Category Archives: Alerts

Google provides explanation on recent Google Docs campaign

A Google spokesperson shared the following statement with TNW, noting that 0.1 percent of Gmail users were affected. That’s roughly 1 million users, though:

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

Source: https://thenextweb.com/security/2017/05/03/massive-google-docs-phishing-attack-currently-sweeping-internet/#.tnw_G8nzqYyw

Alert: Easter Holiday Phishing Scams and Malware Campaigns

Via: US CERT

“Original release date: April 11, 2017

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:

  • unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),
  • electronic greeting cards that may contain malicious software (malware),
  • requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, and
  • false advertisements for holiday accommodations or timeshares.

US-CERT encourages users and administrators to use caution when reviewing unsolicited messages. Suggested preventive measures to protect against phishing scams and malware campaigns include:

  • Do not click web links in untrusted email messages.
  • Refer to the Shopping Safely Online Tip.
  • Use caution when opening email attachments. Check out the Using Caution with Email Attachments Tip for more information on safely handling email attachments.
  • Review the Federal Trade Commission’s page on Charity Scams. Use the links there to verify a charity’s authenticity before you donate.
  • Read the Avoiding Social Engineering and Phishing Attacks Tip.
  • Refer to the Holiday Traveling with Personal Internet-Enabled Devices Tip for more information on protecting personal mobile devices.”

Source: https://www.us-cert.gov/ncas/current-activity/2017/04/11/Easter-Holiday-Phishing-Scams-and-Malware-Campaigns

Re: Appointment As UNICEF Ambassador-Sent to the Fordham Community Around March 23, 2017

This is a Phishing email that has been reported. This message was
received on or about March 23, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

UNITED NATIONS
Ambassador Registration Department,
Ambassador Ms Susan Namondo Ngongi
UNICEF (UN) Representative
P O BOX 4325
Accra, Ghana.
 
 
UNICEF GHANA 
4-8th Rangoon Close
P. O. Box AN 5051
Cantonment
Accra, Ghana.

Attn: Ambassador Select,


                                                Re: Appointment As UNICEF Ambassador.


 
  Greetings to you. Am Ms. Susan Namondo Ngongi the current UNICEF Representative in Ghana. On the behalf of the United Nations Children Fund(UNICEF) and the Federal Republic of Ghana, I wish to inform you that your name was in the Vetted list of candidate that World Health Organization (WHO) submitted for Appointment as the UNICEF New National/Regional Ambassador. Am very happy to inform you that you are among ten (10) selected by the new secretary general of United Nations Hon. António Guterres. The Executive Director of UNICEF Sir Anthony Lake, has given his acknowledgement on your  appointment as UNICEF National and Regional Ambassador as Field coordinator In Ghana, and the current new president of Ghana Nana Akfo-Addo has also given his consent to your appointment, among his agent for Ghana is to provide humanitarian and developmental assistance to children and mothers in the country. Due to the increase of natural disaster and man-made crises around the globe, which has rendered most people homeless, there is an increase of lack of food, good water, education, shelter, and medication, which call for immediate attention. The need of humanitarian service has double more than ever; there is a high need of humanitarian officer that is why we do need you to care for some responsibility in refugee camps in Asia/Africa.
 
Benefits and Entitlements.
 
Ambassador’s benefit from family friendly, work-life, and diversity policies, and UNICEF is committed to maintaining a balanced gender and geographical representation. Other Benefits and entitlements include:
 
• Annual leave
• Dependency allowance
• Medical and dental insurance
• Pension scheme
• Rental subsidy
• Education grant
• Home leave
• Life insurance
• Paid sick leave
• Family leave
• Family Visit
• Maternity / Paternity adoption leave
• Special leave
 
Job Description.
 
Your responsibility as Field coordinator will be to care for the following.
 
    An administrative headquarters to coordinate services.
    Sleeping accommodations (frequently tents).
    Hygiene facilities (washing areas and latrines or toilets).
    Clinics, hospitals and immunization centers.
    Food distribution and therapeutic feeding centers.
    Communication equipment (e.g. radio).
    Security, including protection from banditry (e.g. barriers and security checkpoints).
    Peacekeeping troops to prevent armed violence.
    Places of worship.
    Schools and training centers (if permitted by the host country).
    Markets and shops (if permitted by the host country).
    Organizing workshop to educate children and women: given then education and preventive measure on health issues such as Aids, Cancer, Malaria, sickle cell anemia and typhoid fever
    Organizing a workshop to improve Talents in camps both children and women.
    Fund-Raising and Good communication.
 
The United Nations High Commissioner for Refugees (UNHCR) will provide all these facility mentions above. Is there any Benefit of accepting this position? Yes, there are a lot of benefit and allowance that wait for the New National/Regional  UNICEF Ambassador. Below is the line-up of your salary, your salary is a post adjustment salary. The post adjustment salary includes, a monthly base salary multiplier and takes into account cost-of-living factors and exchange rate fluctuation as well as inflation.
 
 
Salary of $55,000.00USD
Health allowances $4,543.00USD
Traveling allowance $6,321.00USD
 
Which is sum up to $65,864,00USD that you will be receiving monthly, besides you will be given a compensation of $50.000USD, also a good furnish 4 bedroom Apartment (optional if you wish to relocate to the place of duty) and a private SUV of your choice from the United Nations. In addition to this, you also have the mandatory right to claim any fund from any other financial institution or organization, being you the beneficiary or benefactor, without any form of disagreement or controversy. Moreover, you will be able to set up a refugee camp or Orphanage home in your own residential country with the UN Certificate of permit that will be the issue to you.
 
 Ambassador selects, so what then hold you back from completing your registration? Kindly get back to me with the complete filled forms, alongside with a size passport photograph of yourself and any means of your identification (your personal file and document are safe with us, we cherish the confidentiality of our Staff), kindly send them as soon as possible to complete your registration, which will only take 7 working days before all files and your official document to be ready before you resume office with all benefit, allowance, and compensation to be given to you. 
 
 
 
Best Regard,
Ambassador Ms Susan Namondo Ngongi
UNICEF Representative,
For Urgent Reply: susan-unicef@diplomats.com
Accra, Ghana.
    
                                                         ©2017 Unicef – All rights reserved
 
 
 
 
——————–End  Message ——————————

Article: Data Breaches Skyrocketing In NY, A Million People Exposed

Via: Patch.com

“The reported number of data breaches jumped 60 percent in 2016, mostly by hackers. See tips on how to protect yourself.

Data breaches, mostly by hackers, are skyrocketing, according to a new report from the state Attorney General.

In 2016, the personal records of 1.6 million New Yorkers were exposed as data breaches jumped 60 percent over the previous year. Social Security and financial information were the primary targets.

‘In 2016, New Yorkers were the victims of one of the highest data exposure rates in our state’s history,” said Attorney General Eric Schneiderman in an announcement about the data. “The total annual number of reported security breaches increased by 60% and the number of exposed personal records tripled. Hacking is increasingly prevalent – making it all the more important for companies and citizens alike to take precaution when sharing and storing personal data. It’s on all of us to guard against those who try to use our personal information for harm – as these breaches too often jeopardize the financial health of New Yorkers and cost the public and private sectors billions of dollars.’

Four times out of 1o, the data breach was because someone hacked in from outside. Another 14 percent of the time, the breach was by a skimming device. Only 1.48 percent of the time was it due to theft of something like a phone or computer.

It wasn’t always personally and maliciously targeted, though. This past year, employee negligence, namely the inadvertent exposure of records, accounted for 24 percent of breaches.

And what personal records were most exposed?

The most frequently acquired information in 2016 was Social Security numbers and financial account information, which together accounted for 81 percent of breaches in New York. Other records such as driver’s license numbers (8 percent), date of birth (7 percent) and password/account information (2 percent) together accounted for 1,284,037 of exposed personal records in 2016.

While they get big headlines, mega-breaches were not all that common in 2016, Schneiderman’s office said.

On October 12, 2016, Newkirk Products, Inc., a business associate of Capital District Physicians’ Health Plan, Inc., CDPHP Universal Benefits, Inc., and Capital District Physicians’ Healthcare Network, Inc., reported exposing the personal health information of 761,782 New Yorkers. The next largest breach, reported on January 13, 2016, was at HSBC bank. It exposed the financial, personal, and social security information of 251,201 New Yorkers. Additionally, breaches at Eddie Bauer and Emblem Health reportedly affected 60,205 and 55,664 New Yorkers in August and November, respectively.

The Attorney General’s Office suggests that consumers guard against threats in these ways:

  • Create Strong Passwords for Online Accounts and Update Them Frequently. Use different passwords for different accounts, especially for websites where you have disseminated sensitive information, such as credit card or Social Security numbers.
  • Carefully Monitor Credit Card and Debit Card Statements Each Month. If you find any abnormal transactions, contact your bank or credit card agency immediately.
  • Do Not Write Down or Store Passwords Electronically. If you do, be extremely careful of where you store passwords. Be aware that any passwords stored electronically (such as in a word processing document or cell phone’s notepad) can be easily stolen and provide fraudsters with one-stop shopping for all your sensitive information. If you hand-write passwords, do not store them in plain sight.
  • Do Not Post Any Sensitive Information on Social Media. Information such as birthdays, addresses, and phone numbers can be used by fraudsters to authenticate account information. Practice data minimization techniques. Don’t overshare.
  • Always Be Aware of the Current Threat Landscape. Stay up to date on media reports of data security breaches and consumer advisories.”

Source: http://patch.com/new-york/ossining/data-breaches-skyrocketing-ny-million-people-exposed-ag

Article: Major Cloudflare bug leaked sensitive data from customers’ websites

Via: TechCrunch

“Cloudflare revealed a serious bug in its software today that caused sensitive data like passwords, cookies, authentication tokens to spill in plaintext from its customers’ websites. The announcement is a major blow for the content delivery network, which offers enhanced security and performance for more than 5 million websites.

This could have allowed anyone who noticed the error to collect a variety of very personal information that is typically encrypted or obscured.

Remediation was complicated by an additional wrinkle. Some of that data was automatically cached by search engines, making it particularly difficult to clean up the aftermath as Cloudflare had to approach Google, Bing, Yahoo and other search engines and ask them to manually scrub the data.

The leak may have been active as early as Sept. 22, 2016, almost five months before a security researcher at Google’s Project Zero discovered it and reported it to Cloudflare.

However, the most severe leakage occurred between Feb. 13 and Feb. 18, when around 1 in every 3,300,000 HTTP requests to Cloudflare sites would have caused data to be exposed. Attackers could have accessed the data in real-time, or later through search engine caches.”

The details of this compromise are still emerging and we will update this blog as we become more informed about the impact.

Source: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/

Multifactor Authentication Enrollment

Fw: COPY OF DOCUMENTI – Phishing Email Sent to the Fordham Community on 2/7/2017

This is a Phishing email that has been reported. This message was
received on or about February 7, 2017. Please DO NOT respond to this
message or anything that looks like it. You may disregard and delete
this message. If you have any questions about the validity of this email
please contact IT Customer Care at 718-817-3999 or via email:
helpit@fordham.edu.

——————–Begin Message ——————————

From: Regional Traffic Management Offi Cordillera Administrative Region <rtmocar_opn@yahoo.com>

Date: Tue, Feb 7, 2017 at 9:34 PM
Subject: Fw: COPY OF DOCUMENTI
To: user@Fordham.edu

FYI
*There is an attached PDF titled “Document.pdf”, an image of which can be seen below*

——————–End  Message ——————————

Vulnerability Discovered in Cisco’s WebEx Extension for Chrome, Firefox and Internet Explorer

Cisco has recently disclosed a vulnerability in its WebEx extensions for Google Chrome, Firefox and Internet Explorer. This vulnerability affects all Windows machines that have the WebEx extension installed. If this vulnerability is not addressed, an attacker could execute remote code onto your computer.

If you use WebEx, an application for online meetings, with Google Chrome, it is vital that you update to version 1.0.7, the latest extension. Cisco continues to work on similar updates for Firefox and Internet Explorer. Until these updates are released, we advise you to remove those extensions from your Firefox and Internet Explorer browsers. See below for instructions.

To check for and update the Cisco WebEx Chrome extension:

  1. Open your Google Chrome browser.

  2. Type chrome://extensions into the address bar and hit Enter.

  3. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

    • If the Cisco WebEx extension is not present or the version number for the WebEx Extension is 1.0.7, there is nothing more you need to do.

    • If the version number is not equal to 1.0.7, check the Developer mode box in the top right corner of the page.

      • This will reveal a button in the top right corner called Update extensions now. Click the Update extensions now button.

      • Once the update runs, the WebEx extension version should be 1.0.7.

To remove the extension from Firefox:

  1. Open your Mozilla Firefox browser.

  2. Type about:addons into the address bar and hit enter.

  3. On the sidebar select Extensions.

  4. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  5. Click remove.

  6. Restart your browser.

To remove the extension from Internet Explorer:

  1. Open your Internet Explorer browser.

  2. Press ALT + X to open the menu.

  3. Click Manage Add-ons

  4. Under Show, select All Add-Ons.

  5. Scroll down until you see the entry for the Cisco WebEx extension (extensions are organized alphabetically).

  6. Click remove.

  7. Restart your browser.

The UISO advises you to stay up to date with the latest OS, application, and security updates, which can be found on Fordham IT’s UISO social media sites.

For any IT security concerns, contact IT Customer Care at 718-817-3999 or HelpIT@fordham.edu.

For more information on the vulnerability visit Cisco’s advisory post. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

Article: Clever Phishing Trick You Need to Be Aware Of

“Despite the ever-evolving complexity of cyber-attacks and malware code, phishing and spear-phishing attacks remain the initial entry point in many of today’s security breaches.

In most phishing attacks, crooks leverage a common theme, asking users to update their profile information on various profiles, but redirecting users to pages hosted on lookalike domains.

As users have got accustomed to this basic phishing trick in recent years, attackers found other creative ways of phishing for login credentials.

One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it.

The real trick takes place on the crook’s page, which shows a blurred out document on the background. To view the document, users have to enter their credentials.

The blurred out document seen in the page’s background acts as a promise for what users are going to receive if they authenticate. In fact, these are nothing more than simple web pages showing an image of a blurred out document, and nothing more. The only thing working on the page is the login form that will record any login credentials that you enter inside it.

2017 phishing attack
Page showing a blurred out image of a PDF file on the page’s background (Source: ISC)

Just like the 2016 attacks, crooks don’t specify which login credentials users have to fill in, and leave it to the user enter what he thinks he should entered. A careless user could enter anything from his Intranet details to Google logins.

Right now, based on the 2016 and 2017 incidents, these attacks are quite easy to detect. If the crooks behind these phishing pages would be less sloppy and spend more time in refining details, these type of attacks could be quite effective and harder to detect for what they really are.

Below are some screenshots from the June 2016 campaign.”

2016 phishing attack

 

 

Article: 1 Billion Yahoo Accounts Stolen

“Yahoo has suffered another hack.

The company disclosed today that it has discovered a breach of more than one billion user accounts that occurred in August 2013. The breach is believed to be separate and distinct from the theft of data from 500 million accounts that Yahoo reported this September.

Troublingly, Yahoo’s chief information security officer Bob Lord says that the company hasn’t been able to determine how the data from the one billion accounts was stolen. ‘We have not been able to identify the intrusion associated with this theft,’ Lord wrote in a post announcing the hack.

‘The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers,’ Lord added.

Yahoo was alerted to the massive breach by law enforcement and has examined the data with the help of outside forensic experts. The data does not appear to include payment details or plaintext passwords, but it’s still bad news for Yahoo account holders. The hashing algorithm MD5 is no longer considered secure and MD5 hashes can easily be looked up online to discover the passwords they hide.

Yahoo says it is notifying the account holders affected in the breach. Affected users will be required to change their passwords.

Yahoo also announced today that its proprietary code had been accessed by a hacker, who used the code to forge cookies that could be used to access accounts without a password. ‘The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies,’ Lord said, adding that he believed the attack was launched by a state-sponsored actor.

Today’s revelations add to Yahoo’s long string of security problems. Yahoo employees reportedly knew of the intrusion that led to the theft of data from 500 million users as early as 2014, but the company did not announce the breach until this September. What Yahoo executives knew about the breach, and when they knew it, have been crucial questions in Verizon’s ongoing acquisition of Yahoo. Yahoo did not disclose the first breach until several months after the deal was announced.”

“What can users do to protect their account?

  • Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;
  • Review all of your accounts for suspicious activity;
  • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
  • Avoid clicking on links or downloading attachments from suspicious emails; and
  • Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.”

Sources: https://techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/

https://yahoo.tumblr.com/post/154479236569/important-security-information-for-yahoo-users