Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to [email protected].

Security Alerts and Suspicious Items Currently Affecting UVA:

Posted:

Another Zero-Day flaw in the Chrome web browser for Windows, Macintosh, and Linux computers and Microsoft's Chromium-based Edge browser. 

A zero-day flaw has been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaw (CVE-2022-1096) is a high severity flaw on the CVSS vulnerability-rating scale. It is a type confusion weakness in the Chrome V8 JavaScript engine reported by an anonymous security researcher.

Posted:

If you and/or your folks are not already working on finding/remediating the Apache log4j Java vulnerability (CVE-2021-44228), please prioritize this issue.  It is a critical zero-day exploit.

When this vulnerability is exploited, the bad guy can run commands on your computers or servers,  steal data, and/or use your computers to laterally pivot to other computers or servers. 

Information about this vulnerability, who it affects, how to search for it, and mitigation strategies if you find it are on our webpage: Action Needed: Critical Vulnerability in Widespread Java Logging Library

We want to make sure that finding and fixing this vulnerability is high priority for everyone. 

Thank you for helping to keep everyone’s data and information at UVA secure.  

Posted:

Zero-Day flaws in the Firefox web browser for Windows, Macintosh, and Linux computers

Two zero-day flaws have been found in the Mozilla Firefox web browser used on Windows, Macintosh, and Linux computers.

Posted:

From: User, Typical S (mst3k
Sent: Sunday, March 20, 2022 1:37 PM
Subject: EMERGENCY

Your mailbox storage has reached 98% on the email server. Visit OutlookStorage Access Page to adjust your Mailbox storage.

Note: To access your Outlook account for upgrade a notification call will come through your phone, kindly answer the call and then press 1 on your phone to continue.

Warm Regards,
Webmail Administrator

Posted:

From: Ticket #9540234 [email protected]>
Sent: Sunday, March 6, 2022 3:35:21 PM
To: UVA User [email protected]>

Posted:

From: Package Info
 Subject: Service Update for 24th Feb #GEESQ-24-14295109
 Date: February 24, 2022 at 3:11:38 PM EST
 To: "mst3k [at] virginia.edu"  
 Your services has been renewed
 This emails confirms the renewal of your services with G-Squad. We are glad to inform you that your plan with us has been renewed for $395.49. Please review the summary of your renewal:
 Renewal ID
 GEESQ-24-14295109
 Renewal date
 24-Feb-2022 09:15:55 EST
 
 Registered Email – confirmed
 [email protected] mailto:[email protected]    
 
 Description    Users    Qty    Amount
 Geek Secure Premium
 04    01    395.49 USD
 Subtotal    395.49 USD
 Total    395.49 USD
 Payment    395.49 USD
 
 Method used
 Credit/Debit Card
 Issues with this Email?

Posted:

From: virginia.edu Mail Admin  
Sent: Wednesday, February 23, 2022 7:27 PM
To: User, Typical S (mst3k)
Subject: virginia.edu Email Security Alert!!!

 

 

 

Posted:

From: "Garland, Maran K (mkg9d)"
Date: Friday, February 18, 2022 at 10:16 AM
To: "User, Typical (mst3k)"
Subject: Personal Assistant Position

Dear Student Faculty and Staff,

  There is an open position a business executive is currently out of the states for conference and business purposes he is in need of a very honest person to assist him during this period.

Duties:

Monitor Calls and reply to emails.

Receive and make payment to business clients.

Flight booking.

Payment : $400

Location: USA

Applicants must be 18 and above.

CLICK HERE To submit an application.

Maran K. Garland
434.964.7150

Posted:

From: "Lewis, Tanika (tl9jh)"
Date: 18 February 2022 at 14:26:04 GMT
To: Typical User
Subject: UVA Employment

Work remotely at your convenience from home or school this semester. Students and staff of  UNIVERSITY OF VIRGINIA  are qualified to apply, and payment is $400 weekly! Kindly CLICK HERE to submit an application.

Thanks.

Posted:

A critical vulnerability (CVE-2021-4034) has been identified that requires the immediate attention of most Linux users. Please prioritize this issue.  

Information about this vulnerability, who it affects, how to search for it, and mitigation strategies if you find it,  are on our webpage: Critical vulnerability in most default Linux installations

We want to make sure that finding and fixing this vulnerability is high priority for all Linux administrators.  Linux users who are not administrators should contact their administartor to make sure it is being fixed.

Thank you for helping to keep everyone’s data and information at UVA secure.