Don’t get scammed by IRS impersonators or make a poor choice on tax preparers. Protect your money and personal information with these tips. And a reminder: Take these steps if you get a suspicious email.
Cybersecurity News
The Office of Cybersecurity manages the university’s risk-reduction efforts through data protection, ongoing diagnostics, cybersecurity awareness training and policies and procedures to safeguard intellectual property and sensitive information.
Cybersecurity Announcement: Pre-authenticated RCE Vulnerability in Microsoft Windows SPNEGO Extended Negotiation Security Mechanism
Microsoft has recently revised the severity for SPNEGO Extended Negotiation security mechanism (NEGOEX) vulnerability to critical from its previous High severity from the September 2022 patch release. The vulnerability is being tracked as CVE-2022-37958.
11/29 phishing alert! Subject: “Your $3500 from The University of Wisconsin”
There’s an active phishing campaign on campus in which the attacker impersonates a benefits specialist offering a $3,500 end-of-year bonus. The email asks recipients to click a link leading to a fake benefits site where they’re prompted to enter login information.
11/9 spam & tech support scam alert: Adult themed email from .ru domains
The Cybersecurity Operations Center and Information Technology’s Office 365 email team have been tracking an increase in spam email messages promoting adult websites. Some of these messages include links to tech support scam webpages.
Stay cyber safe—and go on a (virtual) scavenger hunt!
What should you do if you get an MFA-Duo push notification that you didn’t request? How can you find out if your email or phone number was compromised in a data breach? And what the heck is “vishing?” Go on our scavenger hunt for Cybersecurity Awareness Month and find out!
Cybersecurity Announcement: WordPress Releases Patch for High Severity SQL Injection Vulnerability
WordPress has released version 6.0.2. This security and maintenance release contains patches for 3 vulnerabilities, including a high severity SQL Injection vulnerability in the Links functionality (CVSS Score of 8.0), as well as two Medium Severity Cross-Site Scripting vulnerabilities.
Cybersecurity Announcement: Atlassian Bitbucket Server and Data Center Critical Vulnerability (CVE-2022-36804)
Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that allows remote attackers with access to public repositories or read access to private Bitbucket repositories to execute arbitrary code.
8/29 phishing alert! Subject: “School Job Offer”
Watch out for an active phishing campaign on campus in which the attacker offers a a part-time, work-from-home job.
Cybersecurity Announcement: Microsoft Windows Support Diagnostic Tool and Point-to-Point Protocol Remote Code Execution Vulnerability (CVE-2022-34713) and (CVE-2022-30133)
Microsoft released announcements for known vulnerabilities addressed in their Tuesday Patch release. Two are considered Remote Code Execution vulnerabilities, meaning an attacker can exploit the system vulnerabilities remotely.
Cybersecurity Announcement: Django SQL injection vulnerability
Django, an open-source Python-based web framework, has detected a SQL injection vulnerability (CVE-2022-34265) in some recent versions.