Security Advisories

Alert: Cybersecurity attacks using DUO

Please be aware, that we have received reports of a recent cybersecurity attack targeting email and mobile devices that requests an individual to accept DUO for multi-factor authentication. 

 

What to Do

Never approve an authentication request for DUO that you did not initiate.

SentinelOne product retirement announcement

Endpoint Detection and Response product SentinelOne, will be retired on May 31st, 2022.

This product has been replaced with FireEye Endpoint Security (FES). Any asset that has SentinelOne installed will need to be uninstalled and replaced with FES.  

After May 31st 

  1. You will no longer have the ability to access the SentinelOne console to manage your SentinelOne assets. 
  2. Assets with SentinelOne installed will no longer be protected or receive updates 

 

[BruinTech] fyi - Critical vulnerability with Google Chrome and Chromium based browsers

Hello all,

We'd like to raise awareness about a serious vulnerability with Google Chrome and Chromium based browsers such as Microsoft Edge. Please see the details below.

In short, all affected users need to update and restart the browser to resolve the vulnerability.

Please contact us with any questions or requests for assistance.

Regards,

Jason Chambers - on behalf of the VMP Team
UCLA Information Security

Chime/Go2Bank solicitations for new bank accounts

FRAUD ALERT: Chime/Go2Bank solicitations for new bank accounts

UCLA has recently learned that some members of the UCLA community are receiving emails from financial institutions named Chime and Go2Bank. These emails may come in different forms and under a variety of subject lines. Some of the identified subject lines are:

Microsoft Windows Zero-Day Exploit - PrintNightmare

Please be advised of a critical, zero-day exploit, termed PrintNightmare, discovered in the Windows Print Spooler service that can result in privilege escalation and remote code execution when exploited. This can result in the full compromise of a system, and if leveraged against a domain controller, can be used to take control of the entire domain and propagate malware throughout the network.

IRS Warning of Impersonation Attacks Targeting Universities

The Internal Revenue Service (IRS) has issued warning of an ongoing IRS-impersonation scam targeting educational institutes, primarily students/staff who have a “.edu” email address. The phishing email appears to target individuals affiliated with education in all formats including public and private, profit and non-profit institutions.

Spear-phishing using fraudulent requests for interviews related to COVID research

As we focus on research around COVID-19, cybercriminals are focused on targeting researchers. The newest attack involves a fraudulent request for an interview with a well-known New Yorker columnist, Atul Gawande. From early reports, after initial contact, it seems the cybercriminals start a back and forth communication with anyone who responds. The attacker may even set up a phone conversation but ultimately, they send a malicious Microsoft Teams-like link.

Over One Dozen Critical Microsoft Bugs

Of the 120 bugs, Microsoft ranked 17 as “critical” and 103 as “important” vulnerabilities.

Five of the critical bugs (CVE-2020-1554, CVE-2020-1492, CVE-2020-1379, CVE-2020-1477 and CVE-2020-1525) are tied to Microsoft’s Windows Media Foundation (WMF), a multimedia framework and infrastructure platform for handling digital media in Windows 7 through Windows 10 and Windows Server 2008 through 2019. August’s bugs bring the number of critical bugs to ten, points out Allan Liska, senior security architect at Recorded Future.

CVE-2020-1472- 'Netlogon Elevation of Privilege Vulnerability'

Netlogon Remote Protocol (MS-NRPC) provides authentication for user and computer accounts in Windows active directory domain. A vulnerability in Netlogon Remote Protocol enables an unauthenticated attacker to impersonate a domain-joined computer and obtain domain administrator privileges.

The impact of this vulnerability is high.

A Vulnerability in F5 BIG-IP Edge Client for Windows Could Allow for Remote Code Execution

A vulnerability has been discovered in F5 BIG-IP Edge Client for Windows, which could allow for remote code execution. F5's BIG-IP is a family of products covering software and hardware designed around application availability, access control, and security solutions. Successful exploitation of this vulnerability allows for remote unauthenticated attackers to execute arbitrary code in the context of the application used to browse a specially-crafted web-page. This vulnerability may result in complete system compromise

Multiple Vulnerabilities in GRUB2 Could Allow for Complete System Compromise

Multiple vulnerabilities have been discovered in GRUB2, the most severe of which could allow for complete system compromise. GRUB2 is a popular Linux bootloader that works with UEFI secure boot. A boot loader is a piece of software that is designed to load and hand over control to the operating system when the system is first turned on. UEFI secure boot is a verification method added to the boot up process used to verify binaries loaded during bootup against a list of known trusted binary files.

VMware Releases Security Update for VeloCloud

VMware has released a security update to address a vulnerability in VeloCloud. An attacker could exploit this vulnerability to obtain sensitive information.

Impacted Products

VMware SD-WAN by VeloCloud (VeloCloud)

Advisory Details

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5.

Multiple Vulnerabilities in Juniper Products Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered in Juniper products, the most severe of which could allow for remote code execution. Juniper is a vendor for IT, networking and cybersecurity solutions. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions.