News

September 4, 2020

These attacks are a sophisticated, targeted form of phishing emails spoofing the security office with the intention of scaring the victim to get them to click on a nefarious link. The Information Security Office will never ask for you to "validate" your information via a link in an email.

September 3, 2020

These attacks are a sophisticated, targeted form of phishing emails designed to look like legitimate UC Berkeley IT Client Services emails with the intention of scaring the victim to get them to provide personal information. Legitimate UC Berkeley IT departments will NEVER ask for your passphrase over email.

August 27, 2020

The FBI has reported an increase in suspicious websites popping up that look like official election websites but are in fact fraudulent. These sites have multiple purposes:

August 18, 2020

Social Engineering criminals focus their attention at attacking people as opposed to infrastructure. Social engineering begins with research; an attacker may look for publicly available information that they can use against you. These attacks can come in a variety of formats: email, voicemail, SMS messages, DMs, or via social media and attempt to prey on your respect for authority, courtesy, or trust. 

Here are five things you can do to protect yourself:

August 13, 2020

August 7, 2020

These are targeted forms of phishing emails designed to establish trust with the victim in order to give up personal information or money.

July 15, 2020

In ongoing efforts to mitigate the spread of COVID-19, Gov. Newsom launched "California Connected, " the state's contract tracing program and public awareness campaign. Malicious actors are leveraging the program to use phishing scams to exploit the public.

July 5, 2020

These are targeted forms of phishing emails designed to get victims to click on malicious links and to give up personal email or phone numbers. UC Berkeley has no relationship with this organization. If you receive an email from PERA, do not interact, report it as a phishing email through bmail and delete.

June 30, 2020

These are targeted and simple forms of phishing emails designed to get victims to purchase gift cards, or to give up personal email or phone numbers. The "email compromise" gets its name because the attacker mimics the email of a known sender. However, these can also be sent through a legitimate, albeit hacked account. The messages start out as basic greetings then progress into requests for money or data. Since the content is highly personalized it’s often easy to get hooked.

June 23, 2020

Why "Fight the Phish"?

June 22, 2020

These are targeted and simple forms of phishing emails designed to get victims to interact, establish a rapport, and steal money. The messages start out as basic greetings - or job opportunities - and then progress into requests for money or data.

June 18, 2020

Summary

The Information Security Office is aware of published reports that there are flaws in the built-in Mail app on iPhones. These flaws reportedly allow attackers to get remote access in the context of the Mail app without any interaction on the users part. [1]

June 8, 2020

The Information Security Office currently has two policies in Campus review until mid-June. We invite comments on the proposed new Roles and Responsibilities Policy and our Minimum Security Standards for Networked Devices (MSSND) Draft.

June 5, 2020

These are targeted and simple forms of phishing emails designed to get victims to interact, establish a rapport, and steal money. The messages start out as basic greetings - or job opportunities - and then progress into requests for money or data.

June 3, 2020

These are targeted and simple forms of phishing emails designed to get victims to interact and establish a rapport. The messages start out as basic greetings or job opportunities and then progress into requests for money or data.

May 21, 2020

Ransomware is not new; but, it's been popping up more and more in higher ed. Each week brings news of colleges and universities that have fallen victim to ransomware attacks. Some hackers demand payment, while others steal personal data (to sell to identity thieves). Whatever the motives are, school systems around the country have been the targets of recent attacks.

May 12, 2020

The CalNet AD team has created several Group Policy Objects (GPOs) templates for system administrators to utilize. These templates, or Build Kits, are based on the Center for Internet Security’s (CIS) benchmarks and allow for quick and easy implementation of CIS Benchmark configurations. 

May 8, 2020

The Information Security Office recently updated the Miminum Security Standards for Networked Devices and the Draft of that Standard is currently under Campus review. The update incorporates elements from UC’s systemwide Electronic Information Security Policy, IS-3, and brings the Standard into alignment with current industry best practices. 

April 30, 2020

Zoom V. 5 is available for download

The newest version further addresses issues related to security and privacy

Specific changes include these user experience/controls

  • Security icon: Zoom’s security features are now grouped together and located in the "Security" icon in the host's meeting menu bar.

April 2, 2020

Zoom has released new version updates that resolve issues related to security and privacy: Windows ver. 4.6.19253.0401 and MacOS ver. 4.6.19273.0402.

We recommend that users patch immediately. Both updates are accessible for manual download through the desktop-client:

  • Open the Zoom application on your system and select “Check for Updates...” from the zoom.us drop-down menu