The Global Office of Information Security aims to keep the NYU community updated with important information about cybersecurity threats. Please see below for current security news and alerts.

NYU IT Security News and Alerts

  • Android Users – Confirm You Don’t Have Malicious Apps on Your Device

    Google recently removed a slew of malicious apps from their app store, Google Play. These apps, which have been downloaded 10 million+ times, present themselves as image editing tools, virtual keyboards, wallpaper changers, and more. They function as trojans which fulfill their stated functions, but also have malicious hidden functions,

  • Student Loan Debt Relief Scams

    With the Federal Student Loan Program reprieve set to expire on August 31st, the Tech Transparency Project, which is a research arm of the Non-Profit Campaign for Accountability, reviewed top Google searches related to student debt, including “student loan forgiveness” and ”cancel student debt” and found that 29 out of

  • Amazon Prime Day 2022

      Beware of scams related to Amazon Prime Days, which fall on July 12th and 13th this year. Cybercriminals will be using a variety of social engineering tactics to exploit shoppers. You may receive spoofed phishing messages, SMS text messages, and phone calls during/around this time. Scammers are seeking Amazon

  • BlackCat Ransomware

    Written in the modern programming language Rust, in which intrusions may be more difficult to detect, BlackCat ransomware as service (RasS) emerged in November of 2021. RaaS refers to a cyber criminal network of ransomware access brokers, operators and affiliates. Perpetrators of BlackCat have engaged in “double extortion”, in which

  • Critical Security Patches for Apple Devices, Update Now!

    Updates are now available for all currently supported versions of Mac OS (Monterey, Big Sur & Catalina), as well as iPhones, iPads, Apple TVs, and Apple Watches. Users are encouraged to update asap.  Some of the notable fixes include:   An RCE (Remote Code Execution) vulnerability which could lead to device

  • Google Provides Expanded Options for Removing PII From Searches

    As a supplement to existing policies re PII (personally identifiable information), Google has expanded the types of data that users can request Google to remove from searches. Specifically, you can now request the removal of:  Personal contact information, such as phone number, email or physical addresses  Any additional information which

  • Google Patches Another Chrome Zero-Day; Update Now

    For  the third time this year, Google has released a Chrome update to patch a zero-day vulnerability, which is being actively exploited. It has a high severity rating, and has been dubbed Type Confusion in V8, and is being tracked as CVE-2022-1364. The exploit occurs in the JavaScript and WebAssembly

  • Microsoft Patches Over 100 Vulnerabilities Including 2 Zero-Days

    More than 100 vulnerabilities were patched by Microsoft on “Patch Tuesday”, which falls on the second Tuesday of each month. Two of the patched vulnerabilities were zero-days, which means they’re being actively exploited. The patched zero-days  are tracked as CVE-2022-26904, which is a Windows user profile elevation of privileges (EoP)

See more cybersecurity news on the NYU IT Security News and Alerts feed.

About Cybersecurity Awareness and Outreach