News

September 6, 2019

Wi-Fi is great. Think about it, you pretty much carry an entire library and a direct line to anywhere in the world in your pocket. Nowadays many businesses offer Wi-Fi for their customers, so you can stay connected even while eating udon or waiting in line for toast.

But! That doesn’t mean it’s perfect. Using public Wi-Fi is sort of like doing, well, anything else in public: you want to be safe and not accidentally wander into trouble. Let’s talk about what you can do to protect yourself on Wi-Fi.

September 5, 2019

NCSAM Champion Logo

This October, UC Berkeley is once again joining other universities, the National Cyber Security Alliance, and the U.S. Department of Homeland Security to help raise cyber security awareness during National Cyber Security Awareness Month (NCSAM). 

There are more than four billion people on the internet today, and many of them use social media to communicate. But while social media can be fun and a great way to chat with friends, it can be risky as well. When people share personal information about themselves, they may become targets for scammers and identity thieves.

However, you can take a few simple precautions to keep yourself and your friends and family safe on social media. Here’s how: 

Your privacy means a lot: not just to you, but to the people you care about. If your private accounts and information are breached, other people could be breached too. That’s why it’s important to maintain your privacy online by making good choices with your privacy settings.

Apps are part of our lives now. Remember that slogan, “There’s an App for That”? Nowadays, it seems like there really is an app for everything — from games to shopping, fitness, beauty, hobbies and more. No wonder that almost 50% of all smartphone users download at least one new app a month.

Just like with any device or program, though, it’s important to choose and use your apps carefully. Some apps may be scams or contain viruses. Here’s what you can do to keep yourself safer:

August 27, 2019

Instead of finding One-Eyed Willy's treasure at the end of an IRS-spoofed email, victims are tricked into clicking malicious links and giving up their treasure.

The IRS recently issued warnings about new email scams where attachers send unsolicited emails to taxpayers from fake IRS email addresses. The email subject line may vary, but recent examples use the phrase "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder."

August 5, 2019

File-sharing can heighten risks to you and the University. As an Internet Service Provider (under the Digital Millennium Copyright Act), UC Berkeley does not monitor its networks for the purpose of discovering illegal activity. However, we act to make sure that Copyright, especially as it applies to digital assets, is respected within the Campus community.

July 21, 2019

Robocalls are on the rise. Be wary of any pre-recorded messages you might receive.

July 17, 2019

"Hey, are you available?"

July 9, 2019

Summary

A vulnerability has been publicly disclosed in the Mac version of Zoom that allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission. [1]

July 8, 2019

June 24, 2019

Beginning August 13, Offsite Hostname requests will move to NetReg.

June 18, 2019

Advisory 

Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service vulnerabilities [1]

Severity: Critical

June 3, 2019

Karl Grose, one of the founding fathers of CalNet, is retiring.

May 22, 2019

You may have noticed some changes here at security.berkeley.edu. The Information Security and Policy office has taken a new name and undergone a website redesign. We are now The Information Security Office or ISO. Don't worry, all of our great content is still here. The new layout may take some getting used to, but our search function is better than ever and can help you find what you are looking for. 

May 21, 2019

Stay safe while traveling by following this simple tips

May 14, 2019

Summary

A zero-day elevation of privilege vulnerability exists in the way Microsoft Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

While details about the use of the exploit are not available, it has reportedly been used in limited attacks against specific targets. Successful exploitation has been observed in the wild. [2][3]

Summary

*** Vulnerable RDP servers should be patched IMMEDIATELY even where there is a potential business impact (unscheduled maintenance). Notify security@berkeley.edu if you anticipate any delays in patching. ***

April 10, 2019

Overview

Every Windows product has a lifecycle and that lifecycle ends when it no longer receives security updates or fixes, software updates, and/or technical support. On Jan. 14, 2020 Microsoft will discontinue support for the Windows 7 Operating System. Without security, patches these systems will be easy targets for hackers, malware, and viruses.

March 14, 2019

Summary

Serious security vulnerabilities have been discovered in the Ruby on Rails web application framework including a remote file content disclosure flaw and a Denial of Service (DoS) vulnerability. Please read the References links below to learn if your Rails application is affected.

Impact