Security Advisories

Learn about the most recent information security related updates, threats, and news to the University of Regina Community by following the Information Security Advisories:

Forged Email Phishing

Date: 04/17/2019
Threat Level: Medium
Type: Phishing
Description:
A message appearing to come from your own account claims to have access to your email

Idle Time-out Notifications and Recommendations

Date: 12/21/2018
Threat Level: Low
Type: Physical Access
Description:
Users are requested to ensure their systems are locked when unattended. Idle-time lock notifications and recommendations provided.

Password reuse phishing

Date: 12/19/2018
Threat Level: Medium
Type: Business Email Compromise
Description:
A fake site setup to look and act legitmate with data has sent you a request

Targeted Phishing Attempts at Fraud - Wire Transfers, Gift Cards

Date: 10/23/2018
Threat Level: Medium
Type: Business Email Compromise
Description:
Warning of targeted phishing attempts which request transfers of funds.

"Dear uregina.ca account user."

Date: 10/09/2018
Threat Level: Medium
Type: Business Email Compromise
Description:
A phishing email message saying that you're over your mail quota may have targeted you recently

Multiple Phishing Campaigns: "New Gateway" or "Payroll Schedule is Available!"

Date: 09/20/2018
Threat Level: Medium
Type: Phishing
Description:
Multiple phishing campaigns have been detected. Uregina.ca email addresses are being targeted.

Phishing Attempt - Dear: Webmail subscriber

Date: 08/13/2018
Threat Level: Medium
Type: Phishing
Description:
Attempts to collect credentials with the lure that user email account is over quota.

Extortion phishing with credentials

Date: 07/13/2018
Threat Level: Medium
Type: Phishing
Description:
Email recieved which asserts to be from IT Service Desk, and requests you to reset email password.

Phish Alert - IT Help Desk

Date: 07/09/2018
Threat Level: Medium
Type: Phishing
Description:
Email recieved which asserts to be from IT Service Desk, and requests you to reset email password.

Targeted Phishing Attempts from ICT Service Desk

Date: 06/19/2018
Threat Level: Medium
Type: Information Disclosure
Description:
Please be aware that an phishing email message may have targeted you recently

Ticketfly Data Breach

Date: 06/04/2018
Threat Level: Medium
Type: External Account Breach
Description:
Ticketfly, a ticket processing service, has had the information of millions of users posted online

Phish Alert - Payroll Notification

Date: 05/31/2018
Threat Level: Medium
Type: Social Engineering
Description:
A spam campaign coming from a spoofed payroll@uregina.ca may have hit your inbox..

Telephone Tech Support Scams

Date: 04/26/2018
Threat Level: Medium
Type: Social Engineering
Description:
Recently there have been reports that students and staff are recieving phone calls from "Support Technicians"

Security Advisory: Petya Ransomware

Date: 04/05/2018
Threat Level: High
Type: Ransomware
Description:
Petya ransomware is the latest round of malware to exploit organizations around the world.

Malware Alert - New Payment Email Message / New Address / New Contact Details

Date: 04/05/2018
Threat Level: Medium
Type: Malware Risk
Description:
An email was received regarding a payment from your account. A link is in the email which downloads malware.

Sophos Antivirus ending support for Windows XP

Date: 04/05/2018
Threat Level: Medium
Type: Malware Risk
Description:
On Dec. 31, 2016, Windows XP users will cease to receive updates for Sophos Endpoint Security and Control (Antivirus) . Action is required for Windows XP users.

Configure Click to Play Flash in Web Browsers

Date: 04/05/2018
Threat Level: Medium
Type: Flash Exploit
Description:
Configure 'Click to Play' Flash to disable automatic loading of Flash content in webpages.

Malware Alert - "RBC Secure Doc" Email Message

Date: 04/04/2018
Threat Level: Medium
Type: Malware Risk
Description:
A message appearing to be from RBC includes an attachment which contains malware. Do not open this attachment.

Windows WannaCry Ransomware Security Advisory

Date: 04/04/2018
Threat Level: High
Type: Ransomware
Description:
Large scale ransomware campaign notification.

Phish Alert - 'E-mail Notification'

Date: 04/04/2018
Threat Level: Medium
Type: Phishing
Description:
Email received which spoofs a uregina.ca email address, and requests a password change.

Phish Alert - IT SERVICE DESK

Date: 04/03/2018
Threat Level: Medium
Type: Phishing
Description:
Email recieved which asserts to be from IT Service Desk, and requests you to reset email password.

Security Advisory: "You have voicemail!" malware

Date: 04/03/2018
Threat Level: Medium
Type: Malware Risk
Description:
Email Messages containing links to malware use "You have a voicemail" to socially engineer users into clicking.

Malware and Phish Alert - Canada Revenue Agency

Date: 04/03/2018
Threat Level: High
Type: Phishing / Malware
Description:
A fraudulent request to visit a website to receive your tax refund may attempt to expose you to malware and request your passwords.

Phish Alert - 'Campus Security Alert! for Username@uregina.ca'

Date: 04/03/2018
Threat Level: Medium
Type: Phishing Alert
Description:
There is currently an email message circulating that has been received by many users with the subject "Campus Safety Alert!" and it appears to be from "0999@uregina.ca" or "099000@support.com"

MacOS Authentication Bypass on High Sierra 10.13

Date: 04/03/2018
Threat Level: High
Type: Authentication Bypass - Remote Access
Description:
An unauthorized user may gain access to a Mac computer if it is not fully patched.

Breached Dropbox Credentials

Date: 04/03/2018
Threat Level: Low
Type: External Account Breach
Description:
Dropbox account credentials using uregina.ca email addresses have appeared posted online.

Managed workstations will have enforced idle time-out as of May 17, 2017

Date: 04/03/2018
Threat Level: Low
Type: Physical Access Threat
Description:
After 60 minutes of idle time, managed workstations will lock and require re-authentication.

Tragic-Event-Related Scams Advisory

Date: 04/03/2018
Threat Level: Medium
Type: Phishing / Malware
Description:
Tragic events such as natural disasters often create a flood of donation requests. Some of these may be fraudulent.

Phish Alert - 'Uregina Webmail Activities'

Date: 04/03/2018
Threat Level: Medium
Type: Phishing
Description:
There is currently an email message circulating that has been received by many users with the subject "Uregina Webmail Activities" and it appears to be from "Uregina Help Desk."

WPA2 Wireless Vulnerability

Date: 04/03/2018
Threat Level: Medium
Type: Wireless Vulnerablity
Description:
A severe vulnerability has been discovered in the Wi-Fi Protected Access II (WPA2) standard utilized in secure wireless networks. Please update your unmanaged devices.

Notice to Current and Potential Suppliers and Vendors

Date: 04/02/2018
Threat Level: High
Type: External Fraudulent Purchase Order Activity
Description:
Supply Management Services at The University of Regina wishes to advise potential vendors and suppliers that an active email ordering scam has been identified.

Multiple External Breached Credentials

Date: 03/07/2018
Threat Level: Low
Type: External Account Breach
Description:
A collection of nearly 3000 database breaches has surfaced on the internet, containing over 200 million usernames and passwords.

External Breached Credentials: 8Tracks

Date: 03/07/2018
Threat Level: Low
Type: External Account Breach
Description:
Music platform 8tracks was breached. If you has a 8tracks account, it is recommended you reset your password.

Secure device to server email connections are required as of Nov. 21, 2017

Date: 03/07/2018
Threat Level: Medium
Type: Configuration
Description:
Secure connections are required for uregina.ca email as of Nov. 21, 2017. You may be required to reconfigure your email client(s).

External Breached Credentials: Edmodo.com

Date: 03/07/2018
Threat Level: Low
Type: External Account Breach
Description:
Education platform provider Edmodo was breached. If you has a Edmodo account, it is recommended you reset your password.

Phish Alert - Online Banking Account, Package Delivery, Email Quota Increase, Fax Notification, Parking Ticket

Date: 03/07/2018
Threat Level: Medium
Type: Phishing
Description:
Phishing attempts are on the rise. A variety of of messages have been seen recently which are designed grab your attention.

Punycode / Homograph Domain Spoofing

Date: 03/07/2018
Threat Level: Medium
Type: Phishing
Description:
Characters from other alphabets can be used to spoof websites, tricking users to enter their account credentials into an untrusted website.

Email Malware Alert - Package Delivery

Date: 03/07/2018
Threat Level: Medium
Type: Malware Risk
Description:
Malware Risk

Malware and Phish Alert - eFax

Date: 03/07/2018
Threat Level: High
Type: Phishing / Malware
Description:
A message attempting to infect recipients with malware has been received with the subject similar to "efax message from 1-613-941-2505 - 1 page(s)".

Phish Alert - 'Unrecognized sign in''

Date: 03/07/2018
Threat Level: Medium
Type: Phishing
Description:
An email attempting to notify you of an access to your account. The notification is false and does not originate from any legitimate source.

Phish Alert - 'You have a new message"

Date: 03/07/2018
Threat Level: Medium
Type: Phishing
Description:
There is currently an email message circulating that has been received by many users with the subject "You have a new message". The message seeks to redirect users to enter their password in a fraudulent portal.

Phish Alert - 'Update Username'

Date: 03/07/2018
Threat Level: Medium
Type: Phishing
Description:
There is currently an email message circulating that has been received by many users with the subject "Update Username" or "Update Emailaddress@uregina.ca". The message seeks to redirect users to enter their password in a fraudulent portal.

Phish Alert - 'University of Regina'

Date: 03/07/2018
Threat Level: Medium
Type: Phishing
Description:
There is currently an email message circulating that has been received by many users with the subject University of Regina" and requests to login to a fraudulent portal for credential theft.

Phish Alert - 'Your account is about to expire"

Date: 03/07/2018
Threat Level: Medium
Type: Phishing Alert
Description:
There is currently an email message circulating with the subject of "Your account is about to expire" and it appears to be from "The Bank of Montreal (BMO)."

LinkedIn Passwords

Date: 03/07/2018
Threat Level: Low
Type: External Account Breach
Description:
Linkedin.com accounts using uregina.ca email addresses have appeared in public forums.

Telephone Scam - Fake IT Support Calls

Date: 03/07/2018
Threat Level: Low
Type: Social Engineering
Description:
This is the short The University of Regina has recently seen an increase in phone scams where the caller pretends to be from IT and says you have a virus on your computer.

Remote Desktop will require VPN as of July 5, 2016.

Date: 03/07/2018
Threat Level: Medium
Type: Remote Access Threat
Description:
The University of Regina, Information Services, will be undertaking changes related to Remote Desktop Protocol (RDP). This change will impact users who access on-campus computers from a location off campus via remote desktop protocol (RDP).