NYU Wordpress Theme

Security Update for Chrome is Now Available

Google has released version 60.0.3113.78 of Chrome (for Windows, Mac & Linux).  This update address multiple security vulnerabilities that if exploited, would allow an attacker to take control of an affected system.  For more information, please see: https://chromereleases.googleblog.com/2017/07/stable-channel-update-for-desktop.html

Questions? Please contact the NYU IT Service Desk.

 

How to Know if You’ve Been Hacked & What to Do

When your accounts have been compromised by a hacker, quick identification and response can greatly reduce any harm done.

How do you know if you’ve been hacked? Common indicators include:

  • Your friends – You learn that your friends have received a phishing email from one or more of your accounts.
  • Your phone – You notice charges for premium SMS numbers on your bill. Collection companies contact you re: nonpayment.
  • Your browser(s) – Some/all of your online passwords are not working. You notice unwanted browser toolbars, homepages and unexpected plugins. Additionally, you see a lot of pop-ups or web page re-directs (which refers visiting a web page with a certain URL and noticing that you are instantly directed to another webpage with a different URL).
  • Your software – New accounts appear on your device. Antivirus messages report that a virus has not been cleaned or a fake message from antivirus software that you have not installed appears. Programs randomly crash or programs you did not install are running and requesting elevated privileges.
  • Your bank – You notice unauthorized charges or receive a message about insufficient funds due to unauthorized charges.
  • Your mail  – You receive notification from a company alerting you that it has recently been the victim of a cybersecurity breach.

Steps you can take:

  • Change passwords for all accounts you suspect may have been compromised on an unaffected device (never use publicly available devices for this purpose as they may be infected with malware and keystroke loggers). Unsure of which passwords may have been compromised?  If this is the case, it is best to change all of your passwords. For password and password manager best practices and recommendations, please see the following Connect article: Under Lock and Passphrase
  • Update, update, update!  Why update/patch? You may feel inclined not to take a few minutes to periodically update if your device appears to be working well, but when you don’t update, you leave the door open to a possible malware attack as hackers seek to exploit the vulnerabilities/flaws in prior versions of systems and applications.
    Update the following:

    • Your mobile software and apps
    • Your antivirus software
    • Your browsers and browser plugins
  • Be prepared with backups. Have a backup plan in place, which includes scheduled and frequent system back-ups. Consider two separate back-ups: one to cloud storage and the other to an external drive. Backups protect you from data compromise and are the best way to recover from a Ransomware infection. Please see the following Connect article for more information: Ransomware Scams.
  • Self report to credit agencies (Experian, Equifax, TransUnion) if you believe your personally identifiable information (PII) has been compromised.  For more information on what comprises PII, please see: https://en.wikipedia.org/wiki/Personally_identifiable_information
  • Check the have I been pwned website to see if your accounts have been hacked in a known attack.

Questions? Contact the NYU IT Service Desk

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

A vulnerability in CISCO WebEx browser extensions for Google Chrome and Mozilla Firefox has been identified. Specifically, the vulnerability affects browser extensions for: Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx meetings when running on MS Windows. There are no workarounds which address this vulnerability. The vulnerability, which is due to a design defect in the extension, could allow an attacker to execute arbitrary code with the privileges of an affected browser.  In other words, this vulnerability could expose users to malware risk.

The following versions of the Cisco WebEx browser extensions are affected by the vulnerability:

  • Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome
  • Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox

To determine which version of the Cisco extension for Chrome is in use:

  • Click the menu button (three dots at the upper right of the application) and choose, More Tools, Extensions. The extension version is listed next to the Cisco WebEx extension name.
    • The Cisco WebEx extension for Google Chrome, which organizations can use to identify hosts that contain the extension is: jlhmfgmfgeifomenelglieieghnjghma

To determine which version of of the Cisco extension for Firefox is in use:

  • Click the menu button (three horizontal bars at the upper right of the application), and choose Add-ons
  • Click the Extensions tab
  • Locate Cisco Webex Extension in the list of extensions and click the More link to obtain version information.

The Cisco WebEx extension for Google Chrome version 1.0.12 was released on July 13, 2017, and contains a fix for this vulnerability. Ensure that you are using a fixed version of the Cisco WebEx extension for Google Chrome by taking the following steps:

  1. In Chrome, open the Settings page
  2. Click Extensions
  3. Select the Developer mode checkbox
  4. Click Update extensions now
  5. Restart the Chrome browser

The Cisco WebEx extension for Mozilla Firefox version 1.0.12 was released on July 12, 2017,  and contains a fix for this vulnerability. Ensure that you are using a fixed version of the Cisco WebEx extension for Mozilla Firefox by taking the following steps:

  1. Click the menu button (three horizontal bars on the upper right of the application) and select Add-ons
  2. Click the Extensions tab
  3. Locate the Cisco WebEx Extension in the list of extensions and click on the More link to obtain version information
  4. Click the cogwheel next to the search bar and choose Check for Updates