News

Hello! My name is Shafaq. Your website or a website that your company hosts is infringing on a copyright-protected images owned by myself. Take a look at this document with the links to my images you used at website.berkeley.edu and my earlier publications to get the evidence of my copyrights. Download it right now and check this out for yourself: hxxps://sites.google.com/view/a0hf49gj29g-i4jb48n5/drive/folders/shared/1/download?ID=308682351554855915 I believe you have willfully infringed my rights under 17 U.S.C. Section 101 et seq. and could be liable for statutory damages as high as $150,000 as set forth in Section 504(c)(2) of the Digital Millennium Copyright Act (”DMCA”) therein.

A software update was released fixing a local privilege escalation vulnerability affecting MacOS, iPadOS, and iOS. A proof of concept exploit has been publicly released and Apple reports this vulnerability is currently being exploited.

Berkeley University of California is seeking an Research Assistant / services of a competent Undergraduate Student Administrative Assistant to work Part-time and get paid $350 weekly. Tasks will be carried out remotely. If interested, Do text your name to (808) 378-1179 so as to proceed Bernhard Boser Professor, (808) 378-1179. 490A Cory Hall

Outgoing Mail Error Due to server error, 6 new mails you sent from recipient@berkeley.edu are stucked in berkeley.edu Release below to re-send all stuck emails to the destination boxes. Release Emails This is a mandatory berkeley.edu webmail service sent to recipient@berkeley.edu

Dear Customer, You recently made a request to deactivate email. This request will be processed shortly. If you did not make this request, cancel the request now. Cancel Deactivation If you do not cancel this request, your account will be deactivated and all your email data will be lost. Sincerely, Your berkeley.edu Internet Team

"I have a really great passphrase, it's long and easy to remember, so I use it on all my accounts."

Sound familiar? Why is it so hard for us to abandon this idea that reusing passphrases is a bad idea? Well, we're humans and humans tend to rationalize to confirm our decisions. "What are the chances that someone will get my password and compromise my account, I mean, will that really happen to me?" Well, it turns out it does - and more frequently that you might imagine.

Updated May 11, 2021:

UCOP Notice to UC Community: https://ucnet.universityofcalifornia.edu/data-security/index.html

---

Updated Apr. 15, 2021:

Mar. 31st - The Internal Revenue Service issued a warning of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have ".edu" email addresses. The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions.

The fraudulent email displays the IRS logo and uses various subject lines such as "Tax Refund Payment" or "Recalculation of your tax refund payment." It asks people to click a link and submit a form to claim their refund. 

Security Notice! Dear XXXX, Our security system has detected some irregular activity connected to your account. you will be unable to send and recieve emails until this issue has been resolved CLICK HERE TO VALIDATE NOW To prevent further irregular activity we will restrict access to your account within 72 hours if you did not validate your account. *Note:* Mail Administrator will always keep you posted of security updates. Mail Admin

This month Microsoft released patches for multiple serious vulnerabilities in the Windows TCP/IP network stack (including CVE-2021-24074, CVE-2021-24094)[1,2]. These vulnerabilities can allow for remote code execution. Additionally, Microsoft appears to have released patches for Windows 7 and Windows Server 2008 which are officially no longer supported.

You and Your W-2

Every year phishing messages are crafted by tax scammers to trick victims into giving out personal information. Taxpayers should continue to watch out for fake emails and/or websites looking to steal personal information. Be wary of any message asking for W-2 or other tax information. Additionally, because of the UCPath conversion attackers may send emails with fraudulent links. Do not open any attachments or click on any email links.

A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. The flaw can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is not required to exploit the flaw. Researchers have developed working exploits against Ubuntu, Debian, and Fedora Linux distributions. Other UNIX-based operating systems and distributions are also likely to be exploitable. [1] [2]

Multiple vulnerabilities have been discovered in the Google Chrome browser, the most severe of which could allow for arbitrary code execution. We recommend immediately updating your Google Chrome browser to Version 86.0.4240.183