On November 14, Adobe released patches to fix numerous security flaws, including serious issues with Adobe Flash and Reader. These vulnerabilities affect Mac, PC and Chrome OS. In order to protect against these and future vulnerabilities, you should make sure that automatic updates are set: https://helpx.adobe.com/flash-player/kb/flash-player-background-updates.html and remember to restart your browser on a regular […]
A security researcher has disclosed a SQL injection vulnerability in WordPress 4.8.2, so any WordPress installs should be updated to 4.8.3 asap. This is particularly important for groups which run their own version(s) of WordPress, which is an extremely common target for attackers. If you support web servers where clients perform their own WP installs, […]
VMware has issued a critical security alert for VMware ESXi (ESXi) VMware vCenter Server VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) regarding a number of issues. The most important is an out-of-bounds write vulnerability in VMware’s products allows guests to break out of their isolation. This means a malicious actor who […]
Most critical to combating this strain of malware is to patch your Windows machine to the most current level. Refer to: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 or http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212 to find the appropriate patch level for your operating system. This is especially important if you are running a version of Windows which is no longer supported, like XP or Windows […]
Beware of Emails Saying Someone Wants to Share a Google Doc with You A phishing attack has been deployed at many universities (and possibly beyond) that use Google. You may see a message purporting to share a Google Doc with you that comes from someone you know. It shows you a button to click. DO […]
For Staff, Faculty and Students running personal or departmental installations of WordPress: If you have not already done so, it is critical that you upgrade to WordPress version 4.7.2, which was released on 1/26/17. This upgrade fixes a bug (in the REST API) allowing hackers to bypass authentication systems and edit the titles and content […]
Following last week’s announcement of iOS critical vulnerabilities and their patches, Apple has issued similar patches for OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6. See details on the vulnerabilities in our last post and below for links to the updates and more details. More info here: https://support.apple.com/en-us/HT207130 https://www.grahamcluley.com/2016/09/mac-users-vulnerable-state-sponsored-trident-attack-fixed-ios-week-patch/