USN-5709-2: Firefox vulnerabilities

Read Time:32 Second

USN-5709-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-42927,
CVE-2022-42928, CVE-2022-42929, CVE-2022-42930, CVE-2022-42932)

It was discovered that Firefox saved usernames to a plaintext file. A
local user could potentially exploit this to obtain sensitive information.
(CVE-2022-42931)

Read More

What Is Smishing and Vishing, and How Do You Protect Yourself?

Read Time:5 Minute, 55 Second

Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis. 

Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself. 

This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data. 

What is smishing?

Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing? 

Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages. 

Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware. 

Examples of a smishing text message

Here are some examples of smishing text messages hackers use to steal your personal details: 

“We have detected unusual activity on your account. Please call this number to speak to a customer service representative.” 
“You have won a free gift card! Click here to claim your prize.” 
“Hi! We noticed that you’re a recent customer of ours. To finish setting up your account, please click this link and enter your personal information.” 
“Urgent! Your bank account has been compromised. Please click this link to reset your password and prevent any further fraud.” 
“Hey, it’s [person you know]! I’m in a bit of a bind and could really use your help. I sent you a link to my PayPal, could you send me some money?” 

How dangerous can smishing be?

If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services 

For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account. 

How can you protect yourself from smishing?

Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself. 

Recognize the signs of a smishing text

One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips: 

Be suspicious of any text messages that ask for personal information or include a link. 
Look closely at the sender’s name and number. Fraudulent messages often come from spoofed numbers that may look similar to a legitimate number but with one or two digits off. 
Look for errors in spelling or grammar. This can be another sign that the message is not legitimate. 
Beware of any text messages that create a sense of urgency or are threatening in nature. Scammers often use these tactics to get you to act quickly without thinking. 
If you’re not expecting a message from the sender, be extra cautious. 
If you’re unsure whether a text message is legitimate, call the company or organization directly to verify. 

Filter unknown text messages

While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links. 

To set up spam filters on your iPhone: 

Go to the Settings App 
Go to Messages 
Find the Filter Unknown Senders option and turn it on 

To set up spam filters on your Android mobile device: 

Go to the Messaging App 
Choose Settings 
Tap Spam Protection and turn on Enable Spam Protection 

Use McAfee Mobile Security 

McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones. 

One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches. 

Other benefits include: 

Antivirus 
Secure VPN for privacy online 
Identity monitoring for up to 10 emails 
Guard your identity against risky Wi-Fi connections 
Safe browsing 
System Scan for the latest updates 

Keep your device and information secure with McAfee Mobile Security

These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important. 

McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data 

Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure. 

So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected. 

The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.

Read More

The pros and cons of the digital transformation in banking

Read Time:6 Minute, 1 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Digital transformation in banking began following the creation of the internet in the 1990s as a way for banks to deliver services to their customers more conveniently. Today, it has completely changed how most people interact with their banks. From opening a new account to making transactions and applying for loans, you can access all banking services directly from your computer or smartphone.

According to an FDIC survey on banking behavior, over 80% of account holders engage in some form of digital banking. The popularity of digital banking stems from the convenience and level of personalization that it offers. But is digital banking good for you, or do the risks, such as cybersecurity issues, outweigh the benefits? 

Below, let’s explore some of the pros and cons of digital transformation in banking.

Pros of digital transformation in banking

Digital banking offers several advantages to the modern banking customer. Here are a few:

24/7 Access to your bank

One of the most significant benefits of digital banking is that it gives you round-the-clock access to your account. You don’t have to wait for working hours to deposit your funds, get an account statement, change your account details, or transact funds. You can do it at any time from wherever you are. 

Additionally, you don’t have to waste time in long queues in the banking hall. Digital banking is like having your personal bank right in your pocket.

Better rates, lower fees

Banks typically charge account maintenance and transaction fees to cover expenses like employees, bank premises, etc. Since digital banking allows customers to serve themselves directly over the internet, there’s less demand for bank employees and multiple brick-and-mortar branches. Therefore, banks embracing digital transformation have lower overheads and can offer their customers lower fees and higher interest rates. These benefits are especially pronounced for purely digital banks without physical premises.

Better customer experience

A 2021 survey by Deloitte Insights found that digital-first banks routinely outperform traditional banks in multiple areas that matter most to customers, including simplicity of transactions, transaction speed, and the overall quality of the banking experience.

Digital banks provide a smoother experience compared to traditional banks. For instance, transacting on a digital bank takes just a few minutes on your smartphone or laptop. In contrast, simply making a transaction in a traditional bank could take close to an hour as you must get to the physical bank, wait in line, fill out transaction forms, and speak to a teller.

In addition, digital banks offer features like budgeting tools that make it easier to manage your money. They also update you on every aspect of your account with text and email alerts, such as when you make transactions, when you don’t have enough money for an upcoming bill, and so on. This makes the digital banking experience much better than what you get with a traditional bank.

Automated payments

With digital banks, it’s amazingly easy to automate your payments. You can set up payments that you want to make from your account every month, so you don’t have to worry about fees and penalties for late or delayed payments. Plus, if you use a net-30 account to pay for goods or services and manage your cash flow, you can automate these payments too. 

You can also set up automated savings where the bank automatically deducts a specific amount from your account every month and deposits it in your savings account. This level of automation gives you a hands-free solution for managing your money instead of manually making all these transactions every month.

Drawbacks of digital transformation in banking

Despite offering convenience and better banking experiences, digital transformation in banking has flaws too. Some of these include:

Security concerns

The convenience of digital banking also comes with security risks. The online capabilities that allow you to access your account and transact remotely introduce loopholes that people with malicious intents can exploit to steal your money.

Today, there are lots of cybersecurity challenges facing digital banking. For instance, hackers may break into the online banking platform and steal sensitive customer data. Other risks include malware and ransomware attacks, spoofing, credential harvesting, identity theft, fraud, etc. While banks have put many measures into place to avoid such situations, the risk is always there.

Digital banks also place some responsibility for the safety of your money on you. When you put your money in a traditional bank, the bank is solely responsible for keeping your money safe. With a digital bank, you’re involved in protecting your money. You have to use strong passwords and multi-factor authentication for your online banking accounts and avoid logging into your account on public Wi-Fi networks. 

You must also avoid clicking on dubious links, be aware of phishing attacks, and protect yourself from many other client-side security threats. If you’re not security conscious, there’s always the risk of losing your money.

Possible technical issues

The electronic systems on which digital banks run are not always reliable. For example, the servers of your digital bank could experience an outage and lock you out of your account. Similarly, your bank’s website could have a technical issue that could prevent you from accessing your account. Even a problem with your internet connection can leave you unable to access your funds.

While the possibility of such scenarios is quite low, such technical problems can easily leave you stranded, especially when you need to access your money urgently.

It’s easy to spend your money

The convenience of having fast and constant access to your money is a benefit, but sometimes, it can be a disadvantage. If your digital bank is linked to your online shopping accounts, you could easily find yourself spending your money on things you hadn’t budgeted for. 

Additionally, making such payments is so effortless that you can easily forget how much money you’re spending. With a traditional bank, you’d have to visit a physical branch to access your money, which is enough to deter you from most impulse purchases.

However, digital banks also make it easier to track where you’re spending your money. Linking your digital bank account with your budgeting tool can help you prevent spending your money on unplanned expenses.

Wrapping up

The digital transformation in banking has completely revolutionized how people interact with their money and banks. It offers many benefits: convenience, round-the-clock access to your money, payment automation, lower fees, higher interest rates, and a better banking experience.

Still, it’s important to be aware of its drawbacks, such as security concerns, the possibility of technical issues locking you out of your account, and the likelihood of spending your money on things you’ve not budgeted for.

Most people will find that the pros outweigh the cons, but if you decide to adopt digital banking, don’t forget to take the appropriate steps to keep your money safe. 

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read Time:41 Second

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

macOS Ventura is the 19th and current major release of macOS
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple Vulnerabilities in Citrix ADC and Gateway Could Allow for Authentication Bypass

Read Time:25 Second

Multiple vulnerabilities have been discovered in Citrix ADC and Gateway, the most severe of which could allow for Authentication Bypass. Citrix ADC and Gateway is an Application Delivery Controller and a gateway service to products respectively. Successful exploitation of the most severe of these vulnerabilities could result in Authentication Bypass. A malicious actor may be able to obtain administrative access. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

PCI DSS 4.0 is coming: how to prepare for the looming changes to credit card payment rules

Read Time:38 Second

For enterprises that handle credit card data, which means just about every consumer-facing company, payment processing is a mission-critical system that requires the highest levels of security.

The volume of transactions conducted with general purpose credit cards (American Express, Discover, Mastercard, Visa, UnionPay in China, and JCB in Japan) totaled $581 billion in 2021, up 24.5% year-over-year, according to the Nilson Report.

However, credit card issuers, merchants, banks, and third-party transaction processors lost $28.58 billion to credit card fraud in 2020, which comes to nearly 7 cents per $100 in purchase volume. And the Nilson Report projects credit card losses will exceed $400 billion over the next 10 years.

To read this article in full, please click here

Read More