News about this vulnerability is evolving and we will update this post as we gather information. Overview Things to do (IT staff) Recommendations for the UW community References Overview A zero-day vulnerability, dubbed “Follina” by a security researcher, allows remote code execution in Microsoft products. It has been actively exploited since April. On Monday, May…
We’ve received a report that there’s a high volume of scam tax/debt-relief calls to UW phone numbers today. The scammers are using rotating caller ID which makes it difficult to block the calls. They are likely attempting to entice members of the University community to reveal personal information, such as bank details, credit card numbers,…
Updated 4/18/22 There are multiple vulnerabilities in Google Chrome, the most severe of which allows an attacker to execute code in the context of the browser. Affects versions prior to 100.0.4896.88: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html CVE-2022-1364, a previously undisclosed vulnerability currently being exploited in the wild, was also patched. Affects versions prior to 100.0.4896.127 and any Chromium-based browser:…
Latest update Overview Issue Recommendations for the UW community Recommendations for developers Recommendations for IT staff References News and events are evolving quickly since the invasion of Ukraine on February 24, 2022. OIS staff will keep this page updated with any information relevant to cybersecurity at UW. Latest updates March 24, 2022 Security researchers report…
In a post that discusses why some Windows devices aren’t getting the latest quality and feature updates, a Microsoft Program Manager clarifies the connected time requirement for an update to be successful. The author of the post says that a minimum of two hours of continuous connectivity and six total hours of total connectivity is…
What is Log4j? Latest update Recommendations for everyone in the UW community Recommendations for specific groups End Users Developers System administrators and resource and service owners Log4j Vulnerability Summary Tools for detection Affected versions and patches OIS Quick Steps Joint Cybersecurity Advisory from CISA and others Relevant news References Latest update and latest info about…