Joseph Yasi discovered that JACK incorrectly handled the closing of a socket
in certain conditions. An attacker could potentially use this issue to
cause a crash.
Daily Archives: October 4, 2022
Aryaka rolls out cloud-based web gateway for SASE-focused WAN offering
Aryaka’s Secure Web Gateway and Firewall-as-a-Service adds cloud-based security services to its Zero Trust WAN platform, as it moves toward providing SASE capabilities for its users.
python-django3-3.2.15-1.fc38
FEDORA-2022-0cba1bd104
Packages in this update:
python-django3-3.2.15-1.fc38
Update description:
Automatic update for python-django3-3.2.15-1.fc38.
Changelog
* Tue Oct 4 2022 Michel Alexandre Salim <salimma@fedoraproject.org> –
3.2.15-1
– Initial python-django3 release
* Sun Oct 2 2022 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-6
– Fork to python-django3, needed by the Mailman stack
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 3.2.9-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 17 2021 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-4
– Drop obsolete python_provide lines
* Wed Dec 15 2021 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-3
– Use build-dependency generator
– Use pyproject macros
* Wed Dec 15 2021 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-2
– Drop old BR on python3-mock
* Wed Nov 24 2021 Karolina Surma <ksurma@redhat.com> – 3.2.9-1
– update to 3.2.9
– unskip fixed tests
– backport fix for building docs with python-sphinx 4.3.0
* Wed Sep 8 2021 Matthias Runge <mrunge@redhat.com> – 3.2.7-1
– update to 3.2.7 (rhbz#1999958)
* Mon Aug 9 2021 Matthias Runge <mrunge@redhat.com> – 3.2.6-1
– update to 3.2.6 (rhbz#1957630)
– skip failing test AssertionError: “Error: invalid choice: ‘test’
(choose from ‘foo’)”(rhbz#1898084)
* Tue Jul 27 2021 Fedora Release Engineering <releng@fedoraproject.org> – 3.2.1-3
– Second attempt – Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint@redhat.com> – 3.2.1-2
– Rebuilt for Python 3.10
* Tue May 4 2021 Matthias Runge <mrunge@redhat.com> – 3.2.1-1
– rebase to 3.2.1, fixes CVE-2021-31542
– rebase to 3.1.8 fixes CVE-2021-28658 (rbhz#1946580)
– rebase to 3.2.1 (rhbz#1917820)
* Fri Mar 5 2021 Matthias Runge <mrunge@redhat.com> – 3.1.7-1
– update to 3.1.7, fix CVE-2021-23336 (rhbz#1931542)
* Thu Feb 4 2021 Matthias Runge <mrunge@redhat.com> – 3.1.6-1
– update to 3.1.6, fix CVE-2021-3281 (rhbz#1923734)
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.5-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 4 2021 Matthias Runge <mrunge@redhat.com> – 3.1.5-1
– update to 3.1.5
* Thu Dec 3 2020 Matthias Runge <mrunge@redhat.com> – 3.1.4-1
– update to 3.1.4 (rhbz#1893635)
How a deepfake Mark Ruffalo scammed half a million dollars from a lonely heart
A 74-year-old Manga artist received an unsolicited Facebook message from somebody claiming to be Incredible Hulk actor Mark Ruffalo.
You can probably guess where this is heading…
What is Doxxing?
Social media has become a part of our everyday lives. Each day millions of people log on to Facebook, Twitter, and other social sites and engage with friends and family. We share our lives more freely and publicly than ever before, and connect with people around the world more easily than our ancestors could have dreamed of.
While many beautiful things come from sharing online, most of us have experienced discord with other internet users while being social online. In some cases, exchanges can become hostile, with the aggrieved party becoming threatening or malicious. Doxxers also target popular online influencers, movie and tv stars, or anyone they don’t agree with, as a way to seek revenge, bully, shame, or intimidate them.
One way someone may attempt to retaliate is to release sensitive personal private information about the person to the broader internet. This kind of online harassment is known as “doxxing.”
This article explains what doxxing is and how to prevent it from happening to you.
What is doxxing?
Doxxing (or “doxing”) is the practice of revealing another individual’s personal information (home address, full name, phone number, place of work, and more) in an online public space without the person’s consent.
The term “doxxing” comes from the hacker world and references the act of “dropping dox” (as in “docs”) with malicious intent to the victim. The severity of the personal data leak may also go beyond phone numbers and addresses to include releasing private photos, Social Security numbers (SSNs), financial details, personal texts, and other more invasive attacks.
What’s an example of doxxing?
One of the first incidents of doxxing took place back in the late 1990s when users of the online forum Usenet circulated a list of suspected neo-Nazis. The list included the suspected individuals’ email accounts, phone numbers, and addresses.
In 2021, rapper Kanye West famously doxxed Drake when he tweeted the star’s home address.
Is doxxing illegal?
While doxxing can hurt people, it’s not necessarily a crime. In some cases, a doxxer finds publicly available information and shares it broadly. Since the data is public record, it’s not illegal to share it. A doxxer might invite others to visit the home or workplace of their target rather than taking a specific action.
That said, it is illegal to hack a device or computer without permission from the owner — even if the information collected is never used. The legality of doxxing must be taken on a case-by-case basis, and law enforcement must build its case based on existing applicable laws.
For example, if the doxxer attempted to apply for a credit card using your private data, they could be prosecuted for fraud or identity theft.
How to protect yourself from doxxing
You can follow a few critical practices to help protect yourself from doxxing. Start by limiting what you share online, using strong passwords, and taking advantage of secure technologies like virtual private networks (VPNs).
Limit the personal information you share online
Limiting the amount of personal information you share online is one of the best ways to protect yourself from doxxing. Avoid oversharing personal details of your life (like your child’s name, pet’s name, or place of work) and maintain the highest possible privacy settings for any social media app or website.
You should also take caution when tagging friends, locations, and photos, as this may give doxxers more access to your data. Check out our Ultimate Guide to Safely Sharing Online to learn more.
Check data broker websites for your information
Data brokers are companies that mine the internet and public records for financial and credit reports, social media accounts, and more. They then sell that data to advertisers, companies, or even individuals who may use it to doxx somebody.
You might be surprised to see the amount of sensitive information available to anyone who wants it with an online search. Data brokers often have contact information, including real names, current and former addresses, birth dates, phone numbers, social media profiles, political affiliations, and other information that most consider private.
While you can remove your private information from many data broker sites, they tend to make the process tedious and frustrating. McAfee® Personal Data Cleanup makes the process much easier. All you have to do is enter your name, date of birth, and home address, and we’ll scan it across high-risk data broker sites. We’ll then help you remove it.
Use strong passwords and keep them secure
Having strong passwords can make you less vulnerable to hackers and doxxers. Keep yourself more secure by following a few simple rules.
Have long and strong passwords (at least eight to 10 characters).
Don’t create passwords that include any words from your social media sites (like pet or child names).
Change your passwords frequently — at least every three months.
Don’t use the same password for multiple online accounts — unique passwords only.
Use random sequences of letters and numbers without identifiable words.
Turn on two-factor or multi-factor authentication (MFA) for critical accounts (Gmail, LinkedIn, Facebook, online banking).
Don’t write down passwords (or keep them in a secure location if you must).
Make password management much easier by using a password manager and generator tool like True Key from McAfee. True Key uses the strongest encryption available to decrypt your existing passwords and can help generate new strong passwords.
Use a virtual private network
When browsing on public Wi-Fi networks like those at airports and coffee shops, your data is at greater risk of being compromised by cybercriminals who may lift sensitive information for personal gain.
A virtual private network (VPN) service (like the one found in McAfee+) gives you an additional layer of protection by hiding your IP address and browsing activities when you’re on an unsecured network.
Protect your device with antivirus protection
Scammers, doxxers, and hackers work hard to get personal information every day. With McAfee Total Protection, you can use the internet with confidence knowing you have the support of award-winning antivirus software to keep you and your family members safe online.
Get real-time threat protection through malware detection, quarantine, and removal, and schedule real-time or on-demand file and application scanning. You’ll also benefit from an advanced firewall for home network security.
Keep your online information secure with McAfee
We all increasingly rely on the internet to manage our lives. As a result, it’s important to address the risks that come with the rewards.
Comprehensive cybersecurity tools like those that come with McAfee+ can help you avoid scams, doxxing attacks, identity theft, phishing, and malware. We can also help keep your sensitive information off the dark web with our Personal Data Cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post What is Doxxing? appeared first on McAfee Blog.
Tenable aims to unify your cybersecurity with exposure management platform
Tenable today announced the general availability of Tenable One, a unified exposure management platform designed to meet the changing needs of the modern cybersecurity professional by offering a holistic view of both on-premises and cloud-based attack surfaces.
The modern cybersecurity attack surface is complex, fast-changing, and involves a panoply of different target systems and users that are all interconnected in a range of ways. Modern cybersecurity measures, on the other hand, are, all too often, architected just as they have been in the past, leading to major challenges in combating threats, according to a white paper Tenable released along with its new product.
Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
What Is Internet Security?
Internet security is a broad term that refers to a wide range of tactics that aim to protect activities conducted over the internet. Implementing internet security measures helps protect users from different online threats like types of malware, phishing attacks, scams, and even unauthorized access by hackers.
In this article, we highlight the importance of internet security in safeguarding your computer network and outline what you can do to have a comprehensive computer security system in place.
Why is internet security so important today?
As the internet expands and becomes an even bigger part of our lives, cyberthreats continue to grow both in scope and sophistication. According to Forbes, data breaches and cyberattacks saw an increase of 15.1% in 2021 compared to the previous year. These security threats come in different forms and vary in terms of complexity and detectability.
Some common online threats people face today include:
Malware: Malicious software is an umbrella term that refers to any program that exploits system vulnerabilities to damage a computer system or network and steal sensitive information from users. Examples of malware include viruses, Trojans, ransomware, spyware, and worms.
Phishing: Phishing is cyberattacks that involve stealing a user’s sensitive data by duping them into opening an email or an instant message and clicking a malicious link. The data that cybercriminals target can range from login credentials to credit card numbers. Phishing attacks are often used for identity theft purposes.
Spam: Spam is a term that describes unwanted email messages sent in bulk to your email inbox. This tactic is generally used to promote goods and services users aren’t interested in. Spam mail can also contain links to malicious websites that automatically install harmful programs that help hackers gain access to your data.
Botnets: This contraction of “robot network” refers to a network of computers that have been infected with malware. The computers are then prompted to perform several automated tasks without permission. Examples of these tasks include sending spam and carrying out denial-of-service (DDoS) attacks.
Wi-Fi threats: Wi-Fi networks can be subject to a wide range of attacks that involve hackers exploiting unprotected connections and breaching data security to obtain sensitive information.
While these internet security threats may seem overwhelming at first glance, safeguarding your computer or mobile devices from them is relatively easy. Below is a detailed look at some security solutions available to you.
Internet security features to keep you safe online
As we stated above, setting up an internet security system is a relatively straightforward process. Here are some basic network security measures you can implement right away.
Antivirus protection
The first step in making sure you have internet security is installing antivirus software. These programs are designed to prevent, search for, detect, and get rid of viruses and other types of malicious software.
Antivirus software can run automatic scans to make sure no network or data breach has occurred and scan specific files or directories for any malicious activity or patterns.
There are plenty of options to choose from when it comes to antivirus software, however, few programs offer the comprehensive level of protection the antivirus software included in McAfee® Total Protection provides to its users.
McAfee’s antivirus software comes with a wide selection of features, including malware detection, quarantine, and removal, different options for scanning files and applications, and an advanced firewall for home network security.
Create strong passwords
While this may sound obvious, it’s important to create strong and unique passwords for all your online accounts and devices. A significant percentage of data breaches occur as a result of simple password guessing.
Some tips to follow when creating a password include:
Never use personal information, such as date of birth.
Don’t reuse passwords.
Avoid sequential numbers or letters.
Combine letters, numbers, and symbols.
Don’t use common words.
It can also be a good idea to use a password manager, as this will help reduce the risk of your passwords getting leaked or lost. McAfee’s password manager, is particularly convenient thanks to its advanced encryption and multi-factor authentication.
Check that your computer firewall is enabled
A firewall is a network security system built into your operating system. It monitors incoming and outgoing network traffic to prevent unauthorized access to your network. For it to be able to identify and block these threats, you’ll want to make sure your firewall is enabled on your device. If you’re unsure if your device comes with a firewall, you can benefit from one included in McAfee Total Protection.
Use multi-factor authentication when possible
Multi-factor authentication (MFA) is an authentication method that requires at least two pieces of evidence before granting access to an app or website. Using this method as much as possible can add another layer of security to your applications and reduce the likelihood of a data breach.
Choose a safe web browser
Your choice of browser is an important part of implementing internet security measures. In fact, web browsers vary widely in terms of the security features that they offer, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a web browser that offers the following security features:
Private session browsing
Pop-up blocking
Privacy features
Anti-phishing filter
Automatic blocking of reported malicious sites
Cross-site script filtering
How can you keep children safe online?
As children grow older, their internet use becomes more extensive. This can also increase their exposure to various security threats. To keep them safe online, educate them about the risks associated with web browsing and introduce them to some of the best practices for avoiding online threats like not sharing passwords.
Explain which information should be shared and which information should be kept private and instruct them to never click on links from unknown sources.
You should also take a more active approach to protect your children by setting parental controls on certain websites. For instance, you can use YouTube’s parental controls to filter any inappropriate content and keep a child-friendly interface.
Internet security tips to know
The following tips can help you stay on the safe side in regard to internet security.
Install antivirus software on all your devices. This is the first step you should take when securing your mobile and computer systems. Internet security software identifies vulnerabilities and can neutralize threats before they become a bigger problem.
Keep your operating system and programs up to date. Neglecting to update your applications and operating systems can leave you exposed to threats as hackers seek to exploit unpatched vulnerabilities.
Use strong passwords. Using strong passwords reduces the risk of a hacker cracking it and gaining access to your system.
Use an ad blocker. Adware pop-ups often trick users into clicking on links that lead to malicious websites. Using an ad-blocker to help prevent this from happening.
Use parental controls. Setting parental controls makes web browsing safer for children and reduces the chances of virus infection.
Only shop on secure websites with “ https://” URLs. The “S” at the end of the HTTP extension stands for “secure” and indicates that the website has a security certificate and is safe for transactions.
Never submit financial information when using public Wi-Fi. Public Wi-Fi hot spots lack security measures and encryption, making them vulnerable to prying eyes. Sharing sensitive information like bank card numbers when connected to one isn’t recommended.
Use multifactor authentication. As we mentioned, MFA adds a layer of protection to the sign-in process and makes unauthorized access to your data extremely difficult.
Check your bank statements regularly to catch any suspicious activity. Keep an eye for any transaction that you don’t recall initiating, as this could be a sign of a malware infection.
Protect your device from online threats with McAfee
While malware attacks are common, their prevalence shouldn’t deter you from browsing the internet as usual. Adhering to the internet security best practices outlined in this article can help keep you safe from the majority of security threats that you might encounter online.
For added security, consider using an all-in-one antivirus solution like McAfee+. This is one of the most effective ways to safeguard your devices from online threats.
Let McAfee handle your security while you focus on enjoying the web.
The post What Is Internet Security? appeared first on McAfee Blog.
USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)
Duoming Zhou discovered that race conditions existed in the timer handling
implementation of the Linux kernel’s Rose X.25 protocol layer, resulting in
use-after-free vulnerabilities. A local attacker could use this to cause a
denial of service (system crash). (CVE-2022-2318)
Roger Pau Monné discovered that the Xen virtual block driver in the Linux
kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-26365)
Roger Pau Monné discovered that the Xen paravirtualization frontend in the
Linux kernel did not properly initialize memory pages to be used for shared
communication with the backend. A local attacker could use this to expose
sensitive information (guest kernel memory). (CVE-2022-33740)
It was discovered that the Xen paravirtualization frontend in the Linux
kernel incorrectly shared unrelated data when communicating with certain
backends. A local attacker could use this to cause a denial of service
(guest crash) or expose sensitive information (guest kernel memory).
(CVE-2022-33741, CVE-2022-33742)
Jan Beulich discovered that the Xen network device frontend driver in the
Linux kernel incorrectly handled socket buffers (skb) references when
communicating with certain backends. A local attacker could use this to
cause a denial of service (guest crash). (CVE-2022-33743)
Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in
the Linux kernel on ARM platforms contained a race condition in certain
situations. An attacker in a guest VM could use this to cause a denial of
service in the host OS. (CVE-2022-33744)
It was discovered that the virtio RPMSG bus driver in the Linux kernel
contained a double-free vulnerability in certain error conditions. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-34494, CVE-2022-34495)
Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)
Best Ways to Check for a Trojan on Your PC
The internet has changed our lives in more ways than we can count. These days, anything we desire — whether it’s knowledge, career opportunities, or consumer products — is seemingly just a few clicks away from us.
And while it’s safe to say the impact of the internet has been an overall net positive, it’s also worth mentioning that its widespread adoption has introduced a number of new challenges we haven’t had to tackle before. Chiefly among them is the need to safeguard our personal data from the prying eyes of uninvited strangers.
These external threats on our data come in the form of malicious software, such as Trojan horses. Trojans are a type of malware that relies on social engineering to infect the device of an unsuspecting target. They get their name from the story of Odysseus when he hid his Greek soldiers inside a wooden horse to get inside the city of Troy.
Basically, Trojans infiltrate computer systems by masquerading as legitimate programs that are unwittingly downloaded and installed by the users. Hackers often use trojans to steal sensitive data such as medical, personal, or financial information. They are one of the most common types of malicious programs and can pose a threat to computer systems if left undetected.
In this article, we go over how to detect a Trojan infection and discuss some of the most effective ways to check for a Trojan on a Windows PC.
How can you tell if you have a Trojan virus?
Like any computer virus infection, a system that’s infected with a Trojan horse can display a wide range of symptoms. Here are the main signs you should look out for.
Your computer is running slower than usual. Trojans tend to install additional malware that consumes computer processing unit (CPU) and memory resources. This can significantly slow your computer down and cause your operating system to become unstable and sluggish.
Unauthorized apps are appearing on your device. A common symptom of Trojan infection is the sudden appearance of apps you don’t recall downloading or installing. If you notice an unfamiliar app from an unverified developer in your Windows Task Manager, there’s a good chance that it is malicious software installed by a Trojan.
You experience constant operating system crashes and freezes. It’s not uncommon for Trojans to overwhelm your system and cause recurring crashes and freezes. An example of this is the Blue Screen of Death (BSoD), a Windows error screen that indicates that the system can longer operate safely due to hardware failure or the termination of an important process.
You experience an increasing number of internet redirects. In some cases, a Trojan can manipulate the browser or modify domain name system (DNS) settings to redirect the user to malicious websites. Frequent redirects are a red flag, so you should scan your computer the moment you notice an uptick in these redirect patterns.
You experience frequent pop-ups. A high number of pop-ups is another sign that your computer system might be infected with a Trojan. If you’re noticing more pop-ups than usual, there’s a strong possibility that a Trojan has installed a malicious adware program on your PC.
Applications won’t start. On top of slowing your computer down, Trojans can interfere with applications and prevent them from running. If you have trouble starting your browser or apps like word processing and spreadsheet software, a Trojan virus might be embedded in your PC.
4 best ways to check for a Trojan on your PC
Now that you’re familiar with some of the common symptoms of a Trojan infection, let’s delve into how you can check for it on your PC.
Scan your PC using McAfee
The first step you should consider is scanning your PC using an antivirus program. These anti-malware programs are an integral component of cybersecurity and should be the first thing you turn to when you’re trying to detect and remove Trojans.
There are plenty of malware scan options to choose from, with antivirus software included in McAfee® Total Protection being one of the most comprehensive and functional security software you can use.
It offers real-time protection from all types of malicious software threats, including viruses, rootkits, spyware, adware, ransomware, backdoors, and, last but not least, Trojans. McAfee virus protection comes with several valuable features, such as on-demand and scheduled scanning of files and apps, an advanced firewall for home network security, and compatibility with Windows, MacOS, Android, and iOS devices.
Search for Trojans while in computer “safe mode”
The next option you should explore is to search for Trojans in “safe mode.” This is an effective method of Trojan detection since safe mode only runs the basic programs needed for Microsoft Windows operation, making it easy to spot any unfamiliar or suspicious programs.
Here’s how you can search for Trojans in safe mode:
Type “MSCONFIG.” in the search bar from the Start menu.
Click on the “Boot” tab in the System Configuration box.
Tick “Safe Mode” and click “Apply,” then “OK.”
After the system restarts, re-open the configuration box.
Click on “Startup.”
Examine the list and see if there are any suspicious files.
Disable any you deem suspicious.
Check processes in Windows Task Manager
A simple yet effective way to detect unfamiliar applications or suspicious activity in your system is to check the processes in Windows Task Manager. This will allow you to see if there are any unauthorized malicious programs running in the background.
To check a list of all the active processes that are currently running on your PC, press Ctrl+Alt+Del and click on the “Processes” tab. Check the list of active applications and disable the process of apps without verified publishers or ones you don’t remember downloading and installing.
Scan your PC using Windows Security
Another method you can try is to scan your PC using built-in Windows virus and threat protection tools. Microsoft Defender (called Windows Defender Security Center in older versions of Windows 10) can perform virus scans and detect various types of malware.
A dedicated antivirus software like McAfee virus protection can also detect and remove malware. Our program comes with a full range of features that are specifically designed to recognize and remove all forms of threats from your system.
Perform a comprehensive scan using McAfee
Computer security shouldn’t be something you lose sleep over. As long as you’re using a complete virus protection tool like McAfee antivirus software, you can enjoy a stress-free browsing experience.
McAfee virus protection software is especially effective when it comes to scanning for Trojans and other types of malware and removing them before they can cause any damage to your computer system. With real-time, on-demand, and scheduled scanning of files and applications at your disposal, we’ll help you detect any emerging threat in a timely manner.
See how McAfee Total Protection can make your digital life that much more rewarding and check out our Personal Data Cleanup service, which regularly scans some of the riskiest data broker sites to help remove your personal information from the net and protect your identity from theft.
The post Best Ways to Check for a Trojan on Your PC appeared first on McAfee Blog.