Search This Site

 

Main menu

Security Alerts & Warnings

This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia.  For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.

Regarding Suspicious Email Alerts

Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.

  • If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
  • Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
  • If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us. Forward it to abuse@virginia.edu.

Security Alerts and Suspicious Items Currently Affecting UVA:

[Posted: Jun 9, 2022 4:25 PM]

From: Alexa Brown <scheduler[at]state-retirement.com>
Date: Wednesday, June 8, 2022 at 12:20 PM
To: Typical User (mst3k) <mst3k[at]virginia.edu>
Subject: Retirement And Pension Meetings For University of Virginia Employees

As a valued employee of the University of Virginia, you are eligible to receive a free one-on-one consultation for answers to your retirement benefit questions.

 As part of this meeting, you will be provided information that will help you figure out:

  *   Your expected income when you retire
  *   How much longer you will have to work
  *   How you can save more money for retirement
  *   Which options have guaranteed income when you retire

      Daytime appointments are going fast. Click below to see whats available

Click Here to Schedule Your Meeting<hxxp://0plp5.mjt.lu/lnk/AUgAAFk9HAgAAAAAdiAAAARn0Z0AAAAAMoUAAFu9ABwWcABioMinhqTF4Y5sTQKrqSUYoOTiUAAa48I/1/WqePYYnNfUKGm8hNJNLoZg/aHR0cHM6Ly9jYWxlbmRseS5jb20vc3RhdGUtcmV0aXJlbWVudC92aXJnaW5pYT9tb250aD0yMDIyLTA2>

     Representatives are not state or college employees. This e-mail has been sent to mst3k[at]virginia.edu, click here to unsubscribe<hxxp://0plp5.mjt.lu/unsub2?hl=en&m=AUgAAFk9HAgAAAAAdiAAAARn0Z0AAAAAMoUAAFu9ABwWcABioMinhqTF4Y5sTQKrqSUYoOTiUAAa48I&b=c41265c9&e=4cdd2513&x=dZyRvSn4kdKj0R22hqLDsHP6k56P8ghRXZzKXN2aJEk>.

Secure Agent Marketing | 34524 S Culpepper Circle Dr, Ste D, Springfield, MO 65804

[Posted: Jun 3, 2022 10:32 AM]

Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability

*Information from Atlassian*

 

Summary of Vulnerability

Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available.

We expect that security fixes for supported versions of Confluence will begin to be available for customer download within 24 hours (estimated time, by EOD June 3 PDT).

 

What You Need to Do

There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:

  • Restricting access to Confluence Server and Data Center instances from the internet.
  • Disabling Confluence Server and Data Center instances.

This advisory will be updated as fixes become available.

 

Additional Information

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/

 

Summary

CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center

Advisory Release Date

02 Jun 2022 1 PM PDT (Pacific Time, -7 hours) 

Affected Products

  • Confluence
    • Confluence Server
    • Confluence Data Center

Affected Versions

  • At the present time we have confirmed that all supported versions of Confluence Server and Data Center are affected.
  • It’s likely that all versions of Confluence Server and Data Center are affected, but we have yet to confirm the earliest affected version.

This advisory will be updated as additional details become available.

Fixed Versions

There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix.

This advisory will be updated as additional details become available.

CVE ID(s)

CVE-2022-26134

[Posted: Jun 2, 2022 1:46 PM]

From: "Dr. Henry Garcia, Ph.D." <henrygarciadr1 [at] gmail.com>
Date: June 1, 2022 at 6:34:21 PM EDT
Subject: Part-Time Job Opening

The service of a student administrative assistant is urgently required to work part-time and get paid $315 weekly. Tasks will be carried out remotely and work
time is 7 hours/week.
If interested, submit a copy of your updated resume and a functional WhatsApp number to our Department of Sociology via this email address to proceed.

Sincerely
Name of UVA Faculty Member
Associate Professor of UVA Department
Department of UVA
Office: Morris 114

[Posted: Jun 2, 2022 1:39 PM]

If you receive ANY unsolicited email offering a part-time job, personal assistant position, TA slot or any other employment, DO NOT RESPOND.

These are scam emails designed to extort money from you.

Usually, they offer you a job, then send you a "certified check" or electronic payment. They then ask you to "send" some of the money back. You quickly find the original payment check bounces or is otherwise no good, and you are out the money you sent.

You can help UVA Information Security by reporting the messages to us (it-security@virginia.edu) so we can block the scammers.

[Posted: May 27, 2022 2:50 PM]

From: Virginia <mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>>
Subject: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
Date: May 27, 2022 at 1:23:04 PM EDT
To: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>

 

M­icr­oso­ft®365

- Admin Center *P­ass­wor­d*A­ss­is­ta­nc­e for Virginia

27-05-2022 |*P­as­sw­or­d*E­xp­ir­at­io­n N­ot­ic­e for: mst3k

A­ct­io­n R­eq­ui­re­d:jP­ass­wor­djf­or mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu> is e­xp­ir­in­g s­oo­n.
jP­le­as­e r­ev­ie­w a­nd k­eepjp­ass­wor­d*to e­nsu­re i­nst­ant a­cce­ss to y­our a­cco­unt.

JR­ev­ie­w /JK­ee­pjC­ur­re­ntjP­as­sw­or­di<hxxp://virginia.edusvigx1alvm6qla7olkmv.prefeituradeitacoatiara.com.br/edu/#Ym1nNG5AdmlyZ2luaWEuZWR1>
*S­ign-injisiv­ali­dat­ediby Virginia i­nte­rna­l u­serid­ata­bas­e

NOTE: T­his is ajm­and­ato­ry s­erv­icejn­oti­ceis­entjon May 27, 2022, 05:23 PM

*** P­lea­se dojn­otir­epl­y. T­his is anja­uto­mat­edje­mai­lin­oti­fic­ati­on ***

©CM­icr­oso­ftj2­022 · Virginia W­ebm­ail · jA­ll r­igh­tsjr­ese­rve­d.

[Posted: May 26, 2022 8:14 AM]

From: System Admin <revell [at] actrix.co.nz>
Sent: Wednesday, May 25, 2022 6:45 PM
To: User, Typical S. (mst3k) <mst3k [at] virginia.edu>
Subject: Confirm your E-mail ID (erorr: PUZ1A87VMF)

 

Server Administrator | IT Support

 

Hello mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>

We are closing all old versions users from 25-05-2022 22:45:25.. Please confirm your email address mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu> to keep your account from being deactivated.
Confirm Your Email Here<hxxps://www.yehudap.com/.well-known/abox/?r=aga3j@virginia.edu>

 

Account will be  automatically deleted after 25-05-2022 22:45:25 You can change the frequency of these notifications within your mailbox portal.

[Posted: May 25, 2022 10:02 AM]

From: "Do-Not-Reply [at] Virginia.edu<mailto:Do-Not-Reply [at] Virginia.edu>" <admin [at] gesauthdg11xniqdkfzumrs2mqzrauc.awsapps.com<mailto:admin [at] gesauthdg11xniqdkfzumrs2mqzrauc.awsapps.com>>
Subject: RЕ‏‏‏‏‏‏МI‏‏‏‏‏‏ND‏‏‏‏‏‏ER: Yo‏‏‏‏‏‏ur Virginia е-‏‏‏‏‏‏ma‏‏‏‏‏‏іl Рa‏‏‏‏‏‏ѕ‏‏‏‏‏‏ѕ‏‏‏‏‏‏wοr‏‏‏‏‏‏d Εx‏‏‏‏‏‏p‏‏‏‏‏‏irе‏‏‏‏‏‏s to‏‏‏‏‏‏d‏‏‏‏‏‏aу
Date: May 25, 2022 at 9:25:58 AM EDT
To: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>

[img]

mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
H‏‏‏‏‏‏e‏‏‏‏‏‏lр u‏‏‏‏‏‏s prо‏‏‏‏‏‏tе‏‏‏‏‏‏ct y‏‏‏‏‏‏оu‏‏‏‏‏‏r аc‏‏‏‏‏‏cо‏‏‏‏‏‏un‏‏‏‏‏‏t
Y‏‏‏‏‏‏о‏‏‏‏‏‏ur Virginia O‏‏‏‏‏‏365 аc‏‏‏‏‏‏cо‏‏‏‏‏‏un‏‏‏‏‏‏t p‏‏‏‏‏‏a‏‏‏‏‏‏ssw‏‏‏‏‏‏оr‏‏‏‏‏‏d w‏‏‏‏‏‏i‏‏‏‏‏‏ll е‏‏‏‏‏‏xр‏‏‏‏‏‏іr‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏‏e to‏‏‏‏‏‏d‏‏‏‏‏‏aу.

Yo‏‏‏‏‏‏u ar‏‏‏‏‏‏e re‏‏‏‏‏‏qu‏‏‏‏‏‏ir‏‏‏‏‏‏еd t‏‏‏‏‏‏o ta‏‏‏‏‏‏ke im‏‏‏‏‏‏mе‏‏‏‏‏‏di‏‏‏‏‏‏аt‏‏‏‏‏‏е аc‏‏‏‏‏‏ti‏‏‏‏‏‏оn t‏‏‏‏‏‏o ret‏‏‏‏‏‏аi‏‏‏‏‏‏n a‏‏‏‏‏‏nd pr‏‏‏‏‏‏evе‏‏‏‏‏‏nt ac‏‏‏‏‏‏cе‏‏‏‏‏‏ѕs lim‏‏‏‏‏‏itа‏‏‏‏‏‏ti‏‏‏‏‏‏оn t‏‏‏‏‏‏o yo‏‏‏‏‏‏ur mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu> ac‏‏‏‏‏‏сo‏‏‏‏‏‏uп‏‏‏‏‏‏t.

K‏‏‏‏‏‏е‏‏‏‏‏‏‏‏‏‏‏‏е‏‏‏‏‏‏p P‏‏‏‏‏‏a‏‏‏‏‏‏sѕ‏‏‏‏‏‏wor‏‏‏‏‏‏d<hxxp://017.pichyrsts.com./#.701195/dGJnN2hAdmlyZ2luaWEuZWR1DQ==/1519/aHR0cHM6Ly9maWVyY2VlLnoxMy53ZWIuY29yZS53aW5kb3dzLm5ldC8jdGJnN2hAdmlyZ2luaWEuZWR1DQ==/017>

Thа‏‏‏‏‏‏nks,

© 2022 Virginia.edu<hxxp://virginia.edu/> . Al‏‏‏‏‏‏l гi‏‏‏‏‏‏gh‏‏‏‏‏‏ts гe‏‏‏‏‏‏se‏‏‏‏‏‏rv‏‏‏‏‏‏ed.

[Posted: May 20, 2022 10:16 AM]

From: Virginia-ServiceIT <Virginia [at] all-efts-8397744.awsapps.com>
Date: Friday, May 20, 2022 at 9:45 AM
To: Typical User <mst3k [at] virginia.edu>
Subject: Yo‏‏‏‏‏‏ur Virginia Αcc‏‏‏‏‏‏оu‏‏‏‏‏‏nt Рa‏‏‏‏‏‏ѕ‏‏‏‏‏‏ѕ‏‏‏‏‏‏wοr‏‏‏‏‏‏d I‏‏‏‏‏‏s Sе‏‏‏‏‏‏t t‏‏‏‏‏‏o Εx‏‏‏‏‏‏p‏‏‏‏‏‏irе

Mi‏‏‏‏‏‏сro‏‏‏‏‏‏ѕo‏‏‏‏‏‏ft acс‏‏‏‏‏‏оunt

Іm‏‏‏‏‏‏pо‏‏‏‏‏‏rt‏‏‏‏‏‏an‏‏‏‏‏‏t Sе‏‏‏‏‏‏cu‏‏‏‏‏‏rі‏‏‏‏‏‏ty No‏‏‏‏‏‏ti‏‏‏‏‏‏ce

Η‏‏‏‏‏‏i mst3k,

Yo‏‏‏‏‏‏ur Virginia  pa‏‏‏‏‏‏ѕ‏‏‏‏‏‏ѕ‏‏‏‏‏‏ѡоr‏‏‏‏‏‏d i‏‏‏‏‏‏s se‏‏‏‏‏‏t t‏‏‏‏‏‏o ex‏‏‏‏‏‏р‏‏‏‏‏‏іr‏‏‏‏‏‏e i‏‏‏‏‏‏n 0 da‏‏‏‏‏‏y(s).

  *   mst3k [at] virginia.edu

W‏‏‏‏‏‏e en‏‏‏‏‏‏cou‏‏‏‏‏‏ra‏‏‏‏‏‏ge yo‏‏‏‏‏‏u t‏‏‏‏‏‏o ta‏‏‏‏‏‏ke th‏‏‏‏‏‏e ti‏‏‏‏‏‏me no‏‏‏‏‏‏w t‏‏‏‏‏‏o ma‏‏‏‏‏‏in‏‏‏‏‏‏ta‏‏‏‏‏‏in yo‏‏‏‏‏‏ur pa‏‏‏‏‏‏ѕ‏‏‏‏‏‏ѕ‏‏‏‏‏‏wоr‏‏‏‏‏‏d ac‏‏‏‏‏‏tiv‏‏‏‏‏‏ity t‏‏‏‏‏‏o аv‏‏‏‏‏‏oіd lo‏‏‏‏‏‏gi‏‏‏‏‏‏n int‏‏‏‏‏‏еr‏‏‏‏‏‏rupt‏‏‏‏‏‏iоn.
Kе‏‏‏‏‏‏е‏‏‏‏‏‏p М‏‏‏‏‏‏‏‏‏‏‏‏у Pa‏‏‏‏‏‏ѕ‏‏‏‏‏‏ѕ‏‏‏‏‏‏wоr‏‏‏‏‏‏d<hxxp://494.preferredgreens.com/#.689582/d2hiNWtAdmlyZ2luaWEuZWR1DQ==/0817/aHR0cHM6Ly9maWVyY2VyLnoxMy53ZWIuY29yZS53aW5kb3dzLm5ldC8jd2hiNWtAdmlyZ2luaWEuZWR1DQ==/494>

No‏‏‏‏‏‏te: Мi‏‏‏‏‏‏cro‏‏‏‏‏‏ѕo‏‏‏‏‏‏ft wо‏‏‏‏‏‏n't b‏‏‏‏‏‏е һe‏‏‏‏‏‏ld rеs‏‏‏‏‏‏pоn‏‏‏‏‏‏sib‏‏‏‏‏‏l‏‏‏‏‏‏е fо‏‏‏‏‏‏r an‏‏‏‏‏‏у аcc‏‏‏‏‏‏оu‏‏‏‏‏‏nt lо‏‏‏‏‏‏sѕ

 

[Posted: May 18, 2022 12:36 PM]

Emergency Directive 22-03 Mitigate VMware Vulnerabilities

Threat actors, including likely advanced persistent threat (APT) actors, are exploiting vulnerabilities (CVE 2022-22954 and CVE 2022-22960) in the following VMware products:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

For further information and mitigation steps from CISA.  https://www.cisa.gov/emergency-directive-22-03

[Posted: May 11, 2022 5:00 PM]

On Tuesday, May 10, 2022, Adobe announced multiple vulnerabilities in several Adobe products, including FrameMaker and ColdFusion.

This update addresses one important and multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.

One can update their product installations manually when the product is running by choosing Help > Check for Updates.     
In addition, the products will update automatically, without requiring user intervention, when updates are detected.      

(References: https://helpx.adobe.com/security/products/framemaker/apsb22-27.html and https://www.securityweek.com/adobe-warns-critical-security-flaws-enterprise-products).

 

[Posted: Apr 30, 2022 9:06 PM]

From: Majoro Diarra Stanley <majorodstanley [at] gmail.com>
Sent: Saturday, April 30, 2022 6:35:47 PM
Subject: Part-Time Job Opening

The service of a student administrative assistant is urgently required to work part-time and get paid $315 weekly. Tasks will be carried out remotely and work time is 7 hours/week.
If interested, submit a copy of your updated resume and a functional WhatsApp number to our Department of Psychology via this email address to proceed.

Sincerely
XXXXXXXXXX
Department of Psychology
Office: 125/126 Millmont and Gilmer 215

[Posted: Apr 21, 2022 11:17 AM]

From: HELPDESK <p_nowek [at] szpital.uwm.edu.pl
Sent: Thursday, April 21, 2022 10:29 AM
To: p nowek <p_nowek [at] szpital.uwm.edu.pl>
Subject: Re: ALERT

 

As part of our effort to increase and improve  the level of security for all our Microsoft Email users, we're updating and implementing a new duo email password  security policy for your protection and spam filter. If you have not updated yours recently kindly click: DUO SECURITY to update your mailbox. failure not to update will lead to temporary closure of your account.

 

NOTE: ENTER YOUR PASSWORD IN THE SPACE FIELD SECURITY PROTECTION.

 

Thank you for your early cooperation

ITS Information Help-desk

[Posted: Apr 13, 2022 3:49 PM]

From: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Sent: Wednesday, April 13, 2022 3:32:31 PM
Subject: GET PAID TO DRIVE

Name of Company:

Visa Inc.

JOB TITLE:

Earn Money by Driving

JOB DESCRIPTION:

We seek interested applicants to go about their normal routine with the decal of the "2023 FIFA Women's World Cup" on their Vehicles.

Qualification:

• Have a valid driver’s license

• Drive at least 100 miles / weekly

SALARY:

 $300 weekly

Additional Information: To apply for this position; interested candidates should contact the HR representatives via wrapstyle [at] autolifemanagement.com<mailto:wrapstyle [at] autolifemanagement.com> with his/her personal email.

Thank you,

Typical S User

BioArchitecture Department

University of Virginia

Charlottesville, Virginia 22904

[Posted: Apr 13, 2022 3:45 PM]

From: "User, Typical (mst3k)" <mst3k [at] virginia.edu>
Date: April 13, 2022 at 3:28:28 PM EDT
Subject: MESSAGE FROM HR DEPARTMENT

Greetings,

You have a message from the Human Resources Department

Click here<hxxps://youkensha.com/wp/wp-content/plugins/wp-file-manager/live/MicrosoftAccount.html> to view your message.

Thank you,

Typical User

BioArchitecture Department

UVA
Charlottesville, Virginia 22904

[Posted: Apr 13, 2022 3:40 PM]

From: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Sent: Wednesday, April 13, 2022 3:34 PM
Subject: PART TIME JOB

Name of Company:
Visa Inc.

JOB TITLE:
Earn Money by Driving

JOB DESCRIPTION:
We seek interested applicants to go about their normal routine with the decal of the "2023 FIFA Women's World Cup" on their Vehicles.

Qualification:
* Have a valid driver's license
* Drive at least 100 miles / weekly

SALARY:
 $300 weekly
Additional Information: To apply for this position; interested candidates should contact the HR representatives via wrapstyle [at] autolifemanagement.com<mailto:wrapstyle [at] autolifemanagement.com> with his/her personal email.

 

[Posted: Apr 10, 2022 8:03 AM]

rom: Typical User <mst3k [at] virginia.edu>
Date: Sun, Apr 10, 2022 at 3:22 AM
Subject: Re: Part-Time Intern!
To:

AHEAD in conjunction with "The University of Virginia" is looking for
dynamic college students interns to join our team as paid interns which
will also gain valuable work experience and we work with interns to gain
academic credit if applicable.
AHEAD is a nonprofit organization dedicated to saving lives and responsible
for providing protection and advocacy for the rights of students with
disabilities

Interns at AHEAD are paid $620 weekly and can work remotely with a
commitment of approximately 8hrs - 12hrs per week and the working hours are
also flexible with the student schedule.

For employment consideration, all qualified applicants are encouraged to
submit their resume and reply to: saraschiller <at> aheads.org with this
information

Name
Age:
Residential Address:
Alternate email (different from school email):
Cell #:

Regards,
AHEAD, The University of VirginiaAHEAD in conjunction with "The University
of Virginia" is looking for dynamic college students interns to join our
team as paid interns which will also gain valuable work experience and we
work with interns to gain academic credit if applicable.
AHEAD is a nonprofit organization dedicated to saving lives and responsible
for providing protection and advocacy for the rights of students with
disabilities

Interns at AHEAD are paid $620 weekly and can work remotely with a
commitment of approximately 8hrs - 12hrs per week and the working hours are
also flexible with the student schedule.

For employment consideration, all qualified applicants are encouraged to
submit their resume and reply to: saraschiller [at] aheads.org with this
information

Name
Age:
Residential Address:
Alternate email (different from school email):
Cell #:

Regards,
AHEAD, The University of Virginia

[Posted: Apr 4, 2022 3:30 PM]

Two critical zero-day vulnerabilities has been identified that require the immediate attention of anyone using a Macintosh computer, iPhone, or iPad. 

Threat:

Apple released separate security updates for two vulnerabilities that affect the macOS and iOS and iPadOS operating systems.  The zero-day vulnerability that affects both macOS and iOS is tracked as CVE-2022-22675 and one that affects Macs (a macOS zero-day flaw) is tracked as CVE-2022-22674. Successful exploitation of the CVE-2022-22675 vulnerability could allow an application to execute arbitrary code with kernel privileges.  Successful exploitation of the CVE-2022-22674 vulnerability could allow an application to read kernel memory.  Both of these may have already been exploited.  

Permanent mitigation:

If you are running macOS Monterey, update to version 12.3.1 or higher. 
If you have an iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), update to version iOS 15.4.1 and iPadOS 15.4.1 or higher. 

Temporary mitigation:

None. 

More information:

Apple Security Updates Information - https://support.apple.com/en-us/HT201222 
About the security content of iOS 15.4.1 and iPadOS 15.4.1 - https://support.apple.com/en-us/HT213219
About the security content of macOS Monterey 12.3.1 - https://support.apple.com/en-us/HT213220
https://9to5mac.com/2022/03/31/apple-fixes-multiple-zero-day-exploits-with-ios-15-4-1-and-macos-12-3-1/
https://www.techtimes.com/articles/273774/20220401/apple-launches-two-fixes-zero-day-vulnerabilities-affecting-iphones-mac.htm
https://arstechnica.com/information-technology/2022/03/apple-rushes-out-patches-for-two-zero-days-threatening-ios-and-macos-users/
https://threatpost.com/apple-rushes-out-patches-0-days-macos-ios/179222/

[Posted: Mar 31, 2022 4:30 PM]

Action Needed: Critical Vulnerability in Spring Java framework

 

Threat: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+

UPDATE 4/8/2022:  Trend Micro Threat Research today confirmed that this Spring4Shell vulnerability has been exploited by the Mirai botnet

From the Spring advisory: “The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.” [emphasis added]
Although the announcement lists specific currently-known requirements for whether a specific installation is vulnerable, it goes on to say ” the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.” Continue to monitor the situation no matter what specific Spring configuration you may use.LSPs need to do the following immediately:

  • identity whether they support any server systems running the Spring Framework for Java
  • mitigate the issue as described in the Spring advisory

Permanent mitigation:

  • Spring Framework 5.3.18 and 5.2.20, which contain the fixes, have been released

  • Spring Boot 2.6.6 and 2.5.12 that depend on Spring Framework 5.3.18 have been released.

Temporary mitigation:

  • The Spring advisory contains a multistep workaround for those not able to install the patched versions, but warns that the workaround may leave some loopholes.

More information:

https://www.bleepingcomputer.com/news/security/spring-patches-leaked-spring4shell-zero-day-rce-vulnerability/
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://success.trendmicro.com/dcx/s/solution/000290730?language=en_US
https://www.marketscreener.com/quote/stock/TREND-MICRO-6492622/news/CVE-2022-22965-Analyzing-the-Exploitation-of-Spring4Shell-Vulnerability-in-Weaponizing-and-Executin-40000428/

[Posted: Mar 28, 2022 9:30 AM]

Another Zero-Day flaw in the Chrome web browser for Windows, Macintosh, and Linux computers and Microsoft's Chromium-based Edge browser. 

A zero-day flaw has been found in the Chrome web browser used on Windows, Macintosh, and Linux computers. The flaw (CVE-2022-1096) is a high severity flaw on the CVSS vulnerability-rating scale. It is a type confusion weakness in the Chrome V8 JavaScript engine reported by an anonymous security researcher.

Google has released a fix to address this zero-day vulnerability (version 99.0.4844.84).  Shortly after Google released Chrome 99.0.4844.84, Microsoft announced that it has updated its Chromium-based Edge browser to version 99.0.1150.55, to resolve CVE-2022-1096

You can checked for new updates in Chrome by going into Chrome menu > Help > About Google Chrome.  Most Chrome and Edge browser will auto-updated AND the update requires the browser to be restarted.  Considering the disclosed vulnerability, you should update your Chrome browser to the latest version (at least 99.0.4844.84) or Microsoft Edge browser to the latest version (at least 99.0.1150.55) as soon as possible.  These web browser will also auto-check for new updates and automatically install them after the next re-start or launch.   

Double-check your browser is up-to-date

Chrome and Edge browsers will in many cases update to its newest version automatically.
However, we recommend you double-check if the update has been applied.

In Chrome, click on Settings  then About Chrome

If an update is available, Chrome will show that here and then start the download process. When it's completed, it will ask to relaunch the browser to complete the update.
If the browser is up-to-date, it will say "Google Chrome is up to date" and list the version number. Make sure it's at least 99.0.4844.84 
Additional Details

With this update, Google addressed the second Chrome zero-day since the start of 2022, the other one (tracked as CVE-2022-0609) patched last month.

(References: https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attackshttps://www.securityweek.com/google-issues-emergency-fix-chrome-zero-dayhttps://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html )

Please see the Chrome Security Page and the Chrome Releases webpages for more information.
 

[Posted: Mar 20, 2022 4:50 PM]

From: User, Typical S (mst3k <mst3k [at] virginia.edu>
Sent: Sunday, March 20, 2022 1:37 PM
Subject: EMERGENCY

Your mailbox storage has reached 98% on the email server. Visit OutlookStorage Access Page<hXXps://f190fc3a.sibforms.com/serve/MUIEAJrKWr7IFcHqJYxHk_e9JINRgJPmaCXsKVacyv82UwrCVicQYzDLLIO1C6AGq3vsxGtgsTm1oVM6zzVXcGlMnk0sZcrK3Kma387tk7XPBOFQ35kLJPAZCV9zj-wfo7EKpC63JV16LWzqz1_cCBUTGGW-tmvbo3m4JcpKDkbTnIlXDwAZBlX46vKP5-gp7i94mzOReftBFVbz> to adjust your Mailbox storage.

Note: To access your Outlook account for upgrade a notification call will come through your phone, kindly answer the call and then press 1 on your phone to continue.

Warm Regards,
Webmail Administrator

Pages

Subscribe to Security Alerts & Warnings

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form