News

All News

October 1, 2019

Vulnerability in Exim Could Allow for Remote Command Execution (CVE-2019-16928)

Summary

A vulnerability has been discovered in Exim, which could allow for unauthenticated remote attackers to execute arbitrary system commands on the mail server. Exim is a mail transfer agent used to deploy mail servers on Unix-like systems. Successful exploitation of this vulnerability will enable the attacker to perform command execution as root in the context of the mail server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

September 6, 2019

Don’t pass on strong passwords

Passwords! What a headache, am I right? Sometimes it seems like that in order to be safe, your password must contain letters, numbers, punctuation, bird noises, and at least one Egyptian hieroglyph.

But the truth is that it’s easier to create a long, strong, safe password than most people think. Let’s take a quick look at a few tips for making a password that will keep your account safe.

Double your privacy, double your fun

(Only those old enough to remember the Wrigley's doublemint gum commercials will get this title.)

“Multi-factor authentication” is a tech industry term for using different types of verification to get into an account. You do this daily with the 2-Step. The idea is that you use multiple things at the same time to really prove that you’re actually you. A password is one example of a factor; a fingerprint is another.

Staying safe when shopping online

How easy is it to shop online? (Rhetorical question there.) It’s so convenient to be able to order anything you like and have it delivered right to your door. Unfortunately, that also means there’s more risk. Scammers and criminals can try to steal your information and money while you shop online.

The good news is that there are some easy things you can do to protect yourself and safely shop online. Let’s take a quick look at some tips: 

No peeking! Staying safe and private on Wi-Fi

Wi-Fi is great. Think about it, you pretty much carry an entire library and a direct line to anywhere in the world in your pocket. Nowadays many businesses offer Wi-Fi for their customers, so you can stay connected even while eating udon or waiting in line for toast.

But! That doesn’t mean it’s perfect. Using public Wi-Fi is sort of like doing, well, anything else in public: you want to be safe and not accidentally wander into trouble. Let’s talk about what you can do to protect yourself on Wi-Fi.

Up-to-date on updates: Keeping your software fresh

Software updates are sort of like exercise: Not everyone thinks about it, but everyone needs it, and they can make a big difference in keeping a system healthy. Let’s take a quick minute to talk about updates.

September 5, 2019

October is National Cyber Security Awareness Month!

NCSAM Champion Logo

This October, UC Berkeley is once again joining other universities, the National Cyber Security Alliance, and the U.S. Department of Homeland Security to help raise cyber security awareness during National Cyber Security Awareness Month (NCSAM). 

August 5, 2019

Updates to implementation plan for combating illegal file-sharing on Campus

File-sharing can heighten risks to you and the University. As an Internet Service Provider (under the Digital Millennium Copyright Act), UC Berkeley does not monitor its networks for the purpose of discoveringillegal activity. However, we act to make sure that Copyright, especially as it applies to digital assets, is respected within the Campus community.

July 21, 2019

Phishing Example: Robocalls
This call is from the Department of Social Security Administration. The reason you have received this phone call from our department is to inform you that we just suspend your Social Security number because we found some suspicious activity, so if you want to know more about it just press 1, thank you.

July 17, 2019

Phishing for Gift Cards
In the past few months, the campus has seen an increase in these types of phishing attacks. The most common form is a short message that starts with something like, "quick help needed," "are you in the office?", or "available?" from a person of authority. Often the messages appear to come from vice chancellors, deans, and department chairs.

July 8, 2019

Microsoft Windows Server 2008 End Of Life

Overview

June 3, 2019

CalNet Founding Father Karl Grose to Retire

Karl Grose, one of the founding fathers of CalNet, is retiring.

May 22, 2019

ISP is now The Information Security Office

You may have noticed some changes here at security.berkeley.edu. The Information Security and Policy office has taken a new name and undergone a website redesign. We are now The Information Security Office or ISO. Don't worry, all of our great content is still here. The new layout may take some getting used to, but our search function is better than ever and can help you find what you are looking for. 

May 21, 2019

Securing Your Devices While Traveling
Stay safe while traveling by following this simple tips

May 14, 2019

Patch IMMEDIATELY! - Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708)

Summary

*** Vulnerable RDP servers should be patched IMMEDIATELY even where there is a potential business impact (unscheduled maintenance). Notify security@berkeley.edu if you anticipate any delays in patching. ***

MS Windows Error Reporting Local Privilege Escalation Vulnerability (CVE-2019-0863)

Summary

A zero-day elevation of privilege vulnerability exists in the way Microsoft Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

While details about the use of the exploit are not available, it has reportedly been used in limited attacks against specific targets. Successful exploitation has been observed in the wild. [2][3]

April 10, 2019

Microsoft Windows 7 End Of Life

Overview

Every Windows product has a lifecycle and that lifecycle ends when it no longer receives security updates or fixes, software updates, and/or technical support. On Jan. 14, 2020 Microsoft will discontinue support for the Windows 7 Operating System. Without security, patches these systems will be easy targets for hackers, malware, and viruses.

March 14, 2019

Email Fraud Schemes Targeting Universities

A couple of recent phishing scams, referred to as a “Business Email Compromise (BEC),” have been targeting universities to steal funds through the purchasing process.

The first phishing scam targets suppliers that do business with campus by using Berkeley emails as the hook. These attacks involve purchase orders and requests for quotes that appear to come from the University, but are in fact fraudulent. 

Be Alert:

February 20, 2019

Information Security & Policy Staff Internship Opportunity

We are excited to announce that the Information Security and Policy Office is launching a Security Internship Program for staff. This is a unique opportunity for employees to work alongside the Security Operations and Assessments & Compliance teams. The internship is a chance for current Berkeley employees to develop a professional skill set in the information security domain and achieve breadth and depth of knowledge in the field. Interns will strengthen their career path potential, network with new colleagues, and contribute to the campus mission.

January 11, 2019

Email Impersonation Attacks Are on the Rise

A widely reported spear phishing scam, termed “Business Email Compromise (BEC),” has been targeting universities and other academic institutions. These attacks are spear phishing scams designed to impersonate someone you know in an attempt to gain access to sensitive information or to encourage you to transfer funds or provide gift cards. There has been an increase of these assaults across the University this new year.