NYU Wordpress Theme

Nepal Earthquake Disaster Email Scams (Alert)

In the aftermath of the devastating earthquake in Nepal, just like major disasters before it, human nature is often at its best, but for some, it is at its worst. Following major disasters, scammers usually send out floods of email in an attempt to either solicit donations for fake charities, or else to lure users into clicking links containing malware or responding to phishing attempts.

NYU encourages users to take the following measures to protect themselves:

If you believe you have already fallen victim to one of these scams, take appropriate action to mitigate risk to yourself. If you responded to a phishing email, change the passwords for accounts associated with your responses and monitor for any suspicious activity from your accounts. If you gave money to what you believe to be a fraudulent charity, contact your banking institution for advice on how to prevent or reverse any unapproved transactions. Finally, scan your computer for any possible infections using an antivirus program such as Symantec Endpoint Protection, available to most NYU community members on the AskITS page of NYUHome.

If you have additional questions, please contact NYU IT Technology Security Services.

Microsoft Security Vulnerabilities

On Tuesday, Microsoft identified two major vulnerabilities in the Windows operating system, in addition to other Microsoft products and non-critical updates. One vulnerability in particular exploits common system components for every major release of Windows since 95 and through Windows 10 (still in development) which can be used to retrieve Windows login credentials (username and password). These credentials can then be cracked in less than a day using moderate resources by an attacker. As of right now, there has been no patch for this vulnerability, identified as “Redirect to SMB.” To mitigate the risk posed by this vulnerability, TSS recommends following safe browsing and computing procedures. Do not click on links in unsolicited emails, and note the path of any link you click on while browsing the Internet. The vulnerability will exploit links that begin with “file://”.

For more on this vulnerability, you can read here: www.computing.co.uk/ctg/news/2403924/windows-redirect-to-smb-exploit-could-affect-millions-say-security-researchers

As a reminder, Microsoft no longer supports versions of Windows older than Vista (i.e., Windows 95, 98, 2000, ME, and XP). If you are still using a version of Windows that is unsupported by Microsoft, these vulnerabilities, as well as any newly discovered ones going forward will remain unpatched. NYU TSS strongly recommends that you upgrade your operating system immediately by purchasing a new version of Windows or a new computer.