There has been an uptick in ransomware attacks targeting universities worldwide. Ransomware is a type of malware that is typically deployed via malicious links in phishing messages. Once a malicious link is clicked, ransomware begins encrypting or scrambling files on your device and connected systems. Following the encryption/scrambling of files, a ransom note displays on […]
The Cybersecurity & Infrastructure Agency (“CISA”) has named updating or patching the most effective measure that individuals can take to safeguard their devices (see CISA Security Tip, Understanding Patches and Software Updates). In addition to functional enhancements and fixing bugs, updates/patches address product security vulnerabilities that are possibly being exploited now, and may continue to be […]
NYU community members: Please be advised that an update is available for your Windows and Mac installations of Cisco Jabber. The update addresses the flaw noted in the following NYU IT Security News and Alerts blog post, Jabber IM Client for Windows has a Critical Flaw; Update Now. Please note that although Mac installations are […]
Please be advised of an exploit requiring no user interaction, which affects Cisco Jabber for Windows in which XMPP messaging services are enabled. Systems using Cisco Jabber in phone-only mode (without XMPP messaging services enabled) are not vulnerable to the exploit and Cisco additionally advises that the vulnerability is not a threat when Cisco Jabber […]
Kick-off the fall semester with data security and the recently expanded NYU File Storage Services Comparison reference, which offers comparative information on the approved storage systems for NYU data. All of the data you work with at NYU falls into one of three categories, Low, Moderate or High risk data, and the factors that are […]
The Federal Trade commission (“FTC”) has issued an advisory on a new type of imposter scam, which involves scammers posing as members of customer service departments of well known companies. Please be advised that If you do an online search for a customer service number, the information displaying at the top of your search results […]
A new free open source tool named SkyArk, has been created and released today by the cybersecurity firm CyberArk. SkyArk is designed to detect shadow admin accounts in cloud environments, such as Amazon Web Services (AWS ) and Microsoft Azure. The descriptor “Shadow Administrator Accounts” refers to low level accounts which are created with basic […]
Dark Basin is a “hack-for-hire” group that has targeted individuals and institutions globally, including American non-profits. Dark Basin has been found to have likely conducted commercial espionage against those involved in advocacy, criminal cases, public events, financial transactions and news stories. Notably, Dark Basin sends phishing emails that are often impersonation attempts to the personal […]
Website owners are being targeted with extortion attempts seeking bitcoin payment 0f $1,500 – $3,000 in order to avoid having their sites’ databases leaked or sold. These messages also threaten to: email all associates and customers in an effort to inflict reputational damage. de-index sites from search engines using Black Hat SEO (Search Engine Optimization) […]
The FTC has issued an alert about a phishing email message targeting students, which purports to come from the University Office of Financial Aid. These messages attempt to trick students into clicking an embedded malicious link related to a COVID-19 stimulus payment. The goal of this phishing campaign appears to be credential theft as the […]