Over 44 Million Microsoft User Accounts Reusing Known Compromised Credentials

Password reuse proves to be an ongoing problem as Microsoft’s threat research team recently identified over 44 million user accounts of Microsoft services using credentials which have previously been breached. Microsoft has forced password resets for all of these accounts, and no additional action is required by consumers.   If you’d like to check whether any […]

Netflix Phishing Alert

Please be advised of the following Netflix phishing scam with an email subject line “Your Recent Premium Subscription Ended”, which notifies customers of an automatic billing issue.  If you miss the spelling and grammar errors and click “Restart Now” without previewing the link destination, you will be directed to the following seemingly secure (using https:// […]

WhatsApp Advisory

A high risk vulnerability (CVE-2019-11931) that has not yet been exploited, impacts regular WhatsApp, WhatsApp for Business and WhatsApp for Enterprise on both iOs and Android devices. This vulnerability can lead to remote code execution (RCE) spread by an MP4 file, enabling attackers to access your WhatsApp messages and files, and can also leave your […]

Recent Examples of File Sharing Phishing Messages

Please be advised of the following recent examples of phishing emails purporting to come from an NYU community member via Google Docs file sharing:   With respect to the examples above:  despite purporting to come from an NYU community member via NYU Google Docs file sharing, note that the from address “itservice048@gmail.com” indicates that the file […]

Silent Librarian Phishing Campaign Reprise

As an update to our April 8, 2019 post, please be advised that the “Silent Librarian” hacking group has been linked to a recent phishing campaign primarily targeting universities around the globe, with the intent to steal credentials and intellectual property. A phishing message in this campaign (shown below) states that due to inactivity, your […]

Stalker Apps Warning

The FTC has released a blog post on “stalker apps” or spyware that can monitor another person’s phone. Apps which are being abused for this purpose may have been originally developed to monitor children or employees, or track phones, and these apps can track things like location history, browser history, text messages, phone conversations, photos […]

New Facebook Breach Exposes 133 Million U.S. User Phone Numbers

A total of 419 million Facebook records were recently found on a non-password protected server, which was not owned by Facebook. 133 million of these records were U.S. records. Apparently, the site hosting the server has since been taken offline. Facebook claims the data is a year old and scraped before Facebook changed user ability […]

Hurricane Dorian Scams

The Cybersecurity and Infrastructure Security Agency (“CISA”) has issued a warning to remain vigilant for possible scams targeting Hurricane Dorian victims or potential donors. Social engineering attempts commonly follow natural disasters and may occur via emails, phone calls, social media updates, web pop-ups, text messages and in person visits. These scams may direct you to […]

Voice Recording Privacy Update

Apple has issued a formal apology for retaining inadvertently triggered Siri voice assistant recordings, and has pledged:  that they will no longer retain audio recordings of users speaking to their voice assistants, rather they will rely on the computer generated transcripts of these interactions.  Make analysis of voice recordings opt-in only, with user ability to […]

Microsoft Credential Theft via “Unusual sign-in activity” Emails

Please be advised that “Unusual sign-in activity” email alerts purporting to be from Microsoft are being used to steal user credentials. Emails in this campaign tend to look almost identical to legitimate Microsoft alerts and even use the same legitimate sender address: “account-security-noreply@accountprotection.microsoft.com”. What differs is what occurs when you click the “Review recent activity”  […]