Phishing can come in many guises. People are familiar with emails that ask them to “confirm their details immediately” and know not to click on them. Just as common, though, are social engineering attacks that come through social media, such as Facebook and Twitter. In this case, a community member has reported an event targeting NYU […]
On November 14, Adobe released patches to fix numerous security flaws, including serious issues with Adobe Flash and Reader. These vulnerabilities affect Mac, PC and Chrome OS. In order to protect against these and future vulnerabilities, you should make sure that automatic updates are set: https://helpx.adobe.com/flash-player/kb/flash-player-background-updates.html and remember to restart your browser on a regular […]
A security researcher recently demonstrated that there are fundamental flaws in WPA2, the protocol that manages encryption for wireless connections. These flaws, if exploited properly, allow an attacker to see all the traffic passing between a target computer/phone/smart device and their destination. This attack is not easy to execute and is not yet being widely […]
A security researcher has disclosed a SQL injection vulnerability in WordPress 4.8.2, so any WordPress installs should be updated to 4.8.3 asap. This is particularly important for groups which run their own version(s) of WordPress, which is an extremely common target for attackers. If you support web servers where clients perform their own WP installs, […]
With the return of newer strains of the Locky malware, ransomware remains a top threat for all computer users. Ransomware is malicious software that usually arrives via email with subjects such as “please print” or “document”. When the user clicks the attachment, a script runs to download additional software which encrypts the user’s hard drive, […]
VMware has issued a critical security alert for VMware ESXi (ESXi) VMware vCenter Server VMware Workstation Pro / Player (Workstation) VMware Fusion Pro, Fusion (Fusion) regarding a number of issues. The most important is an out-of-bounds write vulnerability in VMware’s products allows guests to break out of their isolation. This means a malicious actor who […]
The Federal Trade Commission (FTC) released an alert warning consumers to be wary of calls or emails purporting to be from Equifax agents. As with other phishing scams, the phishers are pretending to be Equifax representatives asking for “verification” of your information. Legitimate Equifax employees will not be contacting people to ask for this information. […]
Update #2: May 15, 2017 Ransomware worm that takes advantage of a vulnerability in the Windows operating system remains a threat. Please see the below PDF for a copy of an urgent security alert message from NYU CIO Len Peters. This message, relating to steps you should take to protect the data on Windows computers from the […]
Researchers at Checkpoint, Inc. have found a family of malware which, when installed on vulnerable Android OS version 4 (Ice Cream Sandwich, Jelly Bean, and KitKat) and version 5 (Lollipop) gives the hacker full control of the device. Then it steals Google credentials to give the hackers access to all Google apps. The malware can […]
Following last week’s announcement of iOS critical vulnerabilities and their patches, Apple has issued similar patches for OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6. See details on the vulnerabilities in our last post and below for links to the updates and more details. More info here: https://support.apple.com/en-us/HT207130 https://www.grahamcluley.com/2016/09/mac-users-vulnerable-state-sponsored-trident-attack-fixed-ios-week-patch/