News

All News

October 1, 2024

What makes this a phishing message?

This email has been specifically targeting UC Berkeley Executives and asks them to click a link and enter their credentials to review an employee termination agreement.

Tips if Something Seems Off:

The sender name indicates an official Docusign like service, but is allegedly from OnlineSIGN-DOC, EDOC-ReadytoSign, or OnlineSignDESK-Ready.

What makes this a phishing message?

This is a classic 'sextortion' hoax from a random GMail email address.

https://www.bbb.org/article/news-releases/20517-scam-alert-beware-of-sextortion-emails

Tips if Something Seems Off:

The anonymous fraudster is now using leaked home address information to induce more fear in the recipients. The data likely came from a recent data breach, possibly the National Public Data (NPD) data release.

September 5, 2024

Overview

Every Windows product has a lifecycle, and that lifecycle ends when it no longer receives security updates or fixes, software updates, and/or technical support. On October 14, 2025, Microsoft will discontinue support for the Windows 10 Operating System. Without security patches, these systems will be easy targets for hackers, malware, and viruses.

July 3, 2024

This phony potential Covid contact alert was received by many users sent to their Campus bMail accounts.

What makes this a phishing message?

This targeted phishing scam is using a fake UC Berkeley email address

From: UC Berkeley Alerts <CHI-Information@case.edu>

This targeted phishing scam directs user to a bogus CAS authentication page..

June 11, 2024

This fake email termination notification was received by many users on their personal cell phone numbers via text message.

What makes this a phishing message?

This targeted phishing scam is pretending to be a UC Berkeley technician and uses urgency and fear to cause the recipients to act, threatening loss of service (email).

Tips if Something Seems Off:

UC Berkeley Help Desks will NEVER initiate contact directly via test to personal cell phone numbers

May 7, 2024

This is a notice from the Information Security Office to alert you to a vulnerability that impacts the R programming language. Please share this alert internally with IT admins, service owners, and researchers who run the product so they are aware and know what actions to take to address this vulnerability.

April 29, 2024

xz utils is a popular data compression library found in many Linux distributions. The critical vulnerability found in recent versions of the xz library, liblzma, includes a malicious code injection designed to allow unauthorized remote access. Click for more details.
Shim is a bootloader that facilitates the Secure Boot process on computers using Unified Extensible Firmware Interface. The bug involves trusting the remote server’s HTTP headers while booting over HTTP, which might allow an out-of-bounds write, and privileged code execution.

January 30, 2024

What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley faculty member or campus lab manager.

This email is sent to the parents of a student working in a campus lab. It invents a phony 'accident' that damaged an expensive piece of lab equipment and asks the parents of the lab member to reimburse the lab for part of the cost of replacement.

This targeted phishing scam uses urgency and fear to cause the recipients to act, extorting money from a phony accident.

December 7, 2023

Every year, students at UC Berkeley are scammed out of thousands of dollars via fake employment offers. Beware of unsolicited emails, phone calls, texts or even facebook messages offering internship or employment opportunities.

October 9, 2023

What makes this a phishing message?

This targeted phishing scam impersonates the UC Berkeley Duo Admin to create fear to cause the recipients to act, scanning the QR code which leads to a malicious link.

This targeted phishing scam uses urgency and fear to cause the recipients to act, exposing their personal information.

February 8, 2023

If you are unable to log into bMail, forward the message to phishing@berkeley.edu. For more information visit https://security.berkeley.edu/resources/phishing

January 9, 2023

LastPass has updated the information on the Security Incident they disclosed in August. They have discovered that the attackers were able to leverage the information they got in August to gain access to some customer data including some encrypted vault backups. ISO has provided guidance to campus users of LastPass. Click for further details.

January 1, 2023

June 22, 2022

Cybersecurity is a key issue for us in our private lives — think identity theft — and on the national scale — such as in federal elections. For scientists in academic and commercial labs, threats include Intellectual Property (IP) theft, ransomware, and hacktivism.

Where are we most vulnerable to those who want to disrupt or steal from us?

How can we do the best possible job of protecting ourselves and the organizations we serve?

June 15, 2022

June is Internet Safety Month and now’s the right time to consider how you are securing your family’s safety online. We often think of safety in terms of physical and emotional safety but in the digital age, we also need to focus on what keeps our families – namely our children – safe at any age. The following helpful strategies are some of the ways you can ensure life online allows them to take full advantage of the internet, while minimizing the risk and impact on their growth.

May 6, 2022

Attention recipient , We have received your request to terminate your email account below, and the request will be concluded within 12hours from now.
Dear recipient We have received your cancellation request and you are no longer subscribed to security.berkeley.edu If you did not request cancellation, kindly click below to reactivate your account.

March 31, 2022

A critical vulnerability has been found in the widely used Java framework Spring Core. While Remote Code Execution (RCE) is possible and a Proof-of-Concept has already been released, how to exploit the vulnerability can vary based on system configuration and research on it is still evolving.

March 30, 2022

April 12th is Identity Management Day, a day focused on learning about the impacts of casually, or improperly, managing and securing your digital identity. At Berkeley we manage our identity through our CalNet IDs, Student IDs, UCPath IDs, etc., so making sure your information is correct is super important.