|Title||Start Date & Time||End Date & Time|
|Service Restored: Youtube Age-Restricted Content Inaccessible From CU Network||Saturday, September 15, 2018 - 2:28pm|
|Service Issue Reported: Networking - Engineering North tower - partial outage||Saturday, September 22, 2018 - 2:39pm|
|Service Maintenance Scheduled: Turnitin||Saturday, September 22, 2018 - 9:00am||Saturday, September 22, 2018 - 5:30pm|
|Service Maintenance Scheduled: Campus Solutions & Portals||Sunday, September 23, 2018 - 6:00am||Sunday, September 23, 2018 - 2:00pm|
|Service Maintenance Scheduled: F5 Content Switch||Thursday, September 27, 2018 - 6:30pm||Thursday, September 27, 2018 - 7:30pm|
|Service Maintenance Scheduled: Wi-Fi in Bear Creek Apartments||Tuesday, October 2, 2018 - 6:00am||Tuesday, October 2, 2018 - 7:30am|
Malicious software, referenced in media reports and antivirus vendors as Flashback, is reportedly infecting Apple Macintosh machines when users browse the internet and encounter maliciously crafted web sites. The attack uses a vulnerability in Java for OS X for which Apple provided a patch on April 5, 2012.
Once the malicious software has been installed attackers attempt to steal personal information including passwords, banking information and more. The malicious software will also contact a command and control server to download additional malware or instructions. This malware can be used to continue the outbreak and to control the end users machine without their knowledge or permission.
The IT Security Office advises updating as soon as possible. Updates may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads website.
We are continuing to see reports of new Flashback variants which are causing problems for the Flashback detection utility we had previously posted on this Security Notice. IT Security has been monitoring network traffic for indications of infected systems.If we believe your system is infected, we will contact you and ask you to contact our IT Service Center.
As a reminder, the university will never send email asking for your highly confidential data (e.g. passwords, SSNs, credit card numbers, etc.) and you should be suspicious of messages that direct you to provide this information.
Apple has released a Flashback Removal Tool as an update to OS X Lion (10.7) and updates for Java on Mac OS X 10.6 that include a Flashback Removal Tool. These updates address vulnerabilities that could allow malicious users to execute arbitrary code, steal highly confidential data and take control of affected computers. Learn more.
This Java update disables the Java applet plug-in by default in Java Preferences. As you may know, the campus’s Network Connect VPN requires that the Java applet plug-in be enabled in order to connect. Learn more about this issue and how to enable the Java applet plug-in.
Security Bulletin Names:
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.