Information Security Announcements

Secure computing for the CCNY community requires that our users participate in making sure our campus computing is safe! By following certain protocols and procedures that are in place and by reading any Office of Information Technology e-mail broadcasts you will be using CCNY computing 'best practices' .
The Office of Information Technology (OIT) is steadily updating and adding information, posting guidelines and providing the means to achieve the goal of secure computing. Any office that will be using sensitive information from students, faculty or staff is required to fill out and file the appropriate form(s). All forms are to be submitted to and approved by the Office of the Chief Information Officer (CIO).

From OIT: Summary of Security Bulletins

Summary of Security Bulletin  -- (For CCNY Community)

See below for a list of the Security announcements sent to the CCNY Community:

 


FALL 2020

OIT-ISO NOTIFICATION: Friday, September 4, 2020 - [THREAT ALERT] Multiple Active Email Phishing Attacks
There is an active phishing email attack targeting City College student email accounts. One such campaign that rising in occurrence is one in which various work from home job offers are sent, working for faculty or for doctors or in well-known offices or organizations such as UNICEF and WHO. >>View Notice

SPRING-SUMMER 2020

OIT-ISO NOTIFICATION: [THREAT ALERT] Active Email Phishing Attack - May 1, 2020
There is an active phishing email attack targeting City College student email accounts. This attack has the subject line "FREELANCER/VIRTUAL ASSISTANT URGENTLY NEEDED" or "VIRTUAL ASSISTANT PT OFFER". >>See Notice

OIT-ISO NOTIFICATION: Secure Transfer - April 28, 2020
The Office of Information Technology would like to introduce the Secure Transfer portal, The OIT Information Security Office recommends exercising due diligence and caution in your cybersecurity efforts. >>See Notice

OIT-ISO NOTIFICATION: Video-Teleconferencing Hijacking Advisory - March 31, 2020
There are reports of video-teleconferencing being disrupted by pornographic and/or hate images and threatening language. These are known as VTC hijacking (Also called “Zoom-bombing”). >>See Notice

OIT-ISO NOTIFICATION:COVID-19 Related Phishing Campaigns--March 26, 2020
Malicious cyber threat actors are capitalizing on the global attention surrounding the novel 2019 Coronavirus (COVID-19) to facilitate scams, distribute malware, and send phishing emails. >>See Notice

OIT-ISO NOTIFICATION:Email Scams Advisory--March 2, 2020
This is a reminder to be alert to the innumerable online scams. One of the most prevalent is known as a “phishing” email. These emails are designed to look like legitimate emails originating from your bank, a friend, or even the United States government. However, they are a ruse to persuade you to download malicious software and/or reveal account credentials and personal information that can be used for identity theft. >>See Notice

OIT-ISO NOTIFICATION:Email Scams Advisory--February 7, 2020
This is a reminder to be alert to the innumerable online scams. One of the most prevalent is known as a “phishing” email. These emails are designed to look like legitimate emails originating from your bank, a friend, or even the United States government. However, they are a ruse to persuade you to download malicious software and/or reveal account credentials and personal information that can be used for identity theft. >>See Notice

WINTER SESSION 2020

CUNY-CIS Security Advisories:FBI FLASH Report – Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages – TLP: GREEN--January 13, 2020
Following last week’s US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in content management systems (CMSs) to upload defacement files. The FBI advises organizations and people concerned with Iranian cyber targeting be familiar with the indicators, tactics, and techniques provided in the attached file.