As per the recent post on the Apple Support, dated September 13, 2021, Apple has released a new update for the Safari web browser that includes important new security fixes. Safari is built using Apple WebKit, which has a vulnerability know to allow malicious web content to execute unauthorized code on your computer.
We advise you update Safari on all computer and devices, at home and at work, (campus and personal) before you use them to access webpages.
For information on how to update Safari on an Mac, see the Apple Support page page, Update or reinstall Safari for your computer. If you are using Safari on Windows, please discontinue use and uninstall Safari. Apple Safari for Windows is on longer supported by Apple. Access webpages only from web browsers that are supported and receive security updates.
As per the recent post on the Microsoft Security Response Center, dated September 9, 2021, Microsoft has released an alert about a serious vulnerability in MSHTML. MSHTML is a component in Internet Explorer and in Microsoft Office used to render web content. No known patch has been released, but there are mitigating steps that can be followed.
We advise you follow Microsoft’s recommendation to keep your antivirus software up to date. Additionally, we recommend you only open Microsoft Office documents created by a trusted source, not use Internet Explorer for browsing web pages, and keep an eye out for future Microsoft Windows and Office update that address this issue.
For information on how to update your antivirus software, see your antivirus vendors web site. If you are using Internet Explorer to browse web pages, please discontinue use. Internet Explorer is scheduled for end of support by Microsoft as per the Microsoft Support page, Internet Explorer 11 to be retired. If you use web applications that require Internet Explorer, contact the web application vendor to determine their recommendations.
As per the recent post on the Mozilla Foundation Security Advisories page, dated September 7, 2021, Mozilla has released a new update for Firefox and Thunderbird that includes important new security fixes.
We advise you update Firefox and Thunderbird on all computer and devices, at home and at work, (campus and personal) before you use them to access webpages.
For information on how to update Firefox see the Mozilla Firefox page, Update Firefox to the latest release.
The Federal Bureau Investigation (FBI) Cyber Division warns that Higher Education institutions are getting targeted more frequently by ransomware.
For more information on the increasing threat of ransomware attacks on universities see the EDUCAUSE Review article titled “The Increasing Threat of Ransomware in Higher Educations” here.
Howard University in Washington, D.C is the latest victim of ransomware.
Ransomware is a form of cybercrime where malicious actors gain unauthorized access to an organization’s cyber resources and use that access as leverage to get the organization to pay a ransom. It has become a big problem for many organizations that has a presence is cyberspace, with may organization paying from thousand to millions of dollars to get access back. In recent years ransomware has turned into an industry, with organizations offering services to help mount ransomware attacks against selected targets.
Unauthorized access is normally gained through either malware download by the staff of the organizations, or through vulnerabilities in the software and cyber services the organization uses. Once access is gained, ransomware attacks usually take one of two forms. One form is where the malicious actor locks the organization out of its own network, key cyber resources, or important data files, and asks them to pay to get access back. Another form of ransomware is one where the malicious actor exfiltrates important private data and threatens to disclose the data to the public if the ransom is not paid. For universities, this private data can be student Personally Identifiable Information (PII) protected by the Family Educational Rights and Privacy Act (FERPA), Controlled Unclassified Information (CUI) that is part of important research, or Protected Health Information (PHI) protected by the Health Insurance Portability and Accountability Act (HIPAA).
For more information on Ransomware see the Cybersecurity and Infrastructure Security Agency (CISA) Ransomware 101 page here.
For more information on the attack see the TechCrunch article here, or the official statement from the Howard University Office of University Communications here.
As per the recent post on the Google blog, dated August 31, 2021, Google has released a new update for Chrome that includes 27 new security fixes. We advise you update Chrome on all computer and devices, at home and at work, (campus and personal) before you use them to access webpages.
For information on how to update Chrome, see the Google Chrome Help page, Update Google Chrome.