Skip to main content

Guidance on File Uploads

February 17, 2023

Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)! The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory … Continued

Website Hosting Guidance

February 16, 2023

There are a lot of options for creating and deploying websites. Here is some guidance to help highlight some of the options provided by UNC and to ensure University data is protected when deploying websites for university business.  We also … Continued

Fake Voicemail to Email Phishing Lure

January 24, 2023

The Information Security Office (ISO) is seeing a rise in spear phishing attacks utilizing some or all of the following characteristics: A Subject title such as “Hi <username>, you have 1 VN on <date>.  Refer below to listen” accompanied by … Continued

LastPass security breach: what you need to know and do

January 6, 2023

LastPass, the password manager tool offered to the University, recently reported a security breach.  Your must-read quick summary  If you access LastPass by logging in with your Onyen or Kenan-Flagler login, no action is required.  If you access LastPass with … Continued

Fake Job Scam Emails

August 25, 2022

We have recently seen a surge in fake job scam emails as attackers know that the semester is starting for universities across the world. The recent scam emails are centered around offering part-time work, often using keywords such as UNCICEF, … Continued

Major Vulnerability Alert – log4j

December 13, 2021

***Please understand that this is a fluid situation and this post may be updated periodically as new information becomes available*** A critical vulnerability has been discovered in log4j that is actively being exploited.  This is an issue both for systems and web … Continued

There’s a new way to report phishing!

September 21, 2021

Starting this fall, you may see a new functionality in Outlook that will allow you to report phishing and junk with a quick and simple click of a button. This functionality will exist in the web, desktop and mobile versions … Continued

Understanding Sensitive Information

September 14, 2021

If you’ve ever been asked whether or not you work with sensitive information, you may wonder what the University defines as sensitive information. The University maintains an information classification standard that provides detailed guidance on what is considered classified information … Continued

Protect Your Device from Ransomware

May 18, 2021

Protect Your Device from Ransomware  Recent attacks impacting gasoline delivery in Southeast highlight the negative impact that ransomware criminals can have and should prompt us to consider if we are taking the right precautions to protect our important documents and … Continued