Main Alerts

macOS High Sierra – Critical Security Update

This is an important computer security bulletin from Marshall University Information Technology team directed at Marshall University students, faculty and staff who own or use an Apple Macintosh computer. Apple has released a critical security update which should be applied to all computers which are running macOS High Sierra 10.13. Marshall University IT staff are working to address this issue on University-owned devices; students, faculty and staff need to be aware of this issue needs addressed on personal-owned devices.

What computers are at risk?

If you have an Apple Macintosh computer which is running the current release of macOS High Sierra 10.13 or 10.13.1, you are at risk and need to apply this update ASAP. If you are still running macOS Sierra 10.12.6 or earlier, this update is not needed.

How do I check which version of macOS in on my computer?

Click on the ‘Apple’ icon menu (in the upper left corner of your computer), and select ‘About This Mac’. You should see a pop-up window which will list the operating system name and version (see below):


 

How do I check for and apply needed software updates?

If your computer shows ‘macOS High Sierra Version 10.13 or 10.13.1’, click on the ‘Software Update…’ button in the lower-right of the pop-up. This will launch the Apple ‘App Store’ utility. Click on the ‘Updates’ menu and apply any needed updates. If the App Store shows ‘No Updates Available’, be sure to confirm that these 2 critical updates ‘MacOS 10.13.1 Update’ and ‘Security Update 2017-001’ are listed as being installed:

Please review the links below for further information and assistance

  • Apple Security Update 2017-001

https://support.apple.com/en-us/HT208315

  • Apple releases macOS High Sierra Security Updates

https://9to5mac.com/2017/11/29/macos-root-fix/

  • Marshall University IT Service Desk

https://www.marshall.edu/it/departments/it-service-desk/

  • Marshall University IT Information Security Team

https://www.marshall.edu/infosec

Protecting Your Marshall MUNet/Email Account from Phishing Attacks

Recent Phishing Attacks

Over the past several months, the Office of Information Technology has seen an influx of fraudulent “phishing” messages, many which appear urgent, and are designed to trick account holders into clicking a link (or in some cases, replying to an email) and providing a username and password.

In most cases, these emails have been sent from other Marshall University account holders who have already been victims of these fraudulent messages and thus have had their accounts compromised. Once an account is compromised, it is then being used by a cyber-criminal to distribute more phishing messages to other MUNet/Office365 account holders.

Since the messages are coming from @marshall.edu or @live.marshall.edu addresses, the recipient is more likely to trust the sender and be tricked into clicking a link and logging in to what they think is a legitimate web page. Many of these web pages are designed to look like authentic Marshall University, Microsoft, or financial institution login pages, but are actually capturing credentials.

Prevention and Education

The IT department is doing their best to catch compromised accounts before more phishing messages can be distributed, however, the best way to protect yourself and others is to use caution when checking your email.

ALWAYS be suspicious of any unexpected email messages, regardless of the source, which include file attachments, web URLs, or are written with a sense of urgency and require you to provide credentials or other personal information.

Phishing Examples

Below are a few examples of recent phishing messages. Notice that each includes hyperlinked text which, when the mouse is hovered over, reveals a web address that is NOT a marshall.edu or microsoft.com address. Also, these messages have a sense of urgency and ask that the recipient verify information. Marshall University will never send you unsolicited email asking you to verify your password or personal information, nor will any other trusted organization.

If You Receive A Fraudulent Email

  1. (Optional) Report a suspicious email sent to your @marshall.edu or @live.marshall.edu email address by forwarding the message to phishing@marshall.edu. YOu will receive an auto-reply confirming receipt of the message as well as additional instructions.
  2. Delete the message from your inbox
  3. As long as you did not attempt to open the attachment, reply/click on the web link, or provide any personal information, no additional action is needed; however…
  4. If you attempted to open an attachment or visited a website where you submitted your username, password or other sensitive information, you should immediately contact the Marshall IT Service Desk at (304)-696-3200 / itservicedesk@marshall.edu.

Protecting Yourself From Email Fraud(AKA Phishing)

Phishing Scams


InfoSec Tips #7: Don’t Be Tricked

Tip 7: Don’t Be Tricked

 
 

This alert was also sent to the Marshall community via e-mail

WiFi Update 9:15 am

As of 9:15 this morning all scheduled maintenance on the WiFi network has been completed. Please report any problems you encounter to the IT Service Desk immediately.

WiFi Update 11:30 am

As of now, 99% of the WiFi network has been restored.  The 1% of access points remaining offline are located in multiple buildings across campus and are in areas where additional WiFi coverage exists or are in a physical location that is not immediately accessible.  We are continuing to work to get 100% coverage very soon.  Crews will be working this weekend during our regularly scheduled IT Maintenance Window (Sundays 4:00 am to 1:00 pm) to do a final update to the wireless controllers.  The update will take the WiFi network offline for a short time beginning at 4:00 am Sunday and should be completed by 6:00 am. If the outage takes longer than expected, we’ll update this page.

WiFi Update 5:00 pm

As of 5:00 pm, we have completed Public Safety, Sorrell Maintenance Building, The Child Development Academy and the DewCo building.  We will begin the Weisberg Engineering Laboratories next. The majority of the campus WiFi is functioning normally but there are still a few Access Points we have to replace.  Many of the common areas within the residence halls are not fully covered.  All residence rooms should have service and should have had service all week but the common areas are scheduled to be replaced with new equipment beginning early next week.

WiFi Update 12:00 pm

The WiFi restoration is continuing to move along steadily.  As of Noon today the Joan C. Edwards Performing Arts Center, the Rec Center, Gullickson Hall, Chris Cline Athletic Complex and Prichard Hall have all been brought back online.  Crews are currently working in Public Safety and Sorrell Maintenance Building.  We will be focusing on the Weisberg Engineering Laboratories, the Child Development Academy, and the DewCo buildings next.

WiFi Update 3:30 pm

As of this afternoon, the team is still making steady progress on restoring wireless connectivity to the network.  Buildings completed today are Memorial Student Center, MEB (School of Pharmacy), Welcome Center, Foundation Hall and the Harless Dining Hall.  The next buildings to be restored will be the Campus Recreation Center and Gullickson Hall. Work will likely begin in the Rec Center later this afternoon or this evening. There will still be a few remaining Access Points throughout campus that will need updating.  If all goes as planned the WiFi network will be fully restored by mid-day Friday.

WiFi Update 5:00 pm

We have made continual progress throughout the afternoon.  Since the 1:15 pm update we have completed Jomie Jazz, Career Services, Public Safety, East Hall, St. Mary’s Education Center, and the Memorial Student Center.  The next locations are Foundation Hall, Gullickson Hall, Henderson Center, Meyers Hall, the Rec Center, Sorrell Maintenance Building, Welcome Center and all of the common areas in the residence halls.  It is expected to be 100% complete by late tomorrow or early Thursday.

WiFi update 1:15pm

Marshall University and Cisco engineers have made strides in restoring full service to the WiFi Network on campus.  We are working in order from the most impacted to least impacted buildings. For example, if a building has a complete outage, we’ll work to get it fully restored before moving on. Since our last update, Byrd Biotech, Facilities Building, Morrow Library, Smith Communications Building and Old Main are almost completely restored.  Significant progress has been made in East Hall and on the South Charleston campus.  The team will begin work in the Memorial Student Center and at the School of Pharmacy this afternoon.  We will continue to update our Alerts and WiFi page as more information is available.

WiFi update 5:20pm 10/23/2017

Marshall University engineers along with Cisco engineers have made steady progress today in getting the remaining WiFi access points connected to the network. Access points in the Shewey building, First Year Residence Halls and the Byrd Biotechnology Science Center have all started to come back online.  Technicians will continue to work into the evening and through the week until all access points are back online.