Forged e-mail purporting to be from NYU HR

Please be advised that the following email is forged.  In this instance, one is able to discern the forgery is by hovering over one of the login links contained in the message.  When this is done (from the received message), the following text displays: <https://www.cognitoforms.com/Shibbolethnyuedu/NYULogin> Although you see Shibboleth and nyuedu in the link, please […]

Critical Apple Security Update (iOS 9.3.5)

Apple recently released a critical security update (iOS 9.3.5) addressing three security vulnerabilities, for which there are known exploits. It is recommend that iPhone and iPad users perform this update asap. You may not have yet received a prompt to perform the update, but the update is available on your device(s) via Settings -> General […]

Phishing Attempt Purporting to be From the NYU Library

Please be aware that the following e-mail message, despite the mention of “shibboleth” within the body of the message is a phishing attempt: Please be reminded to inspect any email before replying, clicking any embedded links or opening any attachments. Specifically, with respect to email that is purporting to be from NYU or any secure […]

Symantec Anti-Virus Engine Vulnerability

We recommend that you update your instance of Symantec Endpoint protection.  If you are a Mac user, you may do so via LiveUpdate  as follows: If you are a PC user, please update to SEP 12.1 RU6 MP5 by visiting https://home.nyu.edu/, clicking the Ask NYU IT button, and downloading Symantec Endpoint Protection (available on the […]

Recent Large Breaches

As you may know, there have recently been many large breaches of major sites, including LinkedIn, tumblr, Snapchat, MySpace and others.  These breaches have involved the compromise of user account credentials. To see a list of recently breached websites, please visit:  https://haveibeenpwned.com/PwnedWebsites  To check if you have  an account that has been compromised, please visit: […]

Teamviewer Security Breaches

Recently, there have been reports that Teamviewer (software used for remote support, remote access, and online meetings), has been hacked. What is notable are claims that the use of strong authentication, which includes the use of unique, and long/complex passwords was not a deterrent in these attacks. Impacted users report no detectable malware on their […]

Recent Phishing Message (NYU Student Health Center)

Please be advised of the following phishing message, purporting to come from the NYU Student Health Center. With respect to suspicious email, we recommend the following: Refrain from replying to the message. Do not click on any embedded links (e.g., CLICK HERE), elements, or open any attachments. If in doubt of the legitimacy of a […]

Symantec Anti-Virus Engine Vulnerability

A security advisory has been issued with respect to Symantec Endpoint Protection, all builds. Specifically, Symantec’s AVE is susceptible to a memory access using a malicious link or file, or thru accessing a malicious website. No user interaction is required, beyond clicking a malicious link, opening a malicious attachment, or visiting a malicious site. The […]

Flash Plug-In Vulnerability

A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.  The vulnerability allows an attacker to send booby-trapped content to a browser’s Flash plug-in that may cause the browser to crash, and will also hand over control to the hacker in the process. This type […]