There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.
Daily Archives: November 14, 2022
What Is Bloatware and How Can It Impact Security?
The joy of purchasing a new device is liberating. Now you can work, learn, and play faster — along with enjoying ample storage space. So, the last thing you’d expect is your apparently safe device being exposed to vulnerabilities, or “bloat.”
Exposure to unwanted software can derail its performance and hog its storage within a few months of usage. In technical terms, such pieces of software are referred to as bloatware. Bloatware has the potential to attack PCs with Microsoft systems and Android devices. It can also attack Apple iPhones and Macs although their systems tend to be built with a bit more protection.
This article defines bloatware, offers common examples, explains how to identify it, and discusses its impact on your computer’s security.
What is bloatware?
Bloatware, also called Junkware or Potentially Unwanted Programs (PUP), are third-party programs that slow down the performance of your device and lay it bare to cybersecurity risks.
Manufacturers initially introduced bloatware to provide users with more utility, but the programs led to device issues. Software programs that identify as bloatware run in the background, and locating them is not child’s play.
Bloatware finds its way into your device in two ways: it comes pre-installed or through programs downloaded from the internet. Lenovo‘s Superfish bloatware scandal from 2015 explains how bloatware can harm your devices.
What are examples of bloatware?
Common examples of bloatware apps include:
Weather checking apps
Finance/money apps
Gaming/sports apps
Map or navigation apps
Fitness/health apps
Messaging or video apps
Music (listening and recording) apps
Toolbars and junk-browser extensions
System update apps
Fake cleaner apps
Productivity assistants
As a piece of good advice, it is best to uninstall such apps when of no use — whether on your Android smartphone, Windows computer, or an iOS device.
Signs a program may be bloatware
Performance degradation is a common symptom of a device carrying bloatware. Extended boot-up times, clogged storage, and startup delays are common occurrences. Let’s review some programs that may also be bloatware:
Utilities. This type of bloatware typically shows up as pre-installed software on new devices. Manufacturers and third-party developers create these software programs that offer added functionality to the end-user. Examples include weather tracking apps, music apps, and productivity apps.
Trialware. This is a frequent form of bloatware that comes with new devices for free and works for a set trial period until a license is purchased. In a few cases, trialware is harmless and can be removed easily.
Adware. This is a famous type of software that showcases or downloads advertising material like banners or pop-ups.
Here’s how to identify bloatware:
Anonymous apps installed on your device. Don’t recall installing a specific app on your device? It could be bloatware. Promptly delete apps that are unnecessary.
Bothersome upsells while using an app. Often, the purpose of bloatware is to generate money. It might deploy invasive marketing and sales techniques that can disturb your browsing experience.
Annoying pop-up ads in your browser. If you experience too many pop-up ads redirecting you to unsafe and suspicious websites, that points toward adware. Adware comes from the web and can modify your homepage or tab settings and change the browser setup.
How can bloatware impact your computer’s security?
As mentioned, not all bloatware is a threat to your device. Some may be useful and can be removed easily. But a major chunk of bloatware is known to slow down your computer.
Bloatware eats up a good chunk of the disk space or hard drive as it runs in the background, and it drains the battery life. Bloatware that isn’t removed quickly may clog your device with annoying ads. These ads can pose a security threat or even corrupt your operating system.
Can you remove bloatware?
Sadly, it can be a challenge to uninstall bloatware because it finds its way back into the device — sometimes even after it has been deleted. In some cases, it may even redirect you to fake bloatware removal websites and offer malicious removal tools. Such websites ask you to install a new program to remove the previous one, trapping your device further. Unfortunately, there are no secret hacks to stop it from finding a way into your system.
Pro tip: Anytime you download a program or software, be sure it’s from an official source (like a secured website, the Google Play Store, or the Apple App Store). Installing a program from a suspicious website can put your device at risk, as the program can download bundles of other programs on the back end without your knowledge.
Windows 10 comes with a special refresh tool to remove any bloatware disguised as user-installed programs. This tool can bring your PC back to a clean slate. It’s important to check your hard drive beforehand, as it can also remove licenses.
Protect your computer from dangerous security threats with McAfee
Bloatware can be both harmful and annoying. New devices need full-fledged protection so they can last longer. The answer to your bloatware woes is an antivirus program. It safeguards your computer from dangerous security threats and prevents accidental downloads, so malicious bloatware or malware can’t access your device.
Bloatware can compromise your online safety and security. McAfee+’s protection package is the ideal investment for your new device, so you can work without any hassles or doubts.
McAfee+ enables a top-tier level of online security with full protection from pesky software programs like bloatware. Additionally, you get access to antivirus software for unlimited devices, lost wallet protection, a secure VPN, personal data clean-ups, and more. Sign up for McAfee + and rest easy while your devices remain bloatware-free.
The post What Is Bloatware and How Can It Impact Security? appeared first on McAfee Blog.
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I’m speaking at the 24th International Information Security Conference in Madrid, Spain, on November 17, 2022.
The list is maintained on this page.
NSA Guide Helps Firms Protect Against Memory Safety Vulnerabilities
The document describes situations where cyber actors steal sensitive information and other negative impacts
CVE-2021-40272
OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).
Australia Considers Ban on Ransomware Payments After Medibank Breach
Home affairs minister Clare O’Neil made the announcement on ABC television on Sunday
New York-barred attorneys required to complete cybersecurity, privacy, and data protection training
New York-barred attorneys will be required to complete one continuing legal education (CLE) credit hour of cybersecurity, privacy, and data protection training as part of their biennial learning requirement beginning July 1, 2023. New York is the first jurisdiction to stipulate this specific requirement as the state aims to emphasize the technical competence duty of lawyers to meet professional, ethical and contractual obligations to safeguard client information.
Lawyers have ethical obligations and professional responsibilities around cybersecurity
A New York Courts document outlined a new category of CLE credit – Cybersecurity, Privacy and Data Protection – that has been added to the CLE Program Rules. This category is defined in the CLE Program Rules 22 NYCRR 1500.2(h) and clarified in the Cybersecurity, Privacy, and Data Protection FAQs and Guidance document. “Providers may issue credit in cybersecurity, privacy, and data protection to attorneys who complete courses in this new category on or after January 1, 2023,” it stated. It also noted changes to both Experienced and Newly Admitted Attorney Biennial CLE requirements to include one credit hour of training in cybersecurity, privacy and data protection.
xterm-375-1.fc35
FEDORA-2022-8cf76a9ceb
Packages in this update:
xterm-375-1.fc35
Update description:
Rebase to version 375
xterm-375-1.fc36
FEDORA-2022-681bbe67b6
Packages in this update:
xterm-375-1.fc36
Update description:
Rebase to version 375
xterm-375-1.fc37
FEDORA-2022-af5f1eee2c
Packages in this update:
xterm-375-1.fc37
Update description:
Rebase to version 375