IT Alerts Dashboard

UFIT Security is aware of a series of scam/fraud emails that attempt to convince users that their account has been hacked, and threaten to release personal information unless a ransom is paid. The sending address is typically spoofed to appear that it came from the recipient, and the messages use various attention grabbing subjects, such as:

Subject: Account Issue. Changed password. (your password:password123)

Subject: You password must be need changed (your password:password123)

Subject: Hacking Alert! You account was hacked (your password:password123)

Subject: Security Scam Warning. (your password:password123)

Subject: Security Alert. You account has been hacked. Password must be need changed. (your password:password123)

These emails are a recently common mass-mailed scam where the attackers use old breached data, generally no longer relevant, to convince individuals that the scammer has control of their computer, when in all likelihood they do not.

Some articles with more information on the scam tactics can be found below:

https://www.businessinsider.com/new-email-scam-uses-old-password-fake-porn-threats-webcam-video-bitcoin-2018-7

https://www.usatoday.com/story/tech/columnist/2018/09/11/sextortion-scams-how-not-fall-prey-latest-email-threat/1254679002/

The majority of the passwords we've seen reported do not comply with the minimum UF password standard so it's doubtful that they were ever used as UF passwords. Those that may appear familiar were most likely used at some point by the user across multiple websites, and one of those third- party websites suffered a data breach. This reinforces the extremely important practice of never using the same password across more than one site - in the event one website suffers a data breach, the first thing hackers will do is attempt to login to other websites with that username and password. If you ensure that you never reuse the same password between sites, your risk is significantly reduced.

The good news is that UF's email security gateway is reliably identifying a large percentage of these messages as scams and rejecting them. However, in some cases a user may have added an entry in their personal "Safe Senders List" that allowed the message to pass through the gateway as a trusted message. To check your settings go to https://spam.mail.ufl.edu and login using your UF username and password, then look for "Safe Senders List" under the Lists menu on the left side. If your safe list includes your own UF email address or the ufl.edu domain you may want to consider removing those from the list. Scammers routinely spoof the From address to make it appear to come either from your own email account or from a trusted domain such as ufl.edu.

Please share this alert with those who need to be made aware.

Original Message:

--------------------------------------------------------------------------------------------------------------------------------
From: user@ufl.edu 
Sent: Saturday, November 10, 2018 10:11 AM
To: user@ufl.edu
Subject: You password must be need changed (your password:black2468)

Dear user of ufl.edu!

I am a spyware software developer.
Your account has been hacked by me in the summer of 2018.

I understand that it is hard to believe, but here is my evidence:
- I sent you this email from your account.
- Password from account user@ufl.edu: password123 (on moment of hack).

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2018-0296).

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.

Since then I have been following you (I can connect to your device via the VNC protocol).
That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.

At the moment, I have harvested a solid dirt... on you...
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.

I know what you like hard funs (adult sites).
Oh, yes .. I'm know your secret life, which you are hiding from everyone.
Oh my God, what are your like... I saw THIS ... Oh, you dirty naughty person ... :)

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!

So, to the business!
I'm sure you don't want to show these files and visiting history to all your contacts.

Transfer $830 to my Bitcoin cryptocurrency wallet: 1Bt4psBJmjfVTcW6eYiJZ6HEbpFgKkBSX4
Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am “working” with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted, and from my server will automatically send email and sms to all your contacts with compromising material.

I advise you to remain prudent and not engage in nonsense (all files on my server).

Good luck!
--------------------------------------------------------------------------------------------------------------------------------

Read More...

GatorLink VPN
Maintenance Start - Saturday, November 17 at 6:00 AM
Maintenance End - Saturday, November 17 at 8:00 AM

UFIT staff will perform maintenance for GatorLink VPN beginning on Saturday, November 17 at 6:00 AM. GatorLink VPN is used as a method to securely access the UF network and other secured resources. During this maintenance window, the GatorLink VPN platform may be unreachable for about 10 minutes. The maintenance is expected to be completed by Saturday, November 17 at 8:00 AM.

If you have any questions or concerns regarding this notice, please contact the UF Computing Help Desk at 352-392-HELP or helpdesk@ufl.edu

This Alert displays the latest status for most Enterprise Reporting data reports.

Data Warehouses	Last Updated and Completion
Finance Data Warehouse	11/14/2018 at 11:00 p.m.
Human Resources Data Warehouse	11/14/2018 at 7:00 p.m.
Student Financials Warehouse	11/14/2018 at 7:00 p.m.
Student Services Warehouse	11/15/2018 at 5:30 a.m.
Financial Information Tool (FIT) Cubes	11/14/2018 at 11:00 p.m.
Delivered Reports	Available Periods
Bi-weekly Cost Distribution Detail (PDF and XLS)	11/05/2018
Preliminary Paylist	11/13/2018
Final Paylist	11/13/2018
Salary Status Detail Cost Projections (Except funds 201 and 209)	11/09/2018 through 07/01/2019*
Salary Status Detail Cost Projections (Funds 201 and 209)	11/09/2018 through grant end dates*

* Indicates that the process has not completed at the time of this update.

---

Assuming you are assigned the appropriate security roles to do so, you may sign-on to myUFL and use the following navigation paths as required.

Projected Payroll UF Projected Payroll>UF Projected Payroll.

Distributions Setup HRMS>Product Related>Commitment Accounting>Budget Information>Department Budget Table USA.

---

Please contact the UF Help Desk at 392-HELP or helpdesk@ufl.edu if there are any issues with the reports.

myIT and myRequest
Maintenance Start - Friday, November 16 at 10:00 PM
Maintenance End - Saturday, November 17 at 4:00 AM

UFIT staff will perform maintenance for myIT and myRequest beginning on Friday, November 16 at 10:00 PM. myIT is used by UFIT to record and track service requests and incidents. myRequest is used by Shared Services for service requests. While outages are possible throughout the maintenance window, the myIT and myRequest vendor does not expect the service to be interrupted for the entire time. The maintenance is expected to be completed by Saturday, November 17 at 4:00 AM.

If you have any questions or concerns regarding this notice, please contact the UF Computing Help Desk at 352-392-HELP or helpdesk@ufl.edu

UFIRST
Maintenance Start - Friday, November 16 at 5:30 PM
Maintenance End - Friday, November 16 at 7:30 PM

UFIT staff will perform maintenance for UFIRST beginning on Friday, November 16 at 5:30 PM. UFIRST is used as an on-line grant proposal and award tracking system. UFIRST will be unavailable for approximately one hour starting at 5:30 PM. UFIRST is expected to be available by 6:30 PM, but users may experience degraded performance during the balance of the maintenance window. The maintenance is expected to be completed by Friday, November 16 at 7:30 PM.

If you have any questions or concerns regarding this notice, please contact the UF Computing Help Desk at 352-392-HELP or helpdesk@ufl.edu

myTraining
Maintenance Start - Friday, November 16 at 12:00 p.m.
Maintenance End - Sunday, November 18 at 5:00 p.m.

myTraining will undergo maintenance beginning on Friday, November 16th at 9:00 p.m. The myTraining portal is an integrated training management system for faculty and staff at the University of Florida and UF Health Shands. This "one-stop" portal enables faculty and staff to view training schedules, register for professional and required classes, and complete online training.

myTraining will be unavailable during this time.

The maintenance window is expected to be completed by Sunday, November 18 at 6:00 p.m.

Network File Storage
Maintenance Start - Saturday, November 17 at 7:00 AM
Maintenance End - Saturday, November 17 at 9:00 AM

Network File Storage maintenance planned for Sunday, November 11 has been rescheduled.

---

UFIT staff will perform maintenance for Network File Storage beginning on Saturday, November 17 at 7:00 AM. A code upgrade will be performed on the Isilon Cluster, CNS-FS03, which may impact cluster performance as individual nodes reboot. NFS and SMB services should remain available throughout the procedure, although some SMB-based applications may need to be restarted afterwards. The maintenance window is expected to be completed by Saturday, November 17 at 9:00 AM.

If you have any questions or concerns regarding this notice, please contact the UF Computing Help Desk at 352-392-HELP or helpdesk@ufl.edu

General Accounting and Financial Reporting

Enterprise Reporting Link	Available Versions
Department Reports	December 2005 - October 2018
Fund Reports	December 2005 - October 2018
Sponsored Programs Reports*	August 2006 - October 2018
Residual/Overhead Projects	December 2005 - October 2018
Construction Project Reports	August 2006 - October 2018

* The PI Summary Reports were first made available in August 2006.

Please contact the UF Help Desk at 392-HELP or helpdesk@ufl.edu if you have questions or concerns with any of the reports.