UCSF IT Technology

Cybercriminals have launched phishing attacks claiming to originate from a company help desk team.

Google has released Chrome version 108.0.5359.98/.99 for Windows and Chrome version 108.0.5359.98 for Mac, and Linux.  A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Chrome Stable Channel Update. IT Security

Cybercriminals have launched a series of phishing attacks impersonating the legitimate law firm, including Latham & Watkins.

Cybercriminals have launched a series of phishing attacks against individuals in the UK impersonating the recruitment company Michael Page.

Cybercriminals have compromised an undisclosed media company that provides video content and advertising to hundreds of news outlets across the United States. Authentic-looking browser update alerts appear on the impacted news websites.

Every year, as the holiday shopping season approaches, holiday-themed phishing attacks rise. Attackers know the season brings a high volume of ecommerce activity—and related notifications.

Cybercriminals have launched phishing attacks impersonating Twitter Services. The emails include links to lookalike landing pages that are designed to steal Twitter credentials and phone numbers. While the email display names make it appear the messages come from “Twitter Services,” the actual sending address is a Gmail account. The emails use the proposed change at Twitter of charging verified users a monthly fee to maintain their verification status.

Cybercriminals have launched a series of malicious email attacks impersonating an Amazon package order confirmation. The attack uses Amazon-branded emails delivered from a Zoom sending address, as threat actors are abusing Zoom’s infrastructure. The emails prompt recipients to click a link to download an invoice for order details.

Please note that this is not an all-inclusive list of all of the phishing and social engineering threats but rather ones that are typical of current threats and/or ones that impacted UCSF staff, faculty, and/or learners (must be logged in to MyAccess to view). Be diligent with all communications, and please, even if you think an email might be a phish, report it via Phish Alarm and find out almost instantly in most cases.

H-ISAC reported that a vulnerability in Apache Batik has been Weaponized. The vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. For a complete description of the vulnerabilities and affected systems go to Apache Batik CVE-2022-40146. IT Security