Office of the Chief Information Security Officer

September 1, 2021

PrintNightmare: Patches released 9/14/21

print nightmare

Update 9/15/2021 Microsoft released security updates yesterday to address the remaining PrintNightmare vulnerabilities. Update 9/1/2021 This post is an update for this previous post regarding the Microsoft Print Spooler vulnerabilities known as “PrintNightmare.” As stated in the August 16 post, Microsoft updated CVE-2021-34527, Windows Print Spooler Remote Code Execution Vulnerability to indicate that patches…

August 30, 2021

CosmosDB critical vulnerability

planet and stars

A cloud security vendor, Wiz, announced on Friday (8/26) that they discovered a vulnerability in Microsoft Azure’s managed database service, Cosmos DB, that grants read/write access for every database on the service to attackers who find and exploit the bug. They named the vulnerability “Chaos DB.” Wiz made the discovery two weeks ago, but they…

August 17, 2021

Scam alert

Recently there has been a surge in phishing and scams targeting UW students, faculty, and staff. Many of these emails appear to be job offers or alerts from UW accounts or UW offices. There is a “fresh phish” below that offers $800/week with bonuses. More examples can be found on the Phishing Examples web page….

August 13, 2021

Public vs. private: Social media

social media icons

This week in the public vs. private series we are considering security measures to keep data private on social media applications. As a part of their Telework and Mobile Security Guidance, the National Security Agency and Central Security Service has published a list of best practices for keeping safe on social media. Their guidance includes…

July 30, 2021

Public vs private: Wireless encryption

This week in the public vs. private series we will cover what to do to keep your personal and UW data private, particularly while you’re in a public place. In order to protect your data, it is good to understand two “states” of data: Data at rest Data in transit Data stored on computers, laptops,…

July 23, 2021

Public vs. private: WFH

Our public vs. private series was rudely interrupted the past few weeks by news about multiple vulnerabilities in Windows Print Spooler (as of this writing, the safest mitigation is still to keep Print Spooler disabled until Microsoft releases a patch). But we’re back on track this week with some public vs. private guidance for working…

Next page