Archived News

Critical - Dell systems running Windows: eDellRoot certificate compromise

posted Nov 30, 2015, 10:49 AM by Ken Gribble   [ updated Apr 25, 2016, 11:38 AM ]


Synopsis

The eDellRoot certificate installed on certain Dell laptops and PCs has introduced a security vulnerability on those systems with it installed. This threat is that private keys were leaked for a Dell root certificate. This means attackers can use this certificate to modify your browsing experience and steal sensitive information.


Fix
Please ensure Windows Defender for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 is running and up-to-date. Both these packages are free. If either of those packages are up to date and running, it has probably already removed the vulnerable certificate. 
Alternatively you can manually remove this certificate.
Contact support@cs.ucdavis.edu if you have a Dell PC running Windows and cannot do either of the steps above, help desk can assist you in installing and updating the correct software.

Details

Win32/CompromisedCert.C is a Dell root certificate for which the private keys were leaked online.

The certificates can be found in Dell PCs running these OS: Windows 10, Windows 8.1, Windows 8, Windows 7

If your Dell PC contains this certificate, it most likely vulnerable to this threat. A PC with this certificate could be vulnerable to SSL/TLS spoofing attacks, allowing an attacker to digitally sign binaries so that they are trusted by the affected PC. An attacker could gain control over your PC and browsing experience. An attacker can exploit a certificate using phishing or man-in-the-middle attacks to decrypt, modify or spoof HTTPS websites, such as banking, social media, or email websites. This could allow a malicious hacker to steal your account names, passwords, and confidential data. They could also carry out transactions without your knowledge, even when it seems like you have a secure browser connection to a website.

Malicious Email with Document.zip - Do Not Open!

posted Jun 5, 2015, 12:33 PM by Ken Gribble   [ updated Apr 25, 2016, 11:38 AM ]

From Caryn DeMorna of IET, Sending on behalf of Cheryl Washington, Chief Security Officer….

 

Security administrators have identified a malicious email that is being delivered via email.  The teams are working on blocking the malicious messages.  If you receive a message with a zip attachment please do not open the attachment and delete the message from your email.  The attachment that has been identified thus far is Document.zip.  However, you should not open any .zip attachment.

 

Caryn DeMoura

University of California, Davis

Information and Educational Technology

University Employee Payroll Scam

posted Jan 15, 2015, 9:26 AM by Ken Gribble   [ updated Apr 25, 2016, 11:38 AM ]


University employees are receiving fraudulent e-mails indicating a change in their human resource status. The e-mail contains a link directing the employee to login to their human resources website to identify this change. The website provided appears very similar to the legitimate site in an effort to steal the employee’s credentials. Once the employee enters his/her login information, the scammer takes that information and signs into the employee’s official human resources account to change the employee’s direct deposit information. This redirects the employee’s paycheck to the bank account of another individual involved in the scam.



Consequences of this Scam:

  • The employee’s paycheck can be stolen.
  • The money may not be returned in full to the employee.
  • The scammers can take the employee’s log-in credentials and attempt to log into other accounts that belong to the employee.


If you have been a victim of this scam, you may file a complaint with the FBI’s Internet Crime Complaint Center at www.IC3.gov. Please reference this PSA number in your complaint.


The IC3 produced a PSA in May 2014 titled “Cyber-related Scams Targeting Universities, Employees, and Students,” which mentioned this scam. The PSA can be viewed at http://www.ic3.gov/media/2014/140505.aspx.


Tips on how to Protect Yourself from this Scam

  • Look for poor use of the English language in e-mails such as incorrect grammar, capitalization, and tenses. Many of the scammers who send these messages are not native English speakers.
  • Roll your cursor over the links received via e-mail and look for inconsistencies. If it is not the website the e-mail claims to be directing you to then the link is to a fraudulent site.
  • Never provide credentials of any sort via e-mail. This includes after clicking on links sent via e-mail. Always go to an official website rather than from a link sent to you via e-mail.
  • Contact your personnel department if you receive suspicious e-mail.

 

Police issue precautionary warning over bomb threat

posted Nov 7, 2014, 12:06 PM by Ken Gribble   [ updated Nov 10, 2014, 9:41 AM ]

UC Davis received a phoned bomb threat to the campus at approximately 10.25 a.m. this morning, Nov. 7. No specific location was given and no credible threat has been determined.

As a precaution, police issued a "WarnMe" notification to the campus community. No evacuations are required. Be aware of your surroundings, and report any suspicious objects to police at 530 754-2677.

Additional information: UC Davis Police Department


This message is posted because the Systems Support Group (SSG) received questions about the legitimacy of emails sent out by the Warn Me system. You can find out more about the Warn Me system at: https://warnme.ucdavis.edu/

Windows XP is no longer safe enough to use

posted Nov 7, 2014, 12:01 PM by Ken Gribble   [ updated Jan 15, 2015, 9:28 AM ]

Microsoft stopped maintaining the 13-year-old operating system software on April 8, 2014. 

That means XP is no longer secure enough to use on the UC Davis network—or to use online, period. If you still use XP, you need to move to a newer operating system.

UC Davis policy prohibits use of unsupported OS or application software on machines that connect to the campus network. Unmaintained software is a common entry point for viruses and malware, which can then spread to other UC Davis computers.

See the UC Davis Windows XP Security page for more information.

UPDATE: 

www.cs.ucdavis.edu server down for maintenance

posted Aug 20, 2014, 3:53 PM by Ken Gribble   [ updated Nov 10, 2014, 9:50 AM ]

The www.cs.ucdavis.edu server will be down for a brief time August 20th, from 3:50 to 4:00PM. 

This downtime is to install updates to the system.

DNS Server Change - Shutting down old CS regnant.cs.ucdavis.edu server April 14th

posted Mar 26, 2014, 5:05 PM by Ken Gribble   [ updated Nov 10, 2014, 9:49 AM ]

Do Not Enter
A year or more ago, the Systems Support Group (SSG) announced that the Computer Science department now standardly uses the campus DNS servers when configuring systems Name to Address Resolution (DNS). The old CS server, regnant.cs.ucdavis.edu was left up and is still forwarding DNS requests to Campus.

Not for long, however!

April 14th, in the morning, regnant will be turned off.

If you haven't changed your systems DNS servers settings, you may find your network is slow or non-functional after this date. If so, here are the servers you should be using (in order from primary to secondary):


169.237.250.250
169.237.1.250


All other setting can remain the same, but regnant's IP (169.237.6.10) should be removed from your systems settings.

For modern linux systems, you should use your GUI network configuration tools.


More than likely you already made this change, or we made it for you. We have found some systems that haven't been changed over, and have written their owners to remind them of the change.

As always, if you have issues, please contact us at: support2@cs.ucdavis.edu

Gmail is Working Again

posted Jan 24, 2014, 1:51 PM by Ken Gribble   [ updated Nov 10, 2014, 9:49 AM ]

From Google's Apps Status Dashboard details on Gmail:

1/24/14 12:23 PM The problem with Gmail should be resolved. We apologize for the inconvenience and thank you for your patience and continued support. Please rest assured that system reliability is a top priority at Google, and we are making continuous improvements to make our systems better

Campus Services Restored

posted Jan 13, 2014, 10:08 AM by Ken Gribble   [ updated Nov 10, 2014, 9:49 AM ]

From the UC Davis Status Twitter Feed:

Campus computing services returned to normal operation by 8:00pm. 9:23 PM - 10 Jan 14

Some UC Davis Campus Services Down

posted Jan 10, 2014, 2:31 PM by Ken Gribble   [ updated Nov 10, 2014, 9:50 AM ]

Services that are having difficulties are: www, email, authentication (CAS, Kerberos), and LDAP.

Some services remain down at this time.

For updates, the Systems Support Group (SSG) suggests: UCDavisStatus on Twitter

1-10 of 13