6 top vulnerability management tools and how they help prioritize threats

Read Time:41 Second

Not only has vulnerability management changed considerably over the years, but so have the systems on which enterprise security teams must identify and patch. Today there are systems on-premises, IoT devices, public and private clouds, and substantially more custom applications. No more do vulnerability management systems just focus on networks and private hosted applications. Today, they must be able to assess all of these systems and identify the vulnerabilities and help enterprise security teams make better remediation decisions.

For vulnerabilities to be dangerous, they have to be exploitable. A vulnerability on a system that can’t be exploited isn’t much of a danger. Knowing what is truly dangerous is essential so enterprises can plan what to fix immediately and what can be patched or mitigated later.

To read this article in full, please click here

Read More

A Guide to Finding Out If Your Information Is on the Dark Web

Read Time:6 Minute, 23 Second

It’s difficult to imagine what life was like before the internet. We log in daily to pay bills, shop, watch movies, and check out what friends and family are up to on social media. While the internet has made life easier, we may not consider how our online activities can make personal information — such as our Social Security numbers (SSNs) or bank account and credit card numbers — vulnerable to cybercriminals on the dark web 

Fortunately, you can find out if your information is on the dark web and keep tabs on your sensitive information with extensive dark web monitoring, offered through McAfee’s Identity Protection services 

This article explains what the dark web is, how to find out if personal details have reached the dark web, and how to protect your sensitive information 

What is the dark web?

Unlike the surface web we use for things like shopping and online banking, the dark web is part of the internet that’s not indexed by search engines. It can only be accessed with special web browsers. A few widely known networks include Tor, I2P, and Riffle.  

Cybercriminals can browse, sell, or trade on dark websites with confidence and complete anonymity. Because of its highly layered encryption system, hackers can communicate without giving away their location, IP address, or identity.  

How does data end up on the dark web?

Data can end up on the dark web in several ways, including through data breaches, using public Wi-Fi, visiting a nonsecure website, and leaving an offline paper trail.  

A cybercriminal may hack into company databases and take personal data, such as email account addresses, passwords, and phone numbers. And while we all love to work at our favorite coffee shop, using an unsecured Wi-Fi network can leave our personal information in public view.  

That’s why using a virtual private network (VPN) like McAfee Secure VPN, which comes with bank-grade encryption to scramble your data, can be a good idea. You’ll also only want to visit encrypted webpages when browsing online — keep an eye out for URLs beginning with HTTPS rather than HTTP. The “S” means added security for you. Lastly, shred paper containing your personal information or lock it away until you can.  

How to find out if your information is on the dark web 

With identity monitoring through McAfee Identity Protection, you’ll receive notifications if we find your personal information on the dark web. Our extensive monitoring service keeps tabs on up to 60 unique types of personal data and can notify you up to 10 months sooner than similar services. Plus, you get peace of mind with up to $1 million of ID theft coverage and hands-on restoration support to help reclaim your identity after identity theft 

Can you remove your information from the dark web?

While you can’t remove your information once it’s on the dark web, there are plenty of steps you can take to help protect yourself and prevent your data from falling into the wrong hands. You can: 

Notify the credit bureaus: The three major credit bureaus (Experian, Equifax, and TransUnion) offer options to prevent fraudulent credit requests. If you’re looking to protect your credit data, request an option like two-factor authentication on all credit pulls when notifying the bureaus of your concern. 
Change your account passwords: Keeping your password secure is crucial to the safety of your online data when it comes to things like online banking and email accounts. Stay away from personal names, dates, or obvious preferences when creating or updating your passwords and use a password manager like McAfee True Key, which auto-saves and enters your passwords.  
Review your credit report: Staying up to date with the changes reflected on your credit report can help you identify suspicious activity or fraud alerts. Unexpected drops in your credit can be a sign of potential illegal activity. 
Track credit card statement charges: Credit cards are a large target for hackers looking to commit a cybercrime. Thankfully, there are ways to keep your credit card data secure, starting with regular reviews of your statements to ensure no unexpected charges or usage.  
Scan your online devices for viruses: Keeping your device free of viruses can help prevent hackers from taking your information in the first place. Start by downloading antivirus software, like what’s included in McAfee Total Protection, to prevent opportunities for viruses to infect your device or collect your secure data.  

6 tips to prevent your data from getting on the dark web

No one wants their information to end up on the dark web. Fortunately, you can do a few things to minimize your risk of exposure. Here are some tips you can use to keep your data safe.  

Secure your data with identity protection software from McAfee

Identity protection software from McAfee can help keep your information out of the hands of cybercriminals. Some features of McAfee identity protection include expert security support, award-winning antivirus protection, a password manager, and firewall protection. Choose the plan that works best for you and keep tabs on your personal information.  

Sign up for two-factor authentication on your devices

This extra layer of security double-checks your identity when signing into an online account. You enter your password as usual and a unique six-digit, one-time code is sent to a trusted device via text. This added step can help improve the security of your personal information.  

Use a unique password for each account

When creating or updating your account passwords, make sure to choose ones that are difficult to guess. Avoid using a pet’s name, your name, or other personal information that others can guess. It goes without saying, but don’t share any of your passwords. 

Consider what you share on social media

Shared content can tell a lot about someone. Have you ever shared the make and model of your first car, your favorite movie or band, or your high school graduation year? This information helps unsavory characters figure out online passwords and security questions. 

Change permission settings for app 

There are a lot of cool apps out there, and many are harmless. However, some may request access to your location, photos, contact list, and even microphone. Certain apps, especially those filled with malware, can then collect your data and share it with others. Fortunately, Android devices and Apple iPhones allow you to change your permission settings for apps. 

Use caution with suspicious emails

With so many emails arriving in our inboxes, we may not always pay close attention to what we’re opening. However, scammers may use phishing emails in an attempt to access your personal information. Sometimes, these emails are obvious, but they can also look legit and appear as a trusted company, such as your bank or credit card company. If something seems amiss, such as a billing error or an invoice, log in through the company’s website rather than click links inside the email.  

Discover how McAfee Total Protection keeps you safe online

No one wants their information on the dark web. Thankfully, there are several things you can do to keep your personal information secure, including all-in-one protection from McAfee. 

McAfee Total Protection comes with advanced identity monitoring, which provides faster and broader detection for your identity, plus premium antivirus software, safe browsing, and Secure VPN 

With easy setup and extensive monitoring, you can maintain your digital identity and gain peace of mind.  

The post A Guide to Finding Out If Your Information Is on the Dark Web appeared first on McAfee Blog.

Read More

USN-5462-2: Ruby vulnerability

Read Time:15 Second

USN-5462-1 fixed several vulnerabilities in Ruby. This update provides
the corresponding CVE-2022-28739 update for ruby2.3 on Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that Ruby incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.

Read More

CVE-2020-6220

Read Time:13 Second

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.

Read More