Notice: Instructure Security Incident & Canvas Updates

Yale ITS is monitoring a reported cybersecurity incident affecting Instructure, the vendor behind Canvas. At this time, there is no known significant impact to Canvas services at Yale, and updates will be shared as more information becomes available.

Read More

Critical vulnerability in all versions of Linux.

Critical vulnerability in all versions of Linux. Please check with your vendor for updates and plan to apply patches as soon as possible. For more information, see: https://xint.io/blog/copy-fail-linux-distributions

Read More

YALE-MSS-9.2.1: Change all default passwords

Standard:
YALE-MSS-9.2: Utilize secure passwords for authentication

YALE-MSS-9.2.1: Change all default passwords

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Account defaults can make installation of an application or device easier. However, they are often public information and known to attackers. Leaving default credentials in place can result in a compromise.

All default passwords must be changed.

Examples of default passwords are "root", "administrator", "admin", "guest", and "password".

Vendor documentation may be helpful to identify default credentials.