Alerts | Page 2 | Information Technology | University of Pittsburgh
!

You are here

Alerts

Information Regarding the Critical WebP Vulnerability

Thursday, September 28, 2023 - 20:55

 

UPDATE - Oct. 5, 2023 

Pitt IT recommends individuals use the steps below to update their web browsers to help protect against a critical security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. 

Update Google Chrome

  1. On your computer, open Chrome.
  2. At the top right, click More.
  3. Click Help, then About Google Chrome.
  4. Click Update Google Chrome. 
    Important:
    If this button does not display, you are using the latest version.
  5. Click Relaunch.

Update Firefox

  1. On your computer, open Firefox.
  2. Click the menu button at the right-hand side of the Firefox toolbar, go to Help, and select About Firefox. The About Mozilla Firefox window will open.
  3. Firefox will check for updates automatically. If an update is available, it will download.
  4. When the download is complete, click Restart to update Firefox.

Update Microsoft Edge

  1. On your computer, open Microsoft Edge.
  2. At the top right, click Settings and more.
  3. Click Help and Feedback, then About Microsoft Edge.
  4. If the About page shows Microsoft Edge is up to date, no action is needed. If the About page shows An update is available, then select Download and install to proceed.

Update Brave

  1. On your computer, open Brave.
  2. Click the menu button at the top right-hand corner.
  3. Select About Brave from the list. The app will automatically check for and download the latest available version.
  4. When the update is complete, restart Brave.

Update Safari (Mac Users)

  1. Go to the Apple menu and select System Settings.
  2. Click Software Update.
  3. If there are any updates, click Restart Now to install them. You can also click More info to read about the update.
  4. Once your macOS has updated, Safari will also be up to date.

ORIGINAL POST - Sept. 28, 2023 

Pitt Information Technology is aware of a zero-day, critical security vulnerability (CVE-2023-4863) involving a widely used image format known as WebP. The WebP vulnerability can be exploited simply by opening a specially crafted image file. A broad range of applications that utilize the WebP image library are affected.  

Pitt IT is investigating the impact of this vulnerability on the University environment and will provide additional updates and guidance on our WebP vulnerability page. In the meantime, technical details about the vulnerability are available from the following resources: 

Please contact the Technology Help Desk at 412-624-HELP (4357) if you have any questions regarding this announcement.

Student Information System Unavailable Sept. 28 - Oct. 1; URLs Changing

Thursday, August 31, 2023 - 16:54

 

PeopleSoft and PeopleSoft/Highpoint Campus Experience (CX) will be unavailable during an extended upgrade scheduled for improved operational efficiency of the Student Information System from 10 p.m. on Thursday, Sept. 28, through 11 p.m. on Sunday, Oct. 1. PittPAY and Parchment (eTranscript Ordering) will also be unavailable during the upgrade. The Learning Management System (Canvas) will remain available.

Please note that the URL address for PeopleSoft will change. If you are a PeopleSoft user or support PeopleSoft users in your department, please take note of the following:

Note: PeopleSoft and PeopleSoft/Highpoint Campus Experience (CX) data used for the Data Warehouse will be refreshed on Sept. 28 and available for use but will not be updated during this downtime. Therefore, users should wait until Oct. 2 when the upgrade is complete to access the most current data.

Should an issue occur, information will be posted to status.pitt.edu. The systems will be returned to service earlier if work is completed ahead of schedule. 

This upgrade for improved operational efficiency of the Student Information System was scheduled in consultation with the Office of Admissions & Financial Aid and Office of the University Registrar. Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Improvements to Virtual Student Computing Lab

Thursday, August 24, 2023 - 13:35

 

The Pitt IT Virtual Student Computing Lab — used for accessing lab software and resources remotely, as well as in physical Pitt IT Student Computing Lab locations on campus — has been improved with a persistent user profile. This feature loads personalized settings, application preferences, and data associated with the user’s account for a consistent and personalized computing experience every time they log in. Regardless of where or how they access the Virtual Student Computing Lab, students will experience faster log-in times, reduced time for OneDrive synchronization, and saved application settings across sessions.

No additional steps are required. The profile is created when a user logs in to the Virtual Student Computing Lab for the first time and remains for the duration of each semester.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Fraudulent Bitcoin Survey Job Scam

Monday, August 14, 2023 - 17:08

 

Pitt Information Technology is aware of a new scam advertising a fraudulent job conducting Bitcoin ATM surveys. The scam, which may appear to originate from a Pitt email address, asks recipients to apply with an alternative email address that is different from their school address.

Below is a sample of the scam. Pitt IT is contacting individuals who received the scam and advising them to block the scammer’s email address and be vigilant about reviewing any messages received at the email address they may have provided to the scammer.

***************************************

VOLUNTEER SURVEY POSITION

BITCOIN SURVEY:

COINBASE (A secure platform that makes it easy to buy, sell, and store cryptocurrency like Bitcoin, Ethereum)  seeks INDIVIDUALS who can VISIT at least “one” BITCOIN ATM every week for a survey.

$350 paid upon every task performed, with a maximum of 3 tasks per week. No specific time required as long as work is completed in a timely manner.

More Information:

To apply for this position, kindly contact Thomas Scott at [email address redacted], the HR representative and make sure you apply with your alternative email address, NOT your Work/School email to fasten your application processing.

***************************************

The University Career Center provides detailed guidance for Identifying and Avoiding Fraudulent Jobs and Scams on its website. Additional guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Phishing Alert: Fraudulent Job Scam Advertises Remote Opportunity

Monday, August 7, 2023 - 15:00

 

Pitt Information Technology is aware of a new phishing scam advertising a fraudulent employment opportunity. The scam advertises a fictitious job as a remote regional director. The message may use “Remote Opportunity” as its subject.

The following is a sample of the scam. If you have already responded to this scam, Pitt IT recommends that you block the scammer’s email address and/or phone number and be vigilant about reviewing any messages received at the email address you provided.

******************************************************************************

Subject: Remote Opportunity

Would you like to be Batchwood Furniture Regional Director in your region and earn $1,000 weekly?

******************************************************************************

The University Career Center provides detailed guidance for Identifying and Avoiding Fraudulent Jobs and Scams on its website. Additional guidance for spotting phishing scams is available on Pitt IT’s website. Keep in mind these key points:

  • Only approve multifactor authentication (Duo) requests that you have initiated. Duo is designed to prevent unauthorized access to your information and University data, but it requires constant vigilance. Never tap “Approve” if you receive a Duo authentication request that you were not expecting. Uninitiated authentication requests may be an attacker attempting to compromise your Pitt account. The only safe Duo authentication request you will receive is one you request when logging in to University services.
  • Do not reply to unsolicited emails or emails from unverifiable sources. If you were not expecting to receive such an email, confirm with the sender prior to interacting with the message. If you must interact with the message, avoid clicking on links contained in such emails. These may lead to sites that contain malicious software, or sites that attempt to steal your credentials. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.
  • Be extra cautious if you automatically forward your University email. Automatically forwarding your University email to a non-University address (for example, gmail.com, hotmail.com, or upmc.edu) circumvents some of the security measures Pitt IT puts in place to protect you against phishing scams.
  • Stay safe when scanning QR codes. Never scan a QR code from an unknown or untrustworthy source. When you do scan a QR code, be sure to use a scanner app that provides a preview of the destination so that you can review the URL and decide if it is safe. If you scan a QR code and the site is unrelated to what you scanned or requires a login, close out of your browser immediately.
  • Install an antivirus solution for personal devices. Staff and faculty should be using Microsoft Defender to protect University-owned devices.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.

Reminder: Continue Planning for End of Windows Server 2012 Support

Thursday, August 3, 2023 - 10:16

 

Pitt Information Technology strongly encourages departments that use hardware running Windows Server 2012 and Windows Server 2012 R2 to continue developing a migration plan in preparation for Microsoft’s end of support. If your servers are hosted at the University Data Center, contact the Technology Help Desk now so that we can discuss solutions and schedule your migration. Once these servers are no longer supported, they will stop receiving security updates and become increasingly vulnerable to hackers, malware, and viruses.

Step 1: Determine Application Compatibility

If you have not yet done so, begin by reviewing use cases for your Windows Server 2012 and Windows Server 2012 R2 hardware. Reach out to vendors of any currently hosted third-party applications to determine operating system compatibility.

Step 2: Contact Pitt IT for Servers Hosted at the Data Center

If your servers are hosted at the University Data Center, Pitt IT can perform an in-place upgrade, rebuild a server, or move you from a physical to a virtual environment. We will discuss your specific needs, help select the right solution, then seamlessly migrate and decommission your previous server.

Step 3: Consider Enterprise Services

Consider whether migrating to one of Pitt IT’s enterprise storage and hosting services may be a better fit for your needs than a server: 

  • Microsoft OneDrive may be an excellent secure and no-cost option for simple storage needs.
  • Enterprise storage is an affordable, scalable solution that combines the control of an on-premises file server and the convenience of a cloud-based service.
  • Enterprise cloud storage provides secure, reliable, and flexible cloud storage that can be tailored to meet your needs.
  • Managed server hosting is an option if you anticipate a continued need for Windows Server. It monitors servers around the clock, performs all backups, and manages operating system upgrades.

Please refer to Pitt IT’s Data Risk Classification and Compliance guidance to help ensure your data is stored securely.

Start Migrating Soon

As previously announced, Microsoft ends support on Oct. 10, 2023. To ensure you have adequate time, please determine the best approach for your unit, and then move quickly to implement your plan.

Pitt IT is available to provide support and assistance. Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have questions about using enterprise services or if you currently use enterprise services and are ready to schedule a migration.

Simplified Pitt Guest Wi-Fi Service Available Aug. 7

Wednesday, August 2, 2023 - 15:39

 

University visitors can take advantage of simpler, faster access to Pitt Guest Wi-Fi from all Pitt campuses beginning on Monday, Aug. 7. To access guest Wi-Fi, visitors simply connect to the network named “Pitt Guest Wi-Fi,” review the Terms of Use page, and click Accept. No password, certificate installation, or Pitt-affiliated sponsor is required.

Pitt Guest Wi-Fi provides general internet access to alumni, parents, and other visitors on official University business. Pitt students, faculty, and staff should continue to use PittNet Wi-Fi, which provides authenticated access to select services as well as enhanced speed and performance. 

Visit Pitt IT’s website to view detailed Pitt Guest Wi-Fi instructions and compare available guest Wi-Fi options. Note that visitors who configured their devices for Anyroam, Pitt’s previous guest Wi-Fi service, may continue to use it after Aug. 7.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have questions about this announcement. 

Changes to University Computing Account Activation Coming Aug. 1

Thursday, July 27, 2023 - 12:13

 

On Tuesday, Aug. 1, an upgrade will be released to improve the Self-Service Account Activation process used by Pitt applicants, students, and employees for setting up their University Computing Account. A University Computing Account is the key to accessing technology resources at the University — including email, PittNet Wi-Fi and wired networks, computing labs, and Pitt Worx.

Starting on Aug. 1, account activation steps for Pitt applicants, students, and employees will be:

  1. A message that contains a link to begin the activation process will be sent to the email address used on the student’s or employee’s application.
  2. The link will instruct recipients to enter their first name, last name, and date of birth to initiate account activation.
  3. Once submitted, they will receive an email or text message with a confirmation code, then enter the code to complete their account activation process.     

Information and instructions will also be available on the account activation page and Technology website.

Please contact the Technology Help Desk at +1-412 624-HELP (4357) if you have any questions about this announcement.

Panopto Creators Using Mac PCs Should Upgrade Recorder by July 20

Wednesday, July 5, 2023 - 10:17

 

On Thursday, July 20, Panopto — the vendor behind Pitt’s Lecture Capture system — will require all Panopto for Mac recording software run version 13.0.0 or higher. Earlier desktop versions will no longer be supported by the vendor and recording content will not be uploaded. Please note that use of this version also requires at least macOS 11.

To utilize new features and improvements, as well as continue uninterrupted access to Panopto, all Panopto for Mac creators should install the most recent desktop client by July 20. You can learn more about the upgrade on Panopto’s support page.

For help updating macOS, please visit Apple support or contact the Technology Help Desk at +1-412-624-HELP (4357).

Improvements Coming to PantherExpress Software Store July 1

Thursday, June 15, 2023 - 14:32

 

On July 1, the Pitt IT Software Store in PantherExpress — used for departmental software purchases — will be upgraded with improvements to software searching and purchasing. Pitt Information Technology will contact purchasers in your department who use the Pitt IT Software Store about the following enhancements that are designed to improve and streamline their user experience. 

Immediate Downloads Through Software.Pitt.Edu 

  • Purchasers save time and effort with a new bulk-upload feature to enter up to 150 usernames per order. 
  • Users now have full self-service to download Pitt IT Software Store purchases from a single location containing all software titles: software.pitt.edu. 
  • Faster software availability for users that takes less than an hour to complete after an order is placed. 

Note: Software is only available to the usernames provided at the time of purchase. For assistance gathering username information, use find.pitt.edu or contact the Technology Help Desk

New License Renewal Features 

  • The new Software Store provides purchasers with order histories and a convenient “reorder” option to place renewals. 
  • Beginning January 2024, purchasers will receive automatic renewal notices from the store three months before software licenses expire. 

Note: Any users whose license is not renewed will automatically have their access removed on the software’s expiration date; no further action is needed. 

Enhanced Shopping Navigation 

  • A revised and streamlined product catalog, as well as new search and filtering options make it easier for purchasers to find what they are looking for. 
  • With the exception of VMware, it is no longer necessary to choose between licenses and renewals! 

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.