As we all adopt new applications, tools and working practices in order to inhibit the spread of COVID-19, certain risks to University information and data are increasing. There are vulnerabilities associated with using devices and technologies from home and other locations, as well as an escalation of phishing and other cyber attacks that target the…
Other scams Phishing emails and emails containing malware often play to our innate fear responses. For example, recurring themes are urgent shipping notifications or warnings that an account will be closed if action is not taken immediately. Cybercriminals and other malicious cyber actors are looking for the latest trick to make their attacks more successful….
UW students are being targeted with an email scam disguised as info about an “under-cover shopper” job opening. Potential victims are sent a fraudulent check and sometimes asked to buy gift cards and take screenshots of the numbers to send to scammers. The email, which encourages students to apply for the bogus job, is crafted…
We posted a report about Emotet malware last December, and because we are seeing a resurgence of Emotet attacks, we are re-posting with some additional info. December 2019 Update Executive Summary Threat Overview and Analysis Emotet Activity at UW Emotet Impact Actions and Recommendations More Articles Executive Summary Emotet is a malware “Swiss Army Knife,”…
A cross-site scripting (XSS) vulnerability was recently discovered on your site. Why should you care and what should you do? First, what exactly is cross-site scripting (XSS)? XSS is an exploit that provides an attacker a way to execute malicious JavaScript in a victim’s browser. In other words, if your site has an XSS vulnerability,…
A(n) SQL injection vulnerability was recently discovered on your site. Why should you care and what should you do? First, what exactly is SQL injection? SQL injection is a form of attack in which malicious SQL statements are inserted into a web page form field and executed. Web pages/applications vulnerable to SQL injection essentially place…