CISO News and Alerts

March 15, 2023

Patch now! MS Outlook 0-Day vulnerability

Summary Recommendations for UW students, faculty, and staff Technical details Things UW-IT will do Recommendations for IT Staff Resources Summary On March 14th, Microsoft disclosed a critical security vulnerability (CVE-2023-23397) that affects all supported versions of Microsoft Outlook for Windows. The vulnerability can be exploited with an email message or a calendar invitation, and ultimately,…


March 3, 2023

March 31st is World Backup Day

Help spread awareness of the importance of backing up important data all year long! Why are backups important? UW Administrative Policy Statement 2.6, Information Security Controls and Operational Practices, states: “University of Washington shall … appropriately protect the confidentiality, integrity, and availability of institutional information that it creates, receives, maintains, or transmits.” A failure to…


LastPass data breach update

Latest update What happened? December 2022 post Update 3/2/23 Additional details have emerged about the nature of the LastPass data breach that the company disclosed in December 2022. An updated summary of those details are included in the What Happened section below. UW’s LastPass Enterprise accounts UW-IT is reviewing the latest disclosures about the LastPass…


February 17, 2023

Separate user and admin accounts

Are you using an account with administrative (admin) privileges to perform day-today work tasks? Many people do, but it is not a recommended practice. Here’s why: Adversaries can gain access to your computer through successful phishing attacks or if you unintentionally download malware from an infected website. If this happens while you are using an…


February 3, 2023

Home network security

So far this year, we’ve posted tips for securing connections, devices, and UW NetID credentials, along with ways to spot scams and phishing attempts. We have one more resolution for staying Cyber Smart in 2023. Resolution #6: Secure your home network How much do you know about your managing your computer, router and other devices on your home network?…


January 26, 2023

Emotet is back

Emotet is a highly adaptable form of malware that has been around since 2014, when it first surfaced as a banking Trojan. Emotet is referred to as a malware “Swiss Army Knife” because it offers attackers a number of methods of infection and subsequent actions. It is frequently used in mass malicious email campaigns, as…