Posts Tagged: cybersecurity
Scheduled server downtime: Thursday, July 6, 2023 (6-8 a.m.)
ANR Community,
IT has scheduled an outage of our public server infrastructure on Thursday, July 6, between 6 a.m. and 8 a.m. During this window, all public-facing websites and remote access will be unavailable.
The purpose of this outage is to move our public-facing server to a new firewall to enhance security and reliability of our systems.
Please note the following details regarding the server outage:
Date: Thursday, July 6, 2023
Time: 6-8 a.m.
Duration: Approximately 2 hours
Impact: During this period, all public-facing website access will be temporarily unavailable.
We apologize for any disruption this may cause. IT will work to minimize the duration of the outage and restore normal operations as quickly as possible.
Should you have any urgent matters that require immediate attention during the scheduled downtime, please contact our support team at help@ucanr.edu.
Thank you for your patience and understanding.
Sree Mada
UC ANR Chief Information Officer
Jaki Hsieh Wojan
UC ANR Chief Information Security Officer
IT: UC ANR website performance issues
ANR Community,
As you are all aware, there have been recent performance issues with ANR's website. The performance issues are due to an increased level of bot activity. These bots are automated programs that attempt to access our servers, causing a strain on our resources and impacting the user experience. It is important to note that these bots have not infiltrated our network, and we have not experienced any security breaches or unauthorized access.
This rise in bot activity is not isolated to our organization. Many higher education entities are also encountering similar challenges. Our IT team is actively working on implementing a solution to prevent the bots from reaching our servers.
We will keep you updated on the progress of our efforts to combat the bot activity and restore stability to ANR's website. If you have any questions or concerns, please don't hesitate to reach out to our IT support team at help@ucanr.edu.
Thank you for your understanding and cooperation as we work to address this issue.
Sree Mada
UC ANR Chief Information Officer
Jaki Hsieh Wojan
UC ANR Chief Information Security Officer
LastPass security breach announced
On Dec. 22, LastPass announced that late in 2022, a hacker was able to obtain customer information (company names, end-user names, billing addresses, email addresses, telephone numbers and IP addresses) and full, encrypted vaults for many or all of its customers. You can read LastPass' announcement of the breach at https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/.
While UC ANR does not provide LastPass to the ANR community, many of you may have access to LastPass through UCOP or personal accounts. Although we do not have a list of affected customers, it is important to act as if your data has been compromised.
As mentioned above, encrypted vaults or lists of customer passwords protected under encryption, were stolen in the breach. While these encrypted vaults are protected with your master password or passphrase, a threat actor could crack and decrypt a user vault over time using brute-force methods. Shorter master passwords and passphrases are more vulnerable to brute-force. It is strongly recommended that you change all passwords stored in your LastPass vault, particularly any involved with high value accounts, such as banking. Be sure to enable multi-factor authentication wherever possible.
It is also recommended you update your master password or passphrase to at least a 15-character password. An even longer passphrase is recommended. A simple way to create a strong master password or passphrase is to use a sentence structure with multiple words and spaces to maximum security. For example, the quote “Two households, both alike in dignity.” is long, strong passphrase but also an easy phrase to remember.
Since the threat actor also obtained customer names and email addresses, there is increased risk of them sending phishing messages to trick you into giving them your master password. Never provide your master password (or any password) to anyone, if anyone asks you for it, immediately contact IT at help@ucanr.edu.
Jaki Hsieh Wojan
Chief information security officer
UC ANR web servers to go offline May 22 for routine scheduled maintenance
To ensure information technology system security and stability, the UC ANR IT team will be performing scheduled maintenance on Sunday, May 22, and then routinely every third Sunday of the month.
Planned maintenance activities will occur in an eight-hour window from 8 a.m. to 4 p.m.
During the maintenance window, all systems will be down and unavailable, with the exception of email and Zoom meetings. We will do our best to quickly restore services. When systems are restored and available for your use, we will send an email.
Two reminder emails will be sent to you in advance of the scheduled maintenance:
- Monday, 7 days prior to the scheduled maintenance
- Friday, 2 days prior to the scheduled maintenance
Thank you in advance for your patience and support. If you have any questions, don't hesitate to get in touch with IT at anritg@ucanr.edu.
Jaki Hsieh Wojan
Chief Information Security Officer
(530) 285-3640
Beware phishing email from 'Glenda'
Colleagues,
Several ANR employees have received a phishing email purporting to be from Glenda Humiston. VP Humiston is not asking for gift cards; she uses her UCOP email for work. Please be extra careful to check the sender's email address if you receive emails that look suspicious. If you have questions, you may forward the suspicious email to help@ucanr.edu.
The phishing email is shown below:
-----Original Message-----
From: Glenda Humiston <executivesteams151@gmail.com>
Sent: Thursday, April 28, 2022 8:44 AM
To: Lynn Schmitt-McQuitty <lschmittmcquitty@ucanr.edu>
Subject: Re: Very Important
Lynn, I am in a meeting right now as I will be busy after work but need you to get me some gift cards. Could you pick a few Apple gift cards for me, I tried purchasing online but no luck. When I'm done with the meeting I will reimburse you.
Kind Regards,
Glenda Humiston
--------------------
Regards,
Sree Mada
Chief Information Officer