!

Alerts

Update-Vendor Issue Not Currently Affecting University Calls

Tuesday, November 22, 2016 - 12:15

 

12:15 p.m., Tuesday, November 22, 2016

The vendor issue that impacted University telephone service yesterday is not currently affecting the University’s phone system. Calls to and from external phone numbers are functioning normally at this time. We are continuing to monitor the situation, and the cause of the issue is still actively being investigated. If you experience a reoccurrence of this issue, please contact the Technology Help Desk at 412-624-HELP [4357] to report it.  

11:55 a.m., Monday, November 21, 2016

Outbound calls from University phones to external numbers are now available. An issue affecting Windstream, one of the University’s telephone service providers, continues to affect inbound calls to the University. The vendor is continuing to work to resolve the problem.

10:13 a.m., Monday, November 21, 2016

A vendor issue is intermittently affecting calls to and from external telephone numbers. Internal calls (for example, calls from one campus extension to another) are not affected. The vendor is aware of the issue and is working to restore service as quickly as possible. Updates will be posted as they become available.

Reminder: Beware of telephone phishing scams

Monday, November 14, 2016 - 08:46

 

Remember to be vigilant for telephone phishing scams that attempt to trick you into divulging sensitive personal data. These scams may take the form of an automated message claiming that a lawsuit has been filed against you, a call claiming to provide technology support, or even calls claiming to be from the FBI to discuss student loans or dues, delinquent taxes, or overdue parking tickets.

CSSD strongly recommends that you do not reply to unsolicited phone calls or emails from unverifiable sources. More information about phishing is available at our Web site at http://technology.pitt.edu/security/phishing-awareness. Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

November Microsoft Security Bulletins

Tuesday, November 8, 2016 - 16:30
Microsoft Corporation has announced six new critical security vulnerabilities affecting Microsoft Windows, Internet Explorer, Microsoft Edge, and Adobe Flash Player. CSSD recommends that users immediately identify and install the security updates necessary to repair these vulnerabilities by using Microsoft's Windows Update feature on their computers as soon as possible.

In addition to installing the Microsoft patches, CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.

Phishing Alert: PITT Faculty/Staff Message Scam

Friday, October 28, 2016 - 15:19

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims that the user has a new, important message from Pitt faculty/staff. The message contains a link to a malicious Web page. The email scam appears to originate from the University.

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

******************************************************************************

Subject: Important Message from PITT Faculty/Staff

Dear Employee:

You have new important message from Faculty/Staff.

Thank You

Click here (link removed) to read

Information Technology Services(ITS)

University of Pittsburgh

 

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Please consider the environment before printing this e-mail.

******************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page and attempts to collect your username and password.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

March Microsoft Security Bulletins

Tuesday, March 14, 2017 - 16:20

 

Microsoft Corporation has announced nine new critical security vulnerabilities affecting Microsoft Windows, Internet Explorer, Edge, Office, Skype for Business, and Adobe Flash Player. CSSD recommends that users immediately identify and install the security updates necessary to repair these vulnerabilities by using Microsoft's Windows Update feature on their computers as soon as possible.

In addition to installing the Microsoft patches, CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412 624-HELP [4357] if you have any questions regarding this announcement.

Apache Releases Critical Security Update

Thursday, March 9, 2017 - 14:48

 

The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. Apache Struts 2 is an open-source web application framework for developing Java EE web applications. A remote attacker could exploit this vulnerability to take control of an affected system.

Administrators of an affected system are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.32 or Struts 2.5.10.1. Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions about this announcement or need assistance.

WordPress Releases Critical Security Update

Tuesday, March 7, 2017 - 10:01

 

What is the WordPress Security Update?

WordPress is open-source content management software that is used to manage and publish web sites. WordPress has announced a critical security update for all previous versions and strongly encourages all WordPress users to update their sites immediately.

This release addresses multiple security issues. An attacker who successfully exploits these vulnerabilities could take control of an affected Web site. Versions of WordPress 4.7.2 and prior are vulnerable.

What is Pitt doing?

Computing Services and Systems Development will be working with WordPress system administrators to apply the appropriate patch. 

What should I do?

If you administer a Web server that is using a vulnerable version of WordPress, you should update to this new release immediately after ensuring your site data is backed up. Please refer to the reference links below for details.

If you manage a WordPress server in your department and would like assistance determining if it is susceptible, or would like assistance in identifying indications that a compromise has occurred, please contact the Technology Help Desk at 412-624-HELP [4357] or submit a request online.

References:

WordPress Security Release - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/

Phishing Alert: Fake CSSD Maintenance Alert Mimics Pitt Passport Login Page

Friday, March 3, 2017 - 11:56

 

Computing Services and Systems Development (CSSD) is responding to a new email phishing scam that claims to be from CSSD about emergency maintenance scheduled for today. The link directs readers to a harmful site that mimics the Pitt Passport login page and attempts to collect their username and password. The email scam appears to originate from a fraudulent University address that begins with cssd-maintenance. 

The following is a sample of the recent fraudulent email. If you receive this message (or any message similar to it), please report it as a phishing scam by forwarding the email message as an attachment to phish@pitt.edu. Detailed instructions on reporting scams are available at http://technology.pitt.edu/phishingscams.

*************************************************************************************

Subject: Emergency Maintenance Notification from CSSD Office

On Friday, March 3, the Office of CSSD will be performing emergency maintenance beginning at 12:01 AM on the data storage system. During this emergency maintenance the following systems will be affected: Printing Service and PITT Library Catalog. E-mail services will remain available during this maintenance.

Refer to <Link removed> for details on services that are expected to be interupted hence the maintenance.

We apologize for the limited advanced notice and this unavoidable inconvenience. We appreciate your understanding as we perform this critical maintenance to ensure the highest levels of service and reliability.

(Computing Services and Systems Development)

 *************************************************************************************

The link in the phishing email directs readers to a malicious Web page (shown below) that mimics the Pitt Passport login page. Remember that the real Pitt Passport login page always begins with https://passport.pitt.edu in the address bar.

Fake Pitt Passport page

CSSD strongly recommends that you do not reply to unsolicited emails or emails from unverifiable sources. Avoid clicking on links contained in such emails, as these may lead to sites that contain harmful software. If a link looks suspicious, you can hover over the link with your mouse to preview the URL without clicking on it.

In addition, CSSD recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers Malwarebytes Premium for individuals and departments at no cost. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.

Please contact the Technology Help Desk at 412-624-HELP [4357] if you have any questions regarding this announcement.

Outlook Public Folders Move to Office 365 Email on March 4

Thursday, March 2, 2017 - 14:04

 

The University began upgrading all faculty and staff to Office 365 Email in fall 2016. Almost all faculty and staff mailboxes have now been upgraded. The final step in the process involves moving Outlook public folders to Office 365 Email. This move will occur during the standard downtime period on Saturday, March 4.

Beginning at 11:00 p.m. on March 4, access to public folders will be unavailable for a few hours while they are being moved. Access to your My Pitt Email will not be affected.

After public folders have been moved, you will see a pop-up notification in your Microsoft Outlook email client. The notification will indicate a change has been made and prompt you to restart Outlook. Please restart Outlook. You may need to restart Outlook twice if the pop-up notification appears a second time.  

For additional details about the move, please refer to our Outlook Public Folders Migration page. Contact the Technology Help Desk at 412-624-HELP [4357] or technology.pitt.edu at any time if you have questions or need assistance.