Alerts | Information Technology | University of Pittsburgh
!

You are here

Alerts

Phishing Alert: Fraudulent Office 365 Email Termination Scam

Thursday, January 11, 2024 - 17:57

 

Pitt Information Technology is taking action to address a new variation of a phishing scam claiming that your Office 365 email account will be deleted unless you click a link and provide your Pitt credentials.

The Subject line may be similar to these examples:

  • FILL THE FORM TO VERIFY ASAP
  • RESPOND ASAP

The body of the email message may be similar to this example:

*******

Dear Valued User,

We received a request from you to terminate your Office 365 email due to a dual college/universities account. This process has begun by our administrator. If you did not authorize this action and you have no knowledge of it, you are advised to re-verify your account. Please give us 24 hours to terminate your account if you initiated the request. Failure to re-verify will result in the closure of your account and you will lose all of my files on these 365 accounts.

Browse the URL Below into the address bar of your web browser to re-verify and cancel the request

[web address redacted]

©Copyright University of Pittsburgh All rights reserved.

*******

Individuals who interacted with this scam and provided their credentials are required to change their University Computing Account password immediately by searching for “change my password” at My Pitt (my.pitt.edu).

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices. 

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Fraudulent Offer of Free Estate Items

Monday, January 8, 2024 - 10:05

 

Pitt Information Technology is taking action to address a new phishing scam targeting the University community. The scam offers free items from the estate of a former graduate’s father. The scam originates from a “BHM.K12.AL.US” email address and attempts to convince recipients to reply to a private email address to coordinate delivery.

Pitt IT recommends that recipients who replied to the scam block the scammer’s email address and/or phone number and be vigilant about reviewing any messages received at the email address they provided.

The Subject line may be similar to this example:

  • NEW YEAR ANNIVERSARY

The body of the email message may be similar to this example:

*******

Compliments of the seasons to both staff and students, we are pleased to bring to your notice that one of our Old Graduates, Mrs. [name redacted] is graciously giving away her late father's favorite properties to celebrate his one-year Anniversary. Amongst the items available are a neatly used

Apple MacBook Pro

PlayStation 5

Electric Bike(GoCycleG4)

2014 Baby Grand Piano (Yamaha)

Eric Clapton's Martin Guitar

Canon Camera (EOS 800D)

It's important to let you know these gadgets are offered for free, with a dispatch agent available. Mrs. [name redacted] is offering to have them delivered directly to your home, and to facilitate this a dispatching fee is required regardless of the destination. We encourage those interested to reach out to Mrs. [name redacted] via [email address redacted] with your personal email address (NOT SCHOOL EMAIL), as these items are sure to find new homes quickly. Don't miss this opportunity to obtain these remarkable pieces.

*******

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices. 

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Two New Scams Targeting the University Community

Sunday, January 7, 2024 - 13:23

 

Pitt Information Technology is taking action to address two new phishing scams targeting the University community. Both scams originate from a “pitt.edu” email address.

The first scam uses a Subject line similar to “Adm. Asst Role $21.65-$24.35/hr to start + benefits” and includes a message body similar to the following:

*******

Dear Students, Faculty, and Staff, Pittsburgh University!

There is a pressing need for Students, Faculty, and Staff assistants at  Pittsburgh University. This position is available to Students, Faculty, and Staff from any department of the institution, and consideration will be given on a first-come, first-served basis.

Please see attached for an immediate job opportunity.

*******

The second scam uses a Subject line similar to “Incident INC0570580 notification” and includes a message body similar to the following:

*******

This is the last time we will notify you that we will stop processing incoming emails in your school account, and the reason is you failed to verify your Microsoft account which may lead to the permanent deletion of your account from our database in the next few hours. Kindly take a minute to complete our email verification below. If the above links do not work, please copy and paste the following URL into a Web browser:

If you only have one Microsoft Office 365 account, only fill in the only account. and fill " None; Nil; NA " in the rest space

Important Notice- Account disconnection will take place today.

Thank You Microsoft © 2024

*******

Individuals who have responded to the scam and provided their credentials should immediately change their password by searching for “change my password” at My Pitt (my.pitt.edu).

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices. 

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Free Items Offered in Exchange for Shipping Costs

Friday, December 1, 2023 - 10:55

 

Pitt Information Technology is taking action to address a new variation of a phishing scam that claims to offer free items to those who are willing to pay shipping costs. The scam originates from a “students.manateeschools.net” email address and asks recipients to reply with their personal email address to arrange delivery of the items.

The Subject line may be similar to these examples:

  • Christmas Carol Gift!!!
  • Christmas Support
  • Christmas Reward!!
  • Holiday Support
  • FESTIVE REWARD
  • HOLIDAY NOTICE

The body of the email message may be similar to the following example:

**********

As the Christmas period draws closer, we are pleased to bring to your notice that one of our Old Graduate, [name redacted] is currently endowing and generously offering to give away her late father's favorite properties. Amongst the items available are a neatly used

  • Apple MacBook Pro
  • PlayStation 5
  • Canon Camera (EOS 800D)
  • Guitar (Eric Clapton's 1939 Martin OOO-42)
  • Violin
  • 2014 Baby Grand Piano (Yamaha)

It's essential to let you know these gadgets are offered for free, with a dispatch agent available. [Name redacted] is offering to have them delivered directly to your home, and to facilitate this a dispatching fee is required regardless of the destination.

We encourage those interested to reach out to [name redacted] via [email address redacted] with your personal email address (NOT SCHOOL EMAIL), as these items are sure to find new homes quickly. Don't miss this opportunity to obtain these remarkable pieces.

**********

Pitt IT is contacting individuals who received the scam and advising them to block the scammer’s email address and be vigilant about reviewing any messages received at the email address they may have provided to the scammer.

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: New Variation of Fraudulent Pitt Email Termination Scam

Friday, November 17, 2023 - 10:07

Pitt Information Technology is taking action to address a new variation of a recent phishing scam claiming that your Pitt Email will be terminated unless you provide your email address and password.

The Subject line may be similar to this example:

  • URGENTT PITTs ALERTT!

The body of the email message may be similar to this example:

  • PLEASE ATTEND T0 THIS N0W WHILE VALID. CHECK FILE AB0VE F0R DETAILS

Opening the attachment directs recipients to a harmful Google form that attempts to collect their Pitt credentials.

Individuals who have responded to the scam and provided their credentials should immediately change their password by searching for “change my password” at myPitt (my.pitt.edu).

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: New Variations of Fraudulent Pitt Email Termination Scam

Thursday, November 16, 2023 - 17:43

 

Pitt Information Technology is taking action to address new variations of a recent phishing scam claiming that your Pitt Email will be terminated unless you provide your email address and password.

Subject lines include these and similar:

  • NEWS FROM PITT!!!
  • READ IMMEDIATELY!!!! PITT

The body of the email message may be similar to this example:

  • ATTEND T0 THIS N0W! IF Y0U WISH T0 KEEP Y0UR EDU ACC0UNT THEN Y0U NEED T0 0PEN THE FILE N0W!

Individuals who have responded to the scam and provided their credentials should immediately change their password by searching for “change my password” at myPitt (my.pitt.edu).

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: New Variation of Fraudulent Pitt Email Termination Scam

Thursday, October 19, 2023 - 10:58

 

Pitt Information Technology is taking action to address several new variations of a recent phishing scam claiming that your Pitt Email will be terminated unless you provide your email address and password.

Subject lines include these and similar:

  • PITT N0TIFICATI0N!!!
  • N0TICE FROM PITT EDU!

The body of the email message may be similar to these examples:

  • READ NOTICE NOW!
  • SEE NOW WHILE VALID!

Individuals who have responded to the scam and provided their credentials should immediately change their password by searching for “change my password” at myPitt (my.pitt.edu).

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: New Variation of Fraudulent Pitt Email Termination Scam

Monday, October 9, 2023 - 15:49

 

Pitt Information Technology is aware of a new variation of a recent phishing scam claiming that your Pitt Email will be terminated unless you provide your email address and password. The email may use a Subject line similar to “ALERT FROM PITT!” and includes an attachment that links to a Pitt-branded Google form which prompts you to enter your password.

Below is a sample of the scam. Individuals who have responded to the scam and provided their credentials should immediately change their password by searching for “change my password” at myPitt (my.pitt.edu).

***************************************

Subject: ALERT FROM PITT!

READ NOTICE NOW!

THIS PITT FILE ABOVE REQUIRES YOUR ATTENTION IF YOU WISH TO KEEP YOUR PITT EDU EMAIL!

***************************************

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Fraudulent Pitt Account Termination Scam

Friday, October 6, 2023 - 19:43

 

Pitt Information Technology is aware of a new scam claiming that your Pitt account will be terminated unless you provide your email address and password. The email includes an attachment that links to a Pitt-branded Google form which prompts you to enter your password.

Below is a sample of the scam. Pitt IT is contacting individuals who received the scam and advising them to immediately change their password if they provided their credentials.

***************************************

Subject: URGENT PITTS ALERT!

READ THIS URGENTLY!

THE ATTACHED DOCUMENT NEEDS YOUR IMMEDIATE ATTENTION TO AVOID THE TERMINATION OF YOUR EDU ACCOUNT!

***************************************

Guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:           

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Report suspected phishing scams. To report a phishing scam, forward the phishing email as an attachment to phish@pitt.edu. 
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Information Regarding the Critical WebP Vulnerability

Thursday, September 28, 2023 - 20:55

 

UPDATE - Oct. 5, 2023 

Pitt IT recommends individuals use the steps below to update their web browsers to help protect against a critical security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. 

Update Google Chrome

  1. On your computer, open Chrome.
  2. At the top right, click More.
  3. Click Help, then About Google Chrome.
  4. Click Update Google Chrome. 
    Important:
    If this button does not display, you are using the latest version.
  5. Click Relaunch.

Update Firefox

  1. On your computer, open Firefox.
  2. Click the menu button at the right-hand side of the Firefox toolbar, go to Help, and select About Firefox. The About Mozilla Firefox window will open.
  3. Firefox will check for updates automatically. If an update is available, it will download.
  4. When the download is complete, click Restart to update Firefox.

Update Microsoft Edge

  1. On your computer, open Microsoft Edge.
  2. At the top right, click Settings and more.
  3. Click Help and Feedback, then About Microsoft Edge.
  4. If the About page shows Microsoft Edge is up to date, no action is needed. If the About page shows An update is available, then select Download and install to proceed.

Update Brave

  1. On your computer, open Brave.
  2. Click the menu button at the top right-hand corner.
  3. Select About Brave from the list. The app will automatically check for and download the latest available version.
  4. When the update is complete, restart Brave.

Update Safari (Mac Users)

  1. Go to the Apple menu and select System Settings.
  2. Click Software Update.
  3. If there are any updates, click Restart Now to install them. You can also click More info to read about the update.
  4. Once your macOS has updated, Safari will also be up to date.

ORIGINAL POST - Sept. 28, 2023 

Pitt Information Technology is aware of a zero-day, critical security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. The WebP vulnerability can be exploited simply by opening a specially crafted image file. A broad range of applications that utilize the WebP image library are affected.  

Pitt IT is investigating the impact of this vulnerability on the University environment and will provide additional updates and guidance on our WebP vulnerability page. In the meantime, technical details about the vulnerability are available from the following resources: 

Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.