The Information Security Office recently updated the Miminum Security Standards for Networked Devices and the Draft of that Standard is currently under Campus review. The update incorporates elements from UC’s systemwide Electronic Information Security Policy, IS-3, and brings the Standard into alignment with current industry best practices.
May 8, 2020
April 30, 2020
Zoom V. 5 is available for download
The newest version further addresses issues related to security and privacy
Specific changes include these user experience/controls
- Security icon: Zoom’s security features are now grouped together and located in the "Security" icon in the host's meeting menu bar.
April 2, 2020
Zoom has released new version updates that resolve issues related to security and privacy: Windows ver. 4.6.19253.0401 and MacOS ver. 4.6.19273.0402.
We recommend that users patch immediately. Both updates are accessible for manual download through the desktop-client:
Open the Zoom application on your system and select “Check for Updates...” from the zoom.us drop-down menu
March 24, 2020
March 13, 2020
*** Patch Windows 10 and affected Windows Server 2019 systems IMMEDIATELY, even where there is a potential business impact (unscheduled maintenance). Notify firstname.lastname@example.org if you anticipate delays in patching. ***
March 9, 2020
January 28, 2020
On Mar. 23 CalNet fully depreciated TLS 1.0/1.1.
On Mar. 23, CalNet disabled TLS 1.0 and 1.1 protocols from being used to access CAS, Shibboleth, CalGroups, CalNet Account Manager, and LDAP.
TLS 1.0 and 1.1 are insecure and vulnerable to attacks which risk the integrity and authentication of data sent between client and destination. Disabling these protocols will mitigate these issues, adhere to campus policy, and to protect institutional data and IT resources.
January 27, 2020
We have become aware that identity thieves are calling individuals on campus via landline or cellular devices asking for personal information. Remember to be vigilant and careful about protecting your personal information.
We work very hard to protect our voice network; however, attackers may try to use a technology called spoofing to trick you into giving up information. Spoofing is the practice of deliberately falsifying the information transmitted to your caller ID to pretend to be someone else.
January 20, 2020
With the California Consumer Privacy Act taking effect this year, data privacy will become a central issue for businesses in 2020. Consumers conduct much of their lives on the internet, yet few understand the critical issue of privacy and how their personal information is used, collected and shared by businesses. Your data can be stored indefinitely and used in both beneficial and unwelcome ways.
January 14, 2020
*** Vulnerable RD Gateway servers should be patched IMMEDIATELY even where there is a potential business impact (unscheduled maintenance). Notify email@example.com if you anticipate any delays in patching. ***
A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway).
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. This vulnerability affects the Microsoft Windows 10 desktop operating system, as well as Windows Server 2016 and 2019.
Microsoft has released a security update that addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.
January 13, 2020
Mozilla’s advisory states they are “aware of targeted attacks in the wild abusing this flaw.” Based on this note in the advisory, it appears the vulnerability was exploited in the wild as a zero-day. 
January 9, 2020
January 8, 2020
In honor of International Data Privacy Day, January 28
All of us exist in digital form on the Internet. When you're online you leave a trail of "digital exhaust" in the form of cookies, GPS data, social network posts, browser searches, and email exchanges, among others. Services that you don’t even use may have information about you. And once something is online, it can be there forever.
January 6, 2020
What's Data Privacy Day?
November 13, 2019
We are excited to announce some organizational developments and opportunities to work with us.
Recently ISO underwent a structural reorganization. This new structure allows us to continue to evolve and respond to challenges in the information security space, to streamline operations, and to create additional efficiencies. Vacant positions will be posted shortly to jobs.berkeley.edu and to our website.
November 12, 2019
Even outside the traditional "Holiday" season we find ourselves purchasing items online. And so, it's good to remember online shopping best practices year round. In addition to our holiday shopping tips, here are a few others to keep you safe while online shopping:
November 11, 2019
The Information Security Office is proud to graduate Ryan Tran, our first Staff Information Security Intern!
We wanted to mark the occasion by talking with him about what he learned while at ISO.
November 6, 2019
I love this time of year; the air gets crisp, the leaves start to turn, and I get to wear sweaters all the time. However, the thought of leaving the house to battle the crowds elicits panic level 12. Perhaps that's why online shopping is gaining even more popularity. An estimated 165.8 million people shopped between Thanksgiving Day and Cyber Monday in 2018! 
There will be some changes coming to information security policies at Berkeley brought on by a major update to the UC systemwide information security policy (IS-3). The revision brings sweeping changes to the way information security risk is handled on Campus.
- « first Full listing: News
- ‹ previous Full listing: News
- 1 of 10 Full listing: News
- 2 of 10 Full listing: News
- 3 of 10 Full listing: News (Current page)
- 4 of 10 Full listing: News
- 5 of 10 Full listing: News
- 6 of 10 Full listing: News
- 7 of 10 Full listing: News
- 8 of 10 Full listing: News
- 9 of 10 Full listing: News
- next › Full listing: News
- last » Full listing: News