On Friday September 28th, Facebook announced a breach that impacted 50 million users. In this breach, malicious actors exploited a series of bugs, including a weakness in Facebook’s “View As” feature which allows users to see how their profile appears to others and malicious actors also stole digital keys which allow users to stay logged […]
A Safari browser address bar vulnerability allowing well designed phishing attacks which are difficult to detect has been patched with the release of Safari 12. We recommend that users patch to iOS 12 asap. For update instructions, please see: https://support.apple.com/en-us/HT201222. For information on the security content of Safari 12, please see: https://support.apple.com/en-us/HT209109. Vulnerability specifics: Safari […]
Please be advised of a new attack type dubbed “Mongo Lock”, which targets remotely accessible unprotected MongoDB databases. In this scam, malicious actors scan the internet for vulnerable servers and once located, export and then the delete server content. A ransom note is then generated demanding bitcoin payment in return for the deleted content. […]
Please be advised that recently discovered fax protocol vulnerabilities can transform fax machines into network entry points. This attack type occurs via phone lines vs. internet connections, and the only thing required to carry out this attack is a fax number. Because this exploit is carried out via phone lines, no security software can be […]
Please be advised of the following scams: Live callers purporting to be from a Chinese Consulate office saying that you have a package to be picked up at a Chinese Consulate office or that you need to supply information they request to avoid being in trouble. Typically, these callers will ask for your bank or […]
Due to multiple vulnerabilities in Google Chrome, users are being advised to update their Chrome browser asap. Affected Google Chrome versions are versions prior to 68.0.3440.75. For more information on these vulnerabilities, please see: https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-google-chrome-could-allow-for-arbitrary-code-execution_2018-084/. To manually update Google Chrome: Open Google Chrome Click Chrome, About Google Chrome You will see the current version of […]
DocuSign, a service used to share, distribute and electronically sign important documents has detected an increase in phishing emails sent to customers/users. The recent phishing campaign delivers unsolicited email with either an embedded URL or an HTML, PDF or Word attachment redirecting users to a spoofed login page designed to steal login credentials. Compromised DocuSign […]
A glitch in the pre-installed Samsung Messages texting app appears to be sending photos from Samsung Galaxy phones to random user contacts without their knowledge or consent. Further, there appear to be no records of these transmissions in sent folders. Affected users have become aware of the issue after recipients respond to the messages received. […]
A sophisticated modular malware system called VPNFilter is now targeting at least 500k consumer grade routers in 54 countries worldwide. VPNFilter is malicious software that gets installed on routers and is able to to carry out both intelligence-collection and destructive cyber attack operations. Despite FBI seizure of a key command and control server two weeks […]
Summertime and travel are around the corner! Please be reminded to safeguard your devices and information stored thereon when traveling. Remember that your mobile devices are personal computers and should be secured and safeguarded as such. For recommendations, please see the following blog post entitled Information Security Tips for Travel. The following are some supplemental […]