COVID-19 Phishing Attempt Targeting NYU Students

Please be advised of the following phishing message sent out by someone purporting to be an NYU alumni:   From: Sales Manager <n95nyc@gmail.com> Date: Mon, Mar 16, 2020, 12:43 PM Subject: Re: N95 Masks (Boxes: $250 | Pairs: $30) To: Attached is the FDA approval. Sorry it did not go through! On Mon, Mar 16, […]

Phishing Email to NYU Global Students

NYU students enrolled in Global Programs have reported receiving phishing emails from “NYU Global Programs NYU” when it is actually an imposter Gmail address external to NYU. If you have received a phish similar to the sample below, do not reply to the message.  Although the phishing email may appear to be signed by people […]

Attacks on WordPress Sites via Vulnerable Plug-ins

Administrators or site owners are advised to update the following WordPress plug-ins to the latest versions as all associated vulnerabilities are under active exploit and could provide scammers with the ability to hijack sites:  Duplicator Profile Builder Plug-In  Themegrill Demo Plug-In  Flexible Checkout Fields for WooCommerce Async, JavaScript 10Web Map Builder for Google Maps Modern […]

Coronavirus (COVID-19) Scams Alert

Please exercise caution with any communications you receive regarding Coronavirus (COVID- 19). Scammers commonly use widespread health alerts and natural disasters as opportunities to trick victims into revealing sensitive information or making “charitable” contributions. These scams may occur via email, phone calls, social media updates, text messages, web pop-ups or by in-person contact.  With respect […]

Dell SupportAssist Bug Fix

Dell recently released a software update that fixes a privilege elevation vulnerability in SupportAssist 2.0. SupportAssist is software that is preinstalled on most of its Windows endpoints. SupportAssist performs diagnostics and streamlines the creation of support tickets by reporting data back to Dell. This vulnerability, could lead to arbitrary code execution, so Dell users, who […]

500+ Malicious Extensions Removed from Chrome’s Web Store

More than 500+ malicious Chrome extensions forming a malicious network of extensions have been removed from Chrome’s Web Store. They were found to be: Requesting a high permissions level (always a red flag), which in turn allows them to access a lot of browser data Injecting malicious ads, a/k/a malvertising, in millions of installations  Collecting […]

New Silent Librarian Phishing Scam Alert

As an update to our 10/25/19 and 4/8/19 blog posts on the phishing attempts by the hacking group known as “Silent Librarian”, please be advised of the following recent example of a phishing email in this campaign:  Please note the following indicators:  The from line often appears as: “University Libraries”, with an external sender’s address  […]

Emotet & Trickbot Malware Being Delivered via Phishing Messages Worldwide

Current phishing campaigns delivering both Emotet and Trickbot malware are emails containing embedded links or attaching documents, including, proof-of-delivery documents, reports, agreements and statements. The following is an example of an email from this campaign:    Image courtesy of BleepingComputer In all known campaigns, recipients receive the following message when they open the associated attachment […]

Windows 7 End of Life Triggers Tech Support Scams

Please be advised that Microsoft ended support for Windows 7 on January 14th. This means that Microsoft will no longer provide technical support, software updates, security updates, and bug fixes. Microsoft recommends that users of Windows 7 update to Windows 10 as soon as possible. For more information and recommendations, please see Microsoft’s announcement.  The […]

2019 Phishing Recap, Resources & Reminders

According to the 2019 Verizon Data Breach Investigations Report, 32% of all breaches worldwide in the past year involved phishing. Understanding the current phishing threat landscape is key to managing the risks associated with phishing. Possible risks include identity theft, monetary loss, data loss, compromised data or devices, loss of intellectual property, reputational damage and […]