Lynda.com Information Security Breach

On December 20, 2016 UBC employees, who have an account with Lynda.com, may have received an email reporting an information security breach of their learning data. Please note that receipt of this message does not mean that your information was compromised. At this time, only 0.6% of Lynda.com profiles were compromised:  What risk is there […]

Dropbox Breach Notification

Dropbox® recently confirmed that 68 million email addresses and password information were stolen from their database. UBC IT has received the list of credentials that were identified as associated with this breach. The IT Service Centre has sent out the notification below to these users. If you have been impacted by this breach, please update […]

DirtyCOW Linux Kernel Vulnerability

A vulnerability called the DirtyCOW has been disclosed for all Linux systems, but is especially problematic for multi-user systems, that allows attackers to locally gain escalated privileges for the affected system. Multi-user Linux systems should be prioritised for patching ahead of other systems such as application servers. DirtyCOW is a vulnerability in Linux’s copy-on-write (COW) […]

Mirai Botnet

The Mirai Botnet has been attributed to a large number of distributed denial of service (DDoS) attacks globally, including Dyn, a major Domain Name System company that supports Twitter, Netflix and Airbnb. The malware targets Internet of Things (IoT) devices with default credentials, such as webcams and CCTV cameras. The ports that are impacted by […]

MySQL zero-day exploit

A vulnerability in the MySQL database has been detected, allowing attackers to compromise servers by remotely injecting malicious settings and modifying MySQL configuration files (my.cnf). Severity High CVE Number This issue has been assigned CVE-2016-6662. Impacted Servers The vulnerability affects MySQL servers in default configurations in all version branches (5.5, 5.6, and 5.7), including the […]

Hate Speech Printouts

A number of units have reported receiving hate speech printouts, which contain threatening and hateful language. As a temporary measure we have blocked the IPs listed below, which are suspected to be the source of these printouts. This is a reminder that unsecured printers that are internet accessible can be exploited and can create a […]

Security Warning – Spam emails containing ransomware – July 7, 2016

There has been an increase in the number of emails being sent by fraudulent email addresses, which contain an attachment with the Locky ransomware. The subject line of these emails are randomly generated letters and numbers, and may differ from message to message. While our email server anti-virus are blocking most of these messages, some […]

Security Warning – Calls and Emails Impersonating Vendors: – June 30, 2016

Lately, there has been a pattern of cybercriminals impersonating as a vendor (e.g. IBM) and contacting staff and faculty in higher education institutions soliciting sales via phone calls and/or emails. Oftentimes, if it is a phone call followed by an email providing you additional information, which contains malware. An incident occurred at another university which […]

Fraudulent Email Alert: Account Validation – June 24, 2016

Do not reply to this email, click on any links or fill out any online forms with your account information.  If you think you may have submitted your UBC CWL or login account credentials, log into myAccount and change your password immediately.  Also, please forward a copy of the email including full  headers to security@ubc.ca and advise of the possible […]

Security Breach on Major Websites

A number of major websites, such as Myspace, LinkedIn, and Tumblr have recently experienced data breaches, which caused users to update their password. There has also been reports from users being compromised from other major social networking sites and software applications, such as Dropbox® and TeamViewer, but vendors have confirmed that there were no breaches […]