News

All News

March 20, 2023

We want to alert students to be aware of emails they may receive about internship or employment opportunities. Phishing scams are on the rise and may come in via email, text, and phone calls. Your best line of defense is to not click on links within an email that you are at all suspicious of and never fill out any forms that you receive via email that ask for personal or financial information. Here are a few more tips to keep your information safe:

February 8, 2023

If you are unable to log into bMail, forward the message to phishing@berkeley.edu. For more information visit https://security.berkeley.edu/resources/phishing

January 9, 2023

LastPass has updated the information on the Security Incident they disclosed in August. They have discovered that the attackers were able to leverage the information they got in August to gain access to some customer data including some encrypted vault backups. ISO has provided guidance to campus users of LastPass. Click for further details.

January 1, 2023

June 22, 2022

Cybersecurity is a key issue for us in our private lives — think identity theft — and on the national scale — such as in federal elections. For scientists in academic and commercial labs, threats include Intellectual Property (IP) theft, ransomware, and hacktivism.

Where are we most vulnerable to those who want to disrupt or steal from us?

How can we do the best possible job of protecting ourselves and the organizations we serve?

June 15, 2022

June is Internet Safety Month and now’s the right time to consider how you are securing your family’s safety online. We often think of safety in terms of physical and emotional safety but in the digital age, we also need to focus on what keeps our families – namely our children – safe at any age. The following helpful strategies are some of the ways you can ensure life online allows them to take full advantage of the internet, while minimizing the risk and impact on their growth.

May 6, 2022

Dear recipient We have received your cancellation request and you are no longer subscribed to security.berkeley.edu If you did not request cancellation, kindly click below to reactivate your account.
Attention recipient , We have received your request to terminate your email account below, and the request will be concluded within 12hours from now.

March 31, 2022

A critical vulnerability has been found in the widely used Java framework Spring Core. While Remote Code Execution (RCE) is possible and a Proof-of-Concept has already been released, how to exploit the vulnerability can vary based on system configuration and research on it is still evolving.

March 30, 2022

April 12th is Identity Management Day, a day focused on learning about the impacts of casually, or improperly, managing and securing your digital identity. At Berkeley we manage our identity through our CalNet IDs, Student IDs, UCPath IDs, etc., so making sure your information is correct is super important.

February 15, 2022

Welcome Subscriber; Your Annual membership for NORTON 360 TOTAL PROTECTION has been renewed and updated successfully. The amount charged will be reflected within the next 24 to 48 hrs on your profile of account. Product Information: INVOICE NO. @ GGH1644259106OV ITEM NAME @ NORTON 360 TOTAL PROTECTION START DATE @ 2022 Feb 07 END DATE @ 1 year from START DATE GRAND TOTAL @ $240.42 USD PAYMENT METHOD @ Debit from account If you wish to not to continue subscription and claim a REFUND then please feel free to call our Billing Department as soon as possible. You can Reach us on : +1 – ( 803 ) – ( 598 ) – 4473 Regards, Billing Department SP

January 19, 2022

Using several different emails to send from and various subject lines, this attacker used the name of an actual Berkeley professor to send out a call for remote assistant work.
Beware of fake Cal Stores on Instagram or other social media platforms.

December 14, 2021

The UC Berkeley Information Security Office is responding to a newly revealed severe software vulnerability in Apache's Java Logging library, Log4J.

December 10, 2021

A critical vulnerability has been found in the widely used Java logging library log4j. This vulnerability can allow remote code execution by an unauthenticated attacker, is easy to exploit, and proof of concept code is publicly available.

October 11, 2021

Watch out for financial "spear phishing" emails.

These may look like they come from a supervisor or manager and request that you send funds, transfer money, provide banking information, buy gift cards, or provide something of value to the sender. 

October 8, 2021

Why Claim Your Subnets?

Because then you will get those fun and cheerful security notices! Yay!

Seriously, ISO monitors all campus IP address space.  When we find a problem we notify the Security Contact that claims the subnet so they can fix the problem.  If we cannot contact anyone, and the problem is serious, we will block the IP Address.  Now you have to troubleshoot a connectivity issue without knowing the underlying reason and you still have a serious security issue.  

October 4, 2021

UC has learned that names, Social Security numbers, and other personal information of some members of the UC community may have been used in attempts to open unauthorized bank accounts at financial institutions such as Chime and Go2Bank. Some of these UC community members are receiving emails from these institutions asking them to confirm a new account by clicking on a link in the email. It is unclear how personal information was obtained to open unauthorized accounts.

September 22, 2021

Are you on the lookout for flexible, part-time employment to help cover school expenses? If so, watch out for scams.

Between the COVID-19 pandemic and high unemployment rates, the pressure to find a job may create more pressure for you to find work quickly. UC Berkeley has received numerous reports of employment scams where the sender impersonates Berkeley professors, researchers, and/or university departments. Some scams are easy to spot but how do you know who to trust?

September 14, 2021

Apple released a security update for macOS, watchOS, iOS, iPadOS, and Safari. Apple is aware of a report of potential exploits in the wild.