Archive for the ‘Security’ Category

In February, Microsoft released a patch for a critical vulnerability in Word, SharePoint, Office 365, and Office for Mac that could allow remote code execution. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now. IMPACT The vulnerability CVE-2023-21716 is of low complexity and…

IS&T is aware that LastPass, a commonly used password manager, has had a breach of security. This breach does not directly expose passwords that have been stored in the product, but LastPass has provided some recommended remediations in their customer notification: https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ We encourage members of our community who use the product to review the…

Apple has released emergency security updates to fix vulnerabilities exploited by attackers in an effort to hack iPhones, iPads, or Macs. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now. IMPACT   The two vulnerabilities (CVE-2022-32894 & CVE-2022-32893) are the same for all three…

There is a significant flaw in Chrome (CVE-2022-1096) that was announced on Friday, March 25th and has since been featured in the news. This one has received attention because there is an exploit available for it amid higher global tensions. The bug is also in shared code that is used in Microsoft Edge, which may…

  We want to alert you to a new level of phishing attack that is currently being launched against Boston University and several other institutions across the country. This attack exploits some Duo multifactor authentication options. Please review this advisory carefully. The attacks will typically begin as an email with a generic subject, such as…

*See below for updates as of 1/3/2022, 3:00 pm A critical vulnerability has been discovered in log4j that is actively being exploited. This is an issue both for systems and web administrators on campus, including those who support products with a web interface, as well as requiring the attention of those that manage relationships with…

Apple has released an emergency security update to address a vulnerability in which spyware could be installed on an iPhone or other Apple device without ever having to click on a malicious link. The security patch was released on Monday September 13th, 2021 and a current activities alert (which provides up-to-date information about high-impact types…

Boston University not affected by SolarWinds compromise: You may have heard on about recent exposures in SolarWinds that have impacted numerous federal agencies such as the U.S. Department of the Treasury and Departments of Homeland Security, State, Defense and Commerce. While several universities have reportedly been impacted, Boston University discontinued use of SolarWinds in 2018…

Phishing continues to be a risk and as COVID-19 continues to impact the United States phishers are taking full advantage of the current climate. The FCC and FBI have warned of a pandemic-related surge in phishing emails and phishing websites. These campaigns prey directly on virus-related opportunities and fears. Here at BU, phishing remains our…

A phishing email scam is currently being spread across many colleges and universities. In this email, the sender claims to have your password and details how they have infected your computer and collected information on your personal computing use (emails, web activity, instant messages). The sender then asks for a ransom payment in the form…