Computer Security News Archive

An issue has been identified in the Symantec Endpoint Protection (SEP11) product line, whereby all types of virus and proactive threat protection definitions appear to date from December 31, 2009, 11:59pm. As a result, Windows XP, Vista, and 7 Security Centers may report that the definitions are out of date.

Clients running SEP11 are still protected, and Symantec will continue to release updated definitions as normal. However, for the time being, SEP definitions will display a date of December 31, 2009, with increasing revision numbers. The current revision number as of this writing is "r117."

Symantec is working on a solution and will update customers when a solution becomes available. Please check back on this site for the latest information.

Continue reading "Symantec misreporting virus definitions date (U: 1/28)" »

Posted by Christopher Penido at 05:05 PM | Permalink

There are reports of phone scammers targeting NYU, wherein a bogus "copy toner" supply company claims that they need to send the department an invoice for unpaid charges. The caller may ask the model of the department's copier so that they can 'update their records.' Moreover, their phone numbers come in as private.

This phone scam is particularly disconcerting because the caller often refers to other legitimate employees in the same department, to bolster the validity of the ruse. Oftentimes, the scammer is preying on reaching a temp, or someone new who will give up a name to the scammer so they can send an invoice or, even better, agree to a shipment. After the acceptance of one invoice, the scammer may begin to send more bogus invoices, some stamped "past due". They may even send a fake collection agency after your department, to convince them to pay.

There are few key tips you can follow to defend against these types of phone scams:

Continue reading "NYU targeted by "Toner Phoner" scam" »

Posted by Christopher Penido at 11:56 AM | Permalink

Reports from several news sites indicate that Mac OS X "Snow Leopard", is shipping with an outdated and vulnerable version of Adobe Flash. This outdated version may leave your Mac vulnerable to web-based attacks targeting the Flash player.

Continue reading "Snow Leopard shipping with vulnerable Adobe Flash" »

Posted by Christopher Penido at 03:04 PM | Permalink

According to several security websites, upgrading to Apple's newest operating system, Leopard OS X 10.5, shuts off some basic security controls. Namely, it appears that upon installation, the default firewall rule in Leopard is "Accept all incoming connections".

This setting is highly risk since it exposes the computer to a possible network-based attack. It is recommended that the firewall rules are reviewed on all Macintoshes with Leopard installed. The firewall should be set to a more restrictive setting such as "Block all incoming connections" or "Only allow connections to these applications / services"

To do so in Leopard, go to System Preferences > Security > Firewall, change the setting to either of the aforementioned, and then save all changes.

Posted by Christopher Penido at 01:25 PM | Permalink

There have been several reports of NYU members receiving suspicious email stating that a supposed "hit man", i.e. assassin, was being paid by a 3rd-party to 'terminate' the email recipient. The message also states that the assassin wishes to bargain with the victim by asking for monetary compensation to avoid being killed. Moreover, it goes on to instruct the recipient not contact any law enforcement agency, lest they wish for the issue to escalate

Continue reading "Beware "Hit Man" Scam Email" »

Posted by Christopher Penido at 10:57 AM | Permalink

There have been recent reports of NYU members receiving suspicious phishing emails that purport to be from the Internal Revenue Service. The IRS does not send out unsolicited e-mails or ask for detailed personal and financial information. Additionally, the IRS never asks people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.

Phishing (as in "fishing for information" and "hooking" victims) is a scam where Internet fraudsters send e-mail messages to trick unsuspecting victims into revealing personal and financial information that can be used to steal the victims' identity. Current scams include phony e-mails which claim to come from the IRS and which lure the victims into the scam by telling them that they are due a tax refund.

An example of the phishing message appears as the following:

Continue reading "IRS Email Phishing Scam" »

Posted by Christopher Penido at 04:49 PM | Permalink