Grading system hack causes potentially historic breach of students’ personal data
Daily Archives: March 30, 2022
USN-5356-1: DOSBox vulnerabilities
Alexandre Bartel discovered that DOSBox incorrectly handled
long lines in certain files. An attacker could possibly use
this issue to execute arbitrary code. (CVE-2019-7165)
Alexandre Bartel discovered that DOSBox incorrectly performed
access control over certain directories. An attacker could
possibly use this issue to execute arbitrary code.
(CVE-2019-12594)
[R1] Nessus Versions 8.15.4 and 10.1.2 Fix One Third-Party Vulnerability
Out of caution and in line with best practice, Tenable has opted to upgrade OpenSSL to address the potential impact of the issue. Nessus 8.15.4 and Nessus 10.1.2 update OpenSSL to version 1.1.1n to address the identified vulnerability.
USN-5355-1: zlib vulnerability
Danilo Ramos discovered that zlib incorrectly handled memory when
performing certain deflating operations. An attacker could use this issue
to cause zlib to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Infosecurity Europe Unveils Keynote Speakers for 2022 Event
Day 1 will include a talk from Major General Tom Copinger-Symes CBE, director of strategy and military digitisation with UK Strategic Command
Palo Alto launches cloud-native firewall service for AWS
Palo Alto Networks has launched a new, fully managed “next-generation” firewall (NGFW) service in partnership with Amazon Web Services designed to remove the complexities of securing AWS cloud deployments. The network firewall vendor says its Cloud NGFW for AWS enables organizations to speed up cloud innovation while remaining secure.
Cloud NGFW for AWS shifts security responsibility
In a press release announcing the new service, Palo Alto Networks says it has recognized that its customers need to dedicate time and resources to building applications and running their businesses instead of managing cloud network security infrastructure. Cloud NGFW for AWS therefore shifts operational responsibility for deployment, maintenance, availability, and scale to the security vendor. “A key reason that companies have embraced the cloud is that they want to concentrate on their core competencies and leave other tasks like infrastructure and underlying services to experts like AWS,” says Anand Oswal, senior vice-president, network security at Palo Alto Networks. “As cyberattacks continue to grow in frequency and sophistication, organizations are looking for network security that is as easy to deploy as other native AWS services.”
Stalking with an Apple Watch
The malicious uses of these technologies are scary:
Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s passenger side front car wheel and then used the Watch to track her movements. When police eventually confronted him, he admitted the Watch was his. Now, he’s reportedly being charged with attaching an electronic tracking device to the woman’s vehicle.
A Third of UK Businesses Experience Cyber-Attacks at Least Once a Week
Around two in five businesses experienced breaches or cyber-attacks in the past 12 months
Introducing Personal Data Cleanup
We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer.
Does the cost of a connected life have to be your privacy?
There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.
“Wait. Did you say my data?”
That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge. There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.
Consumers are clamoring for more privacy online
In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.
Free to enjoy privacy online with McAfee’s Personal Data Cleanup
We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works:
Set up
Input your name, date of birth, and home address.
Scan:
We scan this against some of the riskiest data broker sites
Review
Within minutes, we’ll show you where we found your personal info, and what info the sites have.
Remove
You can manually go to each site and request that your data be removed OR upgrade to have McAfee manage the removal process on your behalf.
Ongoing
Your info can reappear as data brokers continually collect data. To ensure ongoing protection, Personal Data Cleanup enables regular scanning so it can be removed.
Start using McAfee’s Personal Data Cleanup right now
Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.
The post Introducing Personal Data Cleanup appeared first on McAfee Blog.
AT&T Cybersecurity earns four Cybersecurity Excellence Awards
Will Eborall, Asst VP, AT&T Cybersecurity and Edge Solutions Product Management, co-authored this blog.
The AT&T Cybersecurity team’s unwavering focus on managing risk while maximizing customer experience earns high marks from security experts and customers alike. The team garnered some well-earned official recognition of the quality of flexible services they run with the announcement that AT&T won the highest distinction Gold Award in four different service categories of the 2022 Cybersecurity Excellence Awards.
The highly competitive Cybersecurity Excellence Awards is an annual competition run by Cybersecurity Insiders that honors individuals and companies that demonstrate excellence, innovation, and leadership in information security. AT&T Cybersecurity was recognized as the top solution in the following categories:
Managed Security Services
Managed Detection and Response (MDR)
Endpoint Detection and Response
Secure Access Service Edge (SASE)
With over 900 entries across the range of Cybersecurity Excellence Awards categories, the competition award selection consisted of a two-part process. Finalists for each category were selected from the broader pool of nominations based on popular votes and comments received from the cybersecurity community, as well as the strength of the written nomination. Once finalists were winnowed down, Cybersecurity Insider’s award judges took a closer look at the finalist nominations’ demonstrated explanations and examples of the leadership, excellence and results in cybersecurity afforded by the service to determine winners.
Judges awarded each of the following four services the highest Gold Award for some of the reasons described below:
AT&T Managed Security Services picked up a gold award for Managed Security Services. Some of the considerations looked at by the judges included:
As one of the largest MSSPs in the world, AT&T Cybersecurity fosters strong relationships with leading security technology providers while incubating emerging innovators to provide best-in-class services
AT&T Managed Security Services delivers services through eight global SOCs
AT&T Cybersecurity delivers accountability with thorough communication and comprehensive reporting to clients along with coordinated responses with defined service level agreements on change requests.
During the pandemic, AT&T Cybersecurity has helped customers persevere through the various disruptions caused by COVID-19 with its managed security services.
AT&T Cybersecurity supported customers of its AT&T DDoS Defense service as well as non-subscribing customers with emergency mitigation services.
AT&T Managed Threat Detection and Response won a gold award for Managed Detection and Response (MDR). The judges picked this service based on factors that included:
AT&T Managed Threat Detection and Response combines technology, intelligence, and 24×7 expertise in a service that can be deployed faster and has a starting price that’s less than the cost to hire a single security analyst.
AT&T’s MDR service is priced by the total number of events that are analyzed, so customers don’t have to worry about limitations by assets, environments, or number of employees in their organization.
AT&T Managed Threat Detection and Response is delivered through a unified platform that offers threat intelligence updates from AT&T Alient Labs, native cloud monitoring capabilities for IaaS and SaaS environments, service transparency into SOC operations, and built-in orchestration and automation through a single pane of glass.
NHS Management, a leader in providing consulting and administrative services to individual healthcare facilities and companies gained visibility into emerging threats it didn’t have before through AT&T’s MDR service.
AT&T Managed Endpoint Security earned a gold award for Endpoint Detection and Response. The following were a few of the points that swayed judges in this category:
AT&T Managed Endpoint Security offers users top tier security features the include tamper protection and patented AI algorithms that live on devices, automatic mapping and tracking of all endpoint activity, and IoT discovery and control.
The service offers platform integrations with AT&T Alien Labs Threat Intelligence and AT&T Alien Labs Open Threat Exchange (OTX) for better context about the endpoint threat environment
Through the AT&T Managed Endpoint Security alliance with SentinelOne, customers receive 24×7 threat monitoring and management by AT&T Security Operations Center (SOC) analysts for greater network visibility and faster endpoint threat detection.
AT&T Managed Endpoint Security provides comprehensive endpoint protection against ransomware and other cyberattacks through a unique rollback to safe state feature while also detecting highly advanced threats within an enterprise network or cloud environment.
AT&T SASE won a gold award for Secure Access Service Edge. The judges considered a number of factors, including:
AT&T was the first provider to offer a global managed SASE solution at scale, and most recently, AT&T expanded its SASE portfolio to include a new offering, AT&T SASE with Cisco.
With AT&T SASE’s combined networking and security technology and service expertise, the solutions offer a future-ready, unified solution through a single provider.
With AT&T SASE, businesses can control access for any device, connecting from any network. This enables the dynamic needs of today’s distributed workforce to deliver security-driven networking at every edge.
Winning even one cybersecurity solution award is a great distinction, but when a company is able to deliver four different award-winning offerings, we believe that’s a testament to its ability to put together an expert team that listens to the needs of its customers. AT&T Cybersecurity is proud of its results in the Cybersecurity Excellence Awards, as everyone here believes that they stand as a testament to the networking and security expertise that our customers have come to count on. Our crack team of security analysts is constantly researching the threat environment to continually defend customer environments. To learn more about some of the trends in the past year that they’ve helped organizations contend with, check out the 2022 AT&T Cybersecurity Insights Report.