USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.
Brad Smith argues that the Russia-Ukraine war marks significant shift in way warfare is conducted
The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive over two new vulnerabilities in VMware products. According to the advisory, threat actors are likely to exploit CVE-2022-22972 and CVE-2022-22973 in several products including VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, much like they did in relation to CVE 2022-22954 and CVE 2022-22960 in April. CISA has urged organizations to take swift action to mitigate the risks associated with the vulnerabilities.
Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.
According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. This means attackers need to gain access to a low-privileged account first and this can be achieved via compromised credentials, phishing or other methods.
Post-quantum cryptography company QuSecure has announced its debut with the launch of a new post-quantum cybersecurity solution, QuProtect. The firm claimed that QuProtect is the industry’s first end-to-end quantum software-based platform designed to protect encrypted communications and data using a quantum secure channel.
The solution addresses present classical attacks and future quantum computing threats for commercial enterprises and government agencies, QuSecure added. The release comes as increasing numbers of solutions providers are coming to market with quantum-resilient offerings built to withstand quantum computing security risks that threaten traditional public key cryptography.
It should be hard for malicious hackers to break into systems, but all too often it isn’t.
Read more in my article on the Tripwire State of Security blog.
A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form.
Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States. They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.
After specifically crawling sites for password leaks in May 2021, the researchers also found 52 websites in which third parties, including the Russian tech giant Yandex, were incidentally collecting password data before submission. The group disclosed their findings to these sites, and all 52 instances have since been resolved.
“If there’s a Submit button on a form, the reasonable expectation is that it does something — that it will submit your data when you click it,” says Güneş Acar, a professor and researcher in Radboud University’s digital security group and one of the leaders of the study. “We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”
Research paper.
Whether you think you might have a virus on your computer or devices, or just want to keep them running smoothly, it’s easy to do a virus scan. How to check for viruses depends on the software and device you have, so we’ll go through everything you need to know to run a scan effectively and keep your computers, phones and tablets in tip-top shape.
First, let’s cover a few of the telltale signs your device might have a virus. Is your computer or device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Or maybe, you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are all examples of signs that you may have a virus, but don’t get too worried yet, because many of these issues can be resolved with a virus scan.
Each antivirus program works a little differently, but in general the software will look for known malware that meets a specific set of characteristics. It may also look for variants of these known threats that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, it removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.
The process of checking for viruses depends on the device type and its operating system. Check out these tips to help you scan your computers, phones and tablets.
If you use Windows 10, go into “Settings” and look for the “Updates & Security” tab. From there you can locate a “Scan Now” button.
Of course, many people have invested in more robust antivirus software that has a high accuracy rate and causes less drain on their system resources, such as McAfee Total Protection. To learn how to run a virus scan using your particular antivirus software, search the software’s help menu or look online for instructions.
Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. There are some free antivirus applications available online, but we recommend investing in trusted software that can protect you from a variety of threats. Downloading free software and free online virus scans can be risky, since cybercriminals know that this is a good way to spread malware.
Whichever program you choose, follow their step-by-step instructions on how to perform a virus scan, either by searching under “help” or looking it up on their website.
Yes, you can get a virus on your phone or tablet, although they are less common than on computers. However, the wider category of mobile malware is on the rise and your device can get infected if you download a risky app, click on an attachment in a text message, visit a dangerous webpage, or connect to another device that has malware on it.
Fortunately, you can protect your devices with mobile security software. It doesn’t usually come installed, so you will have to download an application and follow the instructions.
Because the Android platform is an open operating system, there are a number of antivirus products for Android devices, allowing you to do a virus scan.
Apple devices are little different, because they have a closed operating system that doesn’t allow third parties to see their code. Although Apple has taken other security precautions to reduce malware risks, such as only allowing the installation of apps from Apple’s official app store, these measures aren’t the same as an antivirus program.
For more robust protection on your Apple devices, you can install mobile security software to protect the private data you have stored on your phone or tablet, such as contacts, photos and messages.
If safeguarding all your computers and devices individually sounds overwhelming, you can opt for a comprehensive security product that protects computers, smartphones and tablets from a central control center, making virus prevention a breeze.
New online threats emerge every day, putting our personal information, money and devices at risk. In the first quarter of 2019 alone McAfee detected 504 new threats per minute, as cybercriminals employed new tactics. That’s why it is essential to stay ahead of these threats by using security software that is constantly monitoring and checking for new known threats, while safeguarding all of your sensitive information. Virus scans are an essential part of this process when it comes to identifying and removing dangerous code.
Most antivirus products are regularly scanning your computer or device in the background, so you will only need to start a manual scan if you notice something suspicious, like crashes or excessive pop-ups. You can also program regular scans on your schedule.
Of course, the best protection is to avoid getting infected in the first place. Here are a few smart tips to sidestep viruses and other malware:
Learn how to surf safely so you can avoid risky websites, links and messages. This will go a long way in keeping you virus-free.
Never click on spammy emails or text messages. These include unsolicited advertisements and messages from people or companies you don’t know.
Keep the software on your computers and devices up to date. This way you are protected from known threats, such as viruses and other types of malware.
Invest in comprehensive security software that can protect all of your devices, such as McAfee LiveSafe.
Stay informed on the latest threats, so you know what to look out for. The more you know about the latest scams, the easier they will be to spot and avoid.
The post How To Do A Virus Scan appeared first on McAfee Blog.
Many years ago, Madonna sang about sharing her secrets with us. While the IT version may not be as entertaining as what was discussed in that song, there are still important reasons to understand your corporate encryption secrets and how they are provisioned, managed and deployed. The tools to do this go by various monikers, including SSL/TLS certificate or key management tools, machine identity management, or PKI as a service.
These secrets are found all over the IT map, including those for servers, for applications, to encrypt your email messages, for authenticating to connect with IoT devices, to allow you to make edits to a piece of code, and for user identities to have access to a particular shared resource. For example, these certs are commonly used to encrypt web and database traffic across the internet to protect these applications from man-in-the-middle attacks and other compromises.
