(co-author: Rebecah Huang) Cybercriminals pose a threat year-round, but the risks of your personal and sensitive information being stolen around this time of year increase significantly with tax related scams. As April 15th approaches, keep the following best practices in mind. One way to actively reduce risk is to file your taxes early. This prevents […]
Over the last two days, members of the NYU community report that they have received emails that mimic the formatting of NYU official emails that carry deceptive, prank text. Although these anonymously-issued emails are intended to look like official NYU communications, they are bogus. NYU’s IT Security Office was alerted to the emails, and is […]
We’ve received reports of several Multi Factor Authentication (MFA) related phishing attempts, and as an update to the following blog post on the subject, we would like to take the opportunity to remind everyone that scammers are using the following methods to exploit MFA and thereby gain access to accounts and systems. User credential compromise […]
Cybersecurity Awareness Month (CSAM) celebrates its 20th year anniversary this month. CSAM’s continuing objective is to empower a more secure globally interconnected world. There’s (always!) more work to do. As the threat landscape continues to change and evolve, technologies designed to protect us must also change and evolve, laws and regulations are passed or changed, […]
Apple has released emergency security updates for the listed products below. Users are advised to update asap to the indicated version numbers. iOS => 16.6.1 macOSventura => 13.5.2 iPhones (series 8 or later) => 16.6.1 iPadOS for: iPad Pro (all models); iPad Air (3rd, 5th generations and later) and iPad mini (5th generation and later) […]
Malicious actors are hacking Linkedin accounts using compromised credentials or brute force attacks which target weaker passwords. For accounts that are protected by strong passwords and multi-factor authentication (“MFA”), attempts will result in a temporary account lockout that can be resolved by providing additional information and changing your password. For less protected accounts or […]
IT Admins are advised to promptly apply the patches to the following products, which were released by Microsoft on August 8th: .NET Core. NET Framework ASP.NET Azure Arc Azure DevOps Azure HDInsights Dynamics Business Central Control Memory Integrity System Readiness Scan Tool Microsoft Dynamics Microsoft Edge (Chromium-based) Microsoft Exchange Server Microsoft Office Microsoft Office Excel […]
Multiple vulnerabilities have been identified and patched in the Apple products listed below, the most severe of which allows for arbitrary code execution. The following critical vulnerabilities are being actively exploited, CVE-2023-38606, CVE-2023-32409 and CVE-2023-37450. Users and admins are advised to update asap and users with admin privileges are reminded to use accounts with less […]
There has been a proliferation of scams targeting 100+ popular clothing, footwear and apparel brands. Malicious actors are seeking to use search engine optimization (SEO) to manipulate internet search results, positioning their look-alike domain names at the top of results, in attempts to drive victims to malicious websites. Typosquatting refers to the registration of look […]
The U.S. and the Republic of Korea have issued a joint advisory on social engineering activity, in the form of spear phishing, that is being directed against researchers, academic institutions and news media outlets globally. This activity appears to be coming directly from North Korean cyber actors (dubbed “Kimsuky”) who are in the Reconnaissance General […]