UCSF IT Technology

Scammers are creating malicious quick response (QR) codes which they are including on official looking forms in public spaces, such as on customer satisfaction surveys outside businesses or on lookalike parking tickets placed on parked cars.  The malicious QR codes lead to download sites for malicious third-party applications or lookalike payment websites.  These s

Cybercriminals have launched a campaign distributing malware with an AI-themed lure.   The lure purports to be from an “Information Technology Manager” regarding a mandatory system update for employees.  The email body directs recipients as to how they can download the new AI-powered software.

Cybercriminals have started using the URL shortening service clck[.]ru in widespread phishing attacks in April.  The nature of these attacks and the lures used vary greatly.

Threat Alert: What to Watch For

Cybercriminals have launched a series of phishing attacks using a timely tax-themed lure.  The lures imitate the sharing of 2022 tax documents via a Citrix ShareFile link. The lures note that the download expires on April 18, 2023, the tax-filing deadline in the United States.

Cybercriminals have launched Okta-branded phishing attacks encouraging recipients to follow a link to resynchronize their Okta and Microsoft accounts.   Clicking on the link leads to a credential phishing kit that redirects the user to a lookalike Microsoft login page.

Google has released Chrome version 112.0.5615.121 to address an actively exploited zero-day vulnerability in Windows, macOS and Linux versions of the Google Chrome desktop browser. For a complete description of the vulnerabilities and affected systems go to Chrome Release Note.

Microsoft announced Windows 10 Home and Pro, Version 21H2 will reach end of service June 13, 2023. The software will no longer receive security updates after June 13, 2023For a complete description of the vulnerabilities and affected systems go to Windows 10 Home and Pro, Version 21H2.IT SecurityRead more about IT Security service offerings.

Cybercriminals have launched phishing attacks using apparently compromised SAP Concur and DocuSign accounts to distribute malicious emails.  The phishing lures use financial themes, such as an expense report on SAP Concur or a financial settlement document on DocuSign. The lures include malicious links.

Cybercriminals have launched phishing attacks using lures that impersonate Microsoft Teams meeting invites. The lures include a malicious link.  Clicking the malicious link leads to a credential phishing kit that redirects the user to a legitimate login page.