OIS News and Alerts

March 17, 2020

Scams Aimed at Remote Work

As we all adopt new applications, tools and working practices in order to inhibit the spread of COVID-19, certain risks to University information and data are increasing. There are vulnerabilities associated with using devices and technologies from home and other locations, as well as an escalation of phishing and other cyber attacks that target the…


March 9, 2020

Coronavirus themed phishing

Other scams Phishing emails and emails containing malware often play to our innate fear responses. For example, recurring themes are urgent shipping notifications or warnings that an account will be closed if action is not taken immediately. Cybercriminals and other malicious cyber actors are looking for the latest trick to make their attacks more successful….


February 20, 2020

Secret shopper job scam

UW students are being targeted with an email scam disguised as info about an “under-cover shopper” job opening. Potential victims are sent a fraudulent check and sometimes asked to buy gift cards and take screenshots of the numbers to send to scammers. The email, which encourages students to apply for the bogus job, is crafted…


December 11, 2019

Updated: Emotet Malware Report

We posted a report about Emotet malware last December, and because we are seeing a resurgence of Emotet attacks, we are re-posting with some additional info. December 2019 Update Executive Summary Threat Overview and Analysis Emotet Activity at UW Emotet Impact Actions and Recommendations More Articles Executive Summary Emotet is a malware “Swiss Army Knife,”…


May 23, 2019

Mitigating Cross-site Scripting (XSS) Vulnerabilities

A cross-site scripting (XSS) vulnerability was recently discovered on your site. Why should you care and what should you do? First, what exactly is cross-site scripting (XSS)? XSS is an exploit that provides an attacker a way to execute malicious JavaScript in a victim’s browser. In other words, if your site has an XSS vulnerability,…


Mitigating SQL Injection (SQLi) Vulnerabilities

A(n) SQL injection vulnerability was recently discovered on your site. Why should you care and what should you do? First, what exactly is SQL injection? SQL injection is a form of attack in which malicious SQL statements are inserted into a web page form field and executed. Web pages/applications vulnerable to SQL injection essentially place…