UCLA students report getting scammed for UCLA Football tickets in group chats.
Recent News Articles
The UCLA Information Security Office (ISO) is aware of the recent report regarding the Microsoft BlueBleed data leak and has initiated contact with our campus Microsoft account representative to fully understand the extent of UCLA’s exposure. Open source tooling (https://socradar.io/labs/bluebleed) published by the security research group that originally detected this leak, SOCRadar, has indicated that ucla.edu was impacted to some extent.
We are writing to raise awareness and urge vigilance around a cyber threat actor group named Vice Society. This group has been observed by the FBI, CISA, and other agencies to disproportionately target the education sector with ransomware attacks, and the Information Security Office has recently tracked active attempts by their infrastructure to exploit campus platforms. This group recently claimed responsibility for the ransomware on LAUSD which resulted in the theft of 500GBs worth of data.
An additional high-severity vulnerability was reported on Google Chrome and Chromium-based browsers such as Microsoft Edge. The vulnerabilities have been actively exploited by threat actors, and it is advised to immediately update your browser across all platforms (PC, Windows, and Linux) and restart the browser.
Additional information is available at the link below:
CVE: CVE-2022-3075
Scam emails claim that an explicit video featuring the recipient will be leaked unless a ransom is paid.
Add an Image or Video
UPDATE 11/30/22This advisory has been updated with additional information from LastPass regarding a recent security incident with their affiliate, GoTo. No customer passwords were exposed as part of this incident. Additional information can be found at their blog post below:
https://blog.lastpass.com/2022/11/notice-of-recent-security-incident/
Department of Psychology needs the services of students to work remotely as research assistants and gets paid weekly.
Add an Image or Video
UPDATE 6/14/2022Microsoft has released a patch for this vulnerability as part of their June 2022 Patch Tuesday release. The patch is available via Windows Update or by visiting https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190.
We urgently require the services of students to fill the position of
Research assistants on a part time basis and get paid $350 weekly.
The position can be served remotely and materials needed to work with
will be provided by the department .
Review following security advisories related to recent job scams at UCLA and stay secure.
Please be aware, that we have received reports of a recent cybersecurity attack targeting email and mobile devices that requests an individual to accept DUO for multi-factor authentication.
What to Do
Never approve an authentication request for DUO that you did not initiate.
Endpoint Detection and Response product SentinelOne, will be retired on May 31st, 2022.
This product has been replaced with FireEye Endpoint Security (FES). Any asset that has SentinelOne installed will need to be uninstalled and replaced with FES.
After May 31st
- You will no longer have the ability to access the SentinelOne console to manage your SentinelOne assets.
- Assets with SentinelOne installed will no longer be protected or receive updates
Avoid mobile deposit scams.
Spear phishing attempt is a carefully crafted personalized email that is usually sent with an attachment or requests a response. The fraudster then tries to entice the recipient to open the infected attachment or respond with personal information.
We have reports from faculty and staff who have been recipients of a new twist on an old e-mail scam. These phishing scams often come from a non-UCLA email address with poor spelling/grammar.
You should never click a link or call back the number from an unexpected delivery notice.
UCLA Information Security Office is aware of UCLA students being targeted by fake job offer scams. Please read our recent Security Advisory regarding
Job Opportunity Scams at UCLA - Department of Computer Science.
UCLA Information Security Office is aware of UCLA students being targeted by fake job offer scams.
UPDATE 12/18/21
The Apache Software Foundation has updated their guidance on fully mitigating the log4j vulnerability and now recommend 2.17.0 as their most secure release.
Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a senior UCLA executive in a deception attempt to coerce the recipient into a response.
