On January 10, the United States Computer Emergency Readiness Team (US-CERT) released an advisory that Java 7 Update 10 contains “a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.” Java is a programming language and is part of the underlying technology that drives many of today’s computer programs, including WVU enterprise systems. WVU users may continue to use Java version 6, which does not have this vulnerability.
Scammers can exploit this vulnerability to gain unauthorized access to personal data through spam and phishing email. Alex Jalso, director of information security services and interim director of project management, suggests, “If you receive a suspicious email containing unknown links in the body of the message, do not click on the link, do not reply, and forward the message as an attachment to firstname.lastname@example.org. After that, delete the email from your inbox.”