CVE-2022-0324

Read Time:19 Second

There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.

Read More

What Is Bloatware and How Can It Impact Security?

Read Time:4 Minute, 54 Second

The joy of purchasing a new device is liberating. Now you can work, learn, and play faster — along with enjoying ample storage space. So, the last thing you’d expect is your apparently safe device being exposed to vulnerabilities, or “bloat.”  

Exposure to unwanted software can derail its performance and hog its storage within a few months of usage. In technical terms, such pieces of software are referred to as bloatware. Bloatware has the potential to attack PCs with Microsoft systems and Android devices. It can also attack Apple iPhones and Macs although their systems tend to be built with a bit more protection.  

This article defines bloatware, offers common examples, explains how to identify it, and discusses its impact on your computer’s security.  

What is bloatware?

Bloatware, also called Junkware or Potentially Unwanted Programs (PUP), are third-party programs that slow down the performance of your device and lay it bare to cybersecurity risks.  

Manufacturers initially introduced bloatware to provide users with more utility, but the programs led to device issues. Software programs that identify as bloatware run in the background, and locating them is not child’s play.  

Bloatware finds its way into your device in two ways: it comes pre-installed or through programs downloaded from the internet. Lenovo‘s Superfish bloatware scandal from 2015 explains how bloatware can harm your devices.  

What are examples of bloatware?

Common examples of bloatware apps include:  

Weather checking apps 
Finance/money apps 
Gaming/sports apps 
Map or navigation apps 
Fitness/health apps 
Messaging or video apps 
Music (listening and recording) apps 
Toolbars and junk-browser extensions 
System update apps 
Fake cleaner apps 
Productivity assistants 

As a piece of good advice, it is best to uninstall such apps when of no use — whether on your Android smartphone, Windows computer, or an iOS device. 

Signs a program may be bloatware

Performance degradation is a common symptom of a device carrying bloatware. Extended boot-up times, clogged storage, and startup delays are common occurrences. Let’s review some programs that may also be bloatware: 

Utilities. This type of bloatware typically shows up as pre-installed software on new devices. Manufacturers and third-party developers create these software programs that offer added functionality to the end-user. Examples include weather tracking apps, music apps, and productivity apps. 
Trialware. This is a frequent form of bloatware that comes with new devices for free and works for a set trial period until a license is purchased. In a few cases, trialware is harmless and can be removed easily.  
Adware. This is a famous type of software that showcases or downloads advertising material like banners or pop-ups 

Here’s how to identify bloatware: 

Anonymous apps installed on your device. Don’t recall installing a specific app on your device? It could be bloatware. Promptly delete apps that are unnecessary.  
Bothersome upsells while using an app. Often, the purpose of bloatware is to generate money. It might deploy invasive marketing and sales techniques that can disturb your browsing experience.  
Annoying pop-up ads in your browser. If you experience too many pop-up ads redirecting you to unsafe and suspicious websites, that points toward adware. Adware comes from the web and can modify your homepage or tab settings and change the browser setup. 

How can bloatware impact your computer’s security?

As mentioned, not all bloatware is a threat to your device. Some may be useful and can be removed easily. But a major chunk of bloatware is known to slow down your computer.  

Bloatware eats up a good chunk of the disk space or hard drive as it runs in the background, and it drains the battery life. Bloatware that isn’t removed quickly may clog your device with annoying ads. These ads can pose a security threat or even corrupt your operating system 

Can you remove bloatware?

Sadly, it can be a challenge to uninstall bloatware because it finds its way back into the device — sometimes even after it has been deleted. In some cases, it may even redirect you to fake bloatware removal websites and offer malicious removal tools. Such websites ask you to install a new program to remove the previous one, trapping your device further. Unfortunately, there are no secret hacks to stop it from finding a way into your system. 

Pro tip: Anytime you download a program or software, be sure it’s from an official source (like a secured website, the Google Play Store, or the Apple App Store). Installing a program from a suspicious website can put your device at risk, as the program can download bundles of other programs on the back end without your knowledge.  

Windows 10 comes with a special refresh tool to remove any bloatware disguised as user-installed programs. This tool can bring your PC back to a clean slate. It’s important to check your hard drive beforehand, as it can also remove licenses.  

Protect your computer from dangerous security threats with McAfee

Bloatware can be both harmful and annoying. New devices need full-fledged protection so they can last longer. The answer to your bloatware woes is an antivirus program. It safeguards your computer from dangerous security threats and prevents accidental downloads, so malicious bloatware or malware can’t access your device.  

Bloatware can compromise your online safety and security. McAfee+’s protection package is the ideal investment for your new device, so you can work without any hassles or doubts.  

McAfee+ enables a top-tier level of online security with full protection from pesky software programs like bloatware. Additionally, you get access to antivirus software for unlimited devices, lost wallet protection, a secure VPN, personal data clean-ups, and more. Sign up for McAfee + and rest easy while your devices remain bloatware-free 

The post What Is Bloatware and How Can It Impact Security? appeared first on McAfee Blog.

Read More

New York-barred attorneys required to complete cybersecurity, privacy, and data protection training

Read Time:58 Second

New York-barred attorneys will be required to complete one continuing legal education (CLE) credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023. New York is the first jurisdiction to stipulate this specific requirement as the state aims to emphasize the technical competence duty of lawyers to meet professional, ethical and contractual obligations to safeguard client information.

Lawyers have ethical obligations and professional responsibilities around cybersecurity

A New York Courts document outlined a new category of CLE credit – Cybersecurity, Privacy and Data Protection – that has been added to the CLE Program Rules. This category is defined in the CLE Program Rules 22 NYCRR 1500.2(h) and clarified in the Cybersecurity, Privacy, and Data Protection FAQs and Guidance document. “Providers may issue credit in cybersecurity, privacy, and data protection to attorneys who complete courses in this new category on or after January 1, 2023,” it stated. It also noted changes to both Experienced and Newly Admitted Attorney Biennial CLE requirements to include one credit hour of training in cybersecurity, privacy and data protection.

To read this article in full, please click here

Read More