Please be advised that Amazon has staff monitoring queries made to Amazon Alexa-enabled Echo smart speakers in an attempt to improve product accuracy. Apparently, while the monitored recordings do not provide full names, they do connect to an account name, a user’s first name and the device serial number. According to Bloomberg, employees working in […]
Due to a vulnerability detailed in CVE-2019-0232, users and admins are advised to update the following Apache Tomcat versions. The update addresses a remote code execution vulnerability on Windows, whereby a remote attacker could take control of an affected system. Specific mitigation steps can be found below. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.17 Apache […]
The Office of Information Security (“OIS”) has been made aware of a phishing campaign dubbed “Silent Librarian” that is targeting the NYU community. This phishing campaign is designed to steal login credentials, and has been targeting universities, companies and government agencies around the world. Silent Librarian has targeted more than 300 universities in 22 countries, […]
A patch has been released for Apache HTTP servers, which addresses a critical vulnerability with a Common Vulnerability Scoring System (“CVSS”) score of 8.8, and is identified as “Carpe Diem”, CVE-2019-0211. The flaw affects Apache HTTP Server versions 2.4.17 to 2.4.38, and could provide an attacker with root admin control on Unix-based systems. Windows servers […]
There has been a reported breach of Facebook data that was acquired by third-party apps. The leaky apps include: “Cultura Colectiva”, a Latin American social networking collective with a database exceeding 500 million entries. Exposed data includes Facebook ID’s, likes, friends and more. “At the Pool”, which is an app that has not been in […]