Spear Phishing Advisory

In recent days, a high number of spear phishing attacks have been targeted at NYU accounts. Spear phishing is different from generic phishing where an attacker seeks credentials within a specific domain or organization, typically to gain access to organizational resources such as LexisNexis and other paid subscription services, or confidential data. Spear phishing, as […]

Nepal Earthquake Disaster Email Scams (Alert)

In the aftermath of the devastating earthquake in Nepal, just like major disasters before it, human nature is often at its best, but for some, it is at its worst. Following major disasters, scammers usually send out floods of email in an attempt to either solicit donations for fake charities, or else to lure users […]

Microsoft Security Vulnerabilities

On Tuesday, Microsoft identified two major vulnerabilities in the Windows operating system, in addition to other Microsoft products and non-critical updates. One vulnerability in particular exploits common system components for every major release of Windows since 95 and through Windows 10 (still in development) which can be used to retrieve Windows login credentials (username and […]

TA15-051A: Lenovo Superfish Adware Vulnerable to HTTPS Spoofing

Summary: A piece of pre-installed adware (Superfish) on recently purchased Lenovo consumer PCs can allow an attacker to view normally secured web communications. What Does This Mean For Me: This software may expose web mail, banking, and shopping transactions and information, and more, regardless of which web browser (Internet Explorer, Chrome, Firefox, etc) you are […]

*New York University Email Alert [Code: 3141]* phishing scam

There are new reports about a phishing message that purports to come from “New York University Technical Service “ The phishing message claims “Dear User, The following alert has been posted to your webmail account regarding an unauthorized access to your account,” and instructs the recipient to click on a web link. An adjacent URL […]