Security & Alerts

September 17, 2018 Malicious Actors Exploiting Hurricane Florence

In the event of a major natural disaster, such as Hurricane Florence, malicious actors often post links to fake charities and fraudulent websites that either solicit donations for victims or deliver malware.


ITS recommends that everyone adhere to the following guidelines when reacting to solicitations for donations and related:

  • Exercise extreme caution when responding to individual pleas for financial assistance such as those posted on social media, crowd funding websites, or in an email, even if it appears to originate from a trusted source.
  • Be cautious of emails or websites that claim to provide information, pictures, and videos.
  • Do not open unsolicited (spam) emails or click on the links or attachments in those emails.
  • Never reveal personal or financial information in an email or to an untrusted website.
  • Do not go to an untrusted or unfamiliar website to view the event or information regarding it.
  • Malicious websites often imitate a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs .org) so ensure the link goes to the correct website.

If you have any questions or concerns regarding IT security, please contact ITS, and if you need to report any suspicious messages, please use these instructions to do so.


April 19, 2018 Regarding the two "Matching Gift Confirmation" emails

Yesterday at 11:18 AM, two emails were accidentally sent to everybody with an NCSSM email address. The emails came from do-not-reply@cybergrants.com.

The emails are legitimate, in the sense that they do come from who they say they're from, and concern legitimate NCSSM business.

However, due to an error within NCSSM, they were accidentally sent to everybody, and not to just those for whom the emails were intended. NCSSM administrative and technical staff are looking into ways to prevent any future occurrences.

The good news is that you may delete the emails. They contained no malware or anything that might harm your computer. Do not respond to the solicitation as it's still in process.

To those that reported the email, thank you. It's your continuing vigilance that, more than anything else, will keep our network secure. A double thanks to those that used the ticketing system and attached full headers.

Please feel free to contact me or any member of ITS with any questions.

November 29, 2017 Major vulnerability in macOS High Sierra (10.13)

A major new vulnerability has been discovered in the latest OS for the Mac, macOS High Sierra (10.13), wherein root access can be gained without a password. This security flaw requires either physical access to a Mac or remote access via Screen Sharing in order to exploit it. Apple is aware of the issue and is currently developing a patch that will resolve it, which we expect to be released soon.

Until that patch is made available, if you are running macOS High Sierra (use these instructions to determine your version of macOS), please do the following:

  • Do not leave your Mac unattended in a public area, such as a classroom, the library, cafeteria, etc.
  • Turn off Screen Sharing:
    • Navigate to System Preferences from the Apple menu, Dock, or Applications folder
    • Select Sharing
    • Make sure Screen Sharing is unchecked

Update - November 27, 2017 2:30pm

ITS is pleased to report that Apple has already patched macOS High Sierra (10.13) in order to resolve the vulnerability reported this morning.

If you are running macOS High Sierra (again, please use these instructions to check your macOS version number), please open the App Store and check Updates to install Security Update 2017-001 as soon as possible. For more information about this update, please review Apple's documentation.

October 27, 2017 Kaspersky Security Statement

Kaspersky Labs Anti-Virus (KAV) has been in the news lately. There are some indications that it can serve as a backdoor allowing data to be stolen from the computers that it's installed on. In fact, the Federal Government has barred its use on any computers owned by the US Government.

After looking into the issue, ITS is also recommending that it not be used on any computers containing or used to access NCSSM data. If you are using KAV on your computer and you are accessing NCSSM data on it, please open a ticket with ITS to assist you in removing KAV and installing another AV tool.

October 26, 2017 "KRACK" Wireless Vulnerability

You may have recently heard about the KRACK wireless vulnerability in the WPA2 protocol, which is widely used to secure wireless networks (https://en.wikipedia.org/wiki/KRACK and https://www.krackattacks.com/). KRACK is a serious vulnerability, in that a successful attack can intercept your data (including passwords, credit card numbers, and other confidential information), and even inject packets of data that appear to be coming from you; allowing an attacker to, for example, impersonate you to threaten someone or order goods using your credit cards.

However, the attack is fairly limited in scope, given that an attacker must be in range of the Wi-Fi access point you're using.

In general, mitigation of this threat requires updates to both your access points and to your client (your computer, phone, etc.). At NCSSM, we very quickly applied the fixes to the wireless network, but we also had to wait for client software to be updated. Most major client software (Windows, macOS, iOS) has recently been patched. A notable exception is Android; however, those fixes are forthcoming in the next few weeks.

Therefore, please take the time to apply all security updates to all your clients as they become available. Additionally, please don't hesitate to create an ITS Help Ticket (http://wiki.ncssm.edu/index.php/Send_ITS_a_Ticket) if you need any assistance with these updates, and if you have any questions or concerns about this vulnerability.

Additionally, if you use Wi-Fi at home, you may also need to apply a firmware update to your wireless router or access point(s) and any other computers and other devices you may use at home. Please contact your internet service provider (ISP) or device manufacturer for information on patches and how to install them.

September 11, 2017 Equifax Breach Recommendations

Given Equifax's admission last week of a breach of approximately 143 million Americans' personal and financial data, including names, Social Security numbers (SSNs), addresses, birth dates, and more, ITS would like to make some recommendations for protecting your identity and credit. We are providing these recommendations as a courtesy to the NCSSM community following our own research into the breach as well as correspondence with IT departments at other educational institutions, however, these recommendations do not officially represent the views of NCSSM.

First, ITS recommends freezing your credit via all three credit bureaus. Here are links to help get started:

Note that freezing your credit will require action on your part a few days before you apply for credit or a loan, and in some cases, apply for a job. You'll then have to re-freeze your credit after the event.

Second, we also recommend reviewing a free credit report via AnnualCreditReport.com. Reviewing this report is a great way to see if there’s any unusual activity that you do not recognize. You should consider reviewing your credit report annually and when contemplating major financial transactions, such as a house purchase.

Every month, you should closely monitor your credit card and bank statements for unauthorized activity. Note that debit cards give you less protection against fraud than credit cards, so consider not keeping large balances in your debit card.

Longer term, you should file your taxes as soon as is possible every year. That way, if you have been breached, you make it harder for a scammer to file a return in your name. Respond immediately to any letters from the IRS or the NC Department of Revenue.

At this time, we're not recommending that you use the Equifax site www.equifaxsecurity2017.com, which was set up to determine whether your information is part of the breach. The site asks for your last name and the last six digits of your SSN. Although Equifax has stated that they do not retain this information subsequent to your query, the site seems to have been hastily put together and may have its own security issues. Moreover, reports we've received indicate that the site often asks that you return at a specified date to determine whether you've been breached and/or to sign up for the year of free credit monitoring Equifax is offering.

These suggestions are mostly in line with the Federal Trade Commission's recommendations (https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do). This article also has additional suggestions and information.


If you have any further concerns, we recommend talking to your bank or financial professional, and visiting identitytheft.gov/databreach.


For more, see the Security tab.