Recent News Articles

The UCLA Information Security Office is aware of UCLA staff being targeted by messages from cyber criminals attempting to commit payroll fraud. Be wary of cyber criminals who may try to trick you by sending phishing emails or posing as HR and Payroll staff, asking you to change your bank account information.

Fraudulent emails usually ask for a change in banking information and may seem to come from the employee's genuine sender name and email signature. The scammers have enough knowledge about the authentic employee to impersonate them effectively on phone calls.

Information Security Office would like to inform you of a critical vulnerability (CVE-2023–27350) discovered and actively exploited in PaperCut NG/MF products. PaperCut NG/MF is a comprehensive print management system. Successful exploitation of this vulnerability could allow for unauthenticated, remote attackers to execute arbitrary code on the server in the context of the System user.

UCLA Information Security Office would like to inform you of a critical vulnerability (CVE-2023-26360) discovered and actively exploited in Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), which can result in privilege escalation and remote code execution when exploited.

We strongly urge all campus operators to immediately patch the servers on critical infrastructure and systems that are publicly facing the Internet.

Please visit the below links for additional details 

The UCLA Information Security Office is aware of UCLA staff being targeted by messages from Google Docs with the subject "Document shared with you: "HR BENEFITS.docx" requesting an urgent review of a faculty evaluation Google Doc. The email usually indicates this request is coming from a leader within the organization, but the sender address is often non-affiliated with UCLA. This is not a legitimate message from the organization, and the Google Doc should not be opened or responded to.

The UCLA Information Security Office is aware of UCLA staff/students are being targeted by messages from spoofed email addresses: account-security-noreply[@]ucla.edu making urgent calls to confirm their email accounts.

Spoofed emails are a common form of phishing attack that is designed to trick you into divulging personal information. Spoofed emails often contain links that lead to phishing websites or malware sites. Always hover over any links in the email to ensure that the URL matches the sender's website or a legitimate website.

The UCLA Information Security Office is aware of a phishing campaign attempting to coerce recipients into making donations to an unaffiliated individual. The "From" (uclagives[at]ucla.edu) address in this campaign is using an impersonated UCLA email in a deceptive attempt to gain legitimacy. This is not a legitimate donation campaign, and recipients should not provide any information or donation.

The UCLA Information Security Office is aware of a phishing campaign attempting to exploit the earthquake tragedy in Turkey to coerce recipients into making donations to an unaffiliated individual. The "From" (uclagives[at]ucla.edu) address in this campaign is using an impersonated UCLA email in a deception attempt to gain legitimacy. This is not a legitimate donation campaign, and recipients should not provide any information or donation.

BruinTechs,

The UCLA Office of the Chief Information Security Officer (OCISO) is embarking on an effort to evaluate and potentially replace the current campus password management solution, LastPass. To ensure that all campus needs are considered, we would like to invite participation from this group to complete the survey below gauging interest and desired features in the next service offering. The responses captured in this survey will be converted into a supplier questionnaire as a basis to evaluate their alignment with capabilities and requirements.

Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a senior UCLA executive in a deception attempt to coerce the recipient into a response.

The UCLA Information Security Office (ISO) is aware of the recent report regarding the Microsoft BlueBleed data leak and has initiated contact with our campus Microsoft account representative to fully understand the extent of UCLA’s exposure. Open source tooling (https://socradar.io/labs/bluebleed) published by the security research group that originally detected this leak, SOCRadar, has indicated that ucla.edu was impacted to some extent.

We are writing to raise awareness and urge vigilance around a cyber threat actor group named Vice Society. This group has been observed by the FBI, CISA, and other agencies to disproportionately target the education sector with ransomware attacks, and the Information Security Office has recently tracked active attempts by their infrastructure to exploit campus platforms. This group recently claimed responsibility for the ransomware on LAUSD which resulted in the theft of 500GBs worth of data.

An additional high-severity vulnerability was reported on Google Chrome and Chromium-based browsers such as Microsoft Edge. The vulnerabilities have been actively exploited by threat actors, and it is advised to immediately update your browser across all platforms (PC, Windows, and Linux) and restart the browser.

Additional information is available at the link below:

CVE: CVE-2022-3075

Add an Image or Video

Additional information from LastPass regarding customer vault data has been shared in an updated blog entry published on 12/22/22. In summary, LastPass has acknowledged that their recent incident led to the exfiltration of customer vault data through a backup copy obtained by the threat actor. The vault data remains encrypted, but could potentially be brute-forced by an attacker in an attempt to guess the Master Password and gain access to the entire vault.

Add an Image or Video

Microsoft has released a patch for this vulnerability as part of their June 2022 Patch Tuesday release. The patch is available via Windows Update or by visiting https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190.