News

November 30, 2020

These are targeted and simple forms of phishing emails designed to get victims to click on a fake Google Docs link that contains malicious content.
These are targeted and simple forms of phishing emails designed to get victims to click on a fake Google Forms link that contains malicious content.
These are targeted and simple forms of phishing emails designed to get victims to click on a fake Google Forms link that contains malicious content.
These are targeted and simple forms of phishing emails designed to get victims to click on a fake Google Forms link that contains malicious content.

November 4, 2020

Multiple vulnerabilities have been discovered in the Google Chrome browser, the most severe of which could allow for arbitrary code execution.

We recommend immediately updating your Google Chrome browser to Version 86.0.4240.183

To apply the update:

In the browser, go to the Chrome menu and select 'About Google Chrome' this will prompt the update. Note: you will have to relaunch the browser to fully apply the update.

 

October 21, 2020

Google has released Chrome version 86.0.4240.111 to apply security fixes, including a patch for an actively exploited zero-day vulnerability. 

We recommend that users patch immediately. Normally updates happen in the background, but if you haven't closed your browser in a while, you might see a pending update

October 15, 2020

Summary

A serious vulnerability exists in the Windows TCP/IP network stack [1,2].  Currently, it is known that this vulnerability can be used to trigger a Denial of Service (DoS) event, however, Microsoft and others are warning that it may also be possible to remotely execute code.

An attacker can exploit this vulnerability by sending a crafted ICMPv6 Router Advertisement to the target system. The vulnerability does not require authentication or user-interaction.

The second round of our Security Internship Program has ended and we are pleased to congratulate Ilona Ozmon and Kris Beltran for graduating from the program.

I sat down with Kris to talk a little bit about his experience going through the Program and any words he would like to pass on to future applicants.

Casey: Kris, thank you so much for talking with me. You and I have known each other for several years, but for those reading, can you tell us a little bit about the work you do in your “normal” job at Berkeley?

October 5, 2020

These are targeted and simple forms of phishing emails designed to get victims to interact and establish a rapport. The messages start out as basic greetings or job opportunities and then progress into requests for money or data.

September 4, 2020

These attacks are a sophisticated, targeted form of phishing emails spoofing the security office with the intention of scaring the victim to get them to click on a nefarious link. The Information Security Office will never ask for you to "validate" your information via a link in an email.

September 3, 2020

These attacks are a sophisticated, targeted form of phishing emails designed to look like legitimate UC Berkeley IT Client Services emails with the intention of scaring the victim to get them to provide personal information. Legitimate UC Berkeley IT departments will NEVER ask for your passphrase over email.

August 27, 2020

The FBI has reported an increase in suspicious websites popping up that look like official election websites but are in fact fraudulent. These sites have multiple purposes:

August 18, 2020

Social Engineering criminals focus their attention at attacking people as opposed to infrastructure. Social engineering begins with research; an attacker may look for publicly available information that they can use against you. These attacks can come in a variety of formats: email, voicemail, SMS messages, DMs, or via social media and attempt to prey on your respect for authority, courtesy, or trust. 

Here are five things you can do to protect yourself:

August 13, 2020

August 7, 2020

These are targeted forms of phishing emails designed to establish trust with the victim in order to give up personal information or money.

July 15, 2020

In ongoing efforts to mitigate the spread of COVID-19, Gov. Newsom launched "California Connected, " the state's contract tracing program and public awareness campaign. Malicious actors are leveraging the program to use phishing scams to exploit the public.

July 5, 2020

These are targeted forms of phishing emails designed to get victims to click on malicious links and to give up personal email or phone numbers. UC Berkeley has no relationship with this organization. If you receive an email from PERA, do not interact, report it as a phishing email through bmail and delete.

June 30, 2020

These are targeted and simple forms of phishing emails designed to get victims to purchase gift cards, or to give up personal email or phone numbers. The "email compromise" gets its name because the attacker mimics the email of a known sender. However, these can also be sent through a legitimate, albeit hacked account. The messages start out as basic greetings then progress into requests for money or data. Since the content is highly personalized it’s often easy to get hooked.

June 23, 2020

Why "Fight the Phish"?

June 22, 2020

These are targeted and simple forms of phishing emails designed to get victims to interact, establish a rapport, and steal money. The messages start out as basic greetings - or job opportunities - and then progress into requests for money or data.