News

All News

November 4, 2020

Multiple Vulnerabilities in Google Chrome Browser
Multiple vulnerabilities have been discovered in the Google Chrome browser, the most severe of which could allow for arbitrary code execution. We recommend immediately updating your Google Chrome browser to Version 86.0.4240.183

October 21, 2020

New Patches Available for Google Chrome Browser
Google has released Chrome version 86.0.4240.111 to apply security fixes, including a patch for an actively exploited zero-day vulnerability. We recommend that users patch immediately. Normally updates happen in the background, but if you haven't closed your browser in a while, you might see a pending update

October 15, 2020

Windows Vulnerability - CVE-2020-16898
A serious vulnerability exists in the Windows TCP/IP network stack [1,2]. Currently, it is known that this vulnerability can be used to trigger a Denial of Service (DoS) event, however, Microsoft and others are warning that it may also be possible to remotely execute code. An attacker can exploit this vulnerability by sending a crafted ICMPv6 Router Advertisement to the target system. The vulnerability does not require authentication or user-interaction.
Congrats to Our Staff Security Intern Graduates
The second round of our Security Internship Program has ended and we are pleased to congratulate Ilona Ozmon and Kris Beltran for graduating from the program.

October 5, 2020

Phishing Example: BERKELEY UNIVERSITY WORK FROM SCHOOL OR HOME PART TIME FALL 2020
Dear student! I'm Professor Douglas Ignacio. Senior Policy Advisor at the Student Unemployment Assistance Program (SUAP).SUAP is committed to provide significant benefits for students who are currently unemployed or who lost their jobs due to COVID-19 Pandemic to have equal right and opportunity, to be economically self-sufficient, and to earn and save without jeopardizing access to the services and supports that allow them to live and work independently. You have received this email because you have an offer from the University Education Department Office for unemployed students to work with me as my temporary Online Virtual Assistance. typical Duties: You will only help me mail letters if need be, make online bill payments and sometimes at the retail stores, purchase some items when necessary. You

September 4, 2020

Phishing Example: Security Notice - Fix Security Info Now
Dear berkeley.edu member, As a precautionary measure we have restricted access to your account until your validate has been changed . To prevent further irregular activity, you will be unable to send out any emails unties issue has been resolved To fix security info, click below to validate.

September 3, 2020

Phishing Example: (ITCS Notification:) Account Irregular Activity Detected [INC1147653]
UC Berkeley | IT Client Services Hello, This is an automated official communication from Berkeley IT Client Services Ticket system in reference to the incident number below. Ticket INC1147653 has been created from the recent activities in your CalNet - ID credentials. ITCS system have detected an irregular activity related to your UC Berkeley CalNet ID credentials. As a precautionary measure, we will temporary block your account and should be moving it to our backup server but we need your help to do this effectively otherwise you may lose your login information and data at the end of the Duo Account Migration & Quarantine clean-up process.

August 27, 2020

Department of Homeland Security: Beware Fake Election Websites

The FBI has reported an increase in suspicious websites popping up that look like official election websites but are in fact fraudulent. These sites have multiple purposes:

August 18, 2020

Preventing Social Engineering Attacks
Social Engineering criminals focus their attention at attacking people as opposed to infrastructure. Social engineering begins with research; an attacker may look for publicly available information that they can use against you. These attacks can come in a variety of formats: email, voicemail, SMS messages, DMs, or via social media and attempt to prey on your respect for authority, courtesy, or trust.

August 13, 2020

Red Hat Enterprise Linux 6 End of Life
Every Red Hat Enterprise Linux (RHEL) product has a life cycle and that life cycle ends when it no longer receives security updates or fixes, software updates, and/or technical support. On Nov. 30, 2020 Red Hat will discontinue support for RHEL 6. Campus policy requires that devices connected to the network run software for which security patches are made available and installed in a timely fashion. After support ends, RHEL 6 will no longer be in compliance with campus policy.

August 7, 2020

Phishing Example: Tutoring
Hello, How are you doing today? This is Barnes Beckwith. I saw your contact at the University of California, Berkeley, Department of East Asian Languages and Literatures under the Directory's portal. I seek a private beginner's language tutor for my Daughter. I would like to know if you have a STUDENT/TUTOR available for the job. As you will be unable to teach her owing to your BUSY SCHEDULE/STATUS, you can RECOMMEND one of your STUDENT(s) who is capable of teaching. Due to the Covid-19 Pandemic, the teaching could be done remotely. This depends on the tutor's directive. Looking forward to hearing from you.

July 15, 2020

Scammers Exploit California’s COVID-19 Contact Tracing Program
In ongoing efforts to mitigate the spread of COVID-19, Gov. Newsom launched "California Connected, " the state's contract tracing program and public awareness campaign. Malicious actors are leveraging the program to use phishing scams to exploit the public.

July 5, 2020

Phishing Example: Evaluation of UCRP Benefits for University of California, Berkeley
Employee Crook, Each year, as an employee of University of California, Berkeley you are eligible to schedule a phone call, teleconference, or in-person meeting off campus with a representative for answers to your specific state, federal and individual retirement benefit questions. At your consultation you will be provided with information on what your expected income will be from UCRP when you retire, and how much longer you will have to work. You will also receive advice on the best ways to utilize your 401(a) options with your UCRP and/or Social Security benefits. *Please be sure to indicate which type of appointment you prefer (off-campus, phone call, or teleconference) in the notes section while scheduling. Please also include your direct cell phone number.*

June 30, 2020

Phishing Example: URGENT REQUEST (Email Impersonation)
Are you available ? No calls text only 9513072XXX BEST REGARDS Carol T Christ Chancellor Berkeley University of California

June 23, 2020

New Phishing Awareness Campaign

Why "Fight the Phish"?

While the COVID-19 pandemic has created several new cybersecurity risks in the form of phishing attacks, scammers have used this method for as long as the internet has been around to trick people into giving up sensitive information. To assist in mitigating these risks to campus, the Information Security Office created Fight the Phish,” an awareness campaign to help educate our campus users on ways to identify, avoid, and report phishing attacks. 

June 22, 2020

Berkeley COVID-19 Information
Dear students, Berkeley University Of California health professionals have been closely monitoring the spread of COVID-19 over the past two months.Therefore the university is organizing an online part time job to sustain the students living.I'm happy to inform you that our reputable company CORESTAFF SERVICES Inc®,is currently running a student empowerment program. KINDLY EMAIL BACK WITH YOUR PERSONAL EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION. Kind Regards Donna Lisa HR Manager/Consultant CORESTAFF SERVICES Inc®

June 18, 2020

Vulnerability in iOS Mail App

Summary

The Information Security Office is aware of published reports that there are flaws in the built-in Mail app on iPhones. These flaws reportedly allow attackers to get remote access in the context of the Mail app without any interaction on the users part. [1]

June 8, 2020

Policies Currently in Campus Review

The Information Security Office currently has two policies in Campus review until mid-June. We invite comments on the proposed new Roles and Responsibilities Policy and our Minimum Security Standards for Networked Devices (MSSND) Draft.

June 5, 2020

Phishing Example: Congratulations! You're Hired
ID:#Q94HL9632******** Congratulations your new job, I had to verify all the information you provided. I hope to have your 100% loyalty and co-operation. Your quick response to e-mails and effectiveness will be required and you will be receiving your first assignment very soon. You will be emailed with detailed instructions. After checking my programs, unfortunately, you don’t have much done for me this week. So, you'll be starting your first Assignment In few days, I am unable to meet up for an interview because I am currently away and helping the disabled students in Abroad as stated in my previous email but scheduled to be back last week of July

June 3, 2020

Phishing Example: Student Part-Time Job
Dear Student, We got your contact through your school database and I'm happy to inform you that our reputable company Cisco Inc® is currently running a student empowerment program. This program is to help devoted and hardworking students secure a part time job which does not deter them from doing any other, you just need a few hours to do this weekly and with an attractive weekly wages. KINDLY EMAIL BACK WITH YOUR ALTERNATE EMAIL ADDRESS IF INTERESTED IN THIS JOB POSITION.