Marriott has announced a breach of their Starwood reservation database which has exposed the personal information of 500 million people. Starwood hotels include: W Hotels, St. Regis, Sheraton Hotels and Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le Meridien Hotels & Resorts, Four Points by Sheraton and Design […]
Social engineers continue to get more sophisticated in their attempts to trick you. A current example is that the green padlock symbol, a recognizable element of site safety, that’s visible in your browser’s address bar, is now being used in many phishing sites. The green padlock symbol denotes that the data exchanged between the browser […]
A new type of imposter scam using Facebook’s Sharer dialog, has been detected. Facebook’s Sharer dialog is typically used by website owners to share content on Facebook. This scam tricks users into thinking there is a problem with their account and that they need to call one of the provided phone numbers to resolve it. […]
Imposter scams take various forms, but what they all have in common is that a scammer poses as someone you know and attempts to obtain personal or sensitive information from you. Scammers may pose as someone you know personally or someone in a shared group or organization, such as your place of employment, or someone […]
Please be advised that gift card scams are on the rise. In these types of scams social engineers commonly pose as a trusted contact – an executive, a faculty member, the president of an institution or organization . . . etc., and request that you purchase gift cards in connection with a fundraiser, charity or […]
A cross-site scripting (XXS) vulnerability has been discovered in version 6.15 of Evernote for Windows. This vulnerability can be leveraged to run programs remotely on a victim’s computer. Specifically, a malicious actor could embed a link that loads malicious script in the file name of an image inside of a note, and send it to […]
Users and Admins of Apache Struts 2.3.36 and prior versions are advised to immediately upgrade to 1.3.3, which is the latest version of the Commons FileUpload Library. This upgrade address a remote code execution vulnerability. Please note that versions 2.5.12 and subsequent versions are not impacted. For more information, please see the following Apache security […]
There has been a recent uptick in phishing emails attempting to deliver the FlawedAmmyy remote access trojan (“RAT”). If successful, this RAT may provide malicious actors with full control of affected systems, including Remote Desktop control, proxy support, audio chat, and file system manager functionalities. Recent emails in this campaign have a Subject line beginning […]
Google recently disclosed that they discovered a vulnerability in their Google+ People API in March of this year, which was patched immediately. This vulnerability: which has been open since 2015, potentially exposed the private data of 500,000+ users to third party developers. disclosed data including user full names, email addresses, dates of birth, gender, profile […]
The Internet Crime Complaint Center (IC3), the FBI and the DHS issued a Public Service Announcement on September 27th, which details increased exploitation of RDP in connection with malicious cyber activities. RDP is a proprietary network protocol developed by Microsoft that allows an individual to gain control of computer resources and data over the Internet. […]