!

Alerts

Phishing Alert: Fake CSSD Maintenance Alert Mimics Pitt Passport Login Page

Friday, March 3, 2017 - 11:56

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to be from CSSD about emergency maintenance scheduled for today. The link directs readers to a harmful site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a fraudulent University address that begins with cssd-maintenance. 

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: Emergency Maintenance Notification from CSSD Office

On Friday, March 3, the Office of CSSD will be performing emergency maintenance beginning at 12:01 AM on the data storage system. During this emergency maintenance the following systems will be affected: Printing Service and PITT Library Catalog. E-mail services will remain available during this maintenance.

Refer to <Link removed> for details on services that are expected to be interupted hence the maintenance.

We apologize for the limited advanced notice and this unavoidable inconvenience. We appreciate your understanding as we perform this critical maintenance to ensure the highest levels of service and reliability.

(Computing Services and Systems Development)

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

WordPress Releases Critical Security Update

Tuesday, March 7, 2017 - 10:01

 

What is the WordPress Security Update?

WordPress is open-source content management software that is used to manage and publish web sites. WordPress has announced a critical security update for all previous versions and strongly encourages all WordPress users to update their sites immediately.

This release addresses multiple security issues. An attacker who successfully exploits these vulnerabilities could take control of an affected Web site. Versions of WordPress 4.7.2 and prior are vulnerable.

What is Pitt doing?

Computing Services and Systems Development will be working with WordPress system administrators to apply the appropriate patch. 

What should I do?

If you administer a Web server that is using a vulnerable version of WordPress, you should update to this new release immediately after ensuring your site data is backed up. Please refer to the reference links below for details.

If you manage a WordPress server in your department and would like assistance determining if it is susceptible, or would like assistance in identifying indications that a compromise has occurred, please contact the Technology Help Desk at 412-624-HELP [4357] or submit a request online.

References:

WordPress Security Release - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/

Apache Releases Critical Security Update

Thursday, March 9, 2017 - 14:48

 

The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. A remote attacker could exploit this vulnerability to take control of an affected system.

Administrators of an affected system are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.32 or Struts 2.5.10.1. Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions about this announcement or need assistance.

March Microsoft Security Bulletins

Tuesday, March 14, 2017 - 16:20

 

Microsoft Corporation has announced nine new critical security vulnerabilities affecting Microsoft Windows, Internet Explorer, Edge, Office, Skype for Business, and Adobe Flash Player. CSSD recommends that users immediately identify and install the security updates necessary to repair these vulnerabilities by using Microsoft's Windows Update feature on their computers as soon as possible.

In addition to installing the Microsoft patches, CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.

Adobe Releases Critical Security Update

Wednesday, March 15, 2017 - 13:32

 

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Shockwave Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Administrators and users of affected systems are encouraged to review the Adobe Security Bulletins APSB17-07 and APSB17-08 and apply the necessary updates. Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions about this announcement or need assistance.

PeopleSoft Extended Maintenance Scheduled for March 18-19

Wednesday, March 15, 2017 - 17:42

 

The Student Information System (PeopleSoft) will be unavailable during an extended maintenance period from approximately 10:00 p.m. Saturday, March 18 through 7:00 a.m. Sunday, March 19. Although an extended maintenance period has been scheduled during these times, the system will be returned to service earlier if work is completed ahead of schedule. This maintenance is necessary to maintain the stability and reliability of the PeopleSoft system. 

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Faculty Information System Maintenance Scheduled for April 1

Wednesday, March 22, 2017 - 09:27

 

The Faculty Information System (Elements) will undergo system maintenance during the standard downtime period on Saturday, April 1, 2017 beginning at 11:00 p.m. Work is expected to be completed by 1 a.m. on Sunday, April 2. The Faculty Information System will be unavailable while maintenance is in progress. The CV and Reports feature (including NIH Biographical Sketch) will not be available until Monday, April 3, 2017 at 8:00 a.m.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement.

Phishing Alert: Account Error Notice Mimics Pitt Passport Login Page

Thursday, March 23, 2017 - 16:48

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims there is an error in your account and that you must resolve the error by clicking on a link. The link directs readers to a harmful site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a fraudulent University address that claims to be from Mailing Services at Pitt.  

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: Important E-mail Notification

Dear Faculty/Staff,

There is an error on your account, we huge you to resolve this error so you can enjoy the new features of your account.

Kindly click on <LINK REMOVED> to resolve this error.

<LINK REMOVED>

NOTE: If this error is not resolved your messages will permanently delete and you may not have access to your mail.

Account Service

University of Pittsburgh

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Network Maintenance to Affect Several Buildings on April 1

Monday, March 27, 2017 - 13:13

 

Scheduled maintenance will affect network service in several buildings during the standard downtime period on Saturday, April 1. Network service will be briefly unavailable at some point between 11:00 p.m. on Saturday, April 1 and 2:00 a.m. on Sunday, April 2 in the following locations: 

Wired Network Service

  • Amos Hall
  • Brackenridge Hall
  • Bruce Hall
  • David Lawrence Hall
  • Holland Hall
  • Litchfield Towers
  • McCormick Hall
  • William Pitt Union

Wired and Wireless Network Service

  • Trees Hall
  • Eureka Building

This maintenance is necessary to enhance the stability and reliability of the network. Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement.