A company by the name of ZoomInfo has been sending unsolicited emails to the UW community, ostensibly to notify recipients of their privacy policies. An example is posted below. Zoominfo develops customer contact lists that other companies use to support sales and marketing campaigns. Lists are developed by crawling websites for an individual’s contact information….
Zerologon (CVE-2020-1472) Domain Controller Exploit in Windows AD (This alert is for IT staff in departments running their own AD domain. This is an issue at the Windows domain level, not at the individual Windows computer level.) tl;dr There are many exploits on github that could allow an adversary to run remote code that enables…
Secure your WSUS environment with HTTPS for future updates. This week Microsoft announced that the installation of this month’s (Sept 2020) security updates will stop future software updates from arriving if organizations using its Windows Server Update Services (WSUS) solution for patch management are connecting using the HTTP protocol rather than HTTPS. WSUS is configured…
Web shells allow remote administration on web servers. They may be used for legitimate purposes, but they are often installed by cybercriminals and other adversaries to gain unauthorized access to systems and networks, including those at universities. Our new risk advisory has more information about this threat and tactics for mitigating it. Go to advisory…
This message was sent via email to UW researchers by Joe Giffels, Associate Vice Provost for Research Administration and Integrity, and Rebekah Skiver Thompson, Associate Vice President and Chief Information Security Officer on July 20, 2020. On July 16, national security agencies in the U.S., the U.K., and Canada jointly issued an advisory describing Russian…
(Updated July 15, 2020) Currently there’s a surge in email scams aimed at UW students. Deceptive offers may arrive in the following forms: Offers for internships, work-from-home, and “secret shopper” jobs Help with financial aid, tuition payments, and government assistance Voicemails and robocalls that try to entice you call back with personal information Hoaxes that…