To: All Users

There has been a recent emergence of phishing emails impersonating university staff members. Hackers are using fraudulent email addresses to send urgent emails to colleagues or students, pretending to need immediate assistance. Their intention is to deceive recipients into responding and then carry out subsequent fraudulent activities, such as money scams or attempts to obtain account passwords.

Figure 1: Sample of Phishing Email

If you have suspicions, try to contact the sender through other reliable means for further verification, such as phone calls or text message.

Please DO NOT RESPOND to this kind of emails or provide any information to the impersonating sender. If you have any further queries, please feel free to contact our Help Desk.

Reference

• Don’t Let a Phishing Scam Reel You In
• How can I identify a phishing, fake email and websites?
• Beware of Phishing Trap

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

In today’s digital environment, it is very important to ensure the security of your system. By following the below advice, you can significantly enhance the protection of your system and data.

1. Enable Strong Authentication:  Use strong password and consider other authentication mechanisms such as multi-factor authentication (MFA) to add an extra layer of security when accessing your system.
2. Create an SSH Key Pair: Generate and use SSH key pairs for secure remote access. This method provides stronger encryption and authentication compared to traditional password-based authentication.
3. Keep the System Up to Date: Regularly update your system with the latest security patches and software updates. These updates often address known vulnerabilities and protect against emerging threats.
4. Remove Unnecessary Software: Minimize the attack surface by uninstalling any unnecessary or unused software. These software may contain vulnerabilities that can be exploited by attackers.
5. Disable Administrator Login: Disable direct administrator login (e.g., “administrator”, “admin”, ”root”) and enforce the use of individual user accounts. This helps restrict access and mitigates the risk of unauthorized access to critical system resources.
6. Check and Close Open Ports: Regularly scan your system for open ports and close any unnecessary or unused ports. Open ports can be served as entry points for attackers, so it is vital to limit their availability.
7. Enable a Firewall: Set up a firewall to control inbound and outbound network traffic. A properly configured firewall can filter malicious traffic and protect your system from unauthorized access.
8. Harden Your Linux System with SELinux or AppArmor: Implement Security-Enhanced Linux (SELinux) or AppArmor to enforce strict access controls and limit the impact of an attack on your system.
9. Security Audits: Conduct regular security audits to identify vulnerabilities, assess system configurations and ensure compliance with security policies and standards.
10. Regularly Create and Maintain Backups: Regularly back up your critical data to mitigate the impact of system failures, data loss, or ransomware attacks. Test the restoration process periodically to ensure the integrity of backup copies.

Protecting the security of system is an ongoing process. Stay informed about the latest security threats, update your security strategies, and best practices.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Apple Inc. has recently released various security updates .  Apple WebKit may lead to arbitrary code execution when processing maliciously crafted web content and attacker can induce the victim to visit a malicious website to trigger the vulnerability.

• Please update to iOS 16.7.5, iPadOS 16.7.5, iOS 17.3, iPadOS 17.3, macOS Monterey 12.7.3, macOS Ventura 13.6.4, macOS Sonoma 14.3, Safari 17.3, tvOS 17.3, watchOS 10.3 or later version

For more details, please refer to: 
https://support.apple.com/en-us/HT214056
https://support.apple.com/en-us/HT214059
https://support.apple.com/en-us/HT214063
https://support.apple.com/en-us/HT214061
https://support.apple.com/en-us/HT214058
https://support.apple.com/en-us/HT214057
https://support.apple.com/en-us/HT214060
https://support.apple.com/en-us/HT214055

If the above products are used, users must:

• Install security updates released by Apple Inc. as soon as possible.
• Backup and test before updating.

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued security vulnerabilities about Chrome browser.  This vulnerability is widely exploited.

• Please update to Google Chrome version 120.0.6099.224/225 (Windows/ Linux) or later, 120.0.6099.234 (Mac) or later

For more details, please refer to: https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html

Steps to update Google Chrome browser

• Open your Google Chrome browser on your desktop.
• Click the three vertical dots in the upper right corner to open the dropdown menu.
• Select “Settings“.
• Click “About Chrome” on the left-hand sidebar.
• Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
• Restart the Chrome.

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

Online services have become an indispensable part in our daily life, thus making Internet scams more prevalent and widespread, covering a wide range of areas such as shopping, job hunting, investing, charity, lottery, etc. There is a Cantonese saying, “An old trick is fine, as long as it works” implying that many traditional scams are repackaged in new forms and carried out on the Internet or over the phone. The tactics are constantly changing, making it hard for people to protect.

However, all scams have a common goal, whether they are tricking users to give their account numbers, passwords or personal information, the ultimate goal is money. As long as you raise your security awareness and always “fact‑check”, you can reduce the risk of being scammed. Remember the three key principles to prevent fraud:

1. Stay calm and don’t be flustered: Fraudsters often use threatening words over phone, text messages or emails to cause victims to lose their composure and fall into their trap, especially if they claim themselves to be law enforcement, government or bank officials. Just stop and think! Try to buy time to verify the truth of the matter or consult with family and friends.
2. Don’t be greedy: Never let the mentality of “Fear of missing out” to blind your judgment. There’s no free lunch in the world. If there’s any promotional sale or investment opportunity, make sure to understand it clearly and verify its authenticity to avoid losing more than you gain.
3. Never casually disclose personal information: Personal information is equivalent to money. You should not reveal your personal information casually, as it is not just your data that can ultimately be stolen, but your personal identity, which can then be used to defraud money or engage in illegal activities.

Pay more attention to anti-fraud information and naturally raise your anti-fraud awareness, so that you won’t give fraudsters an opportunity to take advantage. The following are some examples of scam messages:

Pretending to be an instant messaging software notification, with disturbing words. But one thing to note is that the “w” letter in URL is actually impersonated by two “v” letters.

Suspicious text messages from strangers. Scammers may use social engineering scams to carry out all kinds of fraud, they will use the tactic of “played the long game” and communicate with the victim for a long time to win their favor, which means to defraud a large amount of money.

Compromising verification codes is a common method of hijacking other people’s accounts, including communication software, bank transfers, etc. Verification codes are used for personal identity verification or account operation verification, which is a matter of personal privacy, and should not be disclosed. Actually, using someone else’s phone number for verification is completely unreasonable, and the sender’s account may have been compromised.

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Google have recently issued the security vulnerability about Chrome browser, this vulnerability may trigger the bypass of security restrictions and remote execution of arbitrary code; in addition, this vulnerability is widely exploited.

• Please update to Google Chrome version 119.0.6045.199/.200 or later.

For more details, please refer to: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html

Steps to update Google Chrome browser

• Open your Google Chrome browser on your desktop.
• Click the three vertical dots in the upper right corner to open the dropdown menu.
• Select “Settings“.
• Click “About Chrome” on the left-hand sidebar.
• Chrome will automatically check for updates or you can click the button “Update Google Chrome”.
• Restart the Chrome.

Reference

• How to download and install software in a secure manner?
• Basic Knowledge of Online Safety and Security
• Other Information Security Tips

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office

To: All Users

Important data loss can occur anytime, data backup is an important measure to prevent data loss caused by equipment failure or data damage, ensuring valuable information will not be lost forever. Data backup also provides the last protection for cyberattacks (especially ransomware attacks), allowing you to recover the data and resume daily operations quickly. Proper data backup can also protect sensitive personal and financial information from unauthorized access or disclosure.

Basic Data Backup Practices:

1. Regular Backup: Schedule regular backup to ensure your data is always up to date. Daily backup is recommended for critical data, weekly or monthly backup may be sufficient for files that are not updated frequently.
2. Keep Multiple Backup Copies: Store multiple copies of your backup on different storage devices, such as external hard drives, cloud storage, or even physical copies. This redundancy ensures that even if one of the storage media failed, your data can still be preserved. When using cloud storage, please pay attention to the security and data protection settings of the service and consider which data is suitable for storage in the cloud.
3. Store Storage Devices Properly: Store your backup storage devices properly and away from physical hazards like fire or water. For cloud storage, choose reputable providers with robust security measures.
4. Test Backup Regularly: Verify the integrity of the backup by testing them regularly to ensure the data can be restored when necessary.
5. Password Protection: Protect your backup devices by means of a password to prevent unauthorized access. In addition, consider encrypting the backup to increase the security.

Data backup is not a one-off task, but an ongoing process. Through the above basic and effective practices, you can protect your valuable data from being lost and ensure that your personal and work data are protected.

Reference

Data sharing & storage service in the University
Protect your computer against virus and malware

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo

Information and Communication Technology Office