Skip to main content
  • National Cybersecurity Awareness Month: AI and Machine Learning as a Function of Security

    October is Cybersecurity Awareness Month. All month long, ITS News will highlight how ITS — and you — keep the University safe. In this guest post, Josh Jenkins with the Information Security Office, shares how machine learning technologies are changing cyber and physical security. Check out all Cybersecurity Awareness Month events, or for year-round tips on staying cybersafe, visit Safe Computing at UNC. The integration… Read More about National Cybersecurity Awareness Month: AI and Machine Learning as a Function of Security.


  • National Cybersecurity Awareness Month 2023 Events

    It’s almost time for Cybersecurity Awareness Month! The Information Security Office, in partnership with UNC School of Medicine IT and the ITS Service Desk, is planning a full month of activities, events and content. Read the full story HERE. Pencil in these dates and stay tuned for more details: October 2, swing by Polk Place for a student-focused tent event, featuring “evil” Wi-Fi, a possible… Read More about National Cybersecurity Awareness Month 2023 Events.


  • National Cybersecurity Awareness Month: SecOps and IR Table

    October marks National Cybersecurity Awareness Month.  This page was created as a handout to introduce the Security Operations and Incident Response (SecOps & IR) pillars within the UNC Information Security Office. What is SecOps & IR at UNC? The goals of the SecOps & IR Team are to: Prepare the UNC environment to withstand cybersecurity threats: stop incidents before they occur. Identify cybersecurity incidents when… Read More about National Cybersecurity Awareness Month: SecOps and IR Table.


  • Fake UNC Job Scam

    There have been multiple reports of scam phishing emails soliciting applications for a Research Assistant position.  An example is shown below with the impersonated Professor and scammer’s contact information removed. Here are a few ways to spot the phish The display name in the From field does not match the email address.  Why is the UNC Professor not using their UNC Email Address for this communication… Read More about Fake UNC Job Scam.


  • Consultation

    Tech Support Scam and Browser Lock

    There have been several reports of Tech Support Scams that begin with a “Browser Lock” pop-up malware notification that opens in full screen view, making it difficult to close.  The pop-up displays a telephone number to call which will lead to the scammer directing you to setup remote screen sharing access through a tool such as teamviewer or logmein.  From there the scammer will try… Read More about Tech Support Scam and Browser Lock.


  • DocuSign Themed Phishing

    We’ve recently seen a number of DocuSign themed phishing messages targeting UNC email inboxes. DocuSign provides guidance on How DocuSign Users Can Spot, Avoid and Report Fraud. Here are some key takeaways: Who sent the email?  Legitimate DocuSign messages should come from an email address that ends with DocuSign.com or DocuSign.net. Hover to discover!  Always check where a link goes before clicking by hovering your… Read More about DocuSign Themed Phishing.


  • Website Hosting Guidance

    There are a lot of options for creating and deploying websites. Here is some guidance to help highlight some of the options provided by UNC and to ensure University data is protected when deploying websites for university business.  We also have guidance on handling secure file uploads in a separate post. Consider ITS Managed Services UNC ITS supports two Software as a Service (SaaS) options… Read More about Website Hosting Guidance.


  • Guidance on File Uploads

    Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)! The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory that anyone can reach (see Security Best Practices of the Gravity Forms documentation). Carefully consider the type of data you intend to collect and the… Read More about Guidance on File Uploads.


  • Fake Voicemail to Email Phishing Lure

    The Information Security Office (ISO) is seeing a rise in spear phishing attacks utilizing some or all of the following characteristics: A Subject title such as “Hi <username>, you have 1 VN on <date>.  Refer below to listen” accompanied by an HTM or HTML file attachment to the email.  If the attachment is opened, it may direct to a spoofed sign-in page under the control… Read More about Fake Voicemail to Email Phishing Lure.


  • LastPass security breach: what you need to know and do

    LastPass, the password manager tool offered to the University, recently reported a security breach.  Your must-read quick summary  If you access LastPass by logging in with your Onyen or Kenan-Flagler login, no action is required.  If you access LastPass with a personal email account or do not log in with your Onyen or Kenan-Flagler password, you must act to protect the security of your passwords…. Read More about LastPass security breach: what you need to know and do.


Last updated: September 6, 2023