Archive for the ‘Security’ Category

  We want to alert you to a new level of phishing attack that is currently being launched against Boston University and several other institutions across the country. This attack exploits some Duo multifactor authentication options. Please review this advisory carefully. The attacks will typically begin as an email with a generic subject, such as…

*See below for updates as of 1/3/2022, 3:00 pm A critical vulnerability has been discovered in log4j that is actively being exploited. This is an issue both for systems and web administrators on campus, including those who support products with a web interface, as well as requiring the attention of those that manage relationships with…

Apple has released an emergency security update to address a vulnerability in which spyware could be installed on an iPhone or other Apple device without ever having to click on a malicious link. The security patch was released on Monday September 13th, 2021 and a current activities alert (which provides up-to-date information about high-impact types…

Boston University not affected by SolarWinds compromise: You may have heard on about recent exposures in SolarWinds that have impacted numerous federal agencies such as the U.S. Department of the Treasury and Departments of Homeland Security, State, Defense and Commerce. While several universities have reportedly been impacted, Boston University discontinued use of SolarWinds in 2018…

Phishing continues to be a risk and as COVID-19 continues to impact the United States phishers are taking full advantage of the current climate. The FCC and FBI have warned of a pandemic-related surge in phishing emails and phishing websites. These campaigns prey directly on virus-related opportunities and fears. Here at BU, phishing remains our…

A phishing email scam is currently being spread across many colleges and universities. In this email, the sender claims to have your password and details how they have infected your computer and collected information on your personal computing use (emails, web activity, instant messages). The sender then asks for a ransom payment in the form…

IS&T is happy to announce we will be hosting a “Spring Cleaning” shredding event. Similar to the event we host each October, you will be able to bring bulk amounts of paper to be shredded at the dates and locations below. Sustainability@BU will also be on hand to receive recyclable materials (batteries, toner, electronics, lightbulbs, etc). This…

Mac OS 10.13 (High Sierra) Vulnerability A security flaw has been detected in Mac Operating Systems 10.13 (High Sierra) or greater.  This vulnerability allows anyone to login to a Mac device and gain full administrative access by typing in the username “root” with no password.  More details can be found in the links provided below….

IS&T is happy to announce we will be hosting a “Spring Cleaning” shredding event. Similar to the event we host each October, you will be able to bring bulk amounts of paper to be shredded at the dates and locations below. The Sustainability Office will also be on hand to receive recyclable materials. (batteries, toner,…

It has been a busy month for security vulnerabilities.  We’d like to take a moment to call three of them to your attention to make sure you are addressing them. The first two relate to OpenSSL and what you may have heard referred to as the DROWN attack. The last, slightly older, vulnerability is in…