News

September 14, 2021

Apple released a security update for macOS, watchOS, iOS, iPadOS, and Safari. Apple is aware of a report of potential exploits in the wild.

September 10, 2021

These are targeted and simple forms of phishing emails designed to get victims to interact and establish a rapport. The messages start out as basic greetings or job opportunities and then progress into requests for money or data.
These are targeted and simple forms of phishing emails designed to get victims to interact and establish a rapport. The messages start out as basic greetings or job opportunities and then progress into requests for money or data.
These are targeted and simple forms of phishing emails designed to get victims to interact and establish a rapport. The messages start out as basic greetings or job opportunities and then progress into requests for money or data.

September 9, 2021

The UC Office of the President has notified us that UC employees received an email yesterday from WEX Health (formerly Discovery Benefits) alerting them to a change in the profile information in their online WEX account. You do not need to respond to their message. This change was made in error and is being corrected. Please note that the error is not the result of a security breach and UC employee data has not been compromised.

August 18, 2021

These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.

July 27, 2021

A software update was released fixing a local privilege escalation vulnerability affecting MacOS, iPadOS, and iOS. A proof of concept exploit has been publicly released and Apple reports this vulnerability is currently being exploited.

July 12, 2021

This message, appearing to come from a professor, is a convincing scam targeting students to engage in back and forth emails ending in money changing hands. If you have received this message and shared correspondence with the scammer, we recommend that you cease correspondence immediately and contact UCPD if there have been any financial transactions.

May 26, 2021

These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.

May 19, 2021

These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.
These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.
These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.

May 18, 2021

These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.

April 16, 2021

"I have a really great passphrase, it's long and easy to remember, so I use it on all my accounts."

Sound familiar? Why is it so hard for us to abandon this idea that reusing passphrases is a bad idea? Well, we're humans and humans tend to rationalize to confirm our decisions. "What are the chances that someone will get my password and compromise my account, I mean, will that really happen to me?" Well, it turns out it does - and more frequently that you might imagine.

April 5, 2021

Updated May 11, 2021:

UCOP Notice to UC Community: https://ucnet.universityofcalifornia.edu/data-security/index.html


Updated Apr. 15, 2021:

March 31, 2021

Mar. 31st - The Internal Revenue Service issued a warning of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have ".edu" email addresses. The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions.

The fraudulent email displays the IRS logo and uses various subject lines such as "Tax Refund Payment" or "Recalculation of your tax refund payment." It asks people to click a link and submit a form to claim their refund. 

February 19, 2021

These are targeted and simple forms of phishing emails designed to get victims to click on a link that contains malicious content or steals your credentials.

February 11, 2021

This month Microsoft released patches for multiple serious vulnerabilities in the Windows TCP/IP network stack (including CVE-2021-24074, CVE-2021-24094)[1,2]. These vulnerabilities can allow for remote code execution. Additionally, Microsoft appears to have released patches for Windows 7 and Windows Server 2008 which are officially no longer supported.

January 27, 2021

You and Your W-2

Every year phishing messages are crafted by tax scammers to trick victims into giving out personal information. Taxpayers should continue to watch out for fake emails and/or websites looking to steal personal information. Be wary of any message asking for W-2 or other tax information. Additionally, because of the UCPath conversion attackers may send emails with fraudulent links. Do not open any attachments or click on any email links.

January 26, 2021

A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. The flaw can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the flaw. Researchers have developed working exploits against Ubuntu, Debian, and Fedora Linux distributions. Other UNIX-based operating systems and distributions are also likely to be exploitable. [1] [2]