!

Alerts

Phishing Alert: Pitt Quick Authentication Scam

Monday, December 19, 2016 - 16:14

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims you must sign in to your University email address for Quick Authentication. The link in the body of the email message directs the user to a malicious Web page that mimics the University's Pitt Passport login page and attempts to steal the user's credientails. The email scam usually originates from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Authentication Requirements for All PITT Users 

Hello Pitt!!

Sign in your University of Pittsburgh email For Quick Authentication Now!  Click the Link Below  

UPDATE

<link removed>  

Thanks

University of Pittsburgh

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the University's Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Message from PNC Bank Scam

Monday, December 19, 2016 - 16:32

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that the user has a new, important message from PNC Bank. The email bank asks the user to provide credentials in order to provide improved security for their account, and they need to click the link and verify their usernames and credentials. Opening the email link redirects the user to a malicious external site which then attempts to gather usernames and credentials.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important Update About Your PNC Online Baning Details

Fake TIAA page

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics a PNC login page and attempts to gather usernames and credentials.

Fake PNC Vank page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Pitt ITS Services Email Authentication Scam

Thursday, December 22, 2016 - 13:10

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that it is from "ITS Services” and states there is a new message from faculty/staff. The link in the body of the email message directs the user to a malicious Web page that mimics the University's Pitt Passport login page and attempts to steal the user's credentials. The email scam appears to originate from a University email address.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important message from PITT Faculty/Staff 

Dear Employee:

You have new important message from Faculty/Staff.

Click here <link removed> to read

Thank You

University of Pittsburgh




CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Please consider the environment before printing this e-mail.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the University's Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport login page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Network Maintenance to Affect Several Buildings on Jan. 28

Tuesday, January 17, 2017 - 16:08

 

Network equipment will be upgraded during the standard downtime period on Saturday, January 28 beginning at 11:00 p.m. The work is expected to be completed by 2:00 a.m. on Sunday, January 29.

Wired and wireless network service will be briefly affected in the following locations:

  • 130 North Bellefield
  • Webster Hall
  • Network traffic (MPLS) to UPMC

 Wired and wireless network service may also be affected in the following buildings:

  • 128 North Craig St. (Park Plaza)
  • Allegheny Observatory
  • Barco Law Building
  • Biotech Center
  • Bouquet Gardens
  • Bridgeside Point (Cellomics)
  • Bridgeside Point II
  • Duratz Athletics Complex (Southside Athletics)
  • Forbes Tower
  • Frick Fine Arts Building
  • Hillman Cancer Center
  • Hillman Library
  • McGowan Institute
  • Mechanicsburg
  • Mervis Hall
  • Parkvale Building
  • Plum Borough Research Center
  • Posvar Hall
  • Sennott Square

This maintenance is necessary to ensure the continued reliability and stability of the network. Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement.

Phishing Alert: Outlook Mailbox Expiration Scam

Monday, January 23, 2017 - 14:26

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims the recipient's Outlook mailbox will expire unless they reply with their username and password to validate it.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: <None>

Your Outlook Mailbox password will expire soon. you are to send your USERNAME and PASSWORD to our staff helpdesk email at <email address removed> for immediate Validation. You may not be able to send or receive emails if you fail to do this. This message is from Technical Support.

******************************************************************************

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Faculty Information System Update Affects Research Interests

Thursday, January 26, 2017 - 08:33

 

The Faculty Information System will be will be updated during the standard maintenance period on January 28. As part of this update, your Research Interests will move from the Overview section of your profile to the Professional Activities section, where they will be listed as individual records.

You will be able to view, add, and update your Research Interests in their new location. You will also be able to search for colleagues by Research Interest. To do so, click the Menu link, select Explore, and click System Search

The update also includes an enhanced “Favorites” feature. You can mark items in your Profile as favorites to improve their visibility. You can also favorite Research Interests, Publications, Teaching Activities, Professional Activities, and more. Click the red, heart-shaped icon to favorite an item.

Network Maintenance to Affect Several Buildings on Feb. 4

Thursday, January 26, 2017 - 10:40

 

Network equipment will be upgraded during the standard downtime period on Saturday, February 4 beginning at 11:00 p.m. The work is expected to be completed by 5:00 a.m. on Sunday, February 5.

Wired and wireless network service will be briefly affected in the following locations:

  • Barco Law Building
  • Network traffic (MPLS) to UPMC from Sterling Plaza, Baum Blvd., and Schenley

Wired and wireless network service may also be affected in the following buildings:

  • Alumni Hall
  • Amos Hall
  • Bakery Square
  • Bellefield Hall
  • Brackenridge Hall
  • Bruce Hall
  • Clapp Hall
  • Craig Hall
  • Crawford Hall
  • David Lawrence Hall
  • Forbes Craig Apt.
  • Holland Hall
  • Information Sciences Building
  • Langley Hall
  • Lexington Tech Park – Building #1 (North Lexington Ave.)
  • Life Sciences Annex
  • Litchfield Towers
  • McCormick Hall
  • Melwood Ave.
  • Music Building
  • Ruskin Hall
  • Sterling Plaza
  • Steven Foster Memorial
  • The Offices at Baum (Baum Boulevard)
  • Thomas St.
  • University Child Development Center (Clyde Street)
  • William Pitt Union

This maintenance is necessary to ensure the continued reliability and stability of the network. Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement

WordPress Releases Critical Security Update

Friday, January 27, 2017 - 09:26

 

What is the WordPress Security Update?

WordPress is open-source content management software that is used to manage and publish Web sites. WordPress has announced a critical security update for all previous versions and strongly encourages all WordPress users to update their sites immediately.

This release addresses critical cross-site scripting and SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected Web site. Versions of WordPress 4.7.1 and prior are vulnerable.

What is Pitt doing?

Computing Services and Systems Development will be working with WordPress system administrators to apply the appropriate patch. 

What should I do?

If you administer a Web server that is using a vulnerable version of WordPress, you should upgrade to WordPress 4.7.2 immediately after ensuring your site data is backed up. Please refer to the reference links below for details.

If you manage a WordPress server in your department and would like assistance determining if it is susceptible, or would like assistance in identifying indications that a compromise has occurred, please contact the Technology Help Desk at 412-624-HELP [4357] or submit a request online.

References:

WordPress Security Release - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/