© WWU IT

IT Security at Münster University

Organisational structure of IT security at Münster University is regulated through the Guideline of Information Security at WWU [de]. On these pages, the IT Security Management Team (CISO of Münster University) offers you advice and tips on how to protect your computer, laptop or smartphone against the risks of the Internet. Everything you need to know about IT security at Münster University is also summarised in our recommendations for administrators and users. The Computer Emergency Response Team (CERT) provides rapid assistance with security-related incidents in the area of computer use and Münster University user IDs.

Update

Warning about current scam e-mails

It-sicherheit User
© WWU IT

Several attempts of targeted scam via e-mail have been observed over the past few weeks. In those cases directors of different departments have been impersonated to send out e-mails with requests for assistance ("Are you available?"). The necessary information for impersonation as well as the e-mail addresses for the recipients usually have been extracted from public websites. If the recipient answers, the scammers ask the recipient to buy prepaid cards, e.g. Paysafe cards, and promise to reimburse them for the spent amount of money. As soon as the codes for redeeming those prepaid cards are transferred towards the criminals the money will, in most cases, be lost irretrievable since they will be redeemed immediately.

Read on

Extremely critical vulnerability "Log4Shell"

It-sicherheit Admin
© WWU IT

In the past few days information about a new vulnerability called "Log4Shell" (CVE-2021-44228) in the "log4j" component of many Java-based applications has been released. Every administrator has to check, if the vulnerable component is used by their service or system. In case a vulnerable version of log4j is used, it has to be updated immediately or a workaround has to be used.
Further information

Warning about current extortion emails

It-sicherheit User
© WWU IT

Lately a rising amount of extortion attempts with spam emails has been sent to members of the WWU. The originators usually claim to have "hacked" into a person's computer or email account and threaten to publish sensitive information, e.g. video material, about their private life, if their demands are not met. Often a payment of in a crypto currency like Bitcoin is requested. All those claims are mere pretences to scare the receiving person and urge them to give into their demands.

Read on

Warning about the Microsoft Outlook app for Android and iOS

It-sicherheit User
© WWU IT

Due to current requests the IT Security Management Team would like to point out that it is not permitted to use the Microsoft Outlook app for Android and iOS to retrieve e-mails from your WWU Exchange account. By using the app, you are sharing your passwords with third parties, which violates the IT Usage Regulations of the University of Münster. Please uninstall the Outlook app for Android or iOS if you have used it on your mobile device. In addition, you need to change the passwords of all email accounts you have linked via the app as soon as possible.

UPDATE 2021-07-09

PrintNightmare vulnerability in Microsoft Windows (CVE-2021-34527)

It-sicherheit Admin
© WWU IT

A vulnerability known as PrintNightmare (CVE-2021-34527) in the Print Spooler service of basically every version of Microsoft Windows has been made public on the 2021-07-01. Under certain circumstances it enables a remote attacker to execute malicious code (remote code execution) as well as a local attacker to perform a privilege escalation. For a remote exploit the print service has to be reachable and the attacker needs a valid account. Several exploits for the vulnerability have already been published.

Microsoft released updates for several Windows versions (see Microsoft Security Advisory). Those updates do not seem to close the vulnerability completely though (see BleepingComputer) and cause printing problems in certain cases!

The WWU-CERT recommends to install the new updates on all Windows systems immediately to make exploitation more difficult. Since the vulnerability is not completely fixed yet and the circumstances under which those exploits succeed are still somewhat unclear, a temporary workaround should be implemented, at least on systems with multiple users (e.g. remote desktop servers). The ACL workaround (see TRUESEC Blog) can prevent exploitation but also prevents the installation of new printers. On servers that do not need printing support, the Print Spooler service should be deactivated in general.