Educause Security Discussion mailing list archives
Re: FSA Notice on: Exploitation of Ellucian Banner System Vulnerability - update
From: Mahmud Rahman <mrahman () MILLS EDU>
Date: Wed, 7 Aug 2019 07:52:14 -0700
What they did was not fair to Ellucian or to schools using Banner. There was a lot of misinformation spread in the news. Mahmud Rahman MFA '04 Director of Systems and Banner Services, ITS Mills College, Oakland CA (510)430-2257 mrahman () mills edu On Wed, Aug 7, 2019 at 7:33 AM Jim A. Bole <jbole () stevenson edu> wrote:
Josh, I see that FSA has acknowledged that Ellucian vulnerabilities were not exploited: https://ifap.ed.gov/eannouncements/080619ITSecurAlertExploitationEllucianBannerSysVulnerabilityUpdate1.html Did FSA provide any explanation as to how they made their initial determination and, more importantly, what they are doing to prevent this type of false attribution in the future? Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 From: Sosnin, Josh <Josh.Sosnin () ELLUCIAN COM> Sent: Friday, July 19, 2019 9:23 PM Subject: Re: [EXT]: [SECURITY] FSA Notice on: Exploitation of Ellucian Banner System Vulnerability We have posted an update on this issue at the link below. Please feel free to reach out to me with any questions. https://www.ellucian.com/news/ellucian-banner-system-vulnerability-update Thanks, Josh -- Josh Sosnin | VP and CISO | ellucian CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you. From: The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Brian Kelly <bkelly () EDUCAUSE EDU<mailto:bkelly () EDUCAUSE EDU>> Reply-To: The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Date: Wednesday, July 17, 2019 at 8:50 PM To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: [EXT]: [SECURITY] FSA Notice on: Exploitation of Ellucian Banner System Vulnerability **External Email** If your institution is running Banner Web Tailor versions 8.8.3, 8.8.4, and 8.9 and/or Banner Enterprise Identity Services versions 8.3, 8.3.1, 8.3.2, and 8.4, Fed Student Aid has a security alert about a vulnerability needing patching if it's not patched already: https://ifap.ed.gov/eannouncements/071719ITSecurAlertExploitationEllucianBannerSysVulnerability.html < https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fifap.ed.gov%2Feannouncements%2F071719ITSecurAlertExploitationEllucianBannerSysVulnerability.html&data=02%7C01%7Cjosh.sosnin%40ELLUCIAN.COM%7C0247e5adc4554c96455808d70b19deea%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C636990078058860644&sdata=MTtSDC4ljNTvY8I5IBaB0b9%2B7%2BC%2BBvp73MpZ%2BOJHRi0%3D&reserved=0Brian Kelly, CISSP, CISM, CEH Director, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good Follow HEISC on LinkedIn< https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fhigher-education-information-security-council-heisc-%2F&data=02%7C01%7Cjosh.sosnin%40ELLUCIAN.COM%7C0247e5adc4554c96455808d70b19deea%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C636990078058860644&sdata=1ng%2BoI6fffW4Q5QgkeeRg9hZB0tHOXGqOKTdxvgdHyA%3D&reserved=0> | Twitter: @HEISCouncil | bkelly () educause edu<mailto:bkelly () educause edu> direct: 720.406.6757 | mobile 475.449.6440 | educause.edu< https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2F&data=02%7C01%7Cjosh.sosnin%40ELLUCIAN.COM%7C0247e5adc4554c96455808d70b19deea%7Cba4f1b25f4f74403892553e24140459f%7C0%7C0%7C636990078058870648&sdata=MPMnb1Uw3mGDJc7wsB4PipaF6hzR1Y%2FZnd13hEQbEWw%3D&reserved=01150 18th Street, NW, Suite 900 Washington, DC 20036 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- FSA Notice on: Exploitation of Ellucian Banner System Vulnerability - update Jim A. Bole (Aug 07)
- Re: FSA Notice on: Exploitation of Ellucian Banner System Vulnerability - update Mahmud Rahman (Aug 07)