!

Alerts

Resolved: UPMC Firewall Issue Affecting Access to Some UPMC Web sites

Wednesday, June 21, 2017 - 16:30

6:30 a.m., Thursday, June 22

UPMC has resolved the firewall issue that yesterday affected access to some UPMC Web sites for University students, faculty, and staff in several buildings on the Pittsburgh campus.

4:30 p.m., Wednesday, June 21

A recent firewall change made by UPMC is affecting access to some UPMC Web sites for University students, faculty, and staff in several buildings on the Pittsburgh campus. UPMC is aware of the problem and is working to resolve it as quickly as possible. Updates will be posted as they become available.

20 Minute Overnight Outage of Wireless PittNet this Weekend

Wednesday, June 21, 2017 - 14:46

Network maintenance during the standard downtime period on June 24-25 will affect Wireless PittNet service on the Pittsburgh campus. While the maintenance is underway, buildings on the Pittsburgh campus will experience an interruption of up to 20 minutes in Wireless PittNet service between 11:00 p.m. on Saturday, June 24 and 7:00 a.m. on Sunday, June 25.

Wireless service will not be affected in all buildings at the same time. Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions about this announcement.

Phishing Alert: "Update Your Mailbox" Scam Attempts to Collect Username and Password

Sunday, June 18, 2017 - 20:31

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims you have exceeded your email quota and must update your account by clicking on a link. The link directs readers to a harmful Web site that attempts to collect your username and password. The email scam appears to originate from a compromised University email account. 

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: System Administrator

Your mailbox has exceeded the set quota limit by the admin please click here to update your mailbox and avoid being suspended.

Sincerely,
System Administrator.

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics a Webmail login page. 

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

June Microsoft Security Update

Tuesday, June 13, 2017 - 14:54

Microsoft Corporation has announced security updates for June that affect the following software:

  • Internet Explorer

  • Microsoft Edge

  • Microsoft Windows

  • Microsoft Office and Microsoft Office Services and Web Apps

  • Silverlight

  • Skype for Business and Lync

  • Adobe Flash Player

CSSD recommends that users immediately identify and install the security updates necessary to repair these vulnerabilities by using Microsoft's Windows Update feature on their computers as soon as possible. Additional information about the updates is available on Microsoft’s Security TechCenter.

In addition to installing the Microsoft patches, CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: Lab Line Scam Mimics Pitt Passport Login Page

Saturday, June 10, 2017 - 12:58

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to provide a link to the Lab Line service to check the availability of computers in the computing labs. The link actually takes visitors to a harmful Web site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a Gmail email address that begins with helpdesk.pitt.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: Important: Lab Line - Check Availability

Find out which lab has available Windows, Mac, or Linux computers before you get there. There are four easy ways to check:
  1. See the lab status table below.
  2. Visit Pitt Mobile (m.pitt.edu)[link removed]  with your smart phone or mobile device, and select Computing Labs.
  3. Check one of our digital signs in the labs or around campus.
  4. Text a keyword for a specific lab to 41411 (standard text messaging charges will apply). Keywords: ALUMNI, BENE, CLG27, CLG62, DLHALL, HILLM, SUTH. You can also text LABS to 41411 to receive a list of these keywords as a text message. 

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcemen

Data Warehouse Extended Maintenance Scheduled for June 9-10

Monday, June 5, 2017 - 11:36

The University Data Warehouse will be unavailable from 9:00 p.m. on Friday, June 9 through 9:00 p.m. on Saturday, June 10 for system maintenance. Data Warehouse users will be able to view saved reports during the maintenance period but will be unable to run reports with Cognos. Although an extended maintenance period has been scheduled during these times, the system will be returned to service earlier if work is completed ahead of schedule. This maintenance is necessary to maintain the stability and reliability of the University Data Warehouse.

Vendor Maintenance to Affect My Pitt Video Access on June 10

Monday, June 5, 2017 - 09:55

Panopto, the service provider for the University’s My Pitt Video service, will be performing maintenance on Saturday, June 10 outside the University’s standard downtime period. My Pitt Video will be unavailable between 7:00 and 11:00 p.m. on Saturday, June 10 while maintenance is completed. Users of My Pitt Video will not be able to access recordings or upload new videos during the maintenance period.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have questions regarding this announcement.

WordPress Releases Critical Security Update

Monday, May 22, 2017 - 11:19

What is the WordPress Security Update?

WordPress is open-source content management software that is used to manage and publish Web sites. WordPress has announced a critical security update for all previous versions and strongly encourages all WordPress users to update their sites immediately.

This release addresses several vulnerabilities in previous versions of WordPress. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected Web site. Versions of WordPress prior to 4.7.5 are vulnerable.

What is Pitt doing?

Computing Services and Systems Development will be working with WordPress system administrators to apply the appropriate patch. 

What should I do?

If you administer a Web server that is using a vulnerable version of WordPress, you should upgrade to WordPress 4.7.5 immediately after ensuring your site data is backed up. Please refer to the reference links below for details.

If you manage a WordPress server in your department and would like assistance determining if it is susceptible, or would like assistance in identifying indications that a compromise has occurred, please contact the Technology Help Desk at 412-624-HELP [4357] or submit a request online.

References:

WordPress Security Release - https://wordpress.org/news/2017/05/wordpress-4-7-5/