Microsoft said the worm had alternate infection methods beyond its original USB drive spread
Yearly Archives: 2022
5 Ways to Protect Your Online Privacy
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.
That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.
According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.
Three online threats to watch out for
Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.
1. Adware
Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.
Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.
Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.
2. Malvertising
Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.
3. Autofill
Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.
Tips for rethinking your online habits
Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.
1. Clear your cookies on your browser
Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.
2. Use a reliable password manager
Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.
Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager, provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.
3. Adjust browser privacy settings
In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.
Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.
4. Use an ad blocker
Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.
5. Leverage a reputable security solution
Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name.
Take action to ensure safe browsing
Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.
The post 5 Ways to Protect Your Online Privacy appeared first on McAfee Blog.
Critical Vulnerability in Open SSL
There are no details yet, but it’s really important that you patch Open SSL 3.x when the new version comes out on Tuesday.
How bad is “Critical”? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable.
It’s likely to be abused to disclose server memory contents, and potentially reveal user details, and could be easily exploited remotely to compromise server private keys or execute code execute remotely. In other words, pretty much everything you don’t want happening on your production systems.
Slashdot thread.
Cloud and Hybrid Working Security Concerns Surge
Twilio Reveals Further Security Breach
Santander: Radical Action Needed to Tackle APP Fraud
ghc-cmark-gfm-0.2.5-1.fc36
FEDORA-2022-6bcee2cc93
Packages in this update:
ghc-cmark-gfm-0.2.5-1.fc36
Update description:
updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209
ghc-cmark-gfm-0.2.5-1.fc35
FEDORA-2022-f1aed93db8
Packages in this update:
ghc-cmark-gfm-0.2.5-1.fc35
Update description:
updates the C library to 0.29.0.gfm.6 which fixes CVE-2022-39209
java-latest-openjdk-19.0.1.0.10-2.rolling.fc36
FEDORA-2022-e8698f2e5e
Packages in this update:
java-latest-openjdk-19.0.1.0.10-2.rolling.fc36
Update description:
New in release OpenJDK 19.0.1 (2022-10-18)
CVEs Fixed
CVE-2022-21618
CVE-2022-21619
CVE-2022-21624
CVE-2022-21628
CVE-2022-39399
Security Fixes
JDK-8282252: Improve BigInteger/Decimal validation
JDK-8285662: Better permission resolution
JDK-8286077: Wider MultiByte conversions
JDK-8286511: Improve macro allocation
JDK-8286519: Better memory handling
JDK-8286526: Improve NTLM support
JDK-8286910: Improve JNDI lookups
JDK-8286918: Better HttpServer service
JDK-8287446: Enhance icon presentations
JDK-8288508: Enhance ECDSA usage
JDK-8289366: Improve HTTP/2 client usage
JDK-8289853: Update HarfBuzz to 4.4.1
JDK-8290334: Update FreeType to 2.12.1
Major Changes
JDK-8292654: G1 Remembered set memory footprint regression after JDK-8286115
JDK-8286115 changed ergonomic sizing of a component of the remembered sets in G1. This change causes increased native memory usage of the Hotspot VM for applications that create large remembered sets with the G1 collector.
In an internal benchmark total GC component native memory usage rose by almost 10% (from 1.2GB to 1.3GB).
This issue can be worked around by passing double the value of G1RemSetArrayOfCardsEntries as printed by running the application with -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions to your application.
E.g. pass -XX:+UnlockExperimentalVMOptions -XX:G1RemSetArrayOfCardsEntries=128 if a previous run showed a value of 64 for G1RemSetArrayOfCardsEntries in the output of -XX:+PrintFlagsFinal.
JDK-8292579: Update Timezone Data to 2022c
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b
java-latest-openjdk-19.0.1.0.10-2.rolling.fc37
FEDORA-2022-d0ed59bee7
Packages in this update:
java-latest-openjdk-19.0.1.0.10-2.rolling.fc37
Update description:
New in release OpenJDK 19.0.1 (2022-10-18)
Full release notes
This update depends on FEDORA-2022-d0fc6f0dd4
CVEs Fixed
CVE-2022-21618
CVE-2022-21619
CVE-2022-21624
CVE-2022-21628
CVE-2022-39399
Security Fixes
JDK-8282252: Improve BigInteger/Decimal validation
JDK-8285662: Better permission resolution
JDK-8286077: Wider MultiByte conversions
JDK-8286511: Improve macro allocation
JDK-8286519: Better memory handling
JDK-8286526: Improve NTLM support
JDK-8286910: Improve JNDI lookups
JDK-8286918: Better HttpServer service
JDK-8287446: Enhance icon presentations
JDK-8288508: Enhance ECDSA usage
JDK-8289366: Improve HTTP/2 client usage
JDK-8289853: Update HarfBuzz to 4.4.1
JDK-8290334: Update FreeType to 2.12.1
Major Changes
JDK-8292654: G1 Remembered set memory footprint regression after JDK-8286115
JDK-8286115 changed ergonomic sizing of a component of the remembered sets in G1. This change causes increased native memory usage of the Hotspot VM for applications that create large remembered sets with the G1 collector.
In an internal benchmark total GC component native memory usage rose by almost 10% (from 1.2GB to 1.3GB).
This issue can be worked around by passing double the value of G1RemSetArrayOfCardsEntries as printed by running the application with -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions to your application.
E.g. pass -XX:+UnlockExperimentalVMOptions -XX:G1RemSetArrayOfCardsEntries=128 if a previous run showed a value of 64 for G1RemSetArrayOfCardsEntries in the output of -XX:+PrintFlagsFinal.
JDK-8292579: Update Timezone Data to 2022c
This version includes changes from 2022b that merged multiple regions that have the same timestamp data post-1970 into a single time zone database. All time zone IDs remain the same but the merged time zones will point to a shared zone database.
As a result, pre-1970 data may not be compatible with earlier JDK versions. The affected zones are Antarctica/Vostok, Asia/Brunei, Asia/Kuala_Lumpur, Atlantic/Reykjavik, Europe/Amsterdam, Europe/Copenhagen, Europe/Luxembourg, Europe/Monaco, Europe/Oslo, Europe/Stockholm, Indian/Christmas, Indian/Cocos, Indian/Kerguelen, Indian/Mahe, Indian/Reunion, Pacific/Chuuk, Pacific/Funafuti, Pacific/Majuro, Pacific/Pohnpei, Pacific/Wake, Pacific/Wallis, Arctic/Longyearbyen, Atlantic/Jan_Mayen, Iceland, Pacific/Ponape, Pacific/Truk, and Pacific/Yap.
For more details, refer to the announcement of 2022b