Cyber
the next frontier

Over 3.5 million cyber positions will need to be filled by 2021. Our graduates will become part of a critical layer of defense for our nation and its citizens.

Watch Video

The National Security Agency designated the University of Arizona’s Cyber Operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). With this designation, UA joins an extremely exclusive group of only 20 Cyber programs in the nation. The NSA’s CAE-CO designation demonstrates that UA’s Cyber program meets the most demanding academic and technical requirements.
NSA and Excellence Seals

The Bachelor of Applied Science with an emphasis in Cyber Operations prepares graduates for cyber-related occupations in defense, law enforcement, and private industry.

The curriculum includes both offensive and defensive cyber security content delivered within our state-of-the-art Cyber Virtual Learning Environment to ensure our students have extensive hands-on experiences to develop the knowledge, skills, and abilities necessary to succeed after they graduate. The Cyber Operations program offers two degree tracks, both in-person and fully online:

Cyber
Engineering

The Engineering Track is a deeply technical, interdisciplinary, security focused Computer Science program.

Learn More

Defense
& Forensics

The Defense & Forensics Track is an interdisciplinary Cyber education program.

Learn More

Cyber Law
& Policy

The Law & Policy track lays a strong technical foundation, integrated with legal and policy knowledge.

Learn More

Undergraduate
Certificates

 

 

Program News

Southern Arizona Intelligence Summit

Join us for the 2021 Intelligence Summit, where key intelligence community leaders will speak about the latest in intelligence policy, cyber security, and more. Free for students!

DoD Cyber Scholarship Program (CySP)

The DoD CySP is a yearly scholarship program aimed at Juniors and Seniors pursuing a bachelor’s degree in cyber-related academic disciplines. The CySP is a 1-year scholarship, which grants selected Cyber Scholars tuition and mandatory fees (including health care), funding for books, a $25K annual stipend, and guaranteed employment with a DoD agency upon graduation.

Cyber News

Tuesday, July 14, 2020 - 12:01
Critical DNS Bug Opens Windows Servers to Infrastructure Hijacking
Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.
Tuesday, July 14, 2020 - 10:23
Microsoft issues patch for wormable Windows DNS flaw

Microsoft is issuing a patch for a severe and wormable Windows Domain Name System vulnerability that could allow attackers to execute arbitrary code against targets and gain control of targets’ entire IT infrastructure.

The vulnerability, which was uncovered by a researcher at Check Point, would allow hackers to intercept and interfere with users’ emails and network traffic, tamper with services, and steal users’ credentials, by exploiting Windows’ Domain Name System (DNS), which is essentially the protocol that translates between website names and their corresponding IP addresses.

The vulnerability can be triggered by a malicious DNS response, which could lead to a heap-based buffer overflow, according to Check Point. The vulnerability is widespread as it affects affects Windows server versions from 2003-2019.

It’s the third serious vulnerability Microsoft has addressed just this month, following the emergency disclosure and patching of two critical vulnerabilities affecting Windows 10 and Windows Server distributions. Those disclosures were so important to address in a timely manner that the company made the decision to release patches outside of Patch Tuesday.

Microsoft has assigned the vulnerability, CVE-2020-1350, the highest possible risk score of 10 on the Common Vulnerability Scoring System. Wormable flaws can be particularly menacing as attacks exploiting them can spread from machine to machine without any human interaction. The WannaCry ransomware strain, which affected 300,000 machines in hundreds of countries in 2017, for instance, was wormable.

The vulnerability will be important to patch for governments and private entities alike. Hackers have seized on DNS-related hacking operations in recent years to target intelligence agencies, military organizations, energy firms, foreign ministries, and telecommunications firms to steal credentials, according to security researchers. During the pandemic hackers have taken advantage of DNS to target home routers as teleworking surged around the globe.

Check Point’s vulnerability research team leader, Omri Herscovici, said in a statement the flaw could allow hackers to essentially gain control of an entire organization, warning that it’s possible other researchers or nefarious actors asides from Check Point could have learned of this vulnerability years ago and exploited it.

“A DNS server breach is a very serious thing. Most of the time, it puts the attacker just one inch away from breaching the entire organization,” Herscovici said. “This vulnerability has been in Microsoft code for more than 17 years; so if we found it, it is not impossible to assume that someone else already found it as well.”

Sagi Tzaik, a vulnerability researcher at Check Point, uncovered the vulnerability and shared the information with Microsoft in May, Check Point said in a release.

The post Microsoft issues patch for wormable Windows DNS flaw appeared first on CyberScoop.

Tuesday, July 14, 2020 - 10:13
17-Year-Old Critical 'Wormable' RCE Vulnerability Impacts Windows DNS...
Cybersecurity researchers today disclosed a new highly critical "wormable" vulnerability—carrying a severity score of 10 out of 10 on the CVSS scale—affecting Windows Server versions 2003 to 2019. The 17-year-old remote code execution flaw (CVE-2020-1350), dubbed 'SigRed' by Check Point, could allow an unauthenticated, remote attacker to gain domain administrator privileges over targeted
Tuesday, July 14, 2020 - 10:02
Adobe Discloses Critical Code-Execution Bugs in July Update
The software giant released patches for four critical vulnerabilities and five different platforms.
Tuesday, July 14, 2020 - 07:46
DMARC Adoption Spikes, Higher Ed Remains Behind
As colleges and universities prepare for the fall semester, email protections against surging threats like BEC and phishing are lagging.