Office of the Chief Information Security Officer

September 28, 2020

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month Events listed are for members of the UW community. Watch this space for additional announcements and links. Email for Zoom links. Week 4: Securing Internet-Connected Devices in Healthcare Monday 10/19, 2:00-3:00 Digital Threat: Ransomware Presented by Cindy Jenkins, Senior Security Engineer, UW Medicine IT Services Audience: All members of…

September 18, 2020

ZoomInfo is NOT Zoom

A company by the name of ZoomInfo has been sending unsolicited emails to the UW community, ostensibly to notify recipients of their privacy policies. An example is posted below. Zoominfo develops customer contact lists that other companies use to support sales and marketing campaigns. Lists are developed by crawling websites for an individual’s contact information….

September 16, 2020

Windows Active Directory Vulnerability

Zerologon (CVE-2020-1472) Domain Controller Exploit in Windows AD (This alert is for IT staff in departments running their own AD domain. This is an issue at the Windows domain level, not at the individual Windows computer level.) tl;dr There are many exploits on github that could allow an adversary to run remote code that enables…

September 10, 2020

Microsoft WSUS vulnerable to attack

Secure your WSUS environment with HTTPS for future updates. This week Microsoft announced that the installation of this month’s (Sept 2020) security updates will stop future software updates from arriving if organizations using its Windows Server Update Services (WSUS) solution for patch management are connecting using the HTTP protocol rather than HTTPS. WSUS is configured…

September 9, 2020

Web Shells Risk Advisory

Web shells allow remote administration on web servers. They may be used for legitimate purposes, but they are often installed by cybercriminals and other adversaries to gain unauthorized access to systems and networks, including those at universities. Our new risk advisory has more information about this threat and tactics for mitigating it. Go to advisory…

July 20, 2020

Hackers target COVID-19 research

This message was sent via email to UW researchers by Joe Giffels, Associate Vice Provost for Research Administration and Integrity, and Rebekah Skiver Thompson, Associate Vice President and Chief Information Security Officer on July 20, 2020. On July 16, national security agencies in the U.S., the U.K., and Canada jointly issued an advisory describing Russian…

Next page