NYU Wordpress Theme

Phone Scam Alert “Wangiri”

A widespread automated phone scam dubbed “Wangiri”, which is Japanese for “one ring and drop”, is using automated dialing machines to repeatedly dial phone numbers one time before hanging up. Incoming calls may appear to come from a variety of phone numbers, including “unknown caller”, “no caller id”, or spoofed domestic or international phone numbers. Calls may even appear with three digit area codes that appear to be domestic, but are associated with pay-per-call international phone numbers. The goal is to get the recipients/victims to call back and remain on the call as long as possible, while the call is routed to a premium rate service which can charge a connection fee and then bill victims for significant per minute charges.

As it is not possible to block calls that are received from an “unknown caller” or “no caller id”, it is recommended that you do not answer unexpected calls, calls that you suspect may be spoofed, or return calls coming from unexpected or unknown phone numbers. If you return a call to an unknown number and hear an odd message, it is recommended that you immediately hang up. Further, if you do not frequently make international calls, you may want to consider asking your service provider to block all outgoing international calls.

Please see the following NJCCIC blog post for carrier specific call blocking options: Tired of Receiving Scam Calls? Don’t Just Sit There. Do Something About It. Additionally, if you have been a victim of an international phone scam, you can file a complaint with the Federal Trade Commission (“FTC”) at www.ftccomplaintassistant.gov.

Additional Resources:

Scammers Use Recent Disasters to Spread Malware

Please be advised that scammers use reports of recent disasters, such as the recent Boeing 737 Max crash to spread malware. With respect to this recent crash, spam messages appear to be coming from a purported private intelligence analyst, “info@isgec.com”, who is claiming to share information found on the dark web about other airlines that will soon be impacted by similar crashes. The email requests that recipients forward the email to loved ones. The email attaches a JAR file, which if opened, is believed to install the Houdini H-worm remote access trojan (“H-Worm RAT”), which can provide remote control of a device to a malicious actor, and Adwind, which is an information stealing trojan.

Recommendations:

  • Refrain from forwarding unsolicited emails to others
  • Do not open unexpected attachments
  • Do not click embedded links in unexpected email messages
  • When in doubt, confirm the legitimacy of a message with the sender via a trusted means of communication, such as a known phone number

For more information, please see:

Windows Server Vulnerability in WDS

There is a remote code execution vulnerability with a critical severity rating on Windows Servers (since 2008 SP2).  Microsoft disclosed the twelve vulnerabilities last November and supplied 62 patches. Servers which have not been upgraded are open to attack and should be patched asap. Specifically, CVE-2018-8476 impacts how Windows Deployment Services (“WDS”) Trivial File Transfer Protocol (“TFTP”)  Server handles objects in memory. The bug can be remotely exploited by an unauthenticated actor via a specially crafted TFTP message to gain access to a system or service, such as Active Directory, DHCP, DNS . . .etc. and there are no available workarounds.

For more information, please see: https://www.helpnetsecurity.com/2019/03/07/windows-servers-compromise/

NYU Box: Reduce Unintended Disclosure via Link Sharing

Please be advised/reminded when sharing folders or files via NYU Box, the Box “Share” option, “Get Shared Link” (shown below), which appears to the right of listed folders/files is by default restricted to “People in this folder” (click “Get Shared Link” to see this option).

Screenshot showing the "Get Shared Link" option circled in red. The other option displaying is "Invite Collaborators"

This selection can be changed via the drop-down arrow to the right, to “People with the link” or “People in your company” (as shown below).

Screenshot showing the above-described NYU Box dialog

Please be advised/reminded that if you select, “People with the link” as your share setting you are making the data contained in the folder/file publicly accessible to not only those provided with the link, but anyone who discovers the link. Public folders/documents can be scraped and indexed by search engines, making them easily found. Therefore, it is recommended that if you choose “People with the link” as your share option for any file/folder you additionally visit “Settings” via the gear icon on the top right of the dialog (as shown below), and select either the “Require password” or “Disable Shared Link on” option.

Screenshot of NYU Box dialog showing the "People with the link" share setting and the "Settings" icon on the top right

Screenshot of NYU Box dialog "Shared Link Settings" showing the following options "Custom URL", "Password Protect', "Link Expiration" & "Allow Download", which is auto-selected by default. A red arrow points to "Password Protect" and "Link Expiration".

 

For additional information, please see:

Update Google Chrome Now

Users are advised to update their Google Chrome browser asap on all devices to the latest version, 72.0.3626.121. The security issue patched by this update is is a zero-day vulnerability, rated as “high severity” and “Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild.”  Please note that all previous versions of Google Chrome are vulnerable to attacks exploiting CVE-2019-5786.  

The security issue is a use-after-free-flaw or a memory mismanagement bug in the browser FileReader API designed to allow the browser to access and read locally stored files, which could potentially allow an attacker to execute arbitrary code and take over a device, or trigger a denial of service. Possible exploit consequences include data deletion and the installation of malware.

To manually update Google Chrome on a Mac:  

  • Open Google Chrome
  • Click Chrome, About Google Chrome

Screenshot showing the Chrome Menu available when "Chrome" is clicked on the application menu bar

  • You will see the current version of Google Chrome running.  Click Relaunch to apply any available update.Screenshot showing the display of Google Chrome version information on the left side and the "Relaunch" button on the right side
  • Following a relaunch, you will see the following, informing you that Google Chrome is up to date.

Screenshot with text "Google Chrome is up to date" with the version number, 72.0.3626.121, beneath this text

For more information see:

National Consumer Protection Week (3/3-3/9)

Screenshot of a partial image of a coin jar with text on the right side reading "National Consumer Protection week March 3 - 9

National Consumer Protection Week begins on March 3rd! For information on identity theft, common scams and recommendations geared to consumers, check out the Federal Trade Commission’s (“FTC”) list of planned events. 

Additional Resources: