!

Alerts and Notifications

December Microsoft Security Bulletins

Tuesday, December 13, 2016 - 16:24

 

Microsoft Corporation has announced six new critical security vulnerabilities affecting Microsoft Windows, Microsoft Internet Explorer, Microsoft Edge, Microsoft Office, and Adobe Flash Player. CSSD recommends that users immediately identify and install the security updates necessary to repair these vulnerabilities by using Microsoft's Windows Update feature on their computers as soon as possible.

In addition to installing the Microsoft patches, CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Pitt Quick Authentication Scam

Monday, December 19, 2016 - 16:14

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims you must sign in to your University email address for Quick Authentication. The link in the body of the email message directs the user to a malicious Web page that mimics the University's Pitt Passport login page and attempts to steal the user's credientails. The email scam usually originates from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Authentication Requirements for All PITT Users 

Hello Pitt!!

Sign in your University of Pittsburgh email For Quick Authentication Now!  Click the Link Below  

UPDATE

<link removed>  

Thanks

University of Pittsburgh

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the University's Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Message from PNC Bank Scam

Monday, December 19, 2016 - 16:32

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that the user has a new, important message from PNC Bank. The email bank asks the user to provide credentials in order to provide improved security for their account, and they need to click the link and verify their usernames and credentials. Opening the email link redirects the user to a malicious external site which then attempts to gather usernames and credentials.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important Update About Your PNC Online Baning Details

Fake TIAA page

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics a PNC login page and attempts to gather usernames and credentials.

Fake PNC Vank page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Pitt ITS Services Email Authentication Scam

Thursday, December 22, 2016 - 13:10

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that it is from "ITS Services” and states there is a new message from faculty/staff. The link in the body of the email message directs the user to a malicious Web page that mimics the University's Pitt Passport login page and attempts to steal the user's credentials. The email scam appears to originate from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important message from PITT Faculty/Staff 

Dear Employee:

You have new important message from Faculty/Staff.

Click here <link removed> to read

Thank You

University of Pittsburgh




CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Please consider the environment before printing this e-mail.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the University's Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

WordPress Releases Critical Security Update

Friday, January 27, 2017 - 09:26

 

What is the WordPress Security Update?

WordPress is open-source content management software that is used to manage and publish Web sites. WordPress has announced a critical security update for all previous versions and strongly encourages all WordPress users to update their sites immediately.

This release addresses critical cross-site scripting and SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected Web site. Versions of WordPress 4.7.1 and prior are vulnerable.

What is Pitt doing?

Computing Services and Systems Development will be working with WordPress system administrators to apply the appropriate patch. 

What should I do?

If you administer a Web server that is using a vulnerable version of WordPress, you should upgrade to WordPress 4.7.2 immediately after ensuring your site data is backed up. Please refer to the reference links below for details.

If you manage a WordPress server in your department and would like assistance determining if it is susceptible, or would like assistance in identifying indications that a compromise has occurred, please contact the Technology Help Desk at 412-624-HELP [4357] or submit a request online.

References:

WordPress Security Release - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

Vendor Maintenance Affects Some Software Downloads on Feb. 7

Monday, February 6, 2017 - 14:09

 

Kivuto, the service provider for pitt.onthehub.com, will be performing maintenance on Tuesday, February 7 outside the University’s standard downtime period. Access to download software through pitt.onthehub.com, including Microsoft software for personal purchase by faculty and staff, will be unavailable between 7:00 and 9:00 a.m. during the maintenance period.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have questions regarding this announcement.

Phishing Alert: "IT Desk" Scam

Wednesday, August 31, 2016 - 13:43

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims your email account will be removed due to "congestion" unless you click a link to confirm it. The link directs readers to a harmful Web page that attempts to collect their username and password. The email scam usually originates from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: IT Desk

Maintenance Unit,

Due to congestion in all accounts,there shall be a removal

exercise of all used and unused Email

Accounts. IT DESK Inc would be shutting down several accounts.You will

have to confirm your Email Account. So you are required to

log on to your Online Email Account Details with the provided link below.

<LINK REMOVED>

Thank you for your co-operation

© 2016 All rights reserved.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that attempts to collect your username and password.

IT Desk scam

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: PNC Bank Account Validation Scam

Thursday, January 5, 2017 - 12:56

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims the recipient's PNC bank account has been placed on hold. The message states the recipient must click a link to log in within five days or their account will be suspended. Clicking the link redirects the user to a malicious Web site that attempts to gather their username and password.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: New Message from PNC Online Banking

Greetings from PNC Customer service,

We were unable to validate important details about your PNC account.
Your account has been placed on hold pending additional verification.

You will not be able to log in to your account, if you do not respond within 5 days of this email your account will be
suspended and you will no longer be able to access PNC services.

To avoid suspension, follow the instruction on the link below.


Sign in to Online Banking <link removed>

PNC Bank
----------------------------------
© 2017 The PNC Financial Services Group, Inc. All rights reserved.

 

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics a PNC login page and attempts to gather usernames and credentials.

PNC phishing scam

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: New Email Scam Mimics Pitt Passport Login

Wednesday, January 4, 2017 - 14:08

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims authentication requirements are needed for all users. The email asks readers to login to their Pitt email and then click a link for quick authentication. The link directs readers to a harmful site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: Authentication Requirements for All PITT Users

 Hello Pitt!!

  Sign in your University of Pittsburgh email For Quick Authentication Now!  Click the Link Below

 <Link Removed>

 Thanks 

University of Pittsburgh

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.