8 Ways to Know If Online Stores Are Safe and Legit

Read Time:5 Minute, 4 Second

The explosion of e-commerce sites has changed how we shop today, providing access to millions of online stores with almost unlimited selections.  

Just as you would take basic precautions in a brick-and-mortar store — perhaps hiding your PIN number while paying and making sure the business is legitimate — you should also practice safe shopping habits online. 

Here are eight ways you can avoid fake websites and other online scams and ensure that you’re dealing with legitimate companies and safe online stores. 

Use the free McAfee WebAdvisor to check for safe sites

One of the best ways to tell if an online store is legit and avoid debit and credit card scams, domain name and subdomain name takeovers, and other problems is with a free and effective download like McAfee WebAdvisor. 

This smart tool helps you surf and shop with confidence, protecting you from malicious sites that can contain:  

Adware: Pop-ups that might be infected with malware 
Spyware: Software downloaded without the user’s consent, perhaps passing on sensitive personal information to advertisers or cybercriminals. 
Viruses: Pieces of code that can copy themselves and typically have a negative effect, such as slowing down your system or destroying data 
Phishing scams: When hackers send duplicitous emails designed to trick people into falling for a scam to reveal financial information, system credentials, or other sensitive data 

McAfee WebAdvisor is a free browser extension that downloads quickly and installs easily, working in the background automatically to protect you from malware and phishing as you surf, search, and enjoy online shopping. 

McAfee WebAdvisor works with Windows 10, 8.1, 8, and 7 (32- and 64-bit) computers and is compatible with these browsers: 

Internet Explorer 10.0 or later 
Microsoft Edge (Chromium-based) 
Microsoft Edge (Windows 10 only; Fall Creators Update required) 
Mozilla Firefox 
Google Chrome 

Here are other ways to make sure you know when you’re dealing with scammers online.  

Check the padlock in the address bar

When checking an e-commerce site’s credentials, start with the address bar. Often, hackers will use URLs that are very close to the real site’s URL but not quite the same. Look for typos or use Google to see if a search takes you to the same page. Also, look for a padlock icon in the address bar. 

Click the padlock and look at the drop-down menu that provides information, such as if the site has a valid certificate like SSL (verifying that the web address belongs to the company), how many cookies are in use, other site settings, and whether your information is safe when sent to this site. 

The protection is pretty good but not perfect since some cybercriminals have been able to replicate these padlocks or take over legitimate sites that have them. 

Verify the website’s trust seal

Trust seals, such as the TrustedSite certification, are stamps created by a certificate authority (CA) to confirm the legitimacy of a site. A trust seal tells visitors that they are on a safe site and the company that displays the mark prioritizes cybersecurity. Click on it, and you should be taken to a webpage that verifies the authenticity of the trust seal. 

Use the Google Transparency Report

Google’s Safe Browsing technology crawls through billions of web addresses every day on the lookout for unsafe websites. The technology discovers thousands daily — often legitimate sites that have been compromised. Warnings for unsafe sites pop up in your browser and on the Google search engine. You can also search specific URLs to see if a site has been compromised.  

Check the company’s social media presence

It’s worth checking a company on social media to see if they appear to have a genuine following and legitimate posts. The Better Business Bureau (BBB) also has suggestions for spotting fake social media accounts, including those on LinkedIn, Facebook, Twitter, and Instagram. You should look for: 

Accounts with poor or no content and stock or recycled images 
Poor engagement with followers 
Lack of transparency about who runs the account 
Phony reviews 
Links to phishing scams and malware 

Review the company’s contact info

Another way to test the legitimacy of an online retail store is to check its contact information. Does it have a physical address, phone number, and email contact? Does the email address on the contact page have the company domain name in it, or is it generic (like a Gmail address)? If you send an email, does it get delivered? 

Analyze the overall look of the website

Check to see if the e-commerce site looks as if it has been professionally produced or whether it has been thrown together with slapdash results. Are there typos, grammar errors, poor-quality images, and a sloppy design? Does it have a poorly worded return policy or no return policy at all?  

All the things that undermine the professional appearance and authenticity of a site should be red flags and convince you that you’re on a scam website 

Verify if there are company reviews

If the online company is a legitimate website (not a scam site) and has been around for a while, there should be authentic third-party reviews from previous customers. Review sites include Google My Business, Amazon, and Yelp. 

If the reviews are uniformly bad, on the other hand, you have another type of problem to confront. 

See how McAfee WebAdvisor can keep you safe while shopping online

Since virtual shopping is fast becoming the new norm, it’s important to guard against cybercriminals that are increasingly targeting retailers and their customers. A great way to shop with confidence is to use McAfee WebAdvisor, which is available as a free download. 

The web browser extension works tirelessly in the background to protect you as you browse and buy. Think of it as a gift to yourself so you can use the internet to its full potential while keeping your information protected. 

The post 8 Ways to Know If Online Stores Are Safe and Legit appeared first on McAfee Blog.

Read More

xen-4.16.0-6.fc36

Read Time:21 Second

FEDORA-2022-fca60937b8

Packages in this update:

xen-4.16.0-6.fc36

Update description:

Racy interactions between dirty vram tracking and paging log dirty
hypercalls [XSA-397, CVE-2022-26356]
race in VT-d domain ID cleanup [XSA-399, CVE-2022-26357]
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues [XSA-400,
CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361]

Read More

What is spear phishing? Examples, tactics, and techniques

Read Time:33 Second

Spear phishing definition

Spear phishing is a targeted email attack purporting to be from a trusted sender.

In spear phishing attacks, attackers often use information gleaned from research to put the recipient at ease. The ultimate aim is to either infect devices with malware by convincing the recipient to click a link or download an attachment, or to trick the recipient into taking some other action that will benefit the attacker, usually handing over information or money.

Spear phishing messages are often crafted with care using pernicious social engineering techniques and are difficult to defend against with mere technical means.

To read this article in full, please click here

Read More

Actions Target Russian Govt. Botnet, Hydra Dark Market

Read Time:4 Minute, 39 Second

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.

FBI officials said Wednesday they disrupted “Cyclops Blink,” a collection of compromised networking devices managed by hackers working with the Russian Federation’s Main Intelligence Directorate (GRU).

A statement from the U.S. Department of Justice (DOJ) says the GRU’s hackers built Cyclops Blink by exploiting previously undocumented security weaknesses in firewalls and routers made by both ASUS and WatchGuard Technologies. The DOJ said it did not seek to disinfect compromised devices; instead, it obtained court orders to remove the Cyclops Blink malware from its “command and control” servers — the hidden machines that allowed the attackers to orchestrate the activities of the botnet.

The FBI and other agencies warned in March that the Cyclops Blink malware was built to replace a threat called “VPNFilter,” an earlier malware platform that targeted vulnerabilities in a number of consumer-grade wireless and wired routers. In May 2018, the FBI executed a similar strategy to dismantle VPNFilter, which had spread to more than a half-million consumer devices.

On April 1, ASUS released updates to fix the security vulnerability in a range of its Wi-Fi routers. Meanwhile, WatchGuard appears to have silently fixed its vulnerability in an update shipped almost a year ago, according to Dan Goodin at Ars Technica.

SANDWORM AND TRITON

Security experts say both VPNFilter and Cyclops Blink are the work of a hacking group known as Sandworm or Voodoo Bear, the same Russian team blamed for disrupting Ukraine’s electricity in 2015.

Sandworm also has been implicated in the “Industroyer” malware attacks on Ukraine’s power grid in December 2016, as well as the 2016 global malware contagion “NotPetya,” which crippled companies worldwide using an exploit believed to have been developed by and then stolen from the U.S. National Security Agency (NSA).

The action against Cyclops Blink came just weeks after the Justice Department unsealed indictments against four Russian men accused of launching cyberattacks on power utilities in the United States and abroad.

One of the indictments named three officers of Russia’s Federal Security Service (FSB) suspected of being members of Berserk Bear, a.k.a. Dragonfly 2.0, a.k.a. Havex, which has been blamed for targeting electrical utilities and other critical infrastructure worldwide and is widely believed to be working at the behest of the Russian government.

The other indictment named Russians affiliated with a skilled hacking group known as “Triton” or “Trisis,” which infected a Saudi oil refinery with destructive malware in 2017, and then attempted to do the same to U.S. energy facilities.

The Justice Department said that in Dragonfly’s first stage between 2012 and 2014, the defendants hacked into computer networks of industrial control systems (ICS) companies and software providers, and then hid malware inside legitimate software updates for such systems.

“After unsuspecting customers downloaded Havex-infected updates, the conspirators would use the malware to, among other things, create backdoors into infected systems and scan victims’ networks for additional ICS/SCADA devices,” the DOJ said. “Through these and other efforts, including spearphishing and “watering hole” attacks, the conspirators installed malware on more than 17,000 unique devices in the United States and abroad, including ICS/SCADA controllers used by power and energy companies.”

In Dragonfly’s second iteration between 2014 and 2017, the hacking group spear-phished more than 3,300 people at more than 500 U.S. and international companies and entities, including U.S. federal agencies like the Nuclear Regulatory Commission.

“In some cases, the spearphishing attacks were successful, including in the compromise of the business network (i.e., involving computers not directly connected to ICS/SCADA equipment) of the Wolf Creek Nuclear Operating Corporation (Wolf Creek) in Burlington, Kansas, which operates a nuclear power plant,” the DOJ’s account continues. “Moreover, after establishing an illegal foothold in a particular network, the conspirators typically used that foothold to penetrate further into the network by obtaining access to other computers and networks at the victim entity.”

HYDRA

Federation Tower, Moscow. Image: Evgeniy Vasilev.

Also this week, German authorities seized the server infrastructure for the Hydra Market, a bustling underground market for illegal narcotics, stolen data and money laundering that’s been operating since 2015. The German Federal Criminal Police Office (BKA) said Hydra had roughly 17 million customers, and over 19,000 vendors, with sales amounting to at least 1.23 billion euros in 2020 alone.

In a statement on the Hydra takedown, the U.S. Department of Treasury said blockchain researchers had determined that approximately 86 percent of the illicit Bitcoin received directly by Russian virtual currency exchanges in 2019 came from Hydra.

Treasury sanctioned a number of cryptocurrency wallets associated with Hydra and with a virtual currency exchange called “Garantex,” which the agency says processed more than $100 million in transactions associated with illicit actors and darknet markets. That amount included roughly $8 million in ransomware proceeds laundered through Hydra on behalf of multiple ransomware groups, including Ryuk and Conti.

“Today’s action against Hydra and Garantex builds upon recent sanctions against virtual currency exchanges SUEX and CHATEX, both of which, like Garantex, operated out of Federation Tower in Moscow, Russia,” the Treasury Department said.

Read More

USN-5370-1: Firefox vulnerabilities

Read Time:38 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, execute script
unexpectedly, obtain sensitive information, conduct spoofing attacks,
or execute arbitrary code. (CVE-2022-1097, CVE-2022-24713, CVE-2022-28281,
CVE-2022-28282, CVE-2022-28284, CVE-2022-28285, CVE-2022-28286,
CVE-2022-28288, CVE-2022-28289)

A security issue was discovered with the sourceMapURL feature of devtools.
An attacker could potentially exploit this to include local files that
should have been inaccessible. (CVE-2022-28283)

It was discovered that selecting text caused Firefox to crash in some
circumstances. An attacker could potentially exploit this to cause a
denial of service. (CVE-2022-28287)

Read More

VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize (VMSA-2022-0011)

Read Time:3 Minute, 10 Second

VMware cautions organizations to patch or mitigate several serious vulnerabilities across multiple products.

Background

On April 6, VMware published an advisory (VMSA-2022-0011) addressing eight vulnerabilities across a number of VMware products:

CVE
Description
CVSSv3

CVE-2022-22954
Server-side Template Injection Remote Code Execution Vulnerability
9.8

CVE-2022-22955
OAuth2 ACS Authentication Bypass Vulnerability
9.8

CVE-2022-22956
OAuth2 ACS Authentication Bypass Vulnerability
9.8

CVE-2022-22957
JDBC Injection Remote Code Execution Vulnerability
9.1

CVE-2022-22958
JDBC Injection Remote Code Execution Vulnerability
9.1

CVE-2022-22959
Cross SIte Request Forgery Vulnerability
8.8

CVE-2022-22960
Local Privilege Escalation Vulnerability
7.8

CVE-2022-22961
Information Disclosure Vulnerability
5.3

Affected products include:

VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager

All eight vulnerabilities were disclosed to VMware by Steven Seeley, a security researcher with Qihoo 360 Vulnerability Research Institute.

Analysis

CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspace ONE Access and Identity Manager. This vulnerability was assigned a CVSSv3 score of 9.8. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager. Successful exploitation could result in remote code execution by exploiting a server-side template injection flaw.

CVE-2022-22955 and CVE-2022-22956 are a pair of authentication bypass vulnerabilities in the OAuth 2.0 Access Control Services (ACS) framework within VMware Workspace ONE. Both of these vulnerabilities were assigned a CVSSv3 score of 9.8. An unauthenticated attacker could send specially crafted requests to vulnerable and exposed OAuth2.0 endpoints in VMware Workspace ONE in order to successfully authenticate to the Workspace ONE instance.

These three vulnerabilities are the only ones patched in this advisory that do not require authentication prior to exploitation. The remaining five do, and as such, have been assigned lower CVSSv3 scores.

Russian state-sponsored actors have targeted VMware Workspace ONE in the past

In December 2020, the National Security Agency revealed that Russian state-sponsored threat actors had exploitedCVE-2020-4006, a command injection flaw in the administrative configurator component across a number of VMware products including Workspace ONE Access, Identity Manager, Cloud Foundation and vRealize Suite Lifecycle Manager.

While the vulnerabilities in VMSA-2022-0011 were addressed as part of a coordinated disclosure, attackers do routinely target legacy vulnerabilities.

Proof of concept

At the time this blog post was published, no proof-of-concept exploits had been shared for any of the vulnerabilities.

Solution

VMware released patches for the vulnerabilities in the following affected products:

Product/Component
Affected Versions

VMware Workspace ONE Access Appliance
21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0

VMware Identity Manager Appliance
3.3.3, 3.3.4, 3.3.5, 3.3.6

VMware vRealize Automation
7.6

VMware urges organizations to take immediate action

As part of an FAQ document for VMSA-2022-0011, VMware has stressed that these vulnerabilities “should be patched or mitigated immediately” and that the “ramifications” are “serious.” If patching these flaws is not feasible, VMware has also shared workaround instructions as a temporary solution, but states that patching is the only way to remove these flaws entirely

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released.

Get more information

VMWare Advisory: VMSA-2022-0011
VMware VMSA-2022-0011 FAQ
Workaround Instructions for VMSA-2022-0011

Join Tenable’s Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Read More

CrowdStrike and Mandiant form strategic partnership to protect organizations against cyber threats

Read Time:25 Second

Cybersecurity vendors CrowdStrike and Mandiant have announced a strategic partnership to help joint customers investigate, remediate and defend against increasingly sophisticated cybersecurity events. In the collaboration, Mandiant will use the CrowdStrike Falcon endpoint protection platform and subscription offerings for its incident response services and proactive consulting engagements, the firms said in a press release. Furthermore, the Mandiant Managed Defense offering intends to include support for customers leveraging the Falcon platform later this year.

To read this article in full, please click here

Read More