UCSF IT Technology

Threat Alert: Trusted Websites Delivering Fake Browser Updates

Google has introduced eight new top-level domains (TLDs), the equivalents of “.com”, that websites can use. Among these new TLDs are “.zip” and “.mov”.

Please note that this is not an all-inclusive list of all of the phishing and social engineering threats but rather ones that are typical of current threats and/or ones that impacted UCSF staff, faculty, and/or learners (must be logged in to MyAccess to view). Be diligent with all communications, and please, even if you think an email might be a phish, report it via Phish Alarm and find out almost instantly in most cases.

Administrative Services is a UCSF IT combined team providing high-touch, cross-functional human resource management and development support for IT leaders and staff across the organization.

The IT Finance and Campus Finance teams are responsible for the stewardship of IT’s financial resources (~$300M in annual spend and ~900 FTE). We ensure both IT’s and the institution's fiscal goals are met in compliance with accounting, regulatory, and other policies.

Cybercriminals have compromised an undisclosed media company that provides video content and advertising to hundreds of news outlets across the United States. Authentic-looking browser update alerts appear on the impacted news websites.

This phish is authorized by UCSF Information TechnologyHowever, this could have been sent by a criminal and scanning the QR code could have led to a criminal:

Threat Alert: Social Engineering Attacks Target GitHub Developers

The Enterprise Portfolio Management (EPM) domain serves as a centralized authority responsible for assisting in evaluating, prioritizing, and selecting projects and initiatives that align with the organization's strategic objectives. It establishes a framework for evaluating project proposals, assessing their potential risks and benefits, and determining their feasibility and alignment with the organization's mission, vision, and values.