of working and how it can help both the users and the technical teams involved”, said Ryan, “I want to show off all the hard work my team has done on this and get it out there so others can benefit from it.”

NEXT takes place between the 28th and 30th of June at the Gaylord National Resort and Convention Center, Washington DC. Ryan’s talk is titled ‘Self Service Everything’ will be taking place on the 29th of June at 15:05 (20:05 UK time).

Live Stream

Sign up to watch the live stream!

As computers become exponentially more involved in our everyday working lives, security is an increasing concern.

It’s therefore essential for security conscious individuals to keep up to date with the latest news and trends. Twitter has emerged as an excellent way of doing this. By following a subsection of the biggest influencers in security, you can stay on top of the industry and any pressing developments — which is why we’ve compiled this list. Next to each recommended account, we’ve given a brief bio and explained what it is they Tweet about.

The List:

1. @mckeay is a Security Expert and Blogger who is very active on Twitter, his longstanding blog and his podcast. He tends to tweet about cybercrime, with a fair bit of security-based humour thrown in for good measure.

2. @gcluley has been working as a Security Expert since the 90s. A prolific Twitter user, Culey shares lots of industry news and articles of interest.

3. @thegrugq is an independent Information Security Consultant and Anti-Forensics Researcher. The Grugq has worked with Fortune 100 companies, leading information security firms, innovative start-ups and the public sector. The Grugq’s tweets are wide ranging: from the funny to the highly technical.

4. @Luis_Corrons has worked as Technical Director for PandaLabs since 1999. He’s a WildList reporter and sits on the AMTSO Board of Directors too. He shares a mixture of helpful security advice, his thoughts on the Panda Security blog and more.

5. @mikko has received many accolades, among them being voted one of the 50 most important people on the web by PC world magazine. @mikk is often a keynote speaker and has spoken for TED and Google. His tweets are wide ranging and occasionally technical. He shares lots of articles from the F-secure blog, where he has worked since 1999.


You may have seen recent reports of a significant ransomware incident at UCL. A small number of PCs were infected with malware which encrypted files stored both locally on the PCs and on network file shares. UCL’s Information Services suspect that the malware came from a compromised web site. To reduce the impact and risk of lost data, Information Services at UCL restricted their central file store to read-only whilst they dealt with the incident. As the university has backups and snapshots of the central file servers it looks like no data was lost.

To protect yourself from the risk of malware and losing important data:

· Ensure that software updates and patches are applied (if you see a pop-up stating that updates are ready to be installed, install them as soon as is convenient)

· Use central file shares or OneDrive for Business to store information (local files are not backed up and cannot be restored in the event of encryption by ransomware)

· Don’t fall for scam emails or web sites

· Contact the IT Service Desk if you are uncertain about the validity of an email message or web site

IT is providing everyone at the University of Reading with free 1TB cloud storage. Never lose your work files again!

What is it?

OneDrive for Business is a managed cloud storage that allows users to store and share files and folders online. This means that instead of that file sitting on your computer it is held on a server elsewhere, meaning your work is more secure and at less risk to cyber criminals. If someone gets access to your computer then those files are safe and secure on a server elsewhere, protected by Microsoft’s robust server system.

Where to get it

Simply login to Office 365 to gain access to OneDrive for Business:


Useful Links/Guides

Microsoft has provided some user guides to help you get up and running with OneDrive for Business:

Use of OneDrive

Ensure there are no contractual restrictions on use of Cloud Storage for the work you wish to store in One Drive. Use OneDrive for collaboration but be mindful that any documents used by a team will need to be moved should the owner of the document leave. Please read the University of Reading’s usage requirements regarding OneDrive.


Microsoft has a comprehensive support section on their website which will answer most questions and queries.  If not, please use the IT Self Service Portal or call 0118 378 6262.

UPDATE (11:30):

Following a meeting of the Critical Incident Team at 11:00 the incident has been closed. This is due to the lack of open and ongoing problems. We are continuing to proactively monitor the situation and if the status changes we will reopen the incident.

Thank you for your patience on this incident.


INITIAL (10:00):

Around 9 am this morning (25th May 2017) a critical incident affected a component of the network services provided to University of Reading Staff and Students. This component (DHCP – Dynamic Host Configuration Protocol ) is related to the provision of internet addresses to the computer and without an address network access is lost.

For further information or advice regarding this issue then please contact the IT Service Desk via the Self Service Portal (https://uor.topdesk.net/) or phone 0118 378 (6262).


There have been a number of reports over the last few days of Scam phone calls targeting University of Reading staff. The caller purports to be from Microsoft saying that a PC is unsafe and asking for access. If access is given then they will most likely use this as a way of installing malware on your machine or as a way of asking for payment.

This is a scam and staff should terminate the phone call as soon as they determine it is not legitimate. You should then report this through the IT Portal.This will allow us to track numbers and ensure that we are able to respond to an increase in reports. No action will need to be taken following the call, unless you allowed the third party to install any software.

General advice to follow to prevent falling victim to these kind of scams:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • US-CERT and Microsoft also provide advice on avoiding social engineering and phishing attacks.


The Information Technology department is currently working hard on mitigating the risks associated with the latest CyberSecurity incident: the WannaCry worm; the cyber-attack that affected a wide range of institutions last week.

What is it and what are the challenges affecting the University?

The worm affected computers that had not been properly patched, or that were running old operating systems. It follows a tradition of “worms” that have affected computers over a long period of time. The first worm was created in 1988 by mistake, but there have been many others that have affected the internet since and they continue to pose a threat today.

They all exploit vulnerabilities in operating systems: effectively where the code in a program has been poorly written and allows someone other than the intended user to access or control the program. When vulnerabilities are discovered, they can be “patched” – another piece of code is written to fix the code and remove the vulnerability. If the patch is not applied then the original program is left vulnerable to being attacked and the longer it is left the more likely it is that the vulnerability will be exploited and the software that is being used or the data that is being accessed will be compromised.

This is a particular challenge in environments where the management of computers is not well controlled – patching is disruptive (PCs often require a reboot) and time consuming – so machines and software are not always kept up to date. Also a University, like the NHS, will often have machines that are running expensive equipment (for example scanners, microscopes and other scientific equipment). These are often based on old operating system that cannot be easily upgraded and so the choice is to either buy a new piece of equipment or accept/mitigate the risks associated. This can be a very difficult decision to make.

What can you do to help?

There are a number of things that you can do to help:

  • Ensure that patches are applied. While the IT department will push patches out to machines, they often need to be rebooted to be applied. Make sure your machine is rebooted when prompted.
  • Use central file shares or OneDrive for Business to store information. The data is either backed up or previous versions are kept. In the event of a successful ransomware attack we can go back to an earlier version before the file was encrypted – if it is stored on a local drive it may not be backed up and will be lost.
  • Don’t fall for scam emails or websites. Be suspicious of anything you are not expecting and don’t open unexpected email attachments. If you are unsure then contact the sender, preferably by a different method (e.g. phone or text)
  • If you aren’t certain then contact the IT Service Desk they are there to help you with your questions and provide advice.


UPDATE 2: Following a configuration change around midday we have seen an improvement to the service stability. This has continued to be monitored throughout the afternoon and has provided a consistent level of performance. Close monitoring will continue again tomorrow.

Thanks for your patience whilst we have been troubleshooting

UPDATE: We are currently still working on a permanent fix for this problem but have identified a workaround for this. Instructions on the workaround below:

  1. Go to: Control Panel -> Mail (32-bit) -> Email Accounts
  2. Double click on your username
  3. Go to: More Settings -> Connection -> Exchange Proxy Settings
  4. Un-tick ‘on fast networks…’
  5. Ensure ‘on slow networks..’ is ticked

Users are reporting that this workaround is correcting the problem. We are working on a more permanent solution.

We have had a recurrence of last weeks interruption to staff email. We are investigating the problem and working on a fix.



Remedial work on the affected infrastructure has been successful and most services are now restored. There are a few exceptions that are being investigated as a matter of priority: Timetabling, MyID and Comino. If there are other systems that are affected please let us know.

Work is ongoing and as such there may be the need for interruptions, but at the moment we do not anticipate the need for this. An incident review will be held over the next few days to investigate the cause, how we responded and how we can improve the processes for the future.


Services are now being restored, but should be considered at risk and in a degraded state.

This will be experienced as slowness or in some cases a loss of service. Some services such as Blackboard, email and the main University of Reading website are still available and unaffected.

As a result of planned maintenance on the physical infrastructure we have experienced an unexpected interruption to service affecting a number of central services.

We are working to resolve these issues as quickly as possible and will be bringing services back online over the course of the morning.

Further updates to follow here, Twitter and TOPDesk


« Older entries § Newer entries »