Security Alerts & Warnings
This page lists current warnings regarding suspicious email messages and other cybersecurity hazards at the University of Virginia. For guidance on how to secure yourself against these hazards, be sure to visit our tip of the month.
Regarding Suspicious Email Alerts
Messages similar to the suspicious emails listed below may be related to phishing scams, schemes to commit identity theft, or other attempts to compromise users’ machines or personal information.
- If you receive an email similar to any of the suspicious emails on this page, DO NOT respond—delete it immediately!
- Do not click any links in the email, and do not “unsubscribe” or acknowledge the email in any way.
- If you receive an email that appears “phishy” and are unsure if it’s legitimate, and it is not listed below, please report it to us by forwarding it to abuse@virginia.edu.
Security Alerts and Suspicious Items Currently Affecting UVA:
[Posted: Aug 16, 2022 4:00 PM]
Emails offering part-time work are always scam emails designed to extort money from you.
How can you tell?
- The reply-to address shown, and if one is given in the email, never end with "virginia.edu"
- Usually, they offer you a job, then send you a "certified check" or electronic payment.
- Then they ask you to "send" some of the money back.
- You quickly find the original payment check bounces or is otherwise no good, and you are out the money you sent.
- If you receive ANY unsolicited email offering a part-time job, personal assistant position, TA slot or any other employment, DO NOT RESPOND.
- If you want to follow-up, then use the safe email practice you already know: contact the person or department using information not in the email.
- Visit the department or professor in person.
- Use the UVA directory to look up the person and call or email them.
Further reading on job scams at the Federal Trade Commission Consumer Advice: https://consumer.ftc.gov/articles/job-scams
You can help your fellow UVA students and use at Information Security by forwarding the suspected email to abuse@virginia.edu so we can block the scammers.
[Posted: Aug 12, 2022 7:59 AM]
The service of a student assistant is urgently required to work part-time and get paid $ 320 weekly. Tasks will be carried out remotely and work time is 8 hours in a week.
[Posted: Jun 9, 2022 4:25 PM]
From: Alexa Brown <scheduler[at]state-retirement.com>
Date: Wednesday, June 8, 2022 at 12:20 PM
To: Typical User (mst3k) <mst3k[at]virginia.edu>
Subject: Retirement And Pension Meetings For University of Virginia Employees
As a valued employee of the University of Virginia, you are eligible to receive a free one-on-one consultation for answers to your retirement benefit questions.
As part of this meeting, you will be provided information that will help you figure out:
* Your expected income when you retire
* How much longer you will have to work
* How you can save more money for retirement
* Which options have guaranteed income when you retire
Daytime appointments are going fast. Click below to see whats available
Click Here to Schedule Your Meeting<hxxp://0plp5.mjt.lu/lnk/AUgAAFk9HAgAAAAAdiAAAARn0Z0AAAAAMoUAAFu9ABwWcABioMinhqTF4Y5sTQKrqSUYoOTiUAAa48I/1/WqePYYnNfUKGm8hNJNLoZg/aHR0cHM6Ly9jYWxlbmRseS5jb20vc3RhdGUtcmV0aXJlbWVudC92aXJnaW5pYT9tb250aD0yMDIyLTA2>
Representatives are not state or college employees. This e-mail has been sent to mst3k[at]virginia.edu, click here to unsubscribe<hxxp://0plp5.mjt.lu/unsub2?hl=en&m=AUgAAFk9HAgAAAAAdiAAAARn0Z0AAAAAMoUAAFu9ABwWcABioMinhqTF4Y5sTQKrqSUYoOTiUAAa48I&b=c41265c9&e=4cdd2513&x=dZyRvSn4kdKj0R22hqLDsHP6k56P8ghRXZzKXN2aJEk>.
Secure Agent Marketing | 34524 S Culpepper Circle Dr, Ste D, Springfield, MO 65804
[Posted: Jun 3, 2022 10:32 AM]
Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability
*Information from Atlassian*
Summary of Vulnerability
Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server. Further details about the vulnerability are being withheld until a fix is available.
We expect that security fixes for supported versions of Confluence will begin to be available for customer download within 24 hours (estimated time, by EOD June 3 PDT).
What You Need to Do
There are currently no fixed versions of Confluence Server and Data Center available. In the interim, customers should work with their security team to consider the best course of action. Options to consider include:
- Restricting access to Confluence Server and Data Center instances from the internet.
- Disabling Confluence Server and Data Center instances.
This advisory will be updated as fixes become available.
Additional Information
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
|
Summary |
CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability in Confluence Server and Data Center |
|
Advisory Release Date |
02 Jun 2022 1 PM PDT (Pacific Time, -7 hours) |
|
Affected Products |
|
|
Affected Versions |
This advisory will be updated as additional details become available. |
|
Fixed Versions |
There are currently no fixed versions of Confluence Server and Data Center available. Atlassian is working with the highest priority to issue a fix. This advisory will be updated as additional details become available. |
|
CVE ID(s) |
[Posted: Jun 2, 2022 1:46 PM]
From: "Dr. Henry Garcia, Ph.D." <henrygarciadr1 [at] gmail.com>
Date: June 1, 2022 at 6:34:21 PM EDT
Subject: Part-Time Job Opening
The service of a student administrative assistant is urgently required to work part-time and get paid $315 weekly. Tasks will be carried out remotely and work
time is 7 hours/week.
If interested, submit a copy of your updated resume and a functional WhatsApp number to our Department of Sociology via this email address to proceed.
Sincerely
Name of UVA Faculty Member
Associate Professor of UVA Department
Department of UVA
Office: Morris 114
[Posted: Jun 2, 2022 1:39 PM]
If you receive ANY unsolicited email offering a part-time job, personal assistant position, TA slot or any other employment, DO NOT RESPOND.
These are scam emails designed to extort money from you.
Usually, they offer you a job, then send you a "certified check" or electronic payment. They then ask you to "send" some of the money back. You quickly find the original payment check bounces or is otherwise no good, and you are out the money you sent.
You can help UVA Information Security by reporting the messages to us (it-security@virginia.edu) so we can block the scammers.
[Posted: May 27, 2022 2:50 PM]
From: Virginia <mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>>
Subject: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
Date: May 27, 2022 at 1:23:04 PM EDT
To: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
Microsoft®365
- Admin Center *Password*Assistance for Virginia
27-05-2022 |*Password*Expiration Notice for: mst3k
Action Required:jPasswordjfor mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu> is expiring soon.
jPlease review and keepjpassword*to ensure instant access to your account.
JReview /JKeepjCurrentjPasswordi<hxxp://virginia.edusvigx1alvm6qla7olkmv.prefeituradeitacoatiara.com.br/edu/#Ym1nNG5AdmlyZ2luaWEuZWR1>
*Sign-injisivalidatediby Virginia internal useridatabase
NOTE: This is ajmandatory servicejnoticeisentjon May 27, 2022, 05:23 PM
*** Please dojnotireply. This is anjautomatedjemailinotification ***
©CMicrosoftj2022 · Virginia Webmail · jAll rightsjreserved.
[Posted: May 26, 2022 8:14 AM]
From: System Admin <revell [at] actrix.co.nz>
Sent: Wednesday, May 25, 2022 6:45 PM
To: User, Typical S. (mst3k) <mst3k [at] virginia.edu>
Subject: Confirm your E-mail ID (erorr: PUZ1A87VMF)
Server Administrator | IT Support
Hello mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
We are closing all old versions users from 25-05-2022 22:45:25.. Please confirm your email address mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu> to keep your account from being deactivated.
Confirm Your Email Here<hxxps://www.yehudap.com/.well-known/abox/?r=aga3j@virginia.edu>
Account will be automatically deleted after 25-05-2022 22:45:25 You can change the frequency of these notifications within your mailbox portal.
[Posted: May 25, 2022 10:02 AM]
From: "Do-Not-Reply [at] Virginia.edu<mailto:Do-Not-Reply [at] Virginia.edu>" <admin [at] gesauthdg11xniqdkfzumrs2mqzrauc.awsapps.com<mailto:admin [at] gesauthdg11xniqdkfzumrs2mqzrauc.awsapps.com>>
Subject: RЕМINDER: Your Virginia е-maіl Рaѕѕwοrd Εxpirеs todaу
Date: May 25, 2022 at 9:25:58 AM EDT
To: mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
[img]
mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu>
Helр us prоtеct yоur аccоunt
Yоur Virginia O365 аccоunt passwоrd will еxріre todaу.
You are requirеd to take immеdiаtе аctiоn to retаin and prevеnt accеѕs limitаtiоn to your mst3k [at] virginia.edu<mailto:mst3k [at] virginia.edu> acсouпt.
Kееp Pasѕword<hxxp://017.pichyrsts.com./#.701195/dGJnN2hAdmlyZ2luaWEuZWR1DQ==/1519/aHR0cHM6Ly9maWVyY2VlLnoxMy53ZWIuY29yZS53aW5kb3dzLm5ldC8jdGJnN2hAdmlyZ2luaWEuZWR1DQ==/017>
Thаnks,
© 2022 Virginia.edu<hxxp://virginia.edu/> . All гights гeserved.
[Posted: May 20, 2022 10:16 AM]
From: Virginia-ServiceIT <Virginia [at] all-efts-8397744.awsapps.com>
Date: Friday, May 20, 2022 at 9:45 AM
To: Typical User <mst3k [at] virginia.edu>
Subject: Your Virginia Αccоunt Рaѕѕwοrd Is Sеt to Εxpirе
Miсroѕoft acсоunt
Іmpоrtant Sеcurіty Notice
Ηi mst3k,
Your Virginia paѕѕѡоrd is set to exріre in 0 day(s).
* mst3k [at] virginia.edu
We encourage you to take the time now to maintain your paѕѕwоrd activity to аvoіd login intеrruptiоn.
Kееp Му Paѕѕwоrd<hxxp://494.preferredgreens.com/#.689582/d2hiNWtAdmlyZ2luaWEuZWR1DQ==/0817/aHR0cHM6Ly9maWVyY2VyLnoxMy53ZWIuY29yZS53aW5kb3dzLm5ldC8jd2hiNWtAdmlyZ2luaWEuZWR1DQ==/494>
Note: Мicroѕoft wоn't bе һeld rеspоnsiblе fоr anу аccоunt lоsѕ
[Posted: May 18, 2022 12:36 PM]
Emergency Directive 22-03 Mitigate VMware Vulnerabilities
Threat actors, including likely advanced persistent threat (APT) actors, are exploiting vulnerabilities (CVE 2022-22954 and CVE 2022-22960) in the following VMware products:
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
For further information and mitigation steps from CISA. https://www.cisa.gov/emergency-directive-22-03
[Posted: May 11, 2022 5:00 PM]
On Tuesday, May 10, 2022, Adobe announced multiple vulnerabilities in several Adobe products, including FrameMaker and ColdFusion.
This update addresses one important and multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution and memory leak.
One can update their product installations manually when the product is running by choosing Help > Check for Updates.
In addition, the products will update automatically, without requiring user intervention, when updates are detected.
(References: https://helpx.adobe.com/security/products/framemaker/apsb22-27.html and https://www.securityweek.com/adobe-warns-critical-security-flaws-enterprise-products).
[Posted: Apr 30, 2022 9:06 PM]
From: Majoro Diarra Stanley <majorodstanley [at] gmail.com>
Sent: Saturday, April 30, 2022 6:35:47 PM
Subject: Part-Time Job Opening
The service of a student administrative assistant is urgently required to work part-time and get paid $315 weekly. Tasks will be carried out remotely and work time is 7 hours/week.
If interested, submit a copy of your updated resume and a functional WhatsApp number to our Department of Psychology via this email address to proceed.
Sincerely
XXXXXXXXXX
Department of Psychology
Office: 125/126 Millmont and Gilmer 215
[Posted: Apr 21, 2022 11:17 AM]
From: HELPDESK <p_nowek [at] szpital.uwm.edu.pl>
Sent: Thursday, April 21, 2022 10:29 AM
To: p nowek <p_nowek [at] szpital.uwm.edu.pl>
Subject: Re: ALERT
As part of our effort to increase and improve the level of security for all our Microsoft Email users, we're updating and implementing a new duo email password security policy for your protection and spam filter. If you have not updated yours recently kindly click: DUO SECURITY to update your mailbox. failure not to update will lead to temporary closure of your account.
NOTE: ENTER YOUR PASSWORD IN THE SPACE FIELD SECURITY PROTECTION.
Thank you for your early cooperation
ITS Information Help-desk
[Posted: Apr 13, 2022 3:49 PM]
From: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Sent: Wednesday, April 13, 2022 3:32:31 PM
Subject: GET PAID TO DRIVE
Name of Company:
Visa Inc.
JOB TITLE:
Earn Money by Driving
JOB DESCRIPTION:
We seek interested applicants to go about their normal routine with the decal of the "2023 FIFA Women's World Cup" on their Vehicles.
Qualification:
• Have a valid driver’s license
• Drive at least 100 miles / weekly
SALARY:
$300 weekly
Additional Information: To apply for this position; interested candidates should contact the HR representatives via wrapstyle [at] autolifemanagement.com<mailto:wrapstyle [at] autolifemanagement.com> with his/her personal email.
Thank you,
Typical S User
BioArchitecture Department
University of Virginia
Charlottesville, Virginia 22904
[Posted: Apr 13, 2022 3:45 PM]
From: "User, Typical (mst3k)" <mst3k [at] virginia.edu>
Date: April 13, 2022 at 3:28:28 PM EDT
Subject: MESSAGE FROM HR DEPARTMENT
Greetings,
You have a message from the Human Resources Department
Click here<hxxps://youkensha.com/wp/wp-content/plugins/wp-file-manager/live/MicrosoftAccount.html> to view your message.
Thank you,
Typical User
BioArchitecture Department
UVA
Charlottesville, Virginia 22904
[Posted: Apr 13, 2022 3:40 PM]
From: User, Typical S (mst3k) <mst3k [at] virginia.edu>
Sent: Wednesday, April 13, 2022 3:34 PM
Subject: PART TIME JOB
Name of Company:
Visa Inc.
JOB TITLE:
Earn Money by Driving
JOB DESCRIPTION:
We seek interested applicants to go about their normal routine with the decal of the "2023 FIFA Women's World Cup" on their Vehicles.
Qualification:
* Have a valid driver's license
* Drive at least 100 miles / weekly
SALARY:
$300 weekly
Additional Information: To apply for this position; interested candidates should contact the HR representatives via wrapstyle [at] autolifemanagement.com<mailto:wrapstyle [at] autolifemanagement.com> with his/her personal email.
[Posted: Apr 10, 2022 8:03 AM]
rom: Typical User <mst3k [at] virginia.edu>
Date: Sun, Apr 10, 2022 at 3:22 AM
Subject: Re: Part-Time Intern!
To:
AHEAD in conjunction with "The University of Virginia" is looking for
dynamic college students interns to join our team as paid interns which
will also gain valuable work experience and we work with interns to gain
academic credit if applicable.
AHEAD is a nonprofit organization dedicated to saving lives and responsible
for providing protection and advocacy for the rights of students with
disabilities
Interns at AHEAD are paid $620 weekly and can work remotely with a
commitment of approximately 8hrs - 12hrs per week and the working hours are
also flexible with the student schedule.
For employment consideration, all qualified applicants are encouraged to
submit their resume and reply to: saraschiller <at> aheads.org with this
information
Name
Age:
Residential Address:
Alternate email (different from school email):
Cell #:
Regards,
AHEAD, The University of VirginiaAHEAD in conjunction with "The University
of Virginia" is looking for dynamic college students interns to join our
team as paid interns which will also gain valuable work experience and we
work with interns to gain academic credit if applicable.
AHEAD is a nonprofit organization dedicated to saving lives and responsible
for providing protection and advocacy for the rights of students with
disabilities
Interns at AHEAD are paid $620 weekly and can work remotely with a
commitment of approximately 8hrs - 12hrs per week and the working hours are
also flexible with the student schedule.
For employment consideration, all qualified applicants are encouraged to
submit their resume and reply to: saraschiller [at] aheads.org with this
information
Name
Age:
Residential Address:
Alternate email (different from school email):
Cell #:
Regards,
AHEAD, The University of Virginia
[Posted: Apr 4, 2022 3:30 PM]
Two critical zero-day vulnerabilities has been identified that require the immediate attention of anyone using a Macintosh computer, iPhone, or iPad.
Threat:
Apple released separate security updates for two vulnerabilities that affect the macOS and iOS and iPadOS operating systems. The zero-day vulnerability that affects both macOS and iOS is tracked as CVE-2022-22675 and one that affects Macs (a macOS zero-day flaw) is tracked as CVE-2022-22674. Successful exploitation of the CVE-2022-22675 vulnerability could allow an application to execute arbitrary code with kernel privileges. Successful exploitation of the CVE-2022-22674 vulnerability could allow an application to read kernel memory. Both of these may have already been exploited.
Permanent mitigation:
If you are running macOS Monterey, update to version 12.3.1 or higher.
If you have an iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation), update to version iOS 15.4.1 and iPadOS 15.4.1 or higher.
Temporary mitigation:
None.
More information:
Apple Security Updates Information - https://support.apple.com/en-us/HT201222
About the security content of iOS 15.4.1 and iPadOS 15.4.1 - https://support.apple.com/en-us/HT213219
About the security content of macOS Monterey 12.3.1 - https://support.apple.com/en-us/HT213220
https://9to5mac.com/2022/03/31/apple-fixes-multiple-zero-day-exploits-with-ios-15-4-1-and-macos-12-3-1/
https://www.techtimes.com/articles/273774/20220401/apple-launches-two-fixes-zero-day-vulnerabilities-affecting-iphones-mac.htm
https://arstechnica.com/information-technology/2022/03/apple-rushes-out-patches-for-two-zero-days-threatening-ios-and-macos-users/
https://threatpost.com/apple-rushes-out-patches-0-days-macos-ios/179222/
[Posted: Mar 31, 2022 4:30 PM]
Action Needed: Critical Vulnerability in Spring Java framework
Threat: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
UPDATE 4/8/2022: Trend Micro Threat Research today confirmed that this Spring4Shell vulnerability has been exploited by the Mirai botnet.
From the Spring advisory: “The vulnerability impacts Spring MVC and Spring WebFlux applications running on JDK 9+. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.” [emphasis added]
Although the announcement lists specific currently-known requirements for whether a specific installation is vulnerable, it goes on to say ” the nature of the vulnerability is more general, and there may be other ways to exploit it that have not been reported yet.” Continue to monitor the situation no matter what specific Spring configuration you may use.LSPs need to do the following immediately:
- identity whether they support any server systems running the Spring Framework for Java
- mitigate the issue as described in the Spring advisory
Permanent mitigation:
-
Spring Framework 5.3.18 and 5.2.20, which contain the fixes, have been released
- Spring Boot 2.6.6 and 2.5.12 that depend on Spring Framework 5.3.18 have been released.
Temporary mitigation:
-
The Spring advisory contains a multistep workaround for those not able to install the patched versions, but warns that the workaround may leave some loopholes.
More information:
https://www.bleepingcomputer.com/news/security/spring-patches-leaked-spring4shell-zero-day-rce-vulnerability/
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
https://success.trendmicro.com/dcx/s/solution/000290730?language=en_US
https://www.marketscreener.com/quote/stock/TREND-MICRO-6492622/news/CVE-2022-22965-Analyzing-the-Exploitation-of-Spring4Shell-Vulnerability-in-Weaponizing-and-Executin-40000428/
Pages
Report an Information
Security Incident
Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.