Information Technology Updates

1 day 17 hours ago


A security flaw in libssh leaves thousands of servers at risk of hijacking.

Excerpt: "The vulnerability allows an attacker to bypass authentication procedures and gain access to a server with an SSH connection enabled without having to enter the password. An attacker can do this by sending the SSH server "SSH2_MSG_USERAUTH_SUCCESS" message instead of the "SSH2_MSG_USERAUTH_REQUEST" message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate. Because of a coding error, when libssh receives the "SSH2_MSG_USERAUTH_SUCCESS" message, it will interpret this as the "authentication has already taken place" and will grant the attacker access to the local server."

Source: Catalin Cimpanu, ZDNet Date 

Published: October 17, 2018 

To read the complete article see:  https://www.zdnet.com/article/security-flaw-in-libssh-leaves-thousands-of-servers-at-risk-of-hijacking/
 

3 weeks 2 days ago

Come visit with your UNI Blackboard staff and Blackboard representatives on October 23 in the Maucker Union. There will be sessions on future releases of Blackboard, the new Blackboard Ultra Base and Ultra Course view and a question and answer session with Blackboard staff. Snacks will be provided for the sessions and Blackboard will have some giveaway items. For more information including the schedule, visit the Blackboard Day website. 
 

3 weeks 2 days ago

Does your Blackboard Grade Center seem overwhelming? You can filter Grade Center data in Bb Learn by Grading Period, Category, Grade Status and more, making it easier to find what you need quickly. Submit questions to UNI eLearning Suite support.

3 weeks 2 days ago

UNI will embark on a phishing education venture starting in October and continuing through April. Simulated but realistic phishing messages will be sent periodically to faculty and staff mailboxes by a contracted vendor. Those that respond to these educational messages will receive some quick and specific training on recognizing and avoiding future phishing messages. Tips for dealing with phishing messages in general are available at Phishing

3 weeks 6 days ago

Free credit freezes and year-long fraud alerts are here, starting September 21, 2018, thanks to a new federal law. Here’s what you should know: https://it.uni.edu/free-credit-freezes-are-here

1 month 1 week ago

This morning has brought another round of scam emails that purport to be from President Nook, but that are not using his real UNI address. An example address that was used was "drmarknook‌@gmail.com". Personal messages to you from President Nook will come from his normal UNI address, "Mark.Nook‌@uni.edu". Mass messages will be from a different address, usually "president‌@uni-mail.org".

The initial content of this morning's scam message was very short and cryptic:

Are you available now?

A response to that message went to a human and generated a conversation that ends with a request for you to purchase several iTunes gift cards for which reimbursement will made. This is an outright scam. The criminals aren't after your credentials or identity, they just want your money! Recognize the fake message from the beginning, mark it as spam, and delete it.

1 month 3 weeks ago

Millions of mobile devices from eleven smartphone vendors are vulnerable to attacks carried out using AT commands, a team of security researchers has discovered.

AT (ATtention) commands, or the Hayes command set, is a collection of short-string commands developed in the early 1980s that were designed to be transmitted via phone lines and control modems. Different AT command strings can be merged together to tell a modem to dial, hang up, or change connection parameters.

The story continues at https://www.bleepingcomputer.com/news/security/smartphones-from-11-oems-vulnerable-to-attacks-via-hidden-at-commands/

1 month 3 weeks ago

Back to School: COBALT DICKENS Targets Universities

Despite indictments in March 2018, the Iranian threat group is likely responsible for a large-scale phishing campaign that targeted university credentials using the same spoofing tactics as previous attacks. Continue the story at https://www.secureworks.com/blog/back-to-school-cobalt-dickens-targets-universities

1 month 3 weeks ago

Given our Adobe licenses, there may not be a lot of use of ghostscript on campus, but if you're using it anyway, there are a number of vulnerabilities identified yesterday.  See https://www.kb.cert.org/vuls/id/332928 for details.  From the CERT page:

Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system.

2 months 3 days ago

Welcome to the UNI campus for the start of the fall semester! We hope this upcoming school year is a good one, especially with your use of technology at UNI. If you do encounter problems or have questions, fill out a support request through Service Hub, UNI's IT help system, or contact the IT Service Desk.

If you are on campus this weekend and need assistance, the IT Service Desk is open Saturday (8/18) from 11am to 1pm and again on Sunday (8/19) from Noon until 4pm. Call, stop by, or chat with us online and we would be happy to help.

Go Panthers!

Pages

  • ITTC 36
  • (319) 273-5555
  • Service Hub