Skip to Main Content

What’s New

Security Vulnerability in MacOS High Sierra

As seen in the news recently, a serious flaw in Apple’s most recent computer operating system (MacOS X High Sierra) allows any person to gain administrative access to the machine without a password. Anyone with physical access to the computer can gain root access simply by typing “root” in the “Users and Groups” section of System Preferences. No password is required.  With root access, a malicious person can then operate as an administrator on the computer to download malware, steal any information, add other users, and further compromise the computer. This flaw requires physical access to the computer, but it may also work remotely if Apple Remote Desktop is enabled.

Apple has released a security update that addresses the issue, and it is recommended that all Mac owners with High Sierra (Mac OS X 10.13) install the security update immediately.  More details can be found from Apple at https://support.apple.com/en-us/HT208315.

DoIT would also like to remind students, faculty, and staff to secure their devices and be aware of them at all times. Often laptops, cell phones, headphones, bags, and etc. are left unattended in public areas such as the Library, Commons, and classrooms. Even if you are leaving for a few minutes to go to the restroom, that is plenty of time for someone to steal your belongings, or compromise your devices. UMBC police have received reports of laptops stolen while the owner’s back was turned to talk to a friend. You as an individual are the number one source in keeping yourself and your devices safe from cyber attacks, as well as helping keep our campus safe. If you become aware of any malicious activity or have any questions, please report it to security@umbc.edu.

 

October is National Cyber Security Awareness Month!! A student led initiative called “Be the Key” is geared towards raising cybersecurity awareness across campus. The weekly themes for this month include:

  • Cyber Security: the U, the I, and the Y” How does cyber security affect my life?  
  • Hook, line and sinker: Phishing and Social Engineering
  • Am I Oversharing? Securing your device and your online presence
  • Fake News: Spotting and Combatting misinformation on the web

Follow Be the Key on the myUMBC website (or click the tab to your left) for the latest updates on tabling events, interesting articles, and free giveaways!

  • Meltdown and Spectre

    DoIT is Monitoring and Addressing Meltdown and Spectre
    As many of you have likely seen in the news, two new vulnerabilities have recently been announced.  The vulnerabilities have been named Spectre and Meltdown.  These vulnerabilities are related...
    Posted: January 5, 2018 11:43 PM
  • Email Survey / Mystery Shopper Scams

    Once you wire the money to the thief, it's gone.
    We have received multiple complaints about people receiving fraudulent job offer emails from con-artists.  In some of the job offers, the con-artist offers to pay $200 for completing testing and...
    Posted: August 5, 2016 11:20 PM
  • Why You Should Be Using Eduroam

    Benefits include one time login, security, and availability
    Eduroam is a global Wi-Fi network that provides encrypted traffic for any device you use and features a one time setup process that can be used on any campus that supports eduroam, not just UMBC....
    Posted: May 5, 2016 2:29 PM
  • Critical Vulnerability in Adobe Flash Affects Most Machines

    A few days ago a critical vulnerability was announced within Adobe Flash Player that allows a machine to become infected with ransomware through a web browser. Ransomware is a type of malicious...
    Posted: April 14, 2016 9:29 AM
  • Phishing: Don’t Be Our Weak Link

    Attacks are Becoming More Targeted. What should people do?
    Phishing attacks have been a problem for many years.  Typically, hackers have sent messages asking members of our community to click on a link or reply to an email message with a password.  Their...
    Posted: March 23, 2016 2:56 PM
  • Review of DoIT Communications

    Notification by DoIT Student Worker Was a Mistake
    To The UMBC Campus Community, Recently a DoIT student employee contacted members of the campus that they may have a number of files on their computers containing personally identifiable...
    Posted: September 10, 2015 7:18 PM
  • Locating Our Confidential Data

    Identity Finder is being installed to help reduce our risk.
    In an effort to try and detect confidential data on university-owned systems and reduce the risk that UMBC will be the source of a data breach, UMBC has worked with the university system to...
    Posted: June 9, 2015 10:01 AM
  • Recent Phishing Email Messages

    How to Identify and Report Phishing Messages.
    UMBC has recently been the target of an increasing number of phishing messages.  These phishing messages appear to come from the UMBC Division of Information Technology or another university...
    Posted: April 28, 2015 10:08 PM
  • Critical Security Flaw in Core Linux Library

    Allows for complete control of a system with no credentials
    Earlier this week a critical security flaw in the gethostbyname() function of glibc in Linux was exposed. This effects many major linux distributions including Redhat 5 and Redhat 6 Enterprise....
    Posted: January 31, 2015 10:59 AM
  • DoIT Taking Steps to Protect Sensitive Data on our AD server

    Over the weekend of May17-18, DoIT will be copying  files found on our Active Directory (AD) servers that have sensitive information in them and encrypting those files and storing them in a...
    Posted: May 16, 2014 9:50 AM