News

July 5, 2020

Employee Crook, Each year, as an employee of University of California, Berkeley you are eligible to schedule a phone call, teleconference, or in-person meeting off campus with a representative for answers to your specific state, federal and individual retirement benefit questions. At your consultation you will be provided with information on what your expected income will be from UCRP when you retire, and how much longer you will have to work. You will also receive advice on the best ways to utilize your 401(a) options with your UCRP and/or Social Security benefits. *Please be sure to indicate which type of appointment you prefer (off-campus, phone call, or teleconference) in the notes section while scheduling. Please also include your direct cell phone number.*

June 30, 2020

Are you available ? No calls text only 9513072XXX BEST REGARDS Carol T Christ Chancellor Berkeley University of California

June 23, 2020

Why "Fight the Phish"?

While the COVID-19 pandemic has created several new cybersecurity risks in the form of phishing attacks, scammers have used this method for as long as the internet has been around to trick people into giving up sensitive information. To assist in mitigating these risks to campus, the Information Security Office created Fight the Phish,” an awareness campaign to help educate our campus users on ways to identify, avoid, and report phishing attacks. 

June 22, 2020

Dear students, Berkeley University Of California health professionals have been closely monitoring the spread of COVID-19 over the past two months.Therefore the university is organizing an online part time job to sustain the students living.I'm happy to inform you that our reputable company CORESTAFF SERVICES Inc®,is currently running a student empowerment program. KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION. Kind Regards Donna Lisa HR Manager/Consultant CORESTAFF SERVICES Inc®

June 18, 2020

Summary

The Information Security Office is aware of published reports that there are flaws in the built-in Mail app on iPhones. These flaws reportedly allow attackers to get remote access in the context of the Mail app without any interaction on the users part. [1]

June 8, 2020

The Information Security Office currently has two policies in Campus review until mid-June. We invite comments on the proposed new Roles and Responsibilities Policy and our Minimum Security Standards for Networked Devices (MSSND) Draft.

June 5, 2020

ID:#Q94HL9632******** Congratulations your new job, I had to verify all the information you provided. I hope to have your 100% loyalty and co-operation. Your quick response to e-mails and effectiveness will be required and you will be receiving your first assignment very soon. You will be emailed with detailed instructions. After checking my programs, unfortunately, you don’t have much done for me this week. So, you'll be starting your first Assignment In few days, I am unable to meet up for an interview because I am currently away and helping the disabled students in Abroad as stated in my previous email but scheduled to be back last week of July

June 3, 2020

Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company Cisco Inc® is currently running a student empowerment program. This program is to help devoted and hardworking students secure a part time job which does not deter them from doing any other, you just need a few hours to do this weekly and with an attractive weekly wages. KINDLY EMAIL BACK WITH YOUR ALTERNATE EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.

May 21, 2020

Ransomware is not new; but, it's been popping up more and more in higher ed. Each week brings news of colleges and universities that have fallen victim to ransomware attacks. Some hackers demand payment, while others steal personal data (to sell to identity thieves). Whatever the motives are, school systems around the country have been the targets of recent attacks.

May 12, 2020

The CalNet AD team has created several Group Policy Objects (GPOs) templates for system administrators to utilize. These templates, or Build Kits, are based on the Center for Internet Security’s (CIS) benchmarks and allow for quick and easy implementation of CIS Benchmark configurations. 

May 8, 2020

The Information Security Office recently updated the Miminum Security Standards for Networked Devices and the Draft of that Standard is currently under Campus review. The update incorporates elements from UC’s systemwide Electronic Information Security Policy, IS-3, and brings the Standard into alignment with current industry best practices. 

April 30, 2020

Zoom V. 5 is available for download

The newest version further addresses issues related to security and privacy

Specific changes include these user experience/controls

  • Security icon: Zoom’s security features are now grouped together and located in the "Security" icon in the host's meeting menu bar.

April 2, 2020

Zoom has released new version updates that resolve issues related to security and privacy: Windows ver. 4.6.19253.0401 and MacOS ver. 4.6.19273.0402.

We recommend that users patch immediately. Both updates are accessible for manual download through the desktop-client:

  • Open the Zoom application on your system and select “Check for Updates...” from the zoom.us drop-down menu

March 24, 2020

Summary

The Information Security Office (ISO) is aware of the new, unpatched Windows Zero-day exploit, that has been reported by Microsoft[1] and in the press[2]. The vulnerability is currently unpatched; however, workarounds are available.

March 13, 2020

Summary

*** Patch Windows 10 and affected Windows Server 2019 systems IMMEDIATELY, even where there is a potential business impact (unscheduled maintenance). Notify security@berkeley.edu if you anticipate delays in patching. ***

March 9, 2020

Attackers have been sending emails that feed on concerns about COVID-19 to spread malware, trick them into sharing account credentials, or opening malicious attachments.

January 28, 2020

On Mar. 23 CalNet fully depreciated TLS 1.0/1.1.

On Mar. 23, CalNet disabled TLS 1.0 and 1.1 protocols from being used to access CAS, Shibboleth, CalGroups, CalNet Account Manager, and LDAP. 

TLS 1.0 and 1.1 are insecure and vulnerable to attacks which risk the integrity and authentication of data sent between client and destination. Disabling these protocols will mitigate these issues, adhere to campus policy, and to protect institutional data and IT resources. 

January 27, 2020

We have become aware that identity thieves are calling individuals on campus via landline or cellular devices asking for personal information. Remember to be vigilant and careful about protecting your personal information.

We work very hard to protect our voice network; however, attackers may try to use a technology called spoofing to trick you into giving up information.  Spoofing is the practice of deliberately falsifying the information transmitted to your caller ID to pretend to be someone else.  

January 20, 2020

With the California Consumer Privacy Act taking effect this year, data privacy will become a central issue for businesses in 2020. Consumers conduct much of their lives on the internet, yet few understand the critical issue of privacy and how their personal information is used, collected and shared by businesses. Your data can be stored indefinitely and used in both beneficial and unwelcome ways.

January 14, 2020

Summary

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.  This vulnerability affects the Microsoft Windows 10 desktop operating system, as well as Windows Server 2016 and 2019.

Microsoft has released a security update that addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.