UC Riverside is a prime target of attacks from cybercriminals, including but not limited to phishing, ransomware, and job offer scams. Some of these attacks have already claimed victims at UCR this year. The financial, mental, and emotional toll of cyber crime is immense, which is why ITS wants to remind the Highlander community to follow cybersmart practices and remain vigilant when using technology. Visit its.ucr.edu/iso-alerts for current security alerts. Visit its.ucr.edu/cybersmart for cybersmart tips and resources. 


Critical Vulnerability (CVE-2021-44228, CVE-2021-45046) in Apache log4j Library

The Apache Software Foundation has updated their guidance on fully mitigating the log4j vulnerability and now recommend 2.17.0 as their most secure release. Please review their latest security information at https://logging.apache.org/log4j/2.x/security.html for more information. Please be advised that multiple critical severity remote code execution vulnerabilities (CVE-2021-44228, CVE-2021-45046) have been discovered in Apache Log4j2 <= 2.14.1...

Notice of Malicious Phishing Emails Targeting UCR

Please be advised that ITS has received reports of malicious phishing emails that are written to look as if they are coming from reghelpdesk@ucr.edu, other Student Services departments on campus, or individual campus users.

Information About Chime/Go2Bank Solicitations for New Bank Accounts

UC has learned that names, Social Security numbers and other personal information of some members of the UC community may have been used in attempts to open unauthorized bank accounts at financial institutions such as Chime and Go2Bank. UC community members may receive emails asking them to confirm a new account.
| Information Security

Wex Email About Address Changes

Some UC employees may have received an email from WEX Health about a change in information in their online WEX account. This change is in error and is being corrected. The error is not the result of a security breach and UC employee data has not been compromised.
| Information Security

Notice of Job Offer Scams Targeting UCR Students

The Information Security Office has been working diligently to investigate and defend UCR against a Job Offer Scam that is primarily targeting UCR students. This is a type of email scam in which the attacker will impersonate the identity of a UCR faculty member or administrator. Using social engineering tactics, the attacker will try to...
| Information Security