fribidi-1.0.11-3.fc37

Read Time:18 Second

FEDORA-2022-ec66fe614d

Packages in this update:

fribidi-1.0.11-3.fc37

Update description:

Automatic update for fribidi-1.0.11-3.fc37.

Changelog

* Fri Apr 1 2022 Akira TAGOH <tagoh@redhat.com> – 1.0.11-3
– Fix security issues, CVE-2022-25308, CVE-2022-25309, CVE-2022-25310.
Resolves: rhbz#2067039, rhbz#2067043, rhbz#2067045

Read More

Bypassing Two-Factor Authentication

Read Time:59 Second

These techniques are not new, but they’re increasingly popular:

…some forms of MFA are stronger than others, and recent events show that these weaker forms aren’t much of a hurdle for some hackers to clear. In the past few months, suspected script kiddies like the Lapsus$ data extortion gang and elite Russian-state threat actors (like Cozy Bear, the group behind the SolarWinds hack) have both successfully defeated the protection.

[…]

Methods include:

Sending a bunch of MFA requests and hoping the target finally accepts one to make the noise stop.
Sending one or two prompts per day. This method often attracts less attention, but “there is still a good chance the target will accept the MFA request.”
Calling the target, pretending to be part of the company, and telling the target they need to send an MFA request as part of a company process.

FIDO2 multi-factor authentication systems are not susceptible to these attacks, because they are tied to a physical computer.

And even though there are attacks against these two-factor systems, they’re much more secure than not having them at all. If nothing else, they block pretty much all automated attacks.

Read More

Ukraine, Conti, and the law of unintended consequences

Read Time:36 Second

The Russian invasion of Ukraine has demonstrated the law of unintended consequences in a most unexpected way.  By publicly backing the invasion, the heretofore most prolific ransomware group in the world inspired a backlash that appears to have temporarily crippled the group’s ability to operate and given unprecedented insight into the world of ransomware operators.

Conti ransomware 101

Advances in cryptography have spawned new types of applications and business models.  Unfortunately, one of them is ransomware.   Combined with cloud computing, you get an especially virulent variety, ransomware-as-a-service (RaaS).  Among the practitioners of this dark art, the most successful in 2021 was Conti, a Russia-based group.

To read this article in full, please click here

Read More

Digital Spring Cleaning: Seven Steps for Faster, Safer Devices

Read Time:6 Minute, 27 Second

Throw open the windows and let in some fresh air. It’s time for spring cleaning.

And that goes for your digital stuff too.

Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and your identity, because when there’s less lying about, there’s less for hackers to scoop up and exploit.

The reality is that we accumulate plenty of digital clutter that needs cleaning up from time to time. Think about it:

Bunches of one-off accounts at online stores we won’t frequent again.
Membership in messages board or forums you no longer drop in on.
Plenty of outdated apps and programs that are still sitting on your devices.
Aging files that are no longer relevant, like spreadsheets and records from years ago.
And photos—oh, photos! We have plenty of those, right?

Seven steps for digital spring cleaning

Together, these things take up space on your devices and, in some cases, can open you up to security hazards. Let’s take a look at how you can clean up in a few steps.

1. Review your accounts and delete the ones you don’t use. Look through your bookmarks, your password manager, or the other places where you store your passwords and usernames. Review the sites and services associated with them critically. If you haven’t used an account in some time, log in one last time, remove all personal info, and deactivate it.

Doing so can keep your email address, usernames, and passwords out of unnecessary circulation. Major breaches like this one happen with unfortunate regularity, and the sad thing is that you may not even be aware that a site you’ve used has been hit. Meanwhile, your name, password, and info associated with that account (such as your credit card) are in the hands of hackers. Limit your exposure. Close those old accounts.

2. Get organized, and safer too, with a password manager. While creating strong, unique passwords for each of our accounts is a must nowadays, it can be quite the feat, given all of the accounts in our lives. Here’s where a password manager comes in. It can create those strong, unique passwords for you. Not only that, but it also stores your passwords on secure servers, away from hackers and thieves.

Along those lines, never store your passwords on your computer or device, like a text document or spreadsheet. Should your device ever get compromised, lost, or stolen, having passwords stored on them are like handing over the keys to your digital life.

3. Clean your PC to improve your performance (and your security). Let’s face it, so many of us are so busy with the day-to-day that cleaning up our computers and laptops is way down the list. However, doing so once a month can keep our devices running stronger for longer and even give you that “new computer feeling,” particularly if you haven’t cleaned it up for some time. Check out or guide for improving PC performance. It’ll walk you through some straightforward steps that can make a marked difference.

Moreover, part of this process should entail bolstering your operating system and apps with the latest updates. Such updates can not only improve speed and functionality, but they also often include security upgrades as well that can make you safer in the long run. If your operating system and apps feature automatic updates, enable them, and they’ll do the work for you.

4. Organize and store your photos. Photos. Now there’s a topic all unto itself. Here’s the thing: Estimates show that worldwide we took somewhere around 1.2 trillion photos in 2018. And you certainly have your share.

However, your photos may be just sitting there, taking up storage space on your computer or phone, instead of becoming something special like an album, greeting cards, a wall hanging, or popping them into a digital picture frame for your kitchen or living room. And this is where a little spring cleaning can be a bit of fun. For tips on cleaning up your photos, backing them up, and making something special with them, check out my earlier blog.

5. Delete old apps and the data associated with them. Let’s say you have a couple of apps on your phone for tracking your walks, runs, and exercise. You’ve since stopped using one altogether. Go ahead and delete the old one. But before you do, go in and delete your account associated with the app to ensure that any data stored off your phone, along with your password and user id are deleted as well.

For your computers and laptops, follow the same procedure, recognizing that they also may have account data stored elsewhere other than on your device.

In short, many apps today store information that’s stored and maintained by the app provider. Make sure you close your accounts so that data and information is taken out of circulation as well.

6. Shred your old files and encrypt the important files you’re holding on to. This bit of advice calls for using comprehensive security software on your devices. In addition to protecting you from viruses, malware, and other cyberattacks on your privacy and identity, it can help you protect your sensitive information as well. Such security software can offer:

File encryption, which renders your most sensitive files into digital gibberish without the encryption key to translate them back.
A digital file shredder that permanently deletes old files from your computer (simply dropping them into the desktop trashcan doesn’t do that—those files can be easily recovered).
Identity theft protection, which monitors the dark web for your personal info that might have been leaked online and immediately alerts you if you might be at risk of fraud.

7. Throwing away old computers and tech—dispose of properly. When it comes time to say goodbye to an old friend, whether that’s a computer, laptop, phone, or tablet, do so in a way that’s friendly to the environment and your security.

Consider this … what’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Same thing goes for your tablets and phones. The Federal Trade Commission (FTC) offers some straightforward advice in their article about protecting your data before you get rid of your computer. You don’t want those old tax returns ending up in the trash unprotected.

When it comes time for disposal, you have a few options:

Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner.
Some mobile carriers have turn-in programs that will not only dispose of your tech properly, but they’ll give you a financial incentive too—such as money towards a new device.
Lastly, consider the option of reusing the device. There are opportunities to pass it along to a family member or even donating it as well. Your old tech may be a game-changer for someone else. Again, just be sure to protect that old data!

As with any spring cleaning, you’ll be glad you did it

Enjoying the benefits of your work—that’s what spring cleaning is all about, right? With this little list, you can end up with a digital life that’s safer and faster than before.

The post Digital Spring Cleaning: Seven Steps for Faster, Safer Devices appeared first on McAfee Blog.

Read More

CVE-2021-1950

Read Time:9 Second

Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Read More

CVE-2021-1942

Read Time:12 Second

Improper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Read More