Security

Shibboleth IDP v.3 maintenance on Feb 28, 2018 11:00 – 14:00 PT

To improve the user experience, the CWL login pages on Shibboleth IDP v.3 will be updated to include service identification text and an updated header. This change will take place on Wednesday, February 28th, 2018 between 1100-1400 PT. There will be no impact on the user or a service outage.

Fraudulent Email Alert: RE: ITS Help-desk;” – Feb 15, 2018

Do not reply to this email or click on the link contained in the email. If you think you may have submitted your CWL login credentials, please log into myAccount, change your password immediately and advise security@ubc.ca of the possible temporary breach of your account.  The email can be deleted from your Inbox or mobile phone.   From: <sender’s […]

Fraudulent Email Alert: Tutoring for my son – Jan 26, 2018

If you get this message, DO NOT reply and DO NOT provide any personal information. Delete the email. The email is part of an overpayment scam. The scammer will send the victim a fraudulent cheque for an amount greater than what was agreed upon then ask for a “refund”. The scammer is counting on the […]

Shibboleth Service Provider (SP) Vulnerability

A security advisor was recently issued indicating that if you are using the current Shibboleth SP on your application, it has been identified as vulnerable to forged user attribute data and that UBC’s Shibboleth implementation is impacted. Shibboleth SP software relies on a generic XML parser to process SAML responses and there are limitations in […]

Fraudulent Email Alert: SECURITY EMAIL ALERT – Jan 19, 2018

Do not reply to this email or click on the link contained in the email. If you think you may have submitted your CWL login credentials, please log into myAccount, change your password immediately and advise security@ubc.ca of the possible temporary breach of your account.  The email can be deleted from your Inbox or mobile phone.   From: <sender’s […]

Fraudulent Email Alert: UBC SECURITY ALERT!!! – Jan 19, 2018

Do not reply to this email or click on the link contained in the email. If you think you may have submitted your CWL login credentials, please log into myAccount, change your password immediately and advise security@ubc.ca of the possible temporary breach of your account.  The email can be deleted from your Inbox or mobile phone.   From: <sender’s […]

Fraudulent Email Alert: UBC SECURITY ALERT URGENT – Jan 17, 2018

Do not reply to this email or click on the link contained in the email. If you think you may have submitted your CWL login credentials, please log into myAccount, change your password immediately and advise security@ubc.ca of the possible temporary breach of your account.  The email can be deleted from your Inbox or mobile phone.   —–Original Message—– […]

WordPress 4.9.2 Addresses Flash Security Issue – January 17, 2018 08:30 PT

An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress 4.9.2. If you haven’t already, we recommend updating to the latest version of WordPress.   To continue to […]

Fraudulent Email Alert: UBC E-mail User © Copyright 2018 University of Bristish Columbia – Jan 16, 2018

Do not reply to this email or click on the link contained in the email. If you think you may have submitted your CWL login credentials, please log into myAccount, change your password immediately and advise security@ubc.ca of the possible temporary breach of your account.  The email can be deleted from your Inbox or mobile phone.   From: <sender’s […]

Meltdown and Spectre CPU Vulnerabilities

Risk: High CVE: CVE-2017-5754, CVE-2018-5753   Meltdown and Spectre are two CPU vulnerabilities that have recently been detected in Intel, AMD, ARM and Qualcomm processors. Currently there are no exploits available in the wild; however if successful, attackers can take advantage of three variants of the flaw and steal sensitive data, such as passwords and […]