ALERT
From: HELPDESK <p_nowek [at] szpital.uwm.edu.pl>
Sent: Thursday, April 21, 2022 10:29 AM
To: p nowek <p_nowek [at] szpital.uwm.edu.pl>
Subject: Re: ALERT
Substantive Change: Vulnerability Scanning Exception (EXCEPT0000268)
Effective: April 1, 2022
The vulnerability scanning requirement for all network connected managed devices to be scanned has been rescinded for another six months while Information Security works to release the new solution that offers this service as required in the standard.
GET PAID TO DRIVE
From: User, Typical S (mst3k)
Sent: Wednesday, April 13, 2022 3:32:31 PM
Subject: GET PAID TO DRIVE
Name of Company:
Visa Inc.
JOB TITLE:
Earn Money by Driving
JOB DESCRIPTION:
We seek interested applicants to go about their normal routine with the decal of the "2023 FIFA Women's World Cup" on their Vehicles.
Qualification:
• Have a valid driver’s license
• Drive at least 100 miles / weekly
SALARY:
$300 weekly
MESSAGE FROM HR DEPARTMENT
From: "User, Typical (mst3k)"
Date: April 13, 2022 at 3:28:28 PM EDT
Subject: MESSAGE FROM HR DEPARTMENT
Greetings,
You have a message from the Human Resources Department
Click here
Thank you,
Typical User
BioArchitecture Department
UVA
Charlottesville, Virginia 22904
Part-Time Intern!
rom: Typical User
Date: Sun, Apr 10, 2022 at 3:22 AM
Subject: Re: Part-Time Intern!
To:
AHEAD in conjunction with "The University of Virginia" is looking for
dynamic college students interns to join our team as paid interns which
will also gain valuable work experience and we work with interns to gain
academic credit if applicable.
AHEAD is a nonprofit organization dedicated to saving lives and responsible
for providing protection and advocacy for the rights of students with
disabilities
Critical Vulnerability in Spring Java framework
Action Needed: Critical Vulnerability in Spring Java framework
Threat: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
UPDATE 4/8/2022: Trend Micro Threat Research today confirmed that this Spring4Shell vulnerability has been exploited by the Mirai botnet.
Critical Vulnerability in macOS and iOS
Two critical zero-day vulnerabilities has been identified that require the immediate attention of anyone using a Macintosh computer, iPhone, or iPad.
Another Chrome Zero-Day flaw: CVE-2022-1096
Another Zero-Day flaw in the Chrome web browser for Windows, Macintosh, and Linux computers and Microsoft's Chromium-based Edge browser.
A zero-day flaw has been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaw (CVE-2022-1096) is a high severity flaw on the CVSS vulnerability-rating scale.
Log4j Java vulnerability
If you and/or your folks are not already working on finding/remediating the Apache log4j Java vulnerability (CVE-2021-44228), please prioritize this issue. It is a critical zero-day exploit.
When this vulnerability is exploited, the bad guy can run commands on your computers or servers, steal data, and/or use your computers to laterally pivot to other computers or servers.
Firefox Zero-Day Alert: CVE-2022-26485 and CVE-2022-26486
Zero-Day flaws in the Firefox web browser for Windows, Macintosh, and Linux computers
Two zero-day flaws have been found in the Mozilla Firefox web browser used on Windows, Macintosh, and Linux computers.
Report an Information Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.