[R1] Nessus Versions 8.15.4 and 10.1.2 Fix One Third-Party Vulnerability

Read Time:24 Second
Nessus leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and an updated version has been made available by the provider.

Out of caution and in line with best practice, Tenable has opted to upgrade OpenSSL to address the potential impact of the issue. Nessus 8.15.4 and Nessus 10.1.2 update OpenSSL to version 1.1.1n to address the identified vulnerability.

Read More

USN-5355-1: zlib vulnerability

Read Time:11 Second

Danilo Ramos discovered that zlib incorrectly handled memory when
performing certain deflating operations. An attacker could use this issue
to cause zlib to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Read More

Palo Alto launches cloud-native firewall service for AWS

Read Time:58 Second

Palo Alto Networks has launched a new, fully managed “next-generation” firewall (NGFW) service in partnership with Amazon Web Services designed to remove the complexities of securing AWS cloud deployments. The network firewall vendor says its Cloud NGFW for AWS enables organizations to speed up cloud innovation while remaining secure.

Cloud NGFW for AWS shifts security responsibility

In a press release announcing the new service, Palo Alto Networks says it has recognized that its customers need to dedicate time and resources to building applications and running their businesses instead of managing cloud network security infrastructure. Cloud NGFW for AWS therefore shifts operational responsibility for deployment, maintenance, availability, and scale to the security vendor. “A key reason that companies have embraced the cloud is that they want to concentrate on their core competencies and leave other tasks like infrastructure and underlying services to experts like AWS,” says Anand Oswal, senior vice-president, network security at Palo Alto Networks. “As cyberattacks continue to grow in frequency and sophistication, organizations are looking for network security that is as easy to deploy as other native AWS services.”

To read this article in full, please click here

Read More

Stalking with an Apple Watch

Read Time:27 Second

The malicious uses of these technologies are scary:

Police reportedly arrived on the scene last week and found the man crouched beside the woman’s passenger side door. According to the police, the man had, at some point, wrapped his Apple Watch across the spokes of the woman’s passenger side front car wheel and then used the Watch to track her movements. When police eventually confronted him, he admitted the Watch was his. Now, he’s reportedly being charged with attaching an electronic tracking device to the woman’s vehicle.

Read More

Introducing Personal Data Cleanup

Read Time:3 Minute, 20 Second

We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer. 

Does the cost of a connected life have to be your privacy?

There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.  

“Wait. Did you say my data?” 

That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge.  There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.  

Consumers are clamoring for more privacy online 

In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.  

Free to enjoy privacy online with McAfee’s Personal Data Cleanup 

We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works: 

Set up 

Input your name, date of birth, and home address. 

Scan:  

We scan this against some of the riskiest data broker sites 

Review 

Within minutes, we’ll show you where we found your personal info, and what info the sites have. 

Remove 

You can manually go to each site and request that your data be removed OR upgrade to have McAfee manage the removal process on your behalf. 

Ongoing 

Your info can reappear as data brokers continually collect data. To ensure ongoing protection, Personal Data Cleanup enables regular scanning so it can be removed. 

Start using McAfee’s Personal Data Cleanup right now 

Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.

The post Introducing Personal Data Cleanup appeared first on McAfee Blog.

Read More

AT&T Cybersecurity earns four Cybersecurity Excellence Awards

Read Time:4 Minute, 59 Second

Will Eborall, Asst VP, AT&T Cybersecurity and Edge Solutions Product Management, co-authored this blog.

The AT&T Cybersecurity team’s unwavering focus on managing risk while maximizing customer experience earns high marks from security experts and customers alike. The team garnered some well-earned official recognition of the quality of flexible services they run with the announcement that AT&T won the highest distinction Gold Award in four different service categories of the 2022 Cybersecurity Excellence Awards.

The highly competitive Cybersecurity Excellence Awards is an annual competition run by Cybersecurity Insiders that honors individuals and companies that demonstrate excellence, innovation, and leadership in information security. AT&T Cybersecurity was recognized as the top solution in the following categories:

Managed Security Services
Managed Detection and Response (MDR)
Endpoint Detection and Response
Secure Access Service Edge (SASE)

With over 900 entries across the range of Cybersecurity Excellence Awards categories, the competition award selection consisted of a two-part process. Finalists for each category were selected from the broader pool of nominations based on popular votes and comments received from the cybersecurity community, as well as the strength of the written nomination. Once finalists were winnowed down, Cybersecurity Insider’s award judges took a closer look at the finalist nominations’ demonstrated explanations and examples of the leadership, excellence and results in cybersecurity afforded by the service to determine winners.

Judges awarded each of the following four services the highest Gold Award for some of the reasons described below:

AT&T Managed Security Services picked up a gold award for Managed Security Services. Some of the considerations looked at by the judges included:

As one of the largest MSSPs in the world, AT&T Cybersecurity fosters strong relationships with leading security technology providers while incubating emerging innovators to provide best-in-class services 
AT&T Managed Security Services delivers services through eight global SOCs
AT&T Cybersecurity delivers accountability with thorough communication and comprehensive reporting to clients along with coordinated responses with defined service level agreements on change requests.
During the pandemic, AT&T Cybersecurity has helped customers persevere through the various disruptions caused by COVID-19 with its managed security services.
AT&T Cybersecurity supported customers of its AT&T DDoS Defense service as well as non-subscribing customers with emergency mitigation services.

AT&T Managed Threat Detection and Response won a gold award for Managed Detection and Response (MDR). The judges picked this service based on factors that included:

AT&T Managed Threat Detection and Response combines technology, intelligence, and 24×7 expertise in a service that can be deployed faster and has a starting price that’s less than the cost to hire a single security analyst.
AT&T’s MDR service is priced by the total number of events that are analyzed, so customers don’t have to worry about limitations by assets, environments, or number of employees in their organization.
AT&T Managed Threat Detection and Response is delivered through a unified platform that offers threat intelligence updates from AT&T Alient Labs, native cloud monitoring capabilities for IaaS and SaaS environments, service transparency into SOC operations, and built-in orchestration and automation through a single pane of glass.
NHS Management, a leader in providing consulting and administrative services to individual healthcare facilities and companies gained visibility into emerging threats it didn’t have before through AT&T’s MDR service.

AT&T Managed Endpoint Security earned a gold award for Endpoint Detection and Response. The following were a few of the points that swayed judges in this category:

AT&T Managed Endpoint Security offers users top tier security features the include tamper protection and patented AI algorithms that live on devices, automatic mapping and tracking of all endpoint activity, and IoT discovery and control.
The service offers platform integrations with AT&T Alien Labs Threat Intelligence and AT&T Alien Labs Open Threat Exchange (OTX) for better context about the endpoint threat environment
Through the AT&T Managed Endpoint Security alliance with SentinelOne, customers receive 24×7 threat monitoring and management by AT&T Security Operations Center (SOC) analysts for greater network visibility and faster endpoint threat detection.
AT&T Managed Endpoint Security provides comprehensive endpoint protection against ransomware and other cyberattacks through a unique rollback to safe state feature while also detecting highly advanced threats within an enterprise network or cloud environment.

AT&T SASE won a gold award for Secure Access Service Edge. The judges considered a number of factors, including:

AT&T was the first provider to offer a global managed SASE solution at scale, and most recently, AT&T expanded its SASE portfolio to include a new offering, AT&T SASE with Cisco.
With AT&T SASE’s combined networking and security technology and service expertise, the solutions offer a future-ready, unified solution through a single provider.
With AT&T SASE, businesses can control access for any device, connecting from any network. This enables the dynamic needs of today’s distributed workforce to deliver security-driven networking at every edge.

Winning even one cybersecurity solution award is a great distinction, but when a company is able to deliver four different award-winning offerings, we believe that’s a testament to its ability to put together an expert team that listens to the needs of its customers. AT&T Cybersecurity is proud of its results in the Cybersecurity Excellence Awards, as everyone here believes that they stand as a testament to the networking and security expertise that our customers have come to count on.  Our crack team of security analysts is constantly researching the threat environment to continually defend customer environments. To learn more about some of the trends in the past year that they’ve helped organizations contend with, check out the 2022 AT&T Cybersecurity Insights Report.

Read More

4 ways attackers target humans to gain network access

Read Time:42 Second

Every day, I see the failure in our technology. I’m sure you see it as well. Since the day we started receiving email, we have failed at protecting recipients from scams, phishes and other email messages that they don’t want. I remember the infamous email-based computer worm, the “ILOVEYOU virus,” that infected fellow IT friends back in 2000.

Those victims should have known better than to click on an email that said ILOVEYOU, but they did and had to clean up afterwards. We hope that our antivirus or endpoint protection software alerts us to problems. In reality, it often does not. When technology fails, it’s likely because the attacker made an end run around it by targeting humans. Here are four ways they do it.

To read this article in full, please click here

Read More