At least four different smartphones affected: ‘P48pro’, ‘radmi note 8’, ‘Note30u’ and ‘Mate40’
Daily Archives: August 23, 2022
5 Ways to Reset Your Family’s Digital Habits this Summer
Ahhhh. Can you feel it? Summer is so close. Everything feels a little more buoyant, a little brighter. We’re in the home stretch of social distancing, a sense of normalcy is returning, and there’s a collective energy that’s ready to throw the screen door open, run outside, and pounce on summer.
There’s no doubt you’ve established great digital ground rules that worked well during quarantine. However, as we begin the mental trek toward some degree of our former life, summer may be the perfect window to think about a digital reset.
A reset is simply taking a moment to pause, assess, and adjust where it makes sense. Consider what digital expectations and ground rules you established during the pandemic, what worked for your family, and what needs to be phased out before the new school year approaches.
Where we’ve been
We know that during quarantine (and even after), kids’ screen time doubled for several reasons, including learning from home, needing to connect with friends online more, and boredom. During the pandemic, we also knew that helping kids manage the ongoing stress of homebound life was crucial for helping them maintain digital, emotional, and physical health. All of these factors impacted our digital routines and expectations.
Where we’re going
Summer routines will look different for every family. Some students are attending school on site throughout the summer as many districts strive to bridge 2020 learning losses. Other students will enjoy a traditional summer break before starting back to school in a few months.
Whichever way your family’s summer routine rolls out, here are a few small shifts you can begin making today that will slowly help you re-establish smart digital habits.
5 ways to reset your digital habits
1. Pause, assess, adjust. Stop to evaluate the role technology has grown to occupy in your home over the past year. Assess your family’s screen time and device habits that shifted or grew. Where do you need to help your kids slowly pull back? How many hours a day do the kids play video games? How much TikTok or YouTube scrolling is going on? Are the TV binges out of control? Is there still a phone curfew in place, or have kids started taking their phones to bed?
2. Give parental controls a go. If you gave your kids a little more device freedom during the pandemic and put the idea of parental controls on hold, summer is a great time to give this option a go. Test monitoring features, content filters, and make adjustments that fit your family’s needs. If your goal for your kids is less device time and more outside time this summer, parental controls include screen limits to help you reset any poor habits that have set in.
3. Safety and Privacy revamp. During summer especially, take time to understand the friends your kids connect with online – new friend groups can form over the summer. Review privacy and location settings on apps. Teens often leave their location on for one another so they can find things to do. This practice isn’t always a good idea since location-based apps can open your family up to risks.
4. Screen-free zones. Another wise habit that may have gone by the wayside is creating screen-free zones such as the dinner table, the bedroom, restaurants, and family trips. Setting a tech curfew is also a great way to help kids get into consistent sleep patterns. These few steps can add hours of family time to your day and give kids a much-needed device break. If you are going on vacation, creating screen-free zones on your trip will ensure you are fully engaged and don’t miss out on the experience.
5. Get a plan. The summer has a way of flying by, especially if kids end up playing video games, watching YouTube videos, or chatting on social media all day. Get in front of that temptation with a plan. Collaborate on a wish list of things every family member would like to do over the summer. Maybe it’s canoeing, a trip somewhere fun, a family project, volunteering, or a new hobby that taps into their creativity.
As you ease back into new habits, remember to share your reasoning for the reset. Handing down digital edicts rarely sticks, but when kids understand the mental and physical benefits of balancing their technology, they will be more likely to get on board with the change.
The post 5 Ways to Reset Your Family’s Digital Habits this Summer appeared first on McAfee Blog.
New IT/OT Features Help Tenable Customers Increase Visibility, Security and Control
Tenable.ot v3.14 product features increase coverage of segmented networks and give broader visibility across your operational technology (OT) environment.
Now more than ever, it is essential for organizations to understand their cybersecurity baseline. From malicious outsiders and insiders to new vulnerabilities affecting multiple vendors — without effective visibility into your IT network you can’t make the best business decisions.
Today, we’re introducing new features in Tenable.ot to give customers the ability to better tailor the tool to their specific security needs, make it easier to report out to non-technical stakeholders and give deeper coverage of segmented or isolated assets.Tenable.ot is a leader in Industrial Control Systems (ICS) security for the modern industrial enterprise giving your organization the ability to identify your assets, communicate risk and prioritize action all while enabling IT and OT teams to work better together.
Four new capabilities in Tenable.ot
1. Deeper coverage of segmented assets — In securing an OT environment, it’s critical to segment networks and separate mission-critical assets from less critical assets, much like traditional air gaps. However, network segmentation introduces limitations. Oftentimes, the workaround is to throw in multiple passive scanning appliances to map traffic across the segments in the network, and the result is still an incomplete picture of the assets in your network. With new Active Sensors from Tenable.ot, you can query devices that are otherwise invisible to passive scanners — even if they are in a separate, isolated or non-routable network. Doing so gives you complete visibility into your entire environment without sacrificing security or disrupting the functionality of your assets.
2. New sensor management capabilities — With new sensor management capabilities, you have better control and the context you need to make the best security decisions for your business. This increases your detection capabilities and makes it easier to disrupt potential attack paths before threat actors leverage them. You can even deploy sensors on virtual machines and manage them through a single interface. Our patented active query technology is now more flexible for customers who have implemented a zero-trust initiative or introduced additional segmentation. So, wherever you are in securing your environment, Tenable will meet you there.
3. Consolidated global dashboard reporting — When executives ask, “How secure are we?” they don’t want 100-page reports with technical jargon. They need information that is simple to understand and easy to communicate to the rest of the business. Enhanced global dashboard reporting helps security teams quickly gather telemetry from across the OT environment. User-configurable widgets make it easy to group assets by type, events, policies and risk scores. Security teams can efficiently identify high-risk assets and communicate risk effectively so executives can make informed decisions on business initiatives.
4. In-product signature and detection feed — With the new signature and detection feed, you can leverage our comprehensive research organization to make sure you’re running the latest and greatest plugins. This gives you the ability to detect the latest vulnerabilities, and perform tactical assessments for vulnerabilities or misconfigurations. Instead of waiting for threats and attacks to happen, take proactive steps to find those weaknesses before they show up on your network.
In addition to these new features and capabilities, Tenable.ot is constantly expanding its supported protocols and systems set based on customer needs.
Schedule your free consultation and demo
If you’re not already a Tenable customer, please schedule a free consultation and demo to discuss how we can help you improve your security program and results.
For more information about Tenable.ot, visit www.tenable.com/products/tenable-ot or join us for a Tenable.ot Customer Update webinar
Learn more
Visit the Tenable.ot Product Page
Attend the Tenable.ot Customer Update Webinar, click to register
Signal Phone Numbers Exposed in Twilio Hack
Twilio was hacked earlier this month, and the phone numbers of 1,900 Signal users were exposed:
Here’s what our users need to know:
All users can rest assured that their message history, contact lists, profile information, whom they’d blocked, and other personal data remain private and secure and were not affected.
For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal. This attack has since been shut down by Twilio. 1,900 users is a very small percentage of Signal’s total users, meaning that most were not affected.
We are notifying these 1,900 users directly, and prompting them to re-register Signal on their devices.
If you were not notified, don’t worry about it. But it does bring up the old question: Why does Signal require a phone number to use? It doesn’t have to be that way.
Establishing a mobile device vulnerability management program
The introduction of mobile devices has rapidly changed the world as we know it, as these small gadgets that are intended to fit into the palm of our hands rapidly gained dominance over our day-to-day activities. Thanks to these portable devices, we now have access to an abundance of information available to us on demand with minimal effort.
Mobile devices have become so powerful that your cellphone contains significant data about you as individual through your data storage, communication activities (social media, e-mail, text messages, audio calls), built-in health and fitness trackers, having access to financial accounts through NFC (near-field-communication) technology payment cards, GPS functionality. All this information that was once considered “personal data” is now contained on these portable devices that are more susceptible to physical theft, man-in-the-middle attacks when connected to unsecure wireless and cellular networks, as well as potential exploitation of vulnerabilities that are typically present on a mobile device operating system.
The periodic release of security updates for mobile devices is an attestation to the fact that the operating system software that runs on your mobile devices are never 100% secure. Data that is stored and processed by mobile devices are at high risk of potential breaches, and therefore business organizations are not factored out of this threat.
Businesses across a wide array of industry verticals are shifting their technological landscape to adapt to a portable ecosystem, by introducing mobile devices. While the presence of mobile devices in a business environment grows, these devices are not being effectively secured through appropriate patch update cycles, and that unauthorized users may also be accessing these company-owned devices.
These mobile devices typically have access to substantial amounts of information and may also literally serve as the “keys to the kingdom” through serving as Multi-Factor Authentication (MFA) tokens to business information systems. An organization may have invested countless hours and resources to secure information technology infrastructure, but all that effort is now simply undermined by the fact that data is longer static within the confines of your organizations firewall perimeter.
Your data is now always on the move with your employees’ mobile devices. As a result, the need for an effective mobile device vulnerability management program is more imperative than ever, in order to consistently identify, track and remediate vulnerabilities, as a way to prevent the exploitation of vulnerabilities that may allow malicious users to gain access to your resources.
Mobile devices are not traditionally given a first thought when establishing a formal vulnerability management program. The devices that are typically given first thought include but are not limited to workstations, servers, networking appliances, web applications.
However, new threatening vulnerabilities are discovered and published daily in various vulnerability databases, and many of these discoveries specifically impact mobile devices. Mobile devices must not be overlooked when establishing your vulnerability program. A vulnerability scan can typically discover hundreds of vulnerabilities on your mobile devices, but all it takes to hand over the keys to your kingdom to a malicious actor is the exploitation of one of those vulnerabilities.
Organizations invest a significant amount of resources to secure their IT infrastructure, however these mobile devices now serve as an entry-point directly into the environment, providing access to potentially petabytes of your data. Despite these security concerns in mind, mobile device vulnerability management unfortunately remains an afterthought.
Without a formal vulnerability assessment for mobile devices, undetected vulnerabilities on these devices have the potential to expose your organization to various threats. If vulnerabilities are not actively discovered amongst your mobile devices, these overlooked vulnerabilities will remain dormant within your network, and will not go away on their own. Formal vulnerability management for mobile devices is integral for identifying, mitigating, transferring, and accepting risks identified by the organization.
Leading vulnerability management platforms in the Cybersecurity space can be deployed into most environments with ease. On most mobile devices, all that is needed is a device-based agent (mobile application) to be downloaded and installed from the mobile App Store, and the completion of a one-time enrollment process.
Vulnerability management for mobile devices will provide you with control over your portable devices:
Use industry recognized vulnerability scanning solutions to help you identify and inventory your mobile devices, as well as the data that is stored on them
Provide active vulnerability detection and misconfiguration identification, as well as consolidating software update/patching information
Deploy patches/software updates efficiently
Normalize mobile device data across a wide range of device types/operating systems
Block mobile devices from connecting to unknown wireless networks
Trigger actions on your mobile devices remotely such as locking a user screen, resetting devices, and forcing software updates/removals
An organization should safeguard its mobile devices and have a fundamental understanding of the mobile device assets in use across the enterprise, which can be provided through the inventory and discovery capabilities of current vulnerability scanning solutions. For an organization that may have an extensive inventory of mobile devices, a vulnerability management tool will enable the ability to automate and simplify fundamental tasks involved in securing these devices.
A vulnerability management tool will also identify and provide recommendations on how to mitigate vulnerabilities. In a formal vulnerability management program, organizations should establish documented policies, procedures and standards that define intervals for mobile device vulnerability scanning frequency. Our recommendation is for organizations to perform ongoing scans as frequent as possible, as new vulnerabilities are ongoingly discovered and published and as a result, security patches are available out by mobile device operating system manufacturers.
As the advancement of modern technologies continues to take place at a rapid rate, the capabilities of mobile devices and scope of collected information by these devices will also expand, which will only increase the risk exposure of sensitive data to potential threats.
It is essential that business organizations proactively establish and continuously build upon their formal mobile device vulnerability management programs before a breach occurs, as monetary loss as well as damage to brand reputation from such an incident is challenging to recover from. Establishing a formal security program for mobile devices in your organization’s technology landscape will ultimately protect your employees, customers, and overall business.
Check out AT&T Cybersecurity’s managed vulnerability services with consulting experience to help you establish your program.
Media Firms Twice as Vulnerable as Cross-Sector Average
Configuration Errors to Blame for 80% of Ransomware
What is the cost of a data breach?
The cost of a data breach is not easy to define, but as more organizations fall victim to attacks and exposures, the potential financial repercussions are becoming clearer. For modern businesses of all shapes and sizes, the monetary impact of suffering a data breach is substantial. IBM’s latest Cost of a Data Breach report discovered that, in 2022, the average cost of a data breach globally reached an all-time high of $4.35 million. This figure represents a 2.6% increase from the previous year and a 12.7% rise from 2020.
Factors such as incident type and severity, regulatory standards, company size, sector, and region can significantly affect how much a data breach could costs a business, but all organizations must carefully assess and prepare for the monetary hits that could be just around the corner should they fall victim. Some are potentially far more damaging (and less obvious) than others.
FBI: Beware Residential IPs Hiding Credential Stuffing
ZDI-22-1155: (Pwn2Own) Softing Secure Integration Server Cleartext Transmission of Sensitive Information Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Softing Secure Integration Server. User interaction is required to exploit this vulnerability.