Phishing Alert: Credential Phishing via QR Code

How this Scam Works Members of the WashU community are being targeted by criminals using malicious QR codes to steal valuable and personal information. The QR codes targeting WashU credentials lead an unsuspecting victim to a fake WUSTL Key login page. If the victim enters any information on the malicious login page, they will unknowingly […]

Phishing Alert: Credential Phishing via Google Form

How this Scam Works Members of the WashU community are receiving fraudulent shared document emails that ask them to divulge their WUSTL Key and credentials in a Google Form. Victims receive a fraudulent email about a shared document from an email address outside of WashU: When a victim clicks the link in the email, they […]

InfoSec Alert: LastPass Security Breach

On December 22nd, 2022, LastPass notified their customer base of a cybersecurity incident that put customer data and passwords at risk. This incident occurred in November of 2022. Bad actors could potentially possess encrypted user data that includes “usernames, passwords, secure notes, and form-filled data,” according to LastPass. While in possession of this data, the bad […]

InfoSec Alert: Critical Security Updates for Apple Devices (iOS, macOS)

Apple recently released a critical software update for all iOS (iPhones and iPads) and macOS devices designated iOS 15.6.1 and macOS 12.5.1. With the launch of these updates, Apple took the increasingly common step of alerting users that these updates patch vulnerabilities that criminals may actively exploit. Please update your iOS and macOS devices as […]

Increased Risk of State-Sponsored Cyberattacks as Russia Invades Ukraine

Illustration of anonymous cyberattacker

The threat of state-sponsored cyberattacks increasingly accompanies international relations. Russia has developed and demonstrated its capacity to attack and inflict damage using cyber-warfare tactics. With news of Russia’s invasion of Ukraine, many cybersecurity professionals are recommending increased vigilance during this period of unrest. While much of the responsibility for anticipating and preventing cyberattacks of this […]

InfoSec Alert: Update Google Chrome Immediately to Address Zero-Day Vulnerability

Earlier this week, a member of Google’s threat analysis group discovered a vulnerability in Google Chrome that would allow attackers to execute arbitrary code or corrupt data on impacted machines. Google released a fix for this exploit soon after, and all Chrome users should be sure to update their browsers immediately. Chrome should update each […]