Skip to main content Skip to navigation

Malwarebytes Now Available for WSU Faculty, Staff

Anti-malware/virus software Malwarebytes is now available for all WSU faculty and staff devices. A few benefits of using Malwarebytes software:

  • Manage your endpoint security in the Malwarebytes Nebula Dashboard
  • Create your own scan policies and schedules
  • Remote remediation

If your area would like to take advantage of this endpoint security tool or would like more information, please contact Crimson Service Desk to get the conversation started.

What is Malwarebytes?

Malwarebytes is an anti-malware software for Microsoft Windows, macOS, Android, and iOS that finds and removes malware. Made by Malwarebytes Corporation, it was first released in January 2006 (Wikipedia). Antivirus software is still recommended as the first line of defense (real-time) against incoming threats. However, Malwarebytes is used to detect and remove malware and spyware that may escape your antivirus software.

Changes to WSU email and Outlook

A few months ago WSU started sending out notices about security changes to our email going into effect August 4. Like many of our critical online tools, they are beefing up the security and running our email through the OKTA/MFA authentification. This is supposed to deter all those email hackers from gaining access to our email accounts. However, for this to work, we all have to be running a compatible version of Outlook to access our email.

Many of you have been receiving reminder notices that you currently are not up to date with how you access your email account. I know that has been frustrating. You have the up to date version of Outlook on your computer, but you’re still getting these. Why? Probably because this isn’t the only way you access your email. WSU can tell how you access your email. The system can “see” what type of computer or device and the software used to access your email account. So, if you are using an Apple Mail on an iPhone, they will know and send you the notification that you need to get Outlook to continue accessing your email. If you are a Mac user using Apple Mail, you will also get the notifications.

The options you have for accessing your WSU email include:

  • Using Outlook from Office365 on your computer
  • Using the Outlook App on your iPhone, iPad, or Android device
  • Using the online version of Outlook through office365.wsu.edu

If you deleted the ITS Notification that has their explanations and instructions, I’ve pasted the contents below. (FYI when they refer to “clients” they mean software or Apps)

Office 365 and Outlook Email Using MFA

On Aug. 4, Information Technology Services (ITS) will begin requiring Multi-Factor Authentication (MFA) for Office 365 applications, including Outlook email, for all WSU users.

As an individual who is not using a current version of Outlook email software, we ask that you complete some preparatory changes to your email application to be MFA-ready.

Why is ITS making this change?

This change is critical to improved email security, protecting WSU data, and reducing the number of phishing and malicious emails, particularly in response to increasing information security risk associated with malicious actors who increased effort during COVID-19.

Why does this matter to me?

If any of the following applies to you, your email is not ready for MFA, and you need to follow the instructions listed below:

If you use:

        • Outlook 2013, 2010, or 2007 to access your email, or
        • A client like Thunderbird or any other IMAP or POP client to access your email, or
        • Mac Mail or Calendar apps, or
        • Mobile email application other than Outlook on iOS or Outlook on Android, or
        • You set up email on your mobile device prior to May 11, 2020, or
        • You have another email provider setup to download emails from WSU

You must do one or more of the following prior to MFA implementation, to access your email application after Aug. 4:

        • Upgrade your email client to the most recent version of Outlook.
        • Upgrade your mobile email client to the most recent version of Outlook.
        • Switch to using Outlook for your WSU email.
        • Ensure you can login to Okta using MFA

What clients can I use for Okta and Multi-Factor Authentication?

The below list of email clients are the only clients that will be supported by ITS for Multi-Factor Authentication with Office 365.

        • Windows: Outlook 2019 or 2016
        • Mac: Outlook 2019 or 2016 for Mac
        • Mobile Device: Outlook App for iOS and Android
        • Web browsers: Outlook on the Web (office365.wsu.edu) using an up to date web browser

When will this change take effect?

MFA authentication will be enabled for all faculty, staff, and students using Office 365 email on Aug. 4, 2020. All prior forms of basic authentication will also be disabled at this time.

Zoom 5 and Security Improvements

Zoom has released Zoom 5 and it comes with support for AES 256-bit GCM encryption. TO find out more about what that’s all about, read the blog here:  https://blog.zoom.us/wordpress/2020/04/27/its-here-5-things-to-know-about-zoom-5-0/.

What this means to you is that by the end of the month (May) you and all of your attendees must be using this version (or newer) to be in any WSU ZOOM hosted meeting. The good news is that the updated version is now available for ALL devices (Windows, Mac, iOS, and Android). If you don’t know what version of Zoom you have, you can visit Zoom’s help page here:  https://support.zoom.us/hc/en-us/articles/201362393-Viewing-the-Zoom-version-number.

If you have not updated to version 5 by the end of the month, you will be prompted to update when you try to join a meeting. If you are already late joining, this will delay you even more, so wait to update! To check for updates yourself, open the Zoom app, and check on your profile icon. You should see Check for Updates in the list (see figure).

Additional Zoom resource: https://blog.zoom.us/wordpress/2020/04/27/its-here-5-things-to-know-about-zoom-5-0/ 

 

MFA-Office365 mail changes

Update: The Office 365 preparatory maintenance changes originally scheduled for Monday, May 11 (as described in the email that ITS sent out on April 27) has been rescheduled for Thursday, May 14. This is likely due to the issues they ran into with Outlook (read more on the Outlook issues).

Central IT has informed us that they are making additional changes to the Multi-Factor Authentification (MFA) that will affect how you access your WSU email accounts. Here is the information they sent out to the systems managers list. Review the list at the end to see if you will be impacted.

MFA Changes Ahead

On August 4, 2020, Information Technology Services (ITS) will change our current authentication method when signing in to Office 365, as part of the MFA reschedule. As of that date, access to Office 365 will require Okta authentication which will include multi-factor authentication (MFA).

Users will be receiving a notification on Monday, April 27, alerting them to the new MFA implementation schedule. You (IT support people) may begin receiving some questions regarding this notification. It is valid, and we ask that you (me) assist them or route them to the Crimson Service Desk.

Why is Campus ITS making this change?

The change is being made to improve email security and protect WSU data. Some legacy authentication methods are generally not compatible with MFA, or om some cases do not support MFA at all.

What does this mean for customers?

If any of the following applies to your customers, they will be impacted by this change in some manner:

If they use:

  • Outlook 2013/2010/2007 to access their email, or
  • A  client like Thunderbird or any other IMAP or POP client to access their email, or
  • Mobile email applications other than Outlook on iOS, Outlook on Android, or
  • Your customers set up email on their mobile device prior to May 11, 2020, or
  • They have an application or service configured to use a protocol that will be disabled (i.e. IMAP, EWS, etc.), or
  • They have an application or service that requires basic authentication and does not support authentication with Okta, or
  • They have an application or service that does not support MFA with Okta.

IT News & Updates 2-5-2020

It’s been a while since I’ve sent out a general update on TFREC IT. The good news is that there haven’t been any major issues. But there are a few things to mention.

TFREC public website – If you haven’t visited our Center’s website recently, you should check it out. I have started posting special events on our calendar. These events are ones that are open to the public and are of interest to people here at the Center. If you have events you would like posted, let me know. Here’s the link: http://tfrec.cahnrs.wsu.edu

TFREC admin website updates – Do to all the confusion with Okta, MFA, and account setup in general, I’ve added a new page on the admin site which should help. You can check it out here: http://tfrec.cahnrs.wsu.edu/admin/okta/. I’ve also added information about getting set up in Office 365 and installing the software on the IT & Phone Resources page: http://tfrec.cahnrs.wsu.edu/admin/computer-resources/#office365.

Windows login banner – Those of you who have WSU network-integrated Windows computers should now be seeing the new Windows security banner whenever you log into your computers. The banner requires you to accept the WSU computer user agreement before logging in. If you don’t see this banner, then your computer has not been integrated (migrated) into the WSU network. The obvious “con” to being integrated is having to deal with the user agreement each time you log in. But the “pro” is supposed to be an enhanced and smoother user experience.

Ricoh printer – The printer has been experiencing connectivity issues again. Sometimes when you try to print you will get the message that it is offline or unavailable. Because this is a transitory condition, it has been very difficult to diagnose. I will keep working with CIT to try to make things work.

CAHNRS IT (CIT) site visit – They have not given us a firm date for their return to Wenatchee, but have indicated that it should be the end of this month. At that time, they hope to migrate Windows computers that they didn’t get to during their last visit. If you have any computers to be migrated or other problems you would like addressed during their visit, let me know so I can make sure it’s on their worklist.

Lobby Slideshow – If you haven’t watched it recently (since the last faculty meeting) check it out. Nearly all of the Center’s programs are up. If there is anything you would like to see on the slideshow or catch any errors, let me know. Slideshow PDF (Link also on Admin home page under quick links.)

That’s it from IT!

Browser tips

Many of the problems people run into browsing the internet can be solved by clearing your cache (browser history) frequently. Here are tips from the Crimson Service Desk regarding browser use.

“WSU only recommends using Chrome or FireFox. They also recommend clearing your cache once a week. It is not uncommon for browsers to be the source of logon issues, and need to be completely reset, due to a corrupt webpage getting stuck in the browser.”

Here are instructions for clearing the cache for most browsers.

Chrome
  1. Ctrl+H will pull up the History information
  2. Push the “Clear browsing data” button
  3. Select the time frame “All time”
  4. Push “CLEAR DATA” and wait for it to complete
  5. Restart Chrome
FireFox-FF (Mozilla)
  1. Click on the three horizontal lines in the upper right hand corner of the browser window
  2. Click on Options
  3. Select Privacy and Security
  4. Under the History section click on “Clear History” or “clear your recent history”
  5. Time range to clear: Everything
  6. Tip down the “Details” drop down menu and make sure that the following options are checked:
    – Browsing and Download History
    – Form and Search History
    – Cookies
    – Cache
    – Active Logins
  7. Clear Now
  8. Close all browser windows, then re-start the browser
Internet Explorer-IE (Microsoft)
  1. Select “Tools” (gear icon), then select “safety”, followed by “delete browsing history”
  2. Check Boxes -> Cookies, Temporary Internet Files, History
  3. UnCheck -> (“Preserve Favorites”)
  4. Delete
  5. Close all browser windows, then re-start the browser
Safari
  1. Launch Safari.
  2. Click the History tab, in the top menu.
  3. Select “Clear History…”
  4. Choose the time range “all history”.
  5. Click “Clear History.” Done.
Microsoft Edge
  1. Ctrl+Shift+Del
  2. Check the boxes for:
    -Browsing history
    -Cookies and saved website data
    -Cached data and files
    -The remaining options do not need to be checked
  3. Select the “Clear” button

Optional: By turning “Always clear this when I close the browser” it will not be necessary to manually clear the browser cache.

How to enable javascript in your browser settings

Many of you are having problems accessing the SkillSoft training content. This is because their material uses code that is normally blocked by your browser by default. That means to be able to do your required training, you will need to make changes to your settings. I’ve posted a page with instructions for several of the most commonly used browsers. The page can be found here: http://tfrec.cahnrs.wsu.edu/admin/enabling-javascript-and-cookies/.

IT News & Updates: Okta password expiration notices

I’ve got two items related to Okta:

  1. The majority of WSU students and personnel have activated their Okta accounts. At this point, the only ones that have not are people that were gone for an extended period of time and are just now returning. This includes students that are just now returning or any employees that may have a lapse in their time at WSU who are just now returning. If you fall into one of these categories (or you know someone that does and are having problems with their WSU email) contact the Crimson Service Desk at crimsonservicedesk@wsu.eduor call 509-335-4357.
  2. For the rest of you who already went through the Okta activation and resetting of your account password, you will receive a notice two weeks prior to the expiration of your password. Passwords are good for a 6-month period. I just got my expiration notice. You will need to follow the instructions in the notice to avoid being locked out of your account. Here’s what the expiration notification looks like: Updated image

Okta password expiration notice.

 

IT News & Updates 7/26/19

WSU ITS was busy while I was on vacation (no I don’t feel guilty!). So today’s blog article covers the two biggest items of note: changes to ProofPoint and ITS Service Center Launch. But first, a word about phishing looking emails.

Phishy emails

WSU IT Security would really like it if no WSU emails contained live links. But the reality is that nobody likes getting an email telling them to go to a webpage and giving them a plain text address that they have to copy and paste into their browser. Or worse, they give you the name of the website and you have to figure out the address if you don’t have it bookmarked.  All the WSU newsletters contain live links. Even WSU IT violates their policy on occasion – think back to those OKTA account activation invitations. Even their support tickets have a live link label “here” for commenting back on the open ticket.
Phishing emails tend to be very short and direct with only a sentence or two. They briefly say who they are and what you must do. Often they contain words like “Urgent”, “Important”, “Action Required”, etc. And they give a live link. Some phishing emails can be a bit more elaborate where they have copied a recognizable email template, but the base content is similar. For examples see my Phishing Gallery.

How to avoid confusion in an email you send out. Try to avoid the very quick one-two sentence email with a link. That will generally scare people. Try to at least give a quick description of where you are sending people and what they will find there. Just telling people to go to “this link” will likely result in the email being deleted or forwarded to abuse@wsu.edu.

ITS Customer Service Center Launch

In the last WSU Insider newsletter, there was an article about the launching of the new customer service center portal for IT support (computer, data, network, software licenses, and phones).  I checked with Bill Bonner at CAHNRS IT and asked if that was for all campus use or if we are still to use the CAHNRS IT support ticket system. He said that anything related to CAHNRS would be reassigned to CIT, so we should keep submitting tickets directly to them. Possible exceptions would be for ZOOM, Skype, and software licenses. So for now at least, keep sending tickets to cit.support@wsu.edu or enter a ticket online at their portal at support.it.cahnrs.wsu.edu. Either way, you will receive a return email when the request is received, when assigned to a technician, and whenever they have questions or answers for you. You can also view the status of your tickets at their portal. For those “other” issues, go to CrimsonServiceDesk.wsu.edu.

ProofPoint – what’s that weird email I just got and what do I do with it?

Figure 1. ProofPoint digest email list. (click to enlarge)

ProofPoint is the email security software that campus uses to filter all email. it does two things. First, it searches all inbound emails for links to detect known threats and to add a security encryption tot he URL to (hopefully) prevent you from getting a malicious link. Second, it looks at the sender’s address to determine if it comes from a known spammer. Recently, our ProofPoint software was updated and reconfigured to filter more traffic. Up until today, I rarely saw an email from ProofPoint alerting me to quarantined emails. Today, however, I was pleasantly surprised that instead of opening my inbox full of dozens of new consumer emails (anyone I’ve ever done retail business with or who purchased my address from someone else), I received a single email from ProofPoint with a list of flagged emails (Fig. 1).

So what do you do with this? When you receive a ProofPoint digest email there are several things you can do. First, you can ignore it if you don’t want to deal with or view any of the listed emails. But if you wish to safely review any of the emails to see if its something you want to keep receiving or have it permanently filtered (marked as spam) you can click on one of the Action links. “Release” means that you want that particular email to be delivered to your inbox. Clicking release does not update the spam learning engine, so next time they send something, it will be flagged as spam. “Release and Allow Sender” means that you want to receive this and future emails from this sender. Clicking this will Whitelist (allow) the sender. “Not Spam” means that this was wrongly flagged and should be delivered. Click on this indicates that there was an error and that this is not spam and that similar emails should not be blocked. For example, if they blocked an email from a business associate outside WSU (like another institution or non-retail business) and you click “Not Spam”, all email from that domain will be reanalyzed and whitelisted. One odd quirk of the system though is that clicking “Not Spam” does not automatically release the email to your inbox. You will need to click release to receive it. If you are unsure about one of the emails listed, you can click on an email’s subject and your account will open online and allow you to review the contents. More on that later.
The other thing you can do with this email is to request a list of your blocked/safe senders, click to manage your account, or request a new digest email. By requesting the lists will allow you to review who you have blocked or allowed. Clicking on “request a new digest” will send you an updated digest without the emails you released and possibly add any new emails. Possibly the most useful button is “Manage My Account”. this will take you online where you will have access to your settings, lists, and quarantine folder.

Figure 2. ProofPoint online quarantine box. (click to enlarge)

ProofPoint online. Wheather you click on Manage My Account or on an email subject, your account will open online. Figure 2 shows my online quarantine box with a review panel showing a select email. If an email contains a lot of images, such as a store flyer, That content will not be shown. To review an email from your list, click on the envelope icon. When you decide to what to do with that email, click on the small box before the letter icon to select the email and click on the desired action at the top of the page. You can also do a bulk action by clicking to select several emails prior to clicking on the action. However, the “Not Spam” action must be done individually and not as a bulk action. If you don’t want to decide yet on how to classify the email, you can just hit Delete to clear it from the quarantine box. If you do nothing with any email (or all) they will eventually delete after a few days. You can also select Delete All from the Options action menu.
Once you are online, you can review your save/blocked list or review your profile settings, and view the quarantine folder.

Items currently being quarantined. Since they reset the system preferences, there are some things that should not be quarantined. These include items that are mailed out via mailing service, such as MailChimp. Here are a few that were on my list. I have since reported them as Not Spam, but it wouldn’t hurt for more people to click that so the system learns faster.

  • On Solid Ground
  • Good Fruit Grower eflash
  • Tree Fruit News (Fruit Matters)
  • Voice of the Vine

 

IT News & Updates 7/12/19

It’s been a busy week for WSU IT. They’ve been working on a variety of items – many that directly affected us. These included the new WSU Zoom rollout, updates for Zoom Apps and plugins, myWSU maintenance, and long distance issues. In addition to these, there have also been several reports of spam/phishing voicemail and emails which I’ll start off with.

Fake Single Inbox Messaging Emails

What is Single Inbox Messaging? When our new phone system was set up, phone users had the option of having voicemail messages forwarded to their email. This is called Single Inbox Messaging (SIM) because all of your WSU “messages” go to one mailbox – your email inbox. The voicemail is sent to you as an attached audio file that when clicked, plays on your computer or cell phone music App. Once you’ve opened the audio file, the system turns off the new message light on your phone. SIM can be very handy if you are away from the office and don’t want to call your phone to see if you have messages. But recently, people have been getting messages from the Cisco unity connection messaging system even though they don’t have this feature set up, or in one case, don’t even have a WSU office phone.

I contacted campus IT security to find out what these are and why we’re getting them. They basically said that they are coming from outside the WSU system and are spoofing the emails you would normally get from the system and attach a wav file with whatever robo-message you would have heard had it come via a phone call. I missed a call on my office phone that went to voicemail which then came to my email inbox. It was a robocall about some pending legal action and I needed to contact them immediately at the number they gave (or be taken into custody by the local magistrate!). Interestingly, it was Identical to the message received via email that the person without a WSU phone received. So basically, it is another scammer that is using a 2-pronged approach: calling your phone and sending a fake email masquerading as a Cisco voicemail.

Since these are being generated outside the WSU network and there is no identifiable carrier, there is nothing WSU IT security can do to stop them. It is safe to listen to the messages, just don’t act on it, i.e., don’t call them back and give them personal information. If you don’t have SIM set up on your WSU phone, feel free to just delete the message.

Does this mean they have access to your account? No, they just have a list of numbers or email addresses (or they are autogenerated) and are automatically calling/sending, hoping someone will fall for the scam.
Side note: One thing I learned from the campus IT security guy is that whenever you get a scam call on your cell phone and you hit a button to not accept or silence the call, the call sender interprets that as a “positive” contact, meaning its a real number and someone is at that number. This pretty much guarantees that they will call again.

Proofpoint Spam Policy Update

Good news: if you’re getting a lot of spam to your WSU email, things might be getting better. ITS is updating the settings to Proofpoint, the spam filtering service for WSU email, to increase the detection of spam and unwanted emails. This is scheduled to happen late on July 22.

WSU Zoom

As of Tuesday, July 9, we are all on the WSU Zoom system – even if you didn’t previously signup for an account. In fact, if you try to sign into Zoom using a WSU email address, it will automatically send you to the WSU portal to sign in. When you get to the sign-in window you have to select “sign-in with SSO”. It will take you through the WSU authentication (OKTA unified sign-in). Your account login information does not go back to Zoom; It stays behind the OKTA firewall.

What happened to my personal Zoom account? If you had a personal Zoom or Zoom Pro account that was tied to your (or your project) WSU email, it will no longer work. That account needs to be switched over and you should receive a refund for your remaining contract time. You should have received an email from WSU identifying such accounts and telling you how to make the conversion. If you didn’t get the email or didn’t act on it, you will see a notice on the WSU Zoom login page with instructions on who to contact to get your account fixed. Click here to see a copy of the letter sent June 21st. If you need help converting your account contact crimsonservicedesk@wsu.edu.

There is a plugin for Outlook (both Mac & Windows) that allows you to set up a meeting in WSU Zoom. There is also a desktop App for both systems. The desktop App will allow you to customize your account. (One feature I like is the ability to set a virtual background so they can’t see my messy office! You can even upload your own background image.) Go to the Getting Started link below to download the necessary components.
Helpful Resources There was a training session on June 25 walking you through the new system. Its a bit long (50min), but if you are new to this, I highly recommend taking the time. The link to the recorded session is here: https://success.zoom.us/recording/…. But if you don’t have the time or patience to sit through this, you can visit Getting Started on Windows and Mac. WSU’s video conferencing overview page is located here: https://its.wsu.edu/wsu-video-conferencing-services/. This page gives an overview of the video conferencing system and has some links including  Getting Started that goes to a page with links to various Zoom related topics. It also has the link to the recorded training session and download links. Crimson Services Desk also has a Self Help for Video Conferencing page that has links for the most common questions people have setting up and using Zoom (also has Skype for Business help items, in case you are still using that).

Zoom Client Security Updates

Mac: For those of you who are “zooming” with a Mac, there is a security issue with local web server functionality that has just been fixed with an updated release. So if you are using Zoom on a Mac, you should update the client by going here: https://support.zoom.us/hc/en-us/articles/201361963-New-Updates-for-Mac-OS (released July 9). if you downloaded the Mac Zoom App after July 9, you should be fine.

Windows:  The Zoom add-in for Outlook is still experiencing issues with SSO. Windows users will be unable to use it until the next Zoom patch, expected either this weekend or next. Please note this is different from the Outlook plugin, which works fine for all users types.
Instructions for downloading and installing the plugin can be found in our ITS KB here: https://confluence.esg.wsu.edu/display/KB/Zoom+-+Missing+the+Zoom+Plug-In+for+Outlook (this was taken straight out of the systems managers list email).

myWSU

Starting tonight and throughout Saturday, several update events are scheduled to take place. Access to myWSU may be available but users occasionally may get directed to the myWSU planned maintenance page displaying the commonly used links to most of the resources found within myWSU. Access will be back to normal by the end of each maintenance event. The final event should end at 10pm Saturday night.

WSU Long Distance Phone Service

The Pullman long distance server had to undergo emergency maintenance to regain functionality. This work was successfully completed with minimal impact to users.