With the return of newer strains of the Locky malware, ransomware remains a top threat for all computer users. Ransomware is malicious software that usually arrives via email with subjects such as “please print” or “document”. When the user clicks the attachment, a script runs to download additional software which encrypts the user’s hard drive, […]
VMware has issued a critical security alert for VMware ESXi (ESXi) VMware vCenter Server VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) regarding a number of issues. The most important is an out-of-bounds write vulnerability in VMware’s products allows guests to break out of their isolation. This means a malicious actor who […]
Please be advised that WordPress 4.8.2 is now available and we strongly recommend that you update all sites asap as this is a security release for all previous versions. The security issues addressed by the update affect version 4.8.1 and all earlier versions. Please note that if you’re using wp.nyu.edu, the update will be handled […]
Please be advised that CCleaner, a Windows utility used to remove cookies, wipe browsing histories, and clean temporary internet files has been compromised. Specifically, the affected versions are v5.33.6162 and CCleaner Cloud v1.07.3191 z9 (32 bit versions). The vendor, Avast, has stated that no other Piriform or CCleaner products have been affected. However, given that […]
As an update to our September 7th blog post on the Apache struts vulnerability, please be advised that Equifax has stated in their September 13th Progress Update for Consumers regarding their recent massive cybersecurity breach, “[t]he vulnerability was Apache Struts CVE-2017-5638”. It is critical to ensure that all Apache instances/platforms are secure. Please be reminded […]
The Federal Trade Commission (FTC) released an alert warning consumers to be wary of calls or emails purporting to be from Equifax agents. As with other phishing scams, the phishers are pretending to be Equifax representatives asking for “verification” of your information. Legitimate Equifax employees will not be contacting people to ask for this information. […]
Please be advised that there has been a resurgence of attacks on vulnerable MongoDB servers. The attacks involve malicious actors seeking out MongoDB installations that are poorly implemented and accessible to the internet without a set administrator password. After attackers gain access, they export or delete the data and replace it with a ransom note. […]
A critical vulnerability has been identified in Apache Struts 2, an open source framework used to develop web applications. The vulnerability allows users to execute malicious code by plugging in maliciously modified data into search boxes or other features hosted on the site. Specifically, the affected software is Struts 2.1.2 – Struts 2.3.33, and Struts […]