Updated 1/26/2017: While patching continues, especially for the "Spectre" vulnerabilities, we are going to stop updating this page as of 1/26. IT professionals should pay attention to firmware/microcode updates and *test them thoroughly* before considering deployment. Be on the look out for, and continue to apply, patches for web browsers and operating systems.
On January 3, 2018 information about three vulnerabilities in computer processors was made public (...
Consumer credit reporting agency Equifax revealed that they had suffered a cyber attack. This attack resulted in the loss of records for over 140 million people, including social security number and banking information.
What is The Risk?
Cyber criminals can use this information to take control of existing financial accounts, or open new accounts using your personal information. The goal of this is almost always financial, to defraud businesses and individuals of money.
A targeted phishing campaign was discovered yesterday, July 5, which used compromised Harvard email accounts to send messages to others within the Harvard community. The message provides a link to a “shared file” that will require login to access it. The objective of the attacker was to gain access to more Harvard email accounts by recording and using these login credentials. The message comes from individuals known to the recipient, although the content is generic and not expected.
A large number of computers around the world have been infected with the WannaCry Ransomware. It has been seen in over 70 countries and impacted thousands of computers.
What is the risk?
Ransomware encrypts the data on your computer, making it impossible to recover without the key. To get the key, you must pay a ransom. In this case, the attackers are demanding roughly $300 USD. The ransomware works by exploiting a vulnerability in Microsoft Windows, a vulnerability that has been patched...
A large-scale phishing campaign was discovered yesterday, May 3rd. The objective of the attacker was to gain access to the victim’s Google account. The messages appeared to come from addresses known to the recipient.
What Is the Risk?
Within an hour, Google disabled the accounts associated with this attack. The phishing websites associated with the attack have been taken offline. For those users who clicked the link, logged into their Google account, and granted...
A vulnerability has been discovered in Apache Struts2, a framework for providing application services through a web server.
What is the risk?
When successfully exploited, this vulnerability gives a cyber attacker the ability to run commands on the web server running the affected software. Exploiting this vulnerability does not require sophisticated technical skill. Active exploits have been widely detected across the Internet.