woff-0.20091126-35.fc37
Fix a possible double free in woffEncode().
Update License to SPDX
improved summary and description
Add hand-written man pages
Install HTML format description as documentation
A hacker has allegedly demanded Rs 200 crore in cryptocurrency from the All India Institute of Medical Science (AIIMS) after it was hit by a ransomware attack on November 23, according to a report by Press Trust of India (PTI).
The Delhi police, however, have denied the report. In a Tweet on Monday night, the law enforcement agency wrote, “Some sections of the press are reporting that ransom has been demanded against restoration of @aiims_newdelhi server. No such information brought to notice by AIIMS authorities.”
By: Mike Spanbauer, Field CTO, Security at Juniper Networks
The future of network security has a new shiny architecture to meet organizational needs with Secure Access Service Edge (SASE). Still, most network administrators are either not ready or able to decommission their existing on-premisessecurity solutions. Organizations are much more likely to need to support hybrid environments that require the support of on-premises capabilities and service-based offerings for the foreseeable future.
First, SASE is not a product but an architecture. You cannot just buy one off the shelf and plug it in. The fact is that most network decision-makers need to determine how to best leverage SASE to support the business. It is critical to engage with the ops team, as they are the most crucial stakeholder in this process, to ensure the network experience continuity is preserved. After all, this team must deploy and maintain both existing and new technologies to deliver business continuity to users and customers alike.
It was discovered that Sysstat incorrectly handled certain arithmetic
multiplications. An attacker could use this issue to cause Sysstat to
crash, resulting in a denial of service, or possibly execute arbitrary
code.
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
With many employees, often moving inside and out of the premises
With multiple entrance points into a building
That receive deliveries of food, packages, documents, and other things regularly
That have many subcontractors working for them
Where employees aren’t thoroughly trained in physical and cybersecurity protocols
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Someone walking behind you into a secure area, depending on your common courtesy to keep the door open for them
A courier or delivery driver who aren’t what they seem
Someone with their hands full of items to trick you into opening the door for them
A person who claims they’ve lost their work ID or forgotten it at home, so that you grant them admittance
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee+, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
Voice recognition
Iris recognition
Fingerprint scans
Facial recognition
Heart-rate sensors
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee+
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
A cyber threat actor (CTA) on “Breach Forums” who’s employing the username “Mud” is actively leaking K-12 entities’ student/faculty directories.
Diplomatic code cracked after 500 years:
In painstaking work backed by computers, Pierrot found “distinct families” of about 120 symbols used by Charles V. “Whole words are encrypted with a single symbol” and the emperor replaced vowels coming after consonants with marks, she said, an inspiration probably coming from Arabic.
In another obstacle, he used meaningless symbols to mislead any adversary trying to decipher the message.
The breakthrough came in June when Pierrot managed to make out a phrase in the letter, and the team then cracked the code with the help of Camille Desenclos, a historian. “It was painstaking and long work but there was really a breakthrough that happened in one day, where all of a sudden we had the right hypothesis,” she said.
It was discovered that Bind incorrectly handled large query name when using
lightweight resolver protocol. A remote attacker could use this issue to
consume resources, leading to a denial of service. (CVE-2016-2775)
It was discovered that Bind incorrectly handled large zone data size
received via AXFR response. A remote authenticated attacker could use this
issue to consume resources, leading to a denial of service. This issue only
affected Ubuntu 16.04 LTS. (CVE-2016-6170)
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
As more connected vehicles hit the road, cyberattacks are increasing. Deloitte estimates that there will be over 470 million connected cars in use by 2025 if their popularity continues to grow at the current rate. And because each connected car produces about 25 GB of data every hour, they are a tempting challenge for cybercriminals and bad actors with malicious intent.
Connected vehicles come with enhanced features that give drivers more to love about their favorite car brands, but cybersecurity in automobiles has a long way to go. If you drive a connected car or are considering buying one, you need to know how to protect your new car against a potential cyberattack.
In this article, we’ll talk about how hackers can infiltrate your vehicle and what you can do to protect yourself and your car from a serious attack.
Cars today are built using hundreds of sensors connected to computers that help monitor how your car operates, add internet capabilities, and enable connected apps. While these technologies are helpful and convenient for drivers, they can also lead to data theft and even threaten your safety while driving. For example, remote manipulation, identity theft, and vehicle theft are all ways that bad actors can exploit the security vulnerabilities of your connected car.
The push toward electric vehicles also poses a unique threat to connected car owners. A recent survey revealed that 79% of two-car households are considering an electric car for their next purchase, but ethical hacking exercises have shown that electric vehicles can easily be drained by remote hackers. This can potentially put drivers in a dangerous situation if they are stranded without a means of charging their vehicle.
There are many ways that bad actors can hack into your car. They can manipulate the signal from a key fob to unlock your doors, change the code in the apps to create a backdoor to steal your data, learn about your driving habits, control your vehicle’s security response systems, and much more. Cars today are essentially human-assisted computers, which means they can be hacked just as easily as any other IoT device.
Connected vehicles provide users convenience and peace of mind while traveling across the country or making their daily commute. But they also pose a significant threat when bad actors execute attacks for data theft, taking over vehicle controls, and even tracking your location. If you’re going to take advantage of connected vehicle features, you need to know how to protect yourself from becoming the victim of an automotive cyberattack.
Here are five tips to protect your connected vehicle from an attack:
Dongles are small devices that plug into the diagnostic port and allow companies to monitor your driving habits for various reasons. It can be used to monitor vehicle performance, improve gas mileage, and set more accurate insurance rates based on driving activity.
Many people choose to use dongles to save money and ensure their car is running at top performance, but these devices can be an easy entry point for hackers. If you want to use a dongle in your connected vehicle, it’s best to take it out when you’re not driving so that hackers can’t take advantage of this attack vector while you’re unaware.
Key fobs are now standard over traditional keys to unlock vehicle doors. Many cars come with security features that won’t allow doors to be opened unless the fob is near the vehicle or require proximity for the vehicle to start. But hackers can intercept the key fob signal to trick the car into thinking the fob is closer than it really is by amplifying its signal. To protect from this type of attack, store your key fob in a metal drawer or refrigerator to reduce the keys’ signal when you’re not planning to drive.
Wireless systems are also pretty standard in newer vehicles for things like in-car Wi-Fi, satellite radio, telematics, and Bluetooth. These wireless services allow users to have connected experiences while driving to make their trips safer and hands-free, but they are also perfect entry points for hackers to take advantage of.
If you’re unsure what features your vehicle has, look at the owner’s manual and see if there are any features you don’t use that can be disabled. This will help reduce the attack surface and limit the ways that hackers can interfere with your vehicle.
Many connected cars come with options to download additional apps, and those that don’t can still be jailbroken so that users can install aftermarket software and systems. While a fully custom vehicle is a nice thought, installing unauthorized software and systems can seriously threaten your physical and digital safety.
Be sure to only download official software from trusted brands using a secure network, and learn the potential vulnerabilities of jailbreaking and installing new systems to your vehicle.
If you think your car has been hacked, it’s time to get it to the service department so that the professionals can determine whether it was breached or is suffering another malfunction.
There is no way to say for sure that your connected vehicle has been hacked without a comprehensive checkup from your car’s servicer. If your systems start to act funny or you notice your car behaving unusually, it’s crucial to get your car checked out, even if it is just a bug or configuration issue.
Connected cars make our daily drives safer, easier, and more convenient, but they can also pose a serious threat to our digital and physical safety. If you plan to buy a connected vehicle or you already drive one, it’s important to know the cyber risks so that you can proactively prevent an in-car attack.
In addition to these five tips for protecting your connected vehicle from hackers, it’s recommended that you update your vehicle’s software and patch security bugs when new releases become available. Usually, this is something that the dealership or car company will do themselves, but if you attempt to do it on your own, ensure that all vulnerabilities are safe and secure.
Pay attention to the news about this emerging technology, and stay informed about how to keep your connected vehicle secure while you’re on and off the road.
