Archive for the ‘Security’ Category

During the March 25th change window, we will add the applications below to the list of remote applications to be blocked by default. Currently only a few of the most popular remote access applications (ssh, TeamViewer, AnyDesk, Microsoft Remote Desktop, VNC, ARD) are blocked by default. This updated policy will expand that list to include…

February 4, 2025: Boston University is no longer supporting text message or phone call options for Duo Multi-Factor Authentication (Duo MFA). Going forward, Duo Push via the Duo Mobile App will be the primary method for authentication. What This Means for You: If you’re already using Duo Push, no action is needed — everything will continue as…

Thanks to a huge effort by the IT Help Center and our local IT Partners, swift and significant progress has been made to rectify the effects of the outage at Boston University. However, as it typically happens with major global events, threat actors have jumped on the opportunity, leveraging the chaos. Dozens of domains referencing…

Windows computers are blue screening and when rebooted loop back to the bluescreen due to a CloudStrike file update.
…

For decades the University has operated a secure mail solution called DataMotion that we have recommended for use in transmitting Sensitive Information.  After several years of security improvements to our email system, deployment of multifactor authentication, and improvements in our data classification and data management policies and processes, we would like to reframe the requirements…

In late May, Boston University became aware of a vulnerability in a file transfer software package called “MoveIT” made by Progress Software.  The federal Cybersecurity & Infrastructure Security Agency (CISA) released an advisory on this topic on June 1st. Boston University is not a customer of MoveIT and was not directly affected by this vulnerability. We have…

In February, Microsoft released a patch for a critical vulnerability in Word, SharePoint, Office 365, and Office for Mac that could allow remote code execution. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now. IMPACT The vulnerability CVE-2023-21716 is of low complexity and…

IS&T is aware that LastPass, a commonly used password manager, has had a breach of security. This breach does not directly expose passwords that have been stored in the product, but LastPass has provided some recommended remediations in their customer notification: https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ We encourage members of our community who use the product to review the…

Apple has released emergency security updates to fix vulnerabilities exploited by attackers in an effort to hack iPhones, iPads, or Macs. As such, we are issuing this advisory to call this to your attention and asking you to update your devices now. IMPACT   The two vulnerabilities (CVE-2022-32894 & CVE-2022-32893) are the same for all three…

There is a significant flaw in Chrome (CVE-2022-1096) that was announced on Friday, March 25th and has since been featured in the news. This one has received attention because there is an exploit available for it amid higher global tensions. The bug is also in shared code that is used in Microsoft Edge, which may…