Security Vulnerability in MacOS High Sierra
As seen in the news recently, a serious flaw in Apple’s most recent computer operating system (MacOS X High Sierra) allows any person to gain administrative access to the machine without a password. Anyone with physical access to the computer can gain root access simply by typing “root” in the “Users and Groups” section of System Preferences. No password is required. With root access, a malicious person can then operate as an administrator on the computer to download malware, steal any information, add other users, and further compromise the computer. This flaw requires physical access to the computer, but it may also work remotely if Apple Remote Desktop is enabled.
Apple has released a security update that addresses the issue, and it is recommended that all Mac owners with High Sierra (Mac OS X 10.13) install the security update immediately. More details can be found from Apple at https://support.apple.com/en-us/HT208315.
DoIT would also like to remind students, faculty, and staff to secure their devices and be aware of them at all times. Often laptops, cell phones, headphones, bags, and etc. are left unattended in public areas such as the Library, Commons, and classrooms. Even if you are leaving for a few minutes to go to the restroom, that is plenty of time for someone to steal your belongings, or compromise your devices. UMBC police have received reports of laptops stolen while the owner’s back was turned to talk to a friend. You as an individual are the number one source in keeping yourself and your devices safe from cyber attacks, as well as helping keep our campus safe. If you become aware of any malicious activity or have any questions, please report it to firstname.lastname@example.org.
October is National Cyber Security Awareness Month!! A student led initiative called “Be the Key” is geared towards raising cybersecurity awareness across campus. The weekly themes for this month include:
- Cyber Security: the U, the I, and the Y” How does cyber security affect my life?
- Hook, line and sinker: Phishing and Social Engineering
- Am I Oversharing? Securing your device and your online presence
- Fake News: Spotting and Combatting misinformation on the web
Follow Be the Key on the myUMBC website (or click the tab to your left) for the latest updates on tabling events, interesting articles, and free giveaways!
DoIT is Monitoring and Addressing Meltdown and SpectreAs many of you have likely seen in the news, two new vulnerabilities have recently been announced. The vulnerabilities have been named Spectre and Meltdown. These vulnerabilities are related...Posted: January 5, 2018 11:43 PM
Once you wire the money to the thief, it's gone.We have received multiple complaints about people receiving fraudulent job offer emails from con-artists. In some of the job offers, the con-artist offers to pay $200 for completing testing and...Posted: August 5, 2016 11:20 PM
Benefits include one time login, security, and availabilityEduroam is a global Wi-Fi network that provides encrypted traffic for any device you use and features a one time setup process that can be used on any campus that supports eduroam, not just UMBC....Posted: May 5, 2016 2:29 PM
A few days ago a critical vulnerability was announced within Adobe Flash Player that allows a machine to become infected with ransomware through a web browser. Ransomware is a type of malicious...Posted: April 14, 2016 9:29 AM
Attacks are Becoming More Targeted. What should people do?Phishing attacks have been a problem for many years. Typically, hackers have sent messages asking members of our community to click on a link or reply to an email message with a password. Their...Posted: March 23, 2016 2:56 PM
Notification by DoIT Student Worker Was a MistakeTo The UMBC Campus Community, Recently a DoIT student employee contacted members of the campus that they may have a number of files on their computers containing personally identifiable...Posted: September 10, 2015 7:18 PM
Identity Finder is being installed to help reduce our risk.In an effort to try and detect confidential data on university-owned systems and reduce the risk that UMBC will be the source of a data breach, UMBC has worked with the university system to...Posted: June 9, 2015 10:01 AM
How to Identify and Report Phishing Messages.UMBC has recently been the target of an increasing number of phishing messages. These phishing messages appear to come from the UMBC Division of Information Technology or another university...Posted: April 28, 2015 10:08 PM
Allows for complete control of a system with no credentialsEarlier this week a critical security flaw in the gethostbyname() function of glibc in Linux was exposed. This effects many major linux distributions including Redhat 5 and Redhat 6 Enterprise....Posted: January 31, 2015 10:59 AM
Over the weekend of May17-18, DoIT will be copying files found on our Active Directory (AD) servers that have sensitive information in them and encrypting those files and storing them in a...Posted: May 16, 2014 9:50 AM