HOME / BLOG /

ISO Alerts

High Sierra Root Vulnerability Macs Under CNS-OIT Management

If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system.

If your Mac is under CNS-OIT management, then a workaround has been applied: a root password has been set on your machine. Additionally, owners of managed machines will receive an email reminding them to apply as soon as possible the security patch that fixes the root vulnerability.

As always, if you have questions or need help, please don'

Read more about High Sierra Root Vulnerability Macs Under CNS-OIT Management

High Sierra Root Vulnerability: Known Issue Migrating From 10.13.0 to 10.13.1

If you own a Mac, you have probably heard by now that Apple introduced a serious bug into High Sierra by which anybody could log into a Mac using 'root' as the username and no password, and get full access to the system. You may have also heard that Apple released a patch to fix this vulnerability. But have you heard that the bug 'silently' reappears on systems that are subsequently upgraded from 10.13.0 to 10.13.1?

If you apply the security patch to

Read more about High Sierra Root Vulnerability: Known Issue Migrating From 10.13.0 to 10.13.1

Changes to Duo Two Factor Authentication

As of Friday, 17 November 2017, UT Austin's Two-Factor Authentication service (2FA) Duo has stopped reporting possible security issues to its push clients when they authenticate. 

What does that mean?  The Duo App, from 20 July 2017 until last week reported, based only on release date of the software on the device, that the system was insecure and in need of updates.  This confused many users, or just plain infuriated them in that their phones were reporting to be insecure. 

Security tools like 2FA via Duo are essential in this age of

Read more about Changes to Duo Two Factor Authentication

Controlled Phishing Campaign by ISO

On 1 November 2017, the Information Security Office announced that it would "soon begin a controlled phishing assessment in an effort to continue to improve security awareness around this particular attack vector. All faculty and staff are potential recipients."

According to the announcement, "you may receive fake phishing emails designed to look like ones that bad guys are sending. However, instead of harming you, these emails will provide the ISO with data and teach you how to identify these scams and protect yourself. The ISO will send at least three rounds of emails

Read more about Controlled Phishing Campaign by ISO

Annual ISORA Starts Now

On 15 September 2017, the Information Security Office (ISO) kicked off its annual risk assessment survey of devices on the campus ethernet (wired) network. This survey is called ISORA (for ISO Risk Assessment). As required by Texas state law and the university administration, the ISORA application collects, analyzes and reports on specific data related to information security on campus. Gathering the necessary data requires participation from users and managers of networked devices to help collect the data, and from department heads to answer survey questions at the department level and

Read more about Annual ISORA Starts Now

New Duo On-Screen Notices

On July 20th, Information Technology Services (ITS) enabled new security features in the Duo two-factor authentication system intended to inform people when their device has outdated software installed. This change adds new messaging when authenticating with Duo that notifies users that their devices are using outdated versions of Flash, Java or operating systems (e.g. Windows, MacOS, Apple iOS, etc).  These changes apply to both desktop and mobile devices.

This informational banner does not prevent authentication or access. It is meant to inform.  It is hoped

Read more about New Duo On-Screen Notices

Yet Another Ransomware Attack

Tuesday saw a second major malware attack in as many months, affecting several countries, dozens of major companies, and thousands of machines.  And nobody believes it will get better any time soon.

If this malware attack sounds like last month's WannaCry ransomware attack, that's because it is.  Just like WannaCry, cyber ambush uses the same backdoor exploit developed by the U.S. National Security Agency, an exploit known as EternalBlue, which malware programmers have modified so that it not only spreads and infects computers, it also encrypts the data on vulnerable

Read more about Yet Another Ransomware Attack

New Samba Vulnerability

A new vulnerability has been announced that affects Samba, a network protocol that is primarily used for Windows file and print sharing.  The vulnerability affects all versions of Samba from 3.5.0 onwards.

The vulnerability allows remote code execution by allowing a malicious client to upload a shared library to a writable share, and then cause the Samba software to load and execute the uploaded library.

While no exploits are yet known, we strongly recommend you patch any systems running Samba as soon as possible.  Patches are available for versions 4.4 onwards, and

Read more about New Samba Vulnerability

Wanna Cry? Active Ransomware Outbreak (Updated)

According to reports, there is an ongoing, fast and widespread ransomware attack against Microsoft Windows machines, with reports of as many as 200,000 infections in as many as 150 countries (according to Europol on Sunday, 14 May 2017). The software can run in as many as 27 different languages, matching the operating system language settings.

This malware is variously known as WannaCry, WCry, Wanna Decryptor, or Wanna Derypt0r and was discovered the morning of May 12th, 2017.  It works by encrypting your data and requesting a ransom

Read more about Wanna Cry? Active Ransomware Outbreak (Updated)

Wanna Cry? Active Ransomware Outbreak

According to numerous reports, there is an ongoing, fast and widespread ransomware attack against Microsoft Windows machines, with reports of tens of thousands of infections in as many as 74 countries. The software can run in as many as 27 different languages, matching the operating system language settings.

The malware is variously known as WannaCry, WCry, or Wanna Decryptor, or Wanna Derypt0r and was discovered the morning of May 12, 2017.  It works by encrypting your data and requesting a ransom of .1781 bitcoins, the equivalent of roughly $300.

Initial reports indicate

Read more about Wanna Cry? Active Ransomware Outbreak