Zoom and DUO

Restricted Access to Duo and Zoom in OFAC Countries and Regions

To comply with economic and trade sanctions enforced by the U.S. Office of Foreign Assets Control, Duo and Zoom have announced that they are no longer offering their services to users whose IP addresses belong to an OFAC restricted country or region.
| Information Security

Ongoing Phishing Campaign Targeting Faculty

The Information Security Office (ISO) would like to warn the campus community about a phishing campaign targeting faculty that takes the form of a Google sharing notice for a file named “Faculty Evaluation.docx”. While the sharing notice itself is a legitimate Google file sharing notice, the file being shared is malicious and comes from a...
| Information Security

Critical Update for Google Chrome, Microsoft Edge, and Brave Browsers 

Google has issued a fix for a severe vulnerability in Chrome. Attackers are taking advantage of this by hacking into versions of Chrome that are not up to date. Since Edge and Brave are built on the same open-source software, you will need to update Edge and Brave, as well. Fortunately, the process for making...
| Information Security

Critical Vulnerability (CVE-2021-44228, CVE-2021-45046) in Apache log4j Library

The Apache Software Foundation has updated their guidance on fully mitigating the log4j vulnerability and now recommend 2.17.0 as their most secure release. Please review their latest security information at for more information. Please be advised that multiple critical severity remote code execution vulnerabilities (CVE-2021-44228, CVE-2021-45046) have been discovered in Apache Log4j2 <= 2.14.1...

Notice of Malicious Phishing Emails Targeting UCR

Please be advised that ITS has received reports of malicious phishing emails that are written to look as if they are coming from, other Student Services departments on campus, or individual campus users.

Information About Chime/Go2Bank Solicitations for New Bank Accounts

UC has learned that names, Social Security numbers and other personal information of some members of the UC community may have been used in attempts to open unauthorized bank accounts at financial institutions such as Chime and Go2Bank. UC community members may receive emails asking them to confirm a new account.
| Information Security

Wex Email About Address Changes

Some UC employees may have received an email from WEX Health about a change in information in their online WEX account. This change is in error and is being corrected. The error is not the result of a security breach and UC employee data has not been compromised.
| Information Security

Notice of Job Offer Scams Targeting UCR Students

The Information Security Office has been working diligently to investigate and defend UCR against a Job Offer Scam that is primarily targeting UCR students. This is a type of email scam in which the attacker will impersonate the identity of a UCR faculty member or administrator. Using social engineering tactics, the attacker will try to...
| Information Security