Log in to see all content. Some content is hidden to the public.
Can't find what you're looking for? Help us improve the search functionality by reporting the expected results.
3331 Results
Nov 2022: Twitter-Themed Lures Used in Credential Phishing Attacks
Cybercriminals have launched phishing attacks impersonating Twitter Services. The emails include links to lookalike landing pages that are designed to steal Twitter credentials and phone numbers.While the email display names make it appear the messages come from “Twitter Services,” the actual sending address is a Gmail account.The emails use the proposed change at Twitter of charging verified users a monthly fee to maintain their verification status.
Nov 2022: Amazon-Themed Lures Distributed Via Zoom
Cybercriminals have launched a series of malicious email attacks impersonating an Amazon package order confirmation.The attack uses Amazon-branded emails delivered from a Zoom sending address, as threat actors are abusing Zoom’s infrastructure.The emails prompt recipients to click a link to download an invoice for order details.
Real Phishing and Social Engineering Threats
Please note that this is not an all-inclusive list of all of the phishing and social engineering threats, but rather ones that are typical of current threats and/or ones that impacted UCSF staff, faculty, and/or learners (must be logged in to MyAccess to view). Be diligent with all communications, and please, even if you think an email might be a phish, report it via Phish Alarm and find out almost instantly in most cases.
Vulnerability in Apache Batik Has Been Weaponized
H-ISAC reported that a vulnerability in Apache Batik has been Weaponized. The vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. For a complete description of the vulnerabilities and affected systems go to Apache Batik CVE-2022-40146. IT Security
Apache Kylin Command Injection Vulnerability
A command injection vulnerability exists within Apache Kylin. For a complete description of the vulnerabilities and affected systems go to Apache Kylin CVE-2022-24697. IT Security Read more about IT Security service offerings.
Vulnerability in Aruba Network InstantOS
A classic buffer overflow vulnerability exists within Aruba Networks InstantOS 8.10.0.1. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user.
PoC Code Published for High-Severity macOS Sandbox Escape Vulnerability
Tracked as CVE-2022-26696 (CVSS score of 7.8), the security defect was identified and reported last year, with a patch available since the release of macOS Monterey 12.4 in May. Apple notes that the flaw allowed a sandboxed process to circumvent sandbox restrictions, and that improved environment sanitization resolved the issue.
Trend Micro Apex One for SaaS Improper Authentication Vulnerability
An improper authentication vulnerability exists within Trend Micro Apex One for SaaS. Successful exploitation of this vulnerability could allow an attacker to bypass the product’s login authentication by falsifying request parameters on affected installations. For a complete description of the vulnerabilities and affected systems go to Trend Micro Security Bulletin September 2022. IT Security
Vulnerability within Moodle 4.0.2.
Mandiant reveals vulnerability within Moodle 4.0.2. A remote code execution risk when restoring backup files originating from Moodle 1.9 For a complete description of the vulnerabilities and affected systems go to Moodle Security Announcement. IT Security Read more about IT Security service offerings.
IBM InfoSphere Information Server on Cloud 11.7 Command Injection Vulnerability
IBM released a patch to address a vulnerability in the IBM InfoSphere Information Server on Cloud 11.7. IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vulnerability due to improper neutralization of special elements. For a complete description of the vulnerabilities and affected systems go to IBM Security Bulletin. IT Security Read more about IT Security service offerings.