News

October 30, 2019

Phishing Example: Part time work assistant needed
This message, appearing to come from a professor, was successful at convincing several students to engage in back and forth emails ending in money changing hands. If you have received this message and shared correspondence with the scammer, we recommend that you cease correspondence immediately and contact UCPD if there has been any financial transactions.

October 18, 2019

Kubernetes Vulnerabilities Allow Authentication Bypass, DoS (CVE-2019-16276)

Summary

Two dangerous vulnerabilities have recently been discovered in Kubernetes, the open-source container-orchestration system: 
CVE-2019-16276
CVE-2019-11253

Impact

October 1, 2019

Vulnerability in Exim Could Allow for Remote Command Execution (CVE-2019-16928)

Summary

A vulnerability has been discovered in Exim, which could allow for unauthenticated remote attackers to execute arbitrary system commands on the mail server. Exim is a mail transfer agent used to deploy mail servers on Unix-like systems. Successful exploitation of this vulnerability will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

September 27, 2019

Vulnerability in PHP 7.3 Could Allow for Arbitrary Code Execution

Summary

A vulnerability has been discovered in PHP 7.3 (the latest release series) that could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.  [1]

September 6, 2019

Don’t pass on strong passwords

Passwords! What a headache, am I right? Sometimes it seems like that in order to be safe, your password must contain letters, numbers, punctuation, bird noises, and at least one Egyptian hieroglyph.

But the truth is that it’s easier to create a long, strong, safe password than most people think. Let’s take a quick look at a few tips for making a password that will keep your account safe.

Double your privacy, double your fun

(Only those old enough to remember the Wrigley's doublemint gum commercials will get this title.)

“Multi-factor authentication” is a tech industry term for using different types of verification to get into an account. You do this daily with the 2-Step. The idea is that you use multiple things at the same time to really prove that you’re actually you. A password is one example of a factor; a fingerprint is another.

Staying safe when shopping online

How easy is it to shop online? (Rhetorical question there.) It’s so convenient to be able to order anything you like and have it delivered right to your door. Unfortunately, that also means there’s more risk. Scammers and criminals can try to steal your information and money while you shop online.

The good news is that there are some easy things you can do to protect yourself and safely shop online. Let’s take a quick look at some tips: 

Don’t take the bait: How you can spot a phish

“Phishing” unfortunately, it's still all the rage. Attackers try to fool you into sending them money (or buying gift cards) or revealing your personal information online. The name comes from the idea of fishing: scammers send a message that acts as bait, hoping to “hook” someone.

The good news is that you have the power to throw these phish back! Let’s take a minute to talk about what you can do to avoid phishing:

No peeking! Staying safe and private on Wi-Fi

Wi-Fi is great. Think about it, you pretty much carry an entire library and a direct line to anywhere in the world in your pocket. Nowadays many businesses offer Wi-Fi for their customers, so you can stay connected even while eating udon or waiting in line for toast.

But! That doesn’t mean it’s perfect. Using public Wi-Fi is sort of like doing, well, anything else in public: you want to be safe and not accidentally wander into trouble. Let’s talk about what you can do to protect yourself on Wi-Fi.

Up-to-date on updates: Keeping your software fresh

Software updates are sort of like exercise: Not everyone thinks about it, but everyone needs it, and they can make a big difference in keeping a system healthy. Let’s take a quick minute to talk about updates.

September 5, 2019

Think before you click: staying safe on social media

There are more than four billion people on the internet today, and many of them use social media to communicate. But while social media can be fun and a great way to chat with friends, it can be risky as well. When people share personal information about themselves, they may become targets for scammers and identity thieves.

However, you can take a few simple precautions to keep yourself and your friends and family safe on social media. Here’s how: 

None of their business! A look at privacy settings

Your privacy means a lot: not just to you, but to the people you care about. If your private accounts and information are breached, other people could be breached too. That’s why it’s important to maintain your privacy online by making good choices with your privacy settings.

Don’t worry, be appy: A quick look at app safety

Apps are part of our lives now. Remember that slogan, “There’s an App for That”? Nowadays, it seems like there really is an app for everything — from games to shopping, fitness, beauty, hobbies and more. No wonder that almost 50% of all smartphone users download at least one new app a month.

Just like with any device or program, though, it’s important to choose and use your apps carefully. Some apps may be scams or contain viruses. Here’s what you can do to keep yourself safer:

October is National Cyber Security Awareness Month!

NCSAM Champion Logo

This October, UC Berkeley is once again joining other universities, the National Cyber Security Alliance, and the U.S. Department of Homeland Security to help raise cyber security awareness during National Cyber Security Awareness Month (NCSAM). 

August 27, 2019

Tax Scams Never Say Die!

Instead of finding One-Eyed Willy's treasure at the end of an IRS-spoofed email, victims are tricked into clicking malicious links and giving up their treasure.

The IRS recently issued warnings about new email scams where attachers send unsolicited emails to taxpayers from fake IRS email addresses. The email subject line may vary, but recent examples use the phrase "Automatic Income Tax Reminder" or "Electronic Tax Return Reminder."

August 5, 2019

Updates to implementation plan for combating illegal file-sharing on Campus

File-sharing can heighten risks to you and the University. As an Internet Service Provider (under the Digital Millennium Copyright Act), UC Berkeley does not monitor its networks for the purpose of discovering illegal activity. However, we act to make sure that Copyright, especially as it applies to digital assets, is respected within the Campus community.

July 21, 2019

Phishing Example: Robocalls
Robocalls are on the rise. Be wary of any pre-recorded messages you might receive.

July 17, 2019

Phishing for Gift Cards
In the past few months, the campus has seen an increase in these types of phishing attacks. The most common form is a short message that starts with something like, "quick help needed," "are you in the office?", or "available?" from a person of authority. Often the messages appear to come from vice chancellors, deans, and department chairs.

July 9, 2019

Zoom Client through 4.4.4 on macOS Remote Vulnerability (CVE-2019-13450)

Summary

A vulnerability has been publicly disclosed in the Mac version of Zoom that allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission. [1]

July 8, 2019

Microsoft Windows Server 2008 End Of Life

Overview