Because then you will get those fun and cheerful security notices! Yay!
Seriously, ISO monitors all campus IP address space. When we find a problem we notify the Security Contact that claims the subnet so they can fix the problem. If we cannot contact anyone, and the problem is serious, we will block the IP Address. Now you have to troubleshoot a connectivity issue without knowing the underlying reason and you still have a serious security issue.
UC has learned that names, Social Security numbers, and other personal information of some members of the UC community may have been used in attempts to open unauthorized bank accounts at financial institutions such as Chime and Go2Bank. Some of these UC community members are receiving emails from these institutions asking them to confirm a new account by clicking on a link in the email. It is unclear how personal information was obtained to open unauthorized accounts.
The UC Office of the President has notified us that UC employees received an email yesterday from WEX Health (formerly Discovery Benefits) alerting them to a change in the profile information in their online WEX account. You do not need to respond to their message. This change was made in error and is being corrected. Please note that the error is not the result of a security breach and UC employee data has not been compromised.
Every year phishing messages are crafted by tax scammers to trick victims into giving out personal information. Taxpayers should continue to watch out for fake emails and/or websites looking to steal personal information. Be wary of any message asking for W-2 or other tax information. Additionally, because of the UCPath conversion attackers may send emails with fraudulent links. Do not open any attachments or click on any email links.
While the COVID-19 pandemic has created several new cybersecurity risks in the form of phishing attacks, scammers have used this method for as long as the internet has been around to trick people into giving up sensitive information. To assist in mitigating these risks to campus, the Information Security Office created “Fight the Phish,” an awareness campaign to help educate our campus users on ways to identify, avoid, and report phishing attacks.
We recommend that users patch immediately. Both updates are accessible for manual download through the desktop-client:
Open the Zoom application on your system and select “Check for Updates...” from the zoom.us drop-down menu
On Mar. 23, CalNet disabled TLS 1.0 and 1.1 protocols from being used to access CAS, Shibboleth, CalGroups, CalNet Account Manager, and LDAP.
TLS 1.0 and 1.1 are insecure and vulnerable to attacks which risk the integrity and authentication of data sent between client and destination. Disabling these protocols will mitigate these issues, adhere to campus policy, and to protect institutional data and IT resources.
We have become aware that identity thieves are calling individuals on campus via landline or cellular devices asking for personal information. Remember to be vigilant and careful about protecting your personal information.
We work very hard to protect our voice network; however, attackers may try to use a technology called spoofing to trick you into giving up information. Spoofing is the practice of deliberately falsifying the information transmitted to your caller ID to pretend to be someone else.
With the California Consumer Privacy Act taking effect this year, data privacy will become a central issue for businesses in 2020. Consumers conduct much of their lives on the internet, yet few understand the critical issue of privacy and how their personal information is used, collected and shared by businesses. Your data can be stored indefinitely and used in both beneficial and unwelcome ways.
Recently ISO underwent a structural reorganization. This new structure allows us to continue to evolve and respond to challenges in the information security space, to streamline operations, and to create additional efficiencies. Vacant positions will be posted shortly to jobs.berkeley.edu and to our website.
Even outside the traditional "Holiday" season we find ourselves purchasing items online. And so, it's good to remember online shopping best practices year round. In addition to our holiday shopping tips, here are a few others to keep you safe while online shopping:
There will be some changes coming to information security policies at Berkeley brought on by a major update to the UC systemwide information security policy (IS-3). The revision brings sweeping changes to the way information security risk is handled on Campus.
This October, UC Berkeley is once again joining other universities, the National Cyber Security Alliance, and the U.S. Department of Homeland Security to help raise cyber security awareness during National Cyber Security Awareness Month (NCSAM).
Instead of finding One-Eyed Willy's treasure at the end of an IRS-spoofed email, victims are tricked into clicking malicious links and giving up their treasure.
The IRS recently issued warnings about new email scams where attachers send unsolicited emails to taxpayers from fake IRS email addresses. The email subject line may vary, but recent examples use the phrase "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder."
