Re: Appointment As UNICEF Ambassador-Sent to the Fordham Community Around March 23, 2017

This is a Phishing email that has been reported. This message was
received on or about March 23, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

UNITED NATIONS
Ambassador Registration Department,
Ambassador Ms Susan Namondo Ngongi
UNICEF (UN) Representative
P O BOX 4325
Accra, Ghana.
 
 
UNICEF GHANA 
4-8th Rangoon Close
P. O. Box AN 5051
Cantonment
Accra, Ghana.

Attn: Ambassador Select,


                                                Re: Appointment As UNICEF Ambassador.


 
  Greetings to you. Am Ms. Susan Namondo Ngongi the current UNICEF Representative in Ghana. On the behalf of the United Nations Children Fund(UNICEF) and the Federal Republic of Ghana, I wish to inform you that your name was in the Vetted list of candidate that World Health Organization (WHO) submitted for Appointment as the UNICEF New National/Regional Ambassador. Am very happy to inform you that you are among ten (10) selected by the new secretary general of United Nations Hon. António Guterres. The Executive Director of UNICEF Sir Anthony Lake, has given his acknowledgement on your  appointment as UNICEF National and Regional Ambassador as Field coordinator In Ghana, and the current new president of Ghana Nana Akfo-Addo has also given his consent to your appointment, among his agent for Ghana is to provide humanitarian and developmental assistance to children and mothers in the country. Due to the increase of natural disaster and man-made crises around the globe, which has rendered most people homeless, there is an increase of lack of food, good water, education, shelter, and medication, which call for immediate attention. The need of humanitarian service has double more than ever; there is a high need of humanitarian officer that is why we do need you to care for some responsibility in refugee camps in Asia/Africa.
 
Benefits and Entitlements.
 
Ambassador’s benefit from family friendly, work-life, and diversity policies, and UNICEF is committed to maintaining a balanced gender and geographical representation. Other Benefits and entitlements include:
 
• Annual leave
• Dependency allowance
• Medical and dental insurance
• Pension scheme
• Rental subsidy
• Education grant
• Home leave
• Life insurance
• Paid sick leave
• Family leave
• Family Visit
• Maternity / Paternity adoption leave
• Special leave
 
Job Description.
 
Your responsibility as Field coordinator will be to care for the following.
 
    An administrative headquarters to coordinate services.
    Sleeping accommodations (frequently tents).
    Hygiene facilities (washing areas and latrines or toilets).
    Clinics, hospitals and immunization centers.
    Food distribution and therapeutic feeding centers.
    Communication equipment (e.g. radio).
    Security, including protection from banditry (e.g. barriers and security checkpoints).
    Peacekeeping troops to prevent armed violence.
    Places of worship.
    Schools and training centers (if permitted by the host country).
    Markets and shops (if permitted by the host country).
    Organizing workshop to educate children and women: given then education and preventive measure on health issues such as Aids, Cancer, Malaria, sickle cell anemia and typhoid fever
    Organizing a workshop to improve Talents in camps both children and women.
    Fund-Raising and Good communication.
 
The United Nations High Commissioner for Refugees (UNHCR) will provide all these facility mentions above. Is there any Benefit of accepting this position? Yes, there are a lot of benefit and allowance that wait for the New National/Regional  UNICEF Ambassador. Below is the line-up of your salary, your salary is a post adjustment salary. The post adjustment salary includes, a monthly base salary multiplier and takes into account cost-of-living factors and exchange rate fluctuation as well as inflation.
 
 
Salary of $55,000.00USD
Health allowances $4,543.00USD
Traveling allowance $6,321.00USD
 
Which is sum up to $65,864,00USD that you will be receiving monthly, besides you will be given a compensation of $50.000USD, also a good furnish 4 bedroom Apartment (optional if you wish to relocate to the place of duty) and a private SUV of your choice from the United Nations. In addition to this, you also have the mandatory right to claim any fund from any other financial institution or organization, being you the beneficiary or benefactor, without any form of disagreement or controversy. Moreover, you will be able to set up a refugee camp or Orphanage home in your own residential country with the UN Certificate of permit that will be the issue to you.
 
 Ambassador selects, so what then hold you back from completing your registration? Kindly get back to me with the complete filled forms, alongside with a size passport photograph of yourself and any means of your identification (your personal file and document are safe with us, we cherish the confidentiality of our Staff), kindly send them as soon as possible to complete your registration, which will only take 7 working days before all files and your official document to be ready before you resume office with all benefit, allowance, and compensation to be given to you. 
 
 
 
Best Regard,
Ambassador Ms Susan Namondo Ngongi
UNICEF Representative,
For Urgent Reply: susan-unicef@diplomats.com
Accra, Ghana.
    
                                                         ©2017 Unicef – All rights reserved
 
 
 
 
——————–End  Message ——————————

Article: Google slaps Symantec for sloppy certs, slow show of SNAFUs

Via: The Register

“Google’s Chrome development team has posted a stinging criticism of Symantec’s certificate-issuance practices, saying it has lost confidence in the company’s practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates.

Google’s post says “Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates. Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years.”

Googler Ryan Sleevi unloads on Symantec as follows:

“Symantec allowed at least four parties access to their infrastructure in a way to cause certificate issuance, did not sufficiently oversee these capabilities as required and expected, and when presented with evidence of these organizations’ failure to abide to the appropriate standard of care, failed to disclose such information in a timely manner or to identify the significance of the issues reported to them.These issues, and the corresponding failure of appropriate oversight, spanned a period of several years, and were trivially identifiable from the information publicly available or that Symantec shared.”

The post gets worse, for Symantec:

“The full disclosure of these issues has taken more than a month. Symantec has failed to provide timely updates to the community regarding these issues. Despite having knowledge of these issues, Symantec has repeatedly failed to proactively disclose them.  Further, even after issues have become public, Symantec failed to provide the information that the community required to  assess the significance of these issues until they had been specifically questioned. The proposed remediation steps offered by Symantec have involved relying on known-problematic information or using practices insufficient to provide the level of assurance required under the Baseline Requirements and expected by the Chrome Root CA Policy.”

The upshot is that Google feels it can “no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years” and it therefore proposes three remedies:

  • A reduction in the accepted validity period of newly issued Symantec-issued certificates to nine months or less, in order to minimize any impact to Google Chrome users from any further misissuances that may arise.
  • An incremental distrust, spanning a series of Google Chrome releases, of all currently-trusted Symantec-issued certificates, requiring they be revalidated and replaced.
  • Removal of recognition of the Extended Validation status of Symantec issued certificates, until such a time as the community can be assured in the policies and practices of Symantec, but no sooner than one year.

The first remedy will mean that Chrome stops trusting Symantec-issued certificates as outlined in the table below.

Chrome version Cert validity period
Chrome 59 (Dev, Beta, Stable) 33 months (1023 days)
Chrome 60 (Dev, Beta, Stable) 27 months (837 days)
Chrome 61 (Dev, Beta, Stable) 21 months (651 days)
Chrome 62 (Dev, Beta, Stable) 5 months (465 days)
Chrome 63 (Dev, Beta) 9 months (279 days)
Chrome 63 (Stable) 5 months (465 days)
Chrome 64 (Dev, Beta, Stable) 9 months (279 days)

Google reckons this plan will mean “web developers are aware of the risk and potential of future distrust of Symantec-issued certificates, should additional misissuance events occur, while also allowing them the flexibility to continue using such certificates should it be necessary.”

And of course it also gives developers time to arrange new certificates from whatever issuer pleases them most.

Symantec has told The Register it is developing a response to Google’s allegations. We will add it to this story as soon as we receive it.”

Additional information can be found Here.

Source: https://www.theregister.co.uk/2017/03/24/google_slaps_symantec_for_sloppy_certs_slow_show_of_snafus/

Article: Data Breaches Skyrocketing In NY, A Million People Exposed

Via: Patch.com

“The reported number of data breaches jumped 60 percent in 2016, mostly by hackers. See tips on how to protect yourself.

Data breaches, mostly by hackers, are skyrocketing, according to a new report from the state Attorney General.

In 2016, the personal records of 1.6 million New Yorkers were exposed as data breaches jumped 60 percent over the previous year. Social Security and financial information were the primary targets.

‘In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state’s history,” said Attorney General Eric Schneiderman in an announcement about the data. “The total annual number of reported security breaches increased by 60% and the number of exposed personal records tripled. Hacking is increasingly prevalent – making it all the more important for companies and citizens alike to take precaution when sharing and storing personal data. It’s on all of us to guard against those who try to use our personal information for harm – as these breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars.’

Four times out of 1o, the data breach was because someone hacked in from outside. Another 14 percent of the time, the breach was by a skimming device. Only 1.48 percent of the time was it due to theft of something like a phone or computer.

It wasn’t always personally and maliciously targeted, though. This past year, employee negligence, namely the inadvertent exposure of records, accounted for 24 percent of breaches.

And what personal records were most exposed?

The most frequently acquired information in 2016 was Social Security numbers and financial account information, which together accounted for 81 percent of breaches in New York. Other records such as driver’s license numbers (8 percent), date of birth (7 percent) and password/account information (2 percent) together accounted for 1,284,037 of exposed personal records in 2016.

While they get big headlines, mega-breaches were not all that common in 2016, Schneiderman’s office said.

On October 12, 2016, Newkirk Products, Inc., a business associate of Capital District Physicians’ Health Plan, Inc., CDPHP Universal Benefits, Inc., and Capital District Physicians’ Healthcare Network, Inc., reported exposing the personal health information of 761,782 New Yorkers. The next largest breach, reported on January 13, 2016, was at HSBC bank. It exposed the financial, personal, and social security information of 251,201 New Yorkers. Additionally, breaches at Eddie Bauer and Emblem Health reportedly affected 60,205 and 55,664 New Yorkers in August and November, respectively.

The Attorney General’s Office suggests that consumers guard against threats in these ways:

  • Create Strong Passwords for Online Accounts and Update Them Frequently. Use different passwords for different accounts, especially for websites where you have disseminated sensitive information, such as credit card or Social Security numbers.
  • Carefully Monitor Credit Card and Debit Card Statements Each Month. If you find any abnormal transactions, contact your bank or credit card agency immediately.
  • Do Not Write Down or Store Passwords Electronically. If you do, be extremely careful of where you store passwords. Be aware that any passwords stored electronically (such as in a word processing document or cell phone’s notepad) can be easily stolen and provide fraudsters with one-stop shopping for all your sensitive information. If you hand-write passwords, do not store them in plain sight.
  • Do Not Post Any Sensitive Information on Social Media. Information such as birthdays, addresses, and phone numbers can be used by fraudsters to authenticate account information. Practice data minimization techniques. Don’t overshare.
  • Always Be Aware of the Current Threat Landscape. Stay up to date on media reports of data security breaches and consumer advisories.”

Source: http://patch.com/new-york/ossining/data-breaches-skyrocketing-ny-million-people-exposed-ag

Eviction Notice #: Phishing Email Sent to the Fordham Community on 3/16/2017

This is a Phishing email that has been reported. This message was
received on or about March 16th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: <owsaxj@wireconsult.com>
Date: Thursday, March 16, 2017 at 6:44 PM
Subject: Eviction Notice # …..
To: user@fordham.edu

The eviction will take place on the date named in the enclosure unless you:

1. Leave the property and return control of the property to the landlord;
or
2. The occupant has the right to pay full amount ordered by the Court in the warrant of restitution to the landlord to stop the eviction process, unless the court checked the box on the Warrant of Restitution that says \”Without Right of Redemption\”.

The occupant has the right to pay the redemption amount to the landlord in cash or check at any time before actual execution of the eviction will take place.
On the day of eviction, the payment shall be made to the landlord or landlord’s agent in the
presence of the Executive Service in orderto stop the eviction order execution.


To download details, please get more information here:


Get Your Eviction Notice <LINK HERE>


WARNING:
• Once Executive Service begins the eviction, any personal property that you leave in the leased premises is considered abandoned. The occupant does NOT have any right to re-enter the property or re-claim any property after the eviction process.
• All property may be disposed of by the landlord at any time after the eviction process begins. The landlord is prohibited from putting the property in the street or alleys.
This is the final notice of the date of the eviction that you will receive, even if the eviction date is postponed by the sheriff.



The hotelkeeper should deliver the payer 14 bright careers heed. This stop that the hotelkeeper cannot conjecture the day the notice is served on the tenant, and the hotelkeeper cannot conjecture the day the payer stirs up agitate elsewhere. Example: A payer has been having behind celebration and displeasing unlisted tenants . The hotelkeeper has hardened the payer aggregate caveats to control the partying, on the contrary the payer has forgotten the landlord. The hotelkeeper agrees to deliver the payer a 14 day notice to cease the occupation for worthy breach . If the hotelkeeper hand over the payer the notice on July 5, so the notice is adequate on July 20. Why? July 5 doesn’t conjecture seeing that is the yr the notice is served. July 6-19 are the 14 bright days, and July 20 doesn’t conjecture seeing this is the day the payer should move elsewhere.

—————————–End Message —————

Article: Major Cloudflare bug leaked sensitive data from customers’ websites

Via: TechCrunch

“Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. The announcement is a major blow for the content delivery network, which offers enhanced security and performance for more than 5 million websites.

This could have allowed anyone who noticed the error to collect a variety of very personal information that is typically encrypted or obscured.

Remediation was complicated by an additional wrinkle. Some of that data was automatically cached by search engines, making it particularly difficult to clean up the aftermath as Cloudflare had to approach Google, Bing, Yahoo and other search engines and ask them to manually scrub the data.

The leak may have been active as early as Sept. 22, 2016, almost five months before a security researcher at Google’s Project Zero discovered it and reported it to Cloudflare.

However, the most severe leakage occurred between Feb. 13 and Feb. 18, when around 1 in every 3,300,000 HTTP requests to Cloudflare sites would have caused data to be exposed. Attackers could have accessed the data in real-time, or later through search engine caches.”

The details of this compromise are still emerging and we will update this blog as we become more informed about the impact.

Source: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/

Multifactor Authentication Enrollment

Fw: COPY OF DOCUMENTI – Phishing Email Sent to the Fordham Community on 2/7/2017

This is a Phishing email that has been reported. This message was
received on or about February 7, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: Regional Traffic Management Offi Cordillera Administrative Region <rtmocar_opn@yahoo.com>

Date: Tue, Feb 7, 2017 at 9:34 PM
Subject: Fw: COPY OF DOCUMENTI
To: user@Fordham.edu

FYI
*There is an attached PDF titled “Document.pdf”, an image of which can be seen below*

——————–End  Message ——————————

Vulnerability Discovered in Cisco’s WebEx Extension for Chrome, Firefox and Internet Explorer

Cisco has recently disclosed a vulnerability in its WebEx extensions for Google Chrome, Firefox and Internet Explorer. This vulnerability affects all Windows machines that have the WebEx extension installed. If this vulnerability is not addressed, an attacker could execute remote code onto your computer.

If you use WebEx, an application for online meetings, with Google Chrome, it is vital that you update to version 1.0.7, the latest extension. Cisco continues to work on similar updates for Firefox and Internet Explorer. Until these updates are released, we advise you to remove those extensions from your Firefox and Internet Explorer browsers. See below for instructions.

To check for and update the Cisco WebEx Chrome extension:

  1. Open your Google Chrome browser.

  2. Type chrome://extensions into the address bar and hit Enter.

  3. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

    • If the Cisco WebEx extension is not present or the version number for the WebEx Extension is 1.0.7, there is nothing more you need to do.

    • If the version number is not equal to 1.0.7, check the Developer mode box in the top right corner of the page.

      • This will reveal a button in the top right corner called Update extensions now. Click the Update extensions now button.

      • Once the update runs, the WebEx extension version should be 1.0.7.

To remove the extension from Firefox:

  1. Open your Mozilla Firefox browser.

  2. Type about:addons into the address bar and hit enter.

  3. On the sidebar select Extensions.

  4. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  5. Click remove.

  6. Restart your browser.

To remove the extension from Internet Explorer:

  1. Open your Internet Explorer browser.

  2. Press ALT + X to open the menu.

  3. Click Manage Add-ons

  4. Under Show, select All Add-Ons.

  5. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  6. Click remove.

  7. Restart your browser.

The UISO advises you to stay up to date with the latest OS, application, and security updates, which can be found on Fordham IT’s UISO social media sites.

For any IT security concerns, contact IT Customer Care at 718-817-3999 or HelpIT@fordham.edu.

For more information on the vulnerability visit Cisco’s advisory post. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

New Message Notification- Phishing Email Sent to the Fordham Community on 01/25/17

This is a Phishing email that has been reported. This message was
received on or about January 25th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————
From: Fordham Support <fordhamsupport@comcast.net>
Date: Wed, Jan 25, 2017 at 2:10 PM
Subject: New Message Notification
To: user@fordham.edu

Your Fordham account Needs to be verified for security purpose.

Verify Now (Link contained within text)

Fordham University.

—————————–End Message —————

Phishing Email With Subject ‘Urgent’ Sent to the Fordham Community on 01/17/17

This is a Phishing email that has been reported. This message was
received on or about January 17th, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: user@fordham.edu
Date: Tue, Jan 17, 2017 at 8:29 AM
Subject: Urgent
To: user@fordham.edu

2017 FORDHAM email update program, click UPDATE (<–Link here) and fill the form correctly to update your email.

——————–End Message ——————————