Skip to Main Content

Articles

LastPass - Notice of Recent Security Incident

Add an Image or Video

UPDATE 12/22/22

Additional information from LastPass regarding customer vault data has been shared in an updated blog entry published on 12/22/22. In summary, LastPass has acknowledged that their recent incident led to the exfiltration of customer vault data through a backup copy obtained by the threat actor. The vault data remains encrypted, but could potentially be brute-forced by an attacker in an attempt to guess the Master Password and gain access to the entire vault.

JOB POSITION!
​​​​​​​We urgently require the services  of  students  to  fill the position of Research assistants on a part time basis and get  paid $350  weekly. The position can be  served remotely and materials needed  to  work with will  be  provided  by the  department .
Internship UCLA
Review following security advisories related to recent job scams at UCLA and stay secure.
Alert: Cybersecurity attacks using DUO
Please be aware, that we have received reports of a recent cybersecurity attack targeting email and mobile devices that requests an individual to accept DUO for multi-factor authentication. 

 

What to Do

Never approve an authentication request for DUO that you did not initiate.

SentinelOne product retirement announcement

Endpoint Detection and Response product SentinelOne, will be retired on May 31st, 2022.

This product has been replaced with FireEye Endpoint Security (FES). Any asset that has SentinelOne installed will need to be uninstalled and replaced with FES.  

After May 31st 

  1. You will no longer have the ability to access the SentinelOne console to manage your SentinelOne assets. 
  2. Assets with SentinelOne installed will no longer be protected or receive updates 

 

Final Report for ...
Spear phishing attempt is a carefully crafted personalized email that is usually sent with an attachment or requests a response. The fraudster then tries to entice the recipient to open the infected attachment or respond with personal information.
Impersonation email campaign: Send me your available cell number

Recently UCLA has seen a significant increase in the volume of “impersonation” email campaigns affecting the campus community. These email campaigns rely on social engineering tactics and generally involve the creation of a Gmail account with a very similar email address to a senior UCLA executive in a deception attempt to coerce the recipient into a response.

Chime/Go2Bank solicitations for new bank accounts
FRAUD ALERT: Chime/Go2Bank solicitations for new bank accounts

UCLA has recently learned that some members of the UCLA community are receiving emails from financial institutions named Chime and Go2Bank. These emails may come in different forms and under a variety of subject lines. Some of the identified subject lines are:

Microsoft Windows Zero-Day Exploit - PrintNightmare

Please be advised of a critical, zero-day exploit, termed PrintNightmare, discovered in the Windows Print Spooler service that can result in privilege escalation and remote code execution when exploited. This can result in the full compromise of a system, and if leveraged against a domain controller, can be used to take control of the entire domain and propagate malware throughout the network.