Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)! The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory … Continued

There are a lot of options for creating and deploying websites. Here is some guidance to help highlight some of the options provided by UNC and to ensure University data is protected when deploying websites for university business.  We also … Continued

The Information Security Office (ISO) is seeing a rise in spear phishing attacks utilizing some or all of the following characteristics: A Subject title such as “Hi <username>, you have 1 VN on <date>.  Refer below to listen” accompanied by … Continued

LastPass, the password manager tool offered to the University, recently reported a security breach.  Your must-read quick summary  If you access LastPass by logging in with your Onyen or Kenan-Flagler login, no action is required.  If you access LastPass with … Continued

  To celebrate National CyberSecurity Awareness Month, the Information Security Office is hosting an event this October! When: Wednesday October 26, 2022 from 9am-4pm. Where: Polk Place Cost: Nothing – it’s free! Students, faculty, and staff interested in all things … Continued

We have recently seen a surge in fake job scam emails as attackers know that the semester is starting for universities across the world. The recent scam emails are centered around offering part-time work, often using keywords such as UNCICEF, … Continued

***Please understand that this is a fluid situation and this post may be updated periodically as new information becomes available*** A critical vulnerability has been discovered in log4j that is actively being exploited.  This is an issue both for systems and web … Continued

Starting this fall, you may see a new functionality in Outlook that will allow you to report phishing and junk with a quick and simple click of a button. This functionality will exist in the web, desktop and mobile versions … Continued

If you’ve ever been asked whether or not you work with sensitive information, you may wonder what the University defines as sensitive information. The University maintains an information classification standard that provides detailed guidance on what is considered classified information … Continued

Protect Your Device from Ransomware  Recent attacks impacting gasoline delivery in Southeast highlight the negative impact that ransomware criminals can have and should prompt us to consider if we are taking the right precautions to protect our important documents and … Continued