News

Announcements

November 4, 2020

Multiple vulnerabilities have been discovered in the Google Chrome browser, the most severe of which could allow for arbitrary code execution. We recommend immediately updating your Google Chrome browser to Version 86.0.4240.183

October 21, 2020

Google has released Chrome version 86.0.4240.111 to apply security fixes, including a patch for an actively exploited zero-day vulnerability. We recommend that users patch immediately. Normally updates happen in the background, but if you haven't closed your browser in a while, you might see a pending update

August 13, 2020

Every Red Hat Enterprise Linux (RHEL) product has a life cycle and that life cycle ends when it no longer receives security updates or fixes, software updates, and/or technical support. On Nov. 30, 2020 Red Hat will discontinue support for RHEL 6. Campus policy requires that devices connected to the network run software for which security patches are made available and installed in a timely fashion. After support ends, RHEL 6 will no longer be in compliance with campus policy.

June 23, 2020

Why "Fight the Phish"?

April 30, 2020

Zoom V. 5 is available for download

The newest version further addresses issues related to security and privacy

Specific changes include these user experience/controls

  • Security icon: Zoom’s security features are now grouped together and located in the "Security" icon in the host's meeting menu bar.

April 2, 2020

Zoom has released new version updates that resolve issues related to security and privacy: Windows ver. 4.6.19253.0401 and MacOS ver. 4.6.19273.0402.

We recommend that users patch immediately. Both updates are accessible for manual download through the desktop-client:

  • Open the Zoom application on your system and select “Check for Updates...” from the zoom.us drop-down menu

March 9, 2020

Attackers have been sending emails that feed on concerns about COVID-19 to spread malware, trick them into sharing account credentials, or opening malicious attachments.

January 28, 2020

On Mar. 23 CalNet fully depreciated TLS 1.0/1.1.

On Mar. 23, CalNet disabled TLS 1.0 and 1.1 protocols from being used to access CAS, Shibboleth, CalGroups, CalNet Account Manager, and LDAP. 

TLS 1.0 and 1.1 are insecure and vulnerable to attacks which risk the integrity and authentication of data sent between client and destination. Disabling these protocols will mitigate these issues, adhere to campus policy, and to protect institutional data and IT resources. 

January 27, 2020

We have become aware that identity thieves are calling individuals on campus via landline or cellular devices asking for personal information. Remember to be vigilant and careful about protecting your personal information.

We work very hard to protect our voice network; however, attackers may try to use a technology called spoofing to trick you into giving up information.  Spoofing is the practice of deliberately falsifying the information transmitted to your caller ID to pretend to be someone else.  

January 20, 2020

With the California Consumer Privacy Act taking effect this year, data privacy will become a central issue for businesses in 2020. Consumers conduct much of their lives on the internet, yet few understand the critical issue of privacy and how their personal information is used, collected and shared by businesses. Your data can be stored indefinitely and used in both beneficial and unwelcome ways.

January 15, 2020

You and Your W-2

Every year phishing messages are crafted by tax scammers to trick victims into giving out personal information. Taxpayers should continue to watch out for fake emails and/or websites looking to steal personal information. Be wary of any message asking for W-2 or other tax information. Additionally, because of the UCPath conversion attackers may send emails with fraudulent links. Do not open any attachments or click on any email links.

January 6, 2020

What's Data Privacy Day?

Champion Badge

November 13, 2019

We are excited to announce some organizational developments and opportunities to work with us.

Recently ISO underwent a structural reorganization. This new structure allows us to continue to evolve and respond to challenges in the information security space, to streamline operations, and to create additional efficiencies. Vacant positions will be posted shortly to jobs.berkeley.edu and to our website.

November 12, 2019

Even outside the traditional "Holiday" season we find ourselves purchasing items online. And so, it's good to remember online shopping best practices year round. In addition to our holiday shopping tips, here are a few others to keep you safe while online shopping: 

November 6, 2019

There will be some changes coming to information security policies at Berkeley brought on by a major update to the UC systemwide information security policy (IS-3). The revision brings sweeping changes to the way information security risk is handled on Campus. 

September 5, 2019

NCSAM Champion Logo

This October, UC Berkeley is once again joining other universities, the National Cyber Security Alliance, and the U.S. Department of Homeland Security to help raise cyber security awareness during National Cyber Security Awareness Month (NCSAM). 

August 27, 2019

Instead of finding One-Eyed Willy's treasure at the end of an IRS-spoofed email, victims are tricked into clicking malicious links and giving up their treasure.

The IRS recently issued warnings about new email scams where attachers send unsolicited emails to taxpayers from fake IRS email addresses. The email subject line may vary, but recent examples use the phrase "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder."

August 5, 2019

File-sharing can heighten risks to you and the University. As an Internet Service Provider (under the Digital Millennium Copyright Act), UC Berkeley does not monitor its networks for the purpose of discovering illegal activity. However, we act to make sure that Copyright, especially as it applies to digital assets, is respected within the Campus community.

July 17, 2019

In the past few months, the campus has seen an increase in these types of phishing attacks. The most common form is a short message that starts with something like, "quick help needed," "are you in the office?", or "available?" from a person of authority. Often the messages appear to come from vice chancellors, deans, and department chairs.

July 8, 2019