Skip to main content
University of Wisconsin–Madison
UW Crest
UW–⁠Madison Information Technology
Connecting & supporting our digital campus
  • Services
  • Learn
  • About
  • Community & governance Expand Collapse
    • Communities, committees, groups
    • IT Governance
  • Priorities & projects Expand Collapse
    • IT Strategic Priorities 2022-2025
    • IT project portfolio
  • Cybersecurity
  • Academic technology
  • Accessibility
  • Accounts Expand Collapse
    • Email
    • MyUW
    • Learn@UW
    • Zoom
    • Box
    • Google Apps
    • More Services
  • Get help
  • Outages
  • Scam alerts
  1. Home
  2. Cybersecurity News

Cybersecurity News

LastPass update & recommendations

Posted on March 21, 2023

LastPass is a password manager available to faculty, staff and students. Though LastPass experienced a security incident late last year, we believe using it continues to be low risk.

Posted in Cybersecurity News, IT News

Tips to avoid tax season fraud

Posted on March 13, 2023

Don’t get scammed by IRS impersonators or make a poor choice on tax preparers. Protect your money and personal information with these tips. And a reminder: Take these steps if you get a suspicious email.

Posted in Cybersecurity Alerts, IT News

Cybersecurity Announcement: Pre-authenticated RCE Vulnerability in Microsoft Windows SPNEGO Extended Negotiation Security Mechanism

Posted on December 20, 2022

Microsoft has recently revised the severity for SPNEGO Extended Negotiation security mechanism (NEGOEX) vulnerability to critical from its previous High severity from the September 2022 patch release. The vulnerability is being tracked as CVE-2022-37958.

Posted in Cybersecurity Announcements

Stay cyber safe—and go on a (virtual) scavenger hunt!

Posted on October 14, 2022

What should you do if you get an MFA-Duo push notification that you didn’t request? How can you find out if your email or phone number was compromised in a data breach? And what the heck is “vishing?” Go on our scavenger hunt for Cybersecurity Awareness Month and find out!

Posted in Cybersecurity News, IT News

Cybersecurity Announcement: WordPress Releases Patch for High Severity SQL Injection Vulnerability

Posted on September 1, 2022

WordPress has released version 6.0.2.  This security and maintenance release contains patches for 3 vulnerabilities, including a high severity SQL Injection vulnerability in the Links functionality (CVSS Score of 8.0), as well as two Medium Severity Cross-Site Scripting vulnerabilities.

Posted in Cybersecurity Announcements, netid protected

Cybersecurity Announcement: Atlassian Bitbucket Server and Data Center Critical Vulnerability (CVE-2022-36804)

Posted on September 1, 2022

Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that allows remote attackers with access to public repositories or read access to private Bitbucket repositories to execute arbitrary code.

Posted in Cybersecurity Announcements, netid protected

Cybersecurity Announcement: Microsoft Windows Support Diagnostic Tool and Point-to-Point Protocol Remote Code Execution Vulnerability (CVE-2022-34713) and (CVE-2022-30133)

Posted on August 10, 2022

Microsoft released announcements for known vulnerabilities addressed in their Tuesday Patch release. Two are considered Remote Code Execution vulnerabilities, meaning an attacker can exploit the system vulnerabilities remotely.

Posted in Cybersecurity Announcements, netid protected

Cybersecurity Announcement: Django SQL injection vulnerability

Posted on July 5, 2022

Django, an open-source Python-based web framework, has detected a SQL injection vulnerability (CVE-2022-34265) in some recent versions.

Posted in Cybersecurity Announcements, netid protected

Cybersecurity Announcement: Linux Local Privilege Escalation Vulnerability (CVE-2021-4034 PwnKit)

Posted on June 26, 2022

Qualys researchers discovered a Local Privilege Escalation vulnerability (CVE-2021-4034) in polkit’s pkexec, a program that is installed by default on every major Linux distribution.

Posted in Cybersecurity Announcements, netid protected

Cybersecurity Announcement: Critical Illumina vulnerabilities (multiple CVEs)

Posted on June 7, 2022

Four critical vulnerabilities were discovered in Illumina Local Run Manager (LRM), software used by sequencing instruments to aid in genetic analysis.

Posted in Cybersecurity Announcements, netid protected
  • You're on page 1
  • 2
  • 3
  • 6
  • Next page

Site footer content

University logo that links to main university website

IT @ UW-Madison

  • Services
  • News
  • Learn
  • About
  • Community
  • IT priorities & projects

Quick Links

  • Get help
  • Get started with tech
  • Outages
  • Accessibility
  • Campus IT jobs
  • Submit feedback

Contact Us

    • facebook
    • twitter
    • instagram
    • youtube
    • linkedin

© 2023 Board of Regents of the University of Wisconsin System

Website created by DoIT Communications in WordPress as a child theme of the UW Theme | Privacy notice