Locky ransomware is now spreading via JavaScript (.js) attachments/executable files, which are attached to email messages in .zip files. The following are examples of messages you may receive (click images to enlarge): When the .js file is clicked, Locky will begin to install and encrypt files with certain file extensions, including unmapped network shares. It […]
We recommend that you update your install of Symantec Endpoint Protection (anti-virus software) to the recent version (March 2016 update, 12.1.6). This update address the security vulnerabilities detailed below. To install the updated version of Symantec, please visit: https://home.nyu.edu, and click Ask NYU IT. The Symantec update will be available in the Software section at […]
Please be advised that NYU does not sponsor unannounced surveys. If you have any questions about the legitimacy of a communication you receive, please do not reply to the communication or click any embedded links or options. Instead, please contact security@nyu.edu Adware can have the following characteristics: Deceptive and full of malware that will install […]
We have noticed an increase in phishing messages from file sharing services. Since the messages associated with legitimate file sharing can be brief, it may make these phishing attempts more challenging to recognize. We’d like to share the following phishing examples. *Please click any image to enlarge. Example #1 (claiming to be from an NYU […]
A recently announced attack known as DROWN (Decrypting RSA using Obsolete Weakened eNcryption) exploits SSL/TLS vulnerabilities. DROWN is an attack that allows decryption of intercepted data and can also allow man-in-the middle attacks. Vulnerable systems include: Servers that support SSLv2 – allows for a cross-protocol attack whereby an attacker could decrypt TLS sessions between clients […]