Latest Security Alert

Faulty Configuration Update from CrowdStrike Causes Global Outage

CrowdStrike, a leading endpoint detection and response (EDR) provider, found itself in hot water due to a major outage caused by their configuration update.

Beware of SMS Phishing (Smishing) Attempts Targeted at the UCR Community

Higher education institutions such as UC Riverside are prime targets for phishing, the fraudulent practice of sending communications (e.g., emails and SMS messages) that appear to be from reputable individuals or companies in order to induce people to reveal confidential information. The attacker's goal is to gain access to sensitive data and login information, install...

Vendor Risk Assessment Delay due to IMPACT23 Blackout Dates

We would like to inform you that the upcoming system blackout for the Financial System Replacement Program, Impact23, will affect vendor risk assessments (VRAs). From June 16 th through July 6th, 2023. This will cause delays for VRAs. During the next few weeks leading up to the blackout period, the Information Security Office will focus...

Information on LastPass Security Breach

Updated on 3/10/23 to reflect new information On December 22nd, LastPass notified its customers that, late in 2022, a hacker was able to obtain the full, encrypted vaults for many or all of its customers. On March 1st, LastPass released an update on the details of the security breach. You can read all the details...

Notice of Smishing Texts Targeting UCR Community

The Information Security Office has become aware of an increase in spam SMS also known as “smishing” being sent to the UCR community. When cybercriminals "phish," they are sending fraudulent emails that aim to trick the recipient into opening a malware attachment or clicking on a malicious link, and they “smish” when they try to...

Known Issue with PhishAlarm When Using R'Mail to Report

The UCR Information Security Office is aware there is an issue with the PhishAlarm reporting tool not working properly for some users on R'Mail. This is an intermittent problem and only affecting some R'Mail users. We are working to find a solution and will provide an update to users once the issue is resolved. If...
animated web browser with explanation point and open lock

Critical Vulnerability (CVE-2021-44228, CVE-2021-45046) in Apache log4j Library

The Apache Software Foundation has updated their guidance on fully mitigating the log4j vulnerability and now recommends 2.17.0 as their most secure release. Please review their latest security information at for more information. Please be advised that multiple critical severity remote code execution vulnerabilities ( CVE-2021-44228, CVE-2021-45046) have been discovered in Apache Log4j2 = 2.14.1...
receipt comes out of envelope with a big red X

Information About Chime/Go2Bank Solicitations for New Bank Accounts

UC recently learned that names, Social Security numbers and other personal information of some members of the UC community are being used to open unauthorized bank accounts at financial institutions named Chime and Go2Bank. We do not believe UC accounts have been compromised, and we suspect the personal information being used to create these unauthorized...
A suspicious animated envelope that says job

Notice of Job Offer Scams Targeting UCR Students

The Information Security Office has been working diligently to investigate and defend UCR against a Job Offer Scam that is primarily targeting UCR students. This is a type of email scam in which the attacker will impersonate the identity of a UCR faculty member or administrator. Using social engineering tactics, the attacker will try to...
phishing icon over a modern staircase

Notice of Malicious Phishing Emails Targeting UCR

Please be advised that ITS has received reports of malicious phishing emails that are written to look as if they are coming from reghelpdesk@ucr.edu, other Student Services departments on campus, or individual campus users. The subject of the email will look like it is a reply to an email (i.e., the subject line begins with...

UCR Phishing Email Simulations

Keeping our campus safe is a top priority. A critical part of campus safety means keeping our electronic data such as research, grades, and personal information away from those who should not have it. Phishing (pronounced ‘fishing’) is one of the most common attack methods used by cybercriminals today. In fact, over 91 percent of...
By ITS Staff |

Watch Out For Business Email Compromise Scams

During the past several months, the Information Security Office has been working diligently in order to investigate and continuously defend UCR against a Business Email Compromise (BEC) attack campaign that primarily targeted UCR employees. However, it appears the BEC attacks have very recently taken a new form and are now targeting UCR students. A BEC...
By Peter Dinh |
Let us help you with your search