Information Security Updates

At the end of November 2022 LastPass reported that they had become aware of a security incident. The University was made aware of the situation and is actively monitoring information from LastPass. We have not been informed of any actions required by users of LastPass at this time and are not aware of any reason to stop using the service.

At the tail end of last year there were reports of a series of "credential stuffing" attacks against LastPass accounts globally. A large number of users received emails stating that their username and password had been utilised and the access shut down due to security concerns.

There has been an increase in phishing emails recently which ask staff to enter personal details to access voicemail or to reset their system or library accounts. The ISG technical teams are working to stop these emails being delivered, but some are still reaching inboxes. Please remember that the University will never send you an email asking for your date of birth, National Insurance number or any other personal details to access any University service.

There are a series of malicious emails targetting academia stating that users are due a refund from Her Majesty's Revenue and Customs (HMRC).

It has come to our attention through a number of student complaints that some students have received emails from a company called uniyearbook asking recipients to register for the ‘Edinburgh 2020/21 yearbook”, utilising University of Edinburgh accounts to do so.

I hope you are all looking forward to the holidays as much as we are. At Information Security, while we very much enjoy the break, we are always reminded of the threats that come up at this time every year.

Seminar 2 is now here and with it a new set of Information Security training sessions, including the new "How Hackers hack".