Information Security Office would like to inform you of a critical vulnerability (CVE-2023–27350) discovered and actively exploited in PaperCut NG/MF products. PaperCut NG/MF is a comprehensive print management system. Successful exploitation of this vulnerability could allow for unauthenticated, remote attackers to execute arbitrary code on the server in the context of the System user.
UCLA Information Security Office would like to inform you of a critical vulnerability (CVE-2023-26360) discovered and actively exploited in Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), which can result in privilege escalation and remote code execution when exploited.
We strongly urge all campus operators to immediately patch the servers on critical infrastructure and systems that are publicly facing the Internet.
Please visit the below links for additional details
The UCLA Information Security Office (ISO) is aware of the recent report regarding the Microsoft BlueBleed data leak and has initiated contact with our campus Microsoft account representative to fully understand the extent of UCLA’s exposure. Open source tooling (https://socradar.io/labs/bluebleed) published by the security research group that originally detected this leak, SOCRadar, has indicated that ucla.edu was impacted to some extent.
We are writing to raise awareness and urge vigilance around a cyber threat actor group named Vice Society. This group has been observed by the FBI, CISA, and other agencies to disproportionately target the education sector with ransomware attacks, and the Information Security Office has recently tracked active attempts by their infrastructure to exploit campus platforms. This group recently claimed responsibility for the ransomware on LAUSD which resulted in the theft of 500GBs worth of data.
An additional high-severity vulnerability was reported on Google Chrome and Chromium-based browsers such as Microsoft Edge. The vulnerabilities have been actively exploited by threat actors, and it is advised to immediately update your browser across all platforms (PC, Windows, and Linux) and restart the browser.
Additional information is available at the link below:
Add an Image or VideoUPDATE 12/22/22
Additional information from LastPass regarding customer vault data has been shared in an updated blog entry published on 12/22/22. In summary, LastPass has acknowledged that their recent incident led to the exfiltration of customer vault data through a backup copy obtained by the threat actor. The vault data remains encrypted, but could potentially be brute-forced by an attacker in an attempt to guess the Master Password and gain access to the entire vault.
Add an Image or VideoUPDATE 6/14/2022
Microsoft has released a patch for this vulnerability as part of their June 2022 Patch Tuesday release. The patch is available via Windows Update or by visiting https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190.
What to Do
Never approve an authentication request for DUO that you did not initiate.
Endpoint Detection and Response product SentinelOne, will be retired on May 31st, 2022.
This product has been replaced with FireEye Endpoint Security (FES). Any asset that has SentinelOne installed will need to be uninstalled and replaced with FES.
After May 31st
- You will no longer have the ability to access the SentinelOne console to manage your SentinelOne assets.
- Assets with SentinelOne installed will no longer be protected or receive updates