NYU IT Security Alert, January 24, 2024

Over the last two days, members of the NYU community report that they have received emails that mimic the formatting of NYU official emails that carry deceptive, prank text. Although these anonymously-issued emails are intended to look like official NYU communications, they are bogus. NYU’s IT Security Office was alerted to the emails, and is […]

MFA Related Phishing Attempts

We’ve received reports of several Multi Factor Authentication (MFA) related phishing attempts, and as an update to the following blog post on the subject, we would like to take the opportunity to remind everyone that scammers are using the following methods to exploit MFA and thereby gain access to accounts and systems.  User credential compromise […]

Critical Apple Update Available For Flaws Associated With Pegasus Spyware

Apple has released emergency security updates for the listed products below. Users are advised to update asap to the indicated version numbers. iOS => 16.6.1  macOSventura => 13.5.2  iPhones (series 8 or later) => 16.6.1  iPadOS for: iPad Pro (all models); iPad Air (3rd, 5th generations and later) and iPad mini (5th generation and later) […]

Widespread LinkedIn Account Takeovers & Lockouts

  Malicious actors are hacking Linkedin accounts using compromised credentials or brute force attacks which target weaker passwords. For accounts that are protected by strong passwords and multi-factor authentication (“MFA”), attempts will result in a temporary account lockout that can be resolved by providing additional information and changing your password. For less protected accounts or […]

Critical Patches Available for Microsoft Products

IT Admins are advised to promptly apply the patches to the following products, which were released by Microsoft on August 8th: .NET Core. NET Framework ASP.NET Azure Arc Azure DevOps Azure HDInsights Dynamics Business Central Control Memory Integrity System Readiness Scan Tool Microsoft Dynamics Microsoft Edge (Chromium-based) Microsoft Exchange Server Microsoft Office Microsoft Office Excel […]

Apple patches vulnerabilities in multiple products – update now!

Multiple vulnerabilities have been identified and patched in the Apple products listed below, the most severe of which allows for arbitrary code execution. The following critical vulnerabilities are being actively exploited, CVE-2023-38606, CVE-2023-32409 and CVE-2023-37450. Users and admins are advised to update asap and users with admin privileges are reminded to use accounts with less […]

Widespread Brand Impersonation via Typosquatting

There has been a proliferation of scams targeting 100+ popular clothing, footwear and apparel brands. Malicious actors are seeking to use search engine optimization (SEO) to manipulate internet search results, positioning their look-alike domain names at the top of results, in attempts to drive victims to malicious websites. Typosquatting refers to the registration of look […]

North Korean cybercrime group “Kimsuky” targets academic institutions with spear phishing

The U.S. and the Republic of Korea have issued a joint advisory on social engineering activity, in the form of spear phishing, that is being directed against researchers, academic institutions and news media outlets globally. This activity appears to be coming directly from North Korean cyber actors (dubbed “Kimsuky”) who are in the Reconnaissance General […]

SMS Phishing Imposter Scams

We’ve recently received reports of the following types of SMS phishing (“Smishing”). The first is a gift card scam in which a scammer poses as someone known to the recipient, often an organizational  “higher up”. This imposter attempts to trick victims into purchasing gift cards in an expedited manner. Once purchased, the scammer seeks the […]