About jovitatou

This author has not yet filled in any details.
So far jovitatou has created 2 blog entries.
12 2024-07

Information Security Tips (July 2024) – Important Tips for Ensuring Travel Safety

2024-07-12T14:55:34+08:00

To: All Users

No matter where we are, cybersecurity is an important issue that cannot be ignored.

Here are some cybersecurity tips:

  1. Update the software on your mobile devices, including antivirus software, as these updates often contain security fixes.
  2. Use strong passwords and avoid using passwords that are easy to guess.
  3. Enable multi-factor authentication services to protect your accounts.
  4. Backup your data completely before travel.
  5. Enable anti-theft and remote data destruction features on your mobile devices.
  6. Disable automatic Wi-Fi and Bluetooth connections on your mobile devices.
  7. Be cautious when using public Wi-Fi or public computer, avoid entering passwords or confidential information on these systems.
  8. If you need to access UM internal information through public Wi-Fi, please use a VPN.
  9. Be aware of your surroundings and pay attention to where and how you use your devices.
  10. Protect your mobile devices, never leave them in public places, and enable encryption features, including USB or external storage devices.

Please be reminded that online safety is just as important as physical safety when you are out. Let’s make cybersecurity a habit in your daily lives, stay safe, protect yourself and have a joyful trip!

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

無論我們身在何處,網絡安全都是我們不能忽視的重要議題。

以下是一些網絡安全的提示:

  1. 更新移動設備的軟件,包括防病毒軟件,因這些更新通常包含安全修復。
  2. 使用強密碼,避免使用容易被猜到的密碼。
  3. 啟動多重認證服務來保護您的各種帳戶。
  4. 出發前為資料進行完整備份
  5. 啟動移動設備的防偷竊及遠程消毁資料功能
  6. 停用移動設備的Wi-Fi和藍牙自動連接功能。
  7. 使用公共Wi-Fi或公共電腦時要謹慎,避免在這些系統上輸入密碼或機密信息。
  8. 如果需要在公共Wi-Fi上訪問大學內部資訊,請使用VPN
  9. 對周圍環境保持警覺,注意你在何處以及如何使用你的設備。
  10. 保護好你的移動設備,絕不要在公共場所留下它,並啟用加密功能,包括任何USB或外部存儲設備。

請記住,網上安全與外出時的實際安全同樣重要。讓我們在日常生活中養成網絡安全的習慣,保持安全,保護好自己,享受愉快的旅程!

參考

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Information Security Tips (July 2024) – Important Tips for Ensuring Travel Safety2024-07-12T14:55:34+08:00
5 2024-07

Important Notice: Security vulnerability of OpenSSH (updated at 5 July 2024)

2024-07-05T16:55:19+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), OpenSSH have recently issued remote code execution vulnerability about its products.  A remote attacker can exploit this vulnerability to trigger remote execute arbitrary code and bypass security restrictions. Furthermore, this vulnerability is widely exploited.

Affected products are: OpenSSH < 4.4p1 and 8.5p1 <= OpenSSH < 9.8p1

If the relevant affected products are used, users must install security updates that is officially released by OpenSSH as soon as possible.

For more details, please refer to: 
https://www.openssh.com/releasenotes.html
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,OpenSSH 官方 近日發出有關於其產品遠端程式碼執行
漏洞 遠端攻擊者可利用這漏洞,於目標系統觸發遠端執行任意程式碼及繞過保安限制 。 此外, 該漏洞亦正在被廣泛利用。

受影響產品為: OpenSSH < 4.4p1 和 8.5p1 <= OpenSSH < 9.8p1 

倘有使用相關受影響產品,用戶須盡快安裝由 OpenSSH 官方釋出的安全更新

有關詳情可參考:
https://www.openssh.com/releasenotes.html
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerability of OpenSSH (updated at 5 July 2024)2024-07-05T16:55:19+08:00
5 2024-06

Important Notice: Beware of emails sent by Medical Research Archives or European Society of Medicine

2024-07-04T00:00:38+08:00

To: All Users

Beware of the email invitation sent by organizations such as Medical Research Archives or European Society of Medicine, etc. Although their invitation is seemingly cordial, attention should be paid to its predatory business practices involving significant publication fees (https://esmed.org/author-center), and submitting research papers to them or speaking at their annual meetings may result in loss of money or time.

As reported by Flaky Academic Conferences website (https://flakyc.blogspot.com/2020/11/european-society-of-medicine-esmed.html). The website notes that it is not entirely clear what the European Society of Medicine is. It may be a product of the alleged predatory publisher Knowledge Enterprises, Inc. (KEI).

Below is further information and related discussion for your reference:

Sample of the emails:

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

小心警惕來自 Medical Research Archives 或 European Society of Medicine 等機構發送的電郵邀請。儘管他們的邀請表面上親切,但須關注其涉及高額的發表費用 (https://esmed.org/author-center) 的掠奪性商業行為,且向他們提交研究論文和/或在其年會上發表演講可能會導致金錢或時間的損失

Flaky Academic Conferences (https://flakyc.blogspot.com/2020/11/european-society-of-medicine-esmed.html) 網站所報導。該網站指出,European Society of Medicine 到底是什麼並不太明確。它可能是所謂的掠奪性出版商Knowledge Enterprises, Inc. (KEI) 的產品。

以下是進一步資訊及相關討論供參考:

電郵樣本參考:

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Beware of emails sent by Medical Research Archives or European Society of Medicine2024-07-04T00:00:38+08:00
28 2024-05

Important Notice: Beware of phishing emails with the subject “Infringing Copyright or Violating Legal Regulations”

2024-06-28T00:00:33+08:00

To: All Users

The Cybersecurity Incident Alert and Response Centre (CARIC) was informed that hackers have been sending phishing emails to various operators with the subject “Infringing Copyright or Violating Legal Regulations” to deceive users to download and open crypto ransomware virus.

The mentioned email accuses the website content of recipient’s organization, involving copyright infringement or violation of laws and regulations, and requires the recipient to click on the link provided as below in the email:


to download a compressed file with the “.rar” to understand the specific situation and remove the infringing content, otherwise legal action will be taken against the recipient, and the decompression password is provided in the email. After the analysis by CARIC, the compressed file contains an executable program that may download and install crypto ransomware once executed. Once infected, the computer of the victims may be subjected to ransomware encryption, remote control, information leakage and other hazards.

Suggestions:

  • If you receive similar email, do not download or open any files, and immediately notify ICTO Helpdesk for follow up;
  • Ensure the antivirus software is installed and virus definition files are regularly updated;
  • Do not open suspicious email attachments or links, and do not enter important information such as account passwords on suspicious websites.

Sample of the malicious email:

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

網絡安全事故預警及應急中心得悉,近月有黑客向不同營運者發出以 “侵占版權或違反法律條例” 為題的釣魚電郵誘騙用戶下載開啟加密勒索病毒。

題述電郵指控收件機構的網站內容,涉及侵佔其版權或違反法律條例,要求收件者點撃電郵內提供的網址連結(如下圖):

 

下載一個副檔名為”.rar”的壓縮檔案,以了解具體情況並移除侵權內容,否則將對收件構件採取法律行動,並且在電郵內提供上述檔案的解壓密碼。經網安中心分析, 該壓縮檔包含一個可執行程式,一旦運行,它可能會下載並安裝加密勒索病毒。一旦感染,受害者的電腦可能會被加密勒索、遠程控制,以及遭受信息泄露等危害

建議

  • 倘若收到類似電郵,切勿下載或開啟任何檔案,並即時通知資訊及通訊科技部服務中心跟進;
  • 確保安裝運行防毒程式並經常更新病毒程式特徵庫;
  • 切勿打開可疑的電子郵件附件或連結,以及於可疑網站中輸入帳戶密碼等重要資料。

惡意電郵樣本參考:

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Beware of phishing emails with the subject “Infringing Copyright or Violating Legal Regulations”2024-06-28T00:00:33+08:00
27 2024-05

Important Notice: Security vulnerability of Google Chrome browser (updated at 27 May 2024)

2024-06-27T00:00:32+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued security vulnerability about Chrome browser.  This vulnerability is widely exploited.

  • Please update to Google Chrome version 125.0.6422.112/.113 (Windows/ Mac) or later, 125.0.6422.112 (Linux) or later

For more details, please refer to:  https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html

Steps to update Google Chrome browser

  • Open your Google Chrome browser on your desktop.
  • Click the three vertical dots in the upper right corner to open the dropdown menu.
  • Select “Settings“.
  • Click “About Chrome” on the left-hand sidebar.
  • Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
  • Restart the Chrome.

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Google官方 近日發出有關於 Chrome 瀏覽器的安全漏洞,該漏洞亦正在被廣泛利用。

  • 請更新至 Google Chrome  125.0.6422.112/.113 (Windows/ Mac) 或之後版本, 125.0.6422.112 (Linux) 或之後版本

有關詳情可參考:https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html

更新Google Chrome瀏覽器”步驟

  • 在電腦上開啟 Chrome;
  • 按下右上方的 [更多](垂直三點圖示) ;
  • 按下 [設定] ;
  • 在左方菜單,按下[關於 Google Chrome];
  • Chrome瀏覽器會自動進行更新,或可手動按下 [更新 Google Chrome] 進行更新;
  • 重新啟動Chrome瀏覽器。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerability of Google Chrome browser (updated at 27 May 2024)2024-06-27T00:00:32+08:00
24 2024-05

UM Staff visited the Cybersecurity Incident Alert and Response Centre (CARIC)

2024-06-23T00:00:28+08:00

大合照
Group Photo

大學人員參觀網絡安全事故預警及應急中心
UM Staff visited the Cybersecurity Incident Alert and Response Centre (CARIC)

 

資訊及通訊科技部日前(5月17日)組織大學人員參觀特區政府網絡安全事故預警及應急中心,是次參訪活動得到該中心領導接待,介紹該中心的職責、專業設施設備和日常運作,以及維護網絡安全的工作,並與大學人員進行資訊安全技術交流。透過是次參訪活動,提升大學人員對網絡安全的認識和關注,並期望進一步將網絡安全教育推廣至校園,增強教職員及學生的網絡安全意識和網絡犯罪防範能力。

是次參訪活動的大學人員包括資訊及通訊科技部人員、資訊安全小組成員及電腦教學技術支援諮詢小組成員。

 

 

資訊及通訊科技部

ICTO recently arranged a visit to the Cybersecurity Incident Alert and Response Centre (CARIC) on 17 May 2024. The visit was received by the leaders of the center, who introduced the center’s responsibilities, professional facilities and equipment, daily operations, as well as the network security maintenance tasks, and conducted active discussion on cyber security techniques with our UM staff. Through this visit, it can enhance the cybersecurity awareness and concern of our staff, and it is expected to further promote cybersecurity education on campus, and enhance the cybersecurity awareness and crime prevention capabilities of staff members and students.

The UM staff participated in this visit include ICTO staff, members of information security team and members of Academic IT Support Advisory Group (AITSAG).

 

 

Information and Communication Technology Office

UM Staff visited the Cybersecurity Incident Alert and Response Centre (CARIC)2024-06-23T00:00:28+08:00
21 2024-05

Information Security Tips (May 2024) – Security Considerations When Using Public AI

2024-06-21T00:00:27+08:00

To: All Users

Artificial intelligence (AI) platforms provide users with a variety of powerful tools and services that can help them to accomplish a variety of tasks, from data analysis to machine learning. However, there are some security risks to be aware of when using public AI platforms.

Below are some security tips to protect your data and privacy:

  1. Choose a reputable platform: Choose a platform with good reputation and research its security and compliance record.
  2. Understand the platform’s privacy policy: Read the platform’s privacy policy before using it. Understand how the platform collects, uses and shares your data.
  3. Be careful of what you share: Only share the data you need to complete your tasks. Avoid sharing any sensitive, confidential data, unpublished work information or research results.
  4. Use strong passwords and enable two-factor authentication: Create strong passwords for your accounts and enable two-factor authentication.
  5. Beware of phishing and scams: Do not click on suspicious links or enter your account information on unverified websites.
  6. Keep your software up to date: Keep your operating system and AI platform software up to date.
  7. Report suspicious activity: If you notice any suspicious activity, report it to the AI platform’s support team immediately.

By following these security tips, you can help protect your data and privacy while using public AI platforms. If you need further information on “AI privacy” and “Data Anonymization Processing”,  you can refer to the relevant information published by the Personal Data Protection Bureau (PDPB): https://www.dspdp.gov.mo/en/references_detail/article/kzw3p0kz.html

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

人工智能 (AI) 平台為使用者提供了各種強大的工具和服務,可幫助他們完成各種任務,從資料分析到機器學習。然而,在使用公有 AI 平台時,需要注意一些安全風險

以下是一些安全提示,可幫助您保護您的資料和隱私:

  1. 選擇可信賴的平台:選擇信譽良好的平台,並研究其安全性和合規性記錄。
  2. 了解平台的隱私政策:在使用平台之前,請閱讀其隱私政策。了解平台如何收集、使用和共享您的資料。
  3. 注意您分享的資料:僅分享您需要完成任務的資料。避免分享任何敏感、機密資料、未公開的工作資料或研究成果
  4. 使用強密碼並啟用雙因素驗證:為您的帳戶創建強密碼並啟用雙因素驗證
  5. 注意網路釣魚和詐騙切勿點擊可疑連結或在未經驗證的網站上輸入您的帳戶資訊。
  6. 保持軟體更新:將您的作業系統和 AI 平台軟體更新到最新版本
  7. 報告可疑活動:如果您發現任何可疑活動,請立即報告給 AI 平台的支援團隊。

通過遵循這些安全提示,可以幫助保護您的資料和隱私,同時安心使用公有 AI 平台。如您需要「人工智能私隱」及「資料匿名化處理」進一步的資訊,
可參考澳門個人資料保護局翻譯及發佈的相關資訊: https://www.dspdp.gov.mo/zh_tw/references_detail/article/kzw3p0kz.html

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Information Security Tips (May 2024) – Security Considerations When Using Public AI2024-06-21T00:00:27+08:00
13 2024-05

Important Notice: Security vulnerability of Google Chrome browser (updated at 13 May 2024)

2024-06-13T00:00:22+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued security vulnerability about Chrome browser.  This vulnerability is widely exploited.

  • Please update to Google Chrome version 124.0.6367.201/.202 (Windows/ Mac) or later, 124.0.6367.201 (Linux) or later

For more details, please refer to: https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html

Steps to update Google Chrome browser

  • Open your Google Chrome browser on your desktop.
  • Click the three vertical dots in the upper right corner to open the dropdown menu.
  • Select “Settings“.
  • Click “About Chrome” on the left-hand sidebar.
  • Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
  • Restart the Chrome.

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,Google官方 近日發出有關於 Chrome 瀏覽器的安全漏洞,該漏洞亦正在被廣泛利用。

  • 請更新至 Google Chrome  124.0.6367.201/.202 (Windows/ Mac) 或之後版本, 124.0.6367.201 (Linux) 或之後版本

有關詳情可參考:https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html

更新Google Chrome瀏覽器”步驟

  • 在電腦上開啟 Chrome;
  • 按下右上方的 [更多](垂直三點圖示) ;
  • 按下 [設定] ;
  • 在左方菜單,按下[關於 Google Chrome];
  • Chrome瀏覽器會自動進行更新,或可手動按下 [更新 Google Chrome] 進行更新;
  • 重新啟動Chrome瀏覽器。

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerability of Google Chrome browser (updated at 13 May 2024)2024-06-13T00:00:22+08:00
18 2024-04

Important Notice: Security vulnerabilities of PuTTy (updated on 18 April 2024)

2024-05-17T00:01:13+08:00

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), PuTTy recently issued security vulnerability about ECDSA private key. Attackers can exploit this vulnerability to restore the private key from signed messages and public key. When they have the private key, they can forge the signature and log in to any servers using that private key.

  • Please update to PuTTy  0.80 later, FileZilla 3.66.5 later, WinSCP 6.3.2 later, TortoiseGit 2.15.0 later and TortoiseSVN 1.14.6 later.

For more details, please refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

各位用戶:

資訊及通訊科技部接獲網絡安全事故預警及應急中心的通知,PuTTy近日發出有關於 ECDSA 私鑰的安全漏洞,攻擊者可利用這漏洞,從一些已簽名的訊息和公鑰還原出私鑰,當攻擊者取得私鑰,便能够偽造簽名,登入使用該私鑰的任何伺服器。

  • 請更新至 PuTTy  0.80 之後版本, FileZilla 3.66.5 之後版本, WinSCP 6.3.2 之後版本, TortoiseGit 2.15.0之後版本 和 TortoiseSVN 1.14.6之後版本。

有關詳情可參考:
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

參考資料

如有任何疑問,請聯絡資訊及通訊科技部服務中心。

服 務 中 心
位置 : 中央教學樓東5座(E5)二樓2085室 (電子地圖)
電話 : 8822 8600
電郵 : icto.helpdesk@um.edu.mo

資訊及通訊科技部

Important Notice: Security vulnerabilities of PuTTy (updated on 18 April 2024)2024-05-17T00:01:13+08:00
15 2024-04

Invitation: User Satisfaction Survey on ICTO Services 2023/2024

2024-05-15T00:01:12+08:00

Dear students and colleagues,

To accurately assess user satisfaction with ICTO services, we will conduct an online questionnaire survey. Your valuable feedback and suggestions are crucial to us, as they can help us continuously improve and deliver better services to meet your evolving IT needs.

We will send an invitation email to all students and colleagues, containing a unique link to the questionnaire.  The deadline for the survey is 6 May, 2024 (Monday). Please complete the questionnaire before this date to allow us to collect and analyse your opinions in a timely manner.

We sincerely appreciate your participation and support, and look forward to receiving your feedback. Let us work together to continuously improve service quality and meet your expectations!

If you have any enquiries, please feel free to email ICTO_SEC@um.edu.mo.

Information and Communication Technology Office

親愛的同學和同事:

為了準確評估用戶對 ICTO 服務的滿意度,我們將進行一項網上問卷調查。您的寶貴反饋和建議對我們至關重要,因為它將助力我們不斷完善並提供更加出色的服務,以滿足您日益發展的IT需求。

我們將向所有學生和同事發送一封邀請電子郵件,其中包含一個專屬問卷鏈接。請注意,問卷的截止日期為202456(星期),請於此日期之前完成問卷,以便我們能夠及時收集和分析您的意見。

我們衷心感謝您的參與和支持,並期待收到您的反饋。讓我們共同努力,不斷提升服務品質,滿足您的期待!

如果您有任何疑問,請隨時發送電子郵件至 ICTO_SEC@um.edu.mo 與我們聯繫。

資訊及通訊科技部

Invitation: User Satisfaction Survey on ICTO Services 2023/20242024-05-15T00:01:12+08:00
© University of Macau
Go to Top