November 30, 2020
November 4, 2020
Multiple vulnerabilities have been discovered in the Google Chrome browser, the most severe of which could allow for arbitrary code execution.
We recommend immediately updating your Google Chrome browser to Version 86.0.4240.183
To apply the update:
In the browser, go to the Chrome menu and select 'About Google Chrome' this will prompt the update. Note: you will have to relaunch the browser to fully apply the update.
October 21, 2020
Google has released Chrome version 86.0.4240.111 to apply security fixes, including a patch for an actively exploited zero-day vulnerability.
We recommend that users patch immediately. Normally updates happen in the background, but if you haven't closed your browser in a while, you might see a pending update
October 15, 2020
A serious vulnerability exists in the Windows TCP/IP network stack [1,2]. Currently, it is known that this vulnerability can be used to trigger a Denial of Service (DoS) event, however, Microsoft and others are warning that it may also be possible to remotely execute code.
An attacker can exploit this vulnerability by sending a crafted ICMPv6 Router Advertisement to the target system. The vulnerability does not require authentication or user-interaction.
The second round of our Security Internship Program has ended and we are pleased to congratulate Ilona Ozmon and Kris Beltran for graduating from the program.
I sat down with Kris to talk a little bit about his experience going through the Program and any words he would like to pass on to future applicants.
Casey: Kris, thank you so much for talking with me. You and I have known each other for several years, but for those reading, can you tell us a little bit about the work you do in your “normal” job at Berkeley?
October 5, 2020
September 4, 2020
September 3, 2020
August 27, 2020
The FBI has reported an increase in suspicious websites popping up that look like official election websites but are in fact fraudulent. These sites have multiple purposes:
August 18, 2020
Social Engineering criminals focus their attention at attacking people as opposed to infrastructure. Social engineering begins with research; an attacker may look for publicly available information that they can use against you. These attacks can come in a variety of formats: email, voicemail, SMS messages, DMs, or via social media and attempt to prey on your respect for authority, courtesy, or trust.