Multiple critical vulnerabilities in Mozilla Firefox and Firefox Extended Support Release (ESR), have been addressed in a recent update. These vulnerabilities allow for remote code execution (RCE) at the logged-in user’s level of access, and are currently being exploited “in the wild”. Users are advised to update Mozilla Firefox to 97.0.2 and Firefox ESR to […]
With the mounting geo-political tensions between Russia and Ukraine, and the threat of sanctions being imposed by the U.S., Governor Kathy Hochul has issued a statement warning New Yorkers to be mindful of possible Russian cyber attacks on their personal accounts. Additionally, Governor Hochul and Federal officials have called on businesses to prepare for potential […]
Aside from personal privacy concerns, both your personal data and NYU data has value and should be protected. Realize that there are hidden costs associated with freeware (free software), which may take the form of personal information collected about you, that can be analyzed and monetized by malicious actors, data brokers, researchers/product developers, businesses, […]
What is a LinkedIn Slink? A Slink is a Linkedin smart link, which consists of a “clean” Linkedin URL that when clicked, redirects you to another site. LinkedIn offers this redirect feature to customers who opt to market through LinkedIn, because Slinks provide businesses with the ability to track their ad campaigns. However, malicious actors […]
The U.S. Department of Health & Human Services, Office of the Inspector General, has issued a COVID related Fraud Alert and Barracuda reports a 521% spike in COVID-19 related phishing from October 2021 to January 2022. The goals of the scammers appear to be stealing sensitive information, including medicare information in order to perpetrate fraud […]
January 28th is Data Privacy Day (DPD)! DPD is an international event that educates end users on the importance of safely managing personal information and spreads awareness about privacy, especially online. Data privacy includes how a user’s personal information is shared with third party services online. Personal information encompasses full name, date of birth, medical […]
A recent Chrome desktop update (97.0.4692.71) addresses 37 security issues, one of which is a critical use-after-free bug in the storage component that could lead to data corruption or execution of malicious code on a compromised machine. Users of Chrome on Windows, Mac and Linux are advised to update asap. For instructions on how to […]
The New York Times has reported on a Federal Government warning, issued to the public, about commercial spyware, potentially infecting mobile devices. While there are different types of spyware “in the wild”, the focus has been on commercially developed spyware, dubbed “Pegasus”, which was created by the NSO Group, and is a “zero-click” vulnerability, requiring […]
Due to the nature of the Log4j situation, vulnerabilities will be evolving over an extended period of time. It is our recommendation that all Admins do a daily check of the following web pages, and a periodic check of the CVEs listed herein, which are all being continually updated, to see if there are any […]
UPDATE, 12.20.2021: For the latest information on the Log4j cybersecurity threat as it emerges, please see the Cybersecurity & Infrastructure Security Agency (CISA) website. As an update to our December 10th and December 14th posts on Log4j, please be advised that although previous alerts advised updating to Log4j version 2.15.0, or higher, version 2.15.0 has […]