On December 9, 2021, a vulnerability in the popular Java logging library Log4j—used by developers of web and server applications around the world—was discovered and made public. The zero-day vulnerability allows for code to be run remotely by sending a malicious code string, allowing a hacker to take control. Published the next day in the National Vulnerability Database as CVE-2021-44228, it is already being exploited in the wild across Windows, Linux, macOS and devices. Teams across the internet are working to patch enterprise systems and web apps to protect against these critical zero-day exploits. Even games like Minecraft can be impacted, leading Microsoft to post instructions on how players of the Java version can patch their systems. Of course, our Security Team is aware of the issue and reviewing SMU systems to determine impact. Continue reading Log4Shell Vulnerability Impacts Systems Across the Internet
Tag: Security Alert
Adobe Creative Cloud Security Breach Affects 7 Million
We’d like to make you aware of a recent report of a security breach that occurred on one of Adobe’s Creative Cloud servers.
Security researchers recently found a publicly available server that was not password protected that contained some customer information. Adobe has responded to this report by securing the server in question and providing more information as to what was exposed. The information revealed was as follows: Continue reading Adobe Creative Cloud Security Breach Affects 7 Million
Critical Security Alert: Meltdown and Spectre Vulnerability
On January 3rd, something remarkable happened: the New York Times, CNN, and Fox News all ran front-page stories about a computer security vulnerability. The vulnerabilities, called Meltdown and Spectre, aren’t like other recent virus outbreaks and that’s part of why they are getting so much attention. These issues represent flaws in the way computer processors have been designed for the last twenty years. Continue reading Critical Security Alert: Meltdown and Spectre Vulnerability
Security Holes in iOS 9 Patched with Update
Apple just released the iOS 9.3.3 update, the final version for iOS 9 before the new iOS 10 this fall. For this reason, Apple allowed for extra testing time taking over two months with five separate betas to ensure the OS is as secure and stable as possible. With this update, Apple patches security holes in iOS 9‘s Calendar, CoreGraphics, FaceTime, and Safari apps. Each of these fixes addresses the ability for hackers to run unauthorized code or expose private information. Continue reading Security Holes in iOS 9 Patched with Update
Security Alert: Windows 10 Upgrade Scam
Microsoft is in the process of releasing their new Windows 10 Operating System. The software will be available to download free of charge.
Please read carefully!
There are several scams circulating around this new release. The scammers are pretending to be Microsoft Tech Support and are contacting individuals via phone, email or browser pop-up windows that appear to be legitimate but actually contain malware.
Please do not click on any popup add claiming to be from Microsoft about your Windows 10 upgrade.
OIT is in the process of reviewing the Windows 10 Operating System and ensuring that University applications will continue to function properly with this new OS. More details regarding the upgrade process will be communicated in the Fall.
Here is the legitimate link on Microsoft’s web site about Windows 10: http://www.microsoft.com/en-us/windows/windows-10-upgrade