It was discovered that XML Security Library incorrectly handled certain
input documents. An attacker could possibly use this issue to obtain
sensitive information or cause a denial of service.
Yearly Archives: 2022
Digital Estate Planning – What to Do With Your Digital Assets
While we’re enjoying the fruits of digital life—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there will come a time we should ask ourselves, What happens to all of this good stuff when I die?
Like anything else we own, those things can be passed along through our estates too.
With the explosion of digital media, commerce, and even digital currency too, there’s a very good chance you have thousands of dollars of digital assets in your possession. For example, we can look at research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past ten years, that figure feels conservative.
Enter the notion of a digital legacy, the way you can catalog and prepare your digital assets for passing through your estate.
Getting started with estate planning for your digital assets
Like so many aspects of digital life nowadays, estate planning law has started to catch up to the realities that attorneys, executors, and heirs face when dealing with an estate and its digital assets. In the U.S., new laws are rolling out that address how digital assets are treated when the owner passes away. For example, they give fiduciaries (like an estate executor, trustee, or an agent under a power of attorney) the right to manage a person’s digital assets if they already have the right to manage a person’s tangible assets. Such laws continue to evolve, and they can vary from state to state here in the U.S.
With that in mind, nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your estate attorney for counsel on the best approach for you and the laws in your area. However, consider this article as a sort of checklist that can help you with your estate planning.
My hope is that this article will open your eyes to the digital value you have to pass along, both real and sentimental, and help you prepare your estate accordingly for the ones you care about.
What are digital assets in a will?
The best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer with the right to use it.
To frame it up in everyday terms, let’s look at some real-world examples of digital assets that quickly come to mind. They include but are not limited to:
Photo libraries
eBook libraries
Digital movies
Digital music
Digital currency, such as bitcoin
Air miles
Hotel points
However, digital assets can readily expand to further include:
Subscriptions to streaming services and online publications
Online game accounts—and in-game items associated with them
Currency stored in online payment platforms
Online storefronts, such as eBay, Etsy, or business websites
Website domain names, whether in use or held speculatively for later resale
Documents kept in cloud storage, like financial documents and ancestry research
And as far as your estate is concerned, you can also consider:
Online banking and financial accounts
Email accounts
Chatrooms and message boards for your interests and hobbies
Medical and insurance accounts
Blogs
Utility accounts
And any other similar accounts that may help your executor manage your estate
That’s quite the list, and it’s not entirely comprehensive, either.
Start with an inventory of your digital assets
The process of lining up your digital assets begins just like any other aspect of estate planning, by listing all the digital assets and accounts you own. From there, you can see what you have and what you’d like to distribute—and what you can distribute. In fact, when it comes to digital, there are some things you simply can’t pass along. Let’s take a closer look.
What digital assets can you pass along through your will?
Generally speaking, digital assets that you own can be passed along. “Own” is the operative word here. Many digital things we have are in fact licensed to us, which are not transferrable. More on that next, yet examples of things you can likely transfer include:
Funds kept in an online payment account like PayPal or Venmo.
Funds due to you via an online store you maintain.
Cryptocurrency, like bitcoin.
Digital music that you’ve purchased and own.
Check with your legal counsel to ensure you’re following the letter of the law in your region, and also look into any licensing agreements you may have for items like internet domain names and airline miles that you may hold to determine if they are in fact transferrable.
What digital assets are non-transferrable through your will?
This is an important topic. As mentioned above, some accounts you hold are simply licensed to you and you alone. Thus, they will not transfer. Two of the biggest examples are social media and email accounts. This can have serious repercussions if you do not leave specific instructions as to how those accounts should be handled after your passing.
For example, do you want your social media profiles to remain online as a memorial or do you want them simply to shut down? Note that different social media platforms have different policies for handling the accounts of users who have passed away. For example, Facebook allows for creating memorialized accounts that allow friends and families to continue sharing memories. Policies vary, so check with your social media platforms of choice for specifics.
Likewise, will your executor need access to your email account to handle affairs of the estate? And what about access to online accounts for paying bills and then ultimately closing those accounts? In all, these are points of discussion to have with an experienced estate attorney who knows the law in your region.
Other things to be aware of are that subscriptions to streaming accounts are likely non-transferrable as well. Often, eBooks and digital publications you own are only licensed to you as the sole owner and can’t be transferred. Again, check the agreements associated with items like these and have a talk with your attorney about them to determine what can and can’t be done with them.
Blogs and online communities
Another aspect of your digital legacy is your voice. If you’re a blogger or a participant in an online community, you may wish for a fiduciary or family member to leave a farewell post. Additionally, in the case of a blog, you may want to set up some means for your work to stay online or get archived in some manner. Again, you can work with your attorney to leave specific instructions as to what should be said and then what should be done with the blog or site in question.
Giving your executor access to your digital assets
I have a real-life example of why this is so vital. A friend of mine lost the photos of her and her husband because they were kept in an online storage account to which she had no access. And sadly, the company would not grant her access after his passing. This is often the case with many online accounts and services. Legally speaking, while the deceased may have owned the storage account and the media kept within it, the cloud storage company owns the servers on which that media is stored. The potential difficulty here is that the online service provider may view giving your personal representatives access to your account as a breach of their privacy policy or user agreements.
One way you can avoid heartbreak like this is to discuss giving your executor access to your accounts. This can be provided through a list of accounts, usernames, and passwords that are kept in a sealed letter along with your will, along with instructions that outline your wishes. This is important: a will is public record after you pass away. You won’t want info like usernames and passwords getting out there. Again, you can discuss an option such as this with your attorney.
Protecting your digital assets
One thing you can do today that can protect your digital assets for the long haul is to use comprehensive security protection. Far more than just antivirus, comprehensive security can store precious and important files securely with encryption, arm all your online accounts with strong passwords, and protect your identity as well. Features like these will help you see to it that your digital legacy is secure.
Make a plan
When I’ve brought up the idea of a digital legacy with friends, a light goes on in their head. “Of course, that makes a lot of sense.” It’s easy to take our digital possessions somewhat for granted, perhaps in a way that we simply don’t with our physical possessions. Yet as you can see, there’s a good chance that you indeed have a digital legacy to pass along. By getting organized now, you can see to it that your wishes are followed, and I hope this checklist helps you get started.
The post Digital Estate Planning – What to Do With Your Digital Assets appeared first on McAfee Blog.
Heat left by users’ fingertips could help hackers crack passwords, researchers claim
Boffins at the University of Glasgow, in Scotland, have developed a system which they claim demonstrates a new type of cybersecurity threat: a “thermal attack.”
According to the researchers, the falling price of heat-detecting thermal imaging cameras and advances in machine learning have made it more feasible to guess what passwords a target may have entered on a keyboard, up to a minute after typing them.
Read more in my article on the Hot for Security blog.
Digital License Plates
California just legalized digital license plates, which seems like a solution without a problem.
The Rplate can reportedly function in extreme temperatures, has some customization features, and is managed via Bluetooth using a smartphone app. Rplates are also equipped with an LTE antenna, which can be used to push updates, change the plate if the vehicle is reported stolen or lost, and notify vehicle owners if their car may have been stolen.
Perhaps most importantly to the average car owner, Reviver said Rplate owners can renew their registration online through the Reviver mobile app.
That’s it?
Right now, an Rplate for a personal vehicle (the battery version) runs to $19.95 a month for 48 months, which will total $975.60 if kept for the full term. If opting to pay a year at a time, the price is $215.40 a year for the same four-year period, totaling $861.60. Wired plates for commercial vehicles run $24.95 for 48 months, and $275.40 if paid yearly.
That’s a lot to pay for the luxury of not having to find an envelope and stamp.
Plus, the privacy risks:
Privacy risks are an obvious concern when thinking about strapping an always-connected digital device to a car, but the California law has taken steps that may address some of those concerns.
“The bill would generally prohibit an alternative device [i.e. digital plate] from being equipped with GPS or other vehicle location tracking capability,” California’s legislative digest said of the new law. Commercial fleets are exempt from the rule, unsurprisingly.
More important are the security risks. Do we think for a minute that your digital license plate is secure from denial-of-service attacks, or number swapping attacks, or whatever new attacks will be dreamt up? Seems like a piece of stamped metal is the most secure option.
CVE-2021-20030
SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application’s binaries and configuration files.
IP Cameras, VoIP and Video Conferencing Revealed as Riskiest IoT Devices
Warning to orgnaizations to be aware of risky devices across IT, IoT, OT and IoMT
UK Government Urges Action to Enhance Supply Chain Security
The NCSC guidance has been issued amid a significant increase in supply chain attacks in recent years
The biggest concerns within the US Financial Sector in 2022
This blog was written by an independent guest blogger.
The value of digital payment transactions is growing as the world’s payment environment moves more and more away from cash. Over the past few years, BFSI (Banking, Financial Service, and Insurance) firms have continued to be a top target for hackers. In fact, the Sixth Annual Bank Survey found that more than 70% of fintech companies named information security as their top issue.
According to VMware’s Modern Bank Heists study, since the COVID-19 epidemic, there have been 238% more cyberattacks on companies in the financial sector. Artificial intelligence (AI) and self-learning malware are making cyberattacks more sophisticated. While ransomware assaults are the most profitable for cybercriminals, phishing attacks prey on unsuspecting and defenseless consumers. Thus, it should come as no surprise that 39% of financial industry executives think that the overall network security threat to BFSI sector companies has increased significantly.
Financial and banking firms in the US must put cybersecurity first above all else given the volume of sensitive data that the BFSI sector must manage. Leading analytics company GlobalData predicts that rising demand for cybersecurity would cause worldwide security revenues in the retail banking industry to climb from $7.9 billion in 2019 to $9.8 billion in 2024.
What are the biggest concerns facing the financial sector in the United States for 2022?
Reimbursing cyber scams
As banks are under pressure to compensate their scammed consumers, rising cybercrime rates translate to rising costs for the industry. More than half (58%) of those who conduct their banking online encounter scams via email or SMS at least once per week, and 23% report having fallen victim to a cyberattack.
Banks currently reimburse authorized push payment (APP) fraud at an average rate of 46%. Although many banking institutions are refusing reimbursements for online fraud, this is due to change soon, or else the situation will backfire. For example, measures supported by the UK government will require banks to reimburse everyone. This is only one illustration of the fact that if banks are to secure their consumers and their business line in 2022, they must prioritize cybersecurity more highly.
To exchange efficient strategies, banks will need to collaborate with governments and industry organizations. The public must continue to get education on preventative measures, but ultimately it is the banks’ responsibility to establish security models that will give them and their clients the greatest level of safety.
Maintain compliance with strict privacy regulations
The use of social engineering and account takeover fraud will increase over the next years. Financial institutions must not only conduct comprehensive data checks beyond document verification at account opening to fight this but also keep track of customer identities throughout the customer lifecycle.
Banks must decide how to manage sensitive personal data like biometrics as GDPR and other privacy regulations are being established throughout the world. As a result, many institutions believe that finding a partner that can protect this sensitive personal information is more practical than modernizing internal systems and processes.
Finally, the public is becoming more concerned about how technology corporations utilize personal data. More difficult questions will be raised as a result, and any responses must pass a strict ethical standard. The application of AI to compliance and fraud will need to be explained by banks. Ascertaining whether their partners and vendors have complete control over the technology they provide will also have an impact on vendor onboarding. Every bank will need to be able to justify decisions made to regulators and the broader public.
Leveraging AI to combat cyber fraud
Instead of being a subset of financial crime, banking fraud now coexists with ransomware, phishing, and other types of cybercrime. Fraudsters are functioning methodically, getting more skilled at spotting loopholes in the automated systems that financial institutions are putting in place, and getting better at learning through repetition.
For example, banks and mortgage lenders have started to link more of their fraud charges to the fact that their clients are doing more transactions using mobile banking apps. According to a LexisNexis survey, more than half of the respondents who worked for US banks and credit lenders say that mobile channel fraud has increased by 10% or more this year.
Today’s fraudsters collaborate with criminal gangs that provide crime as a service. As a result, frauds and forgeries become increasingly sophisticated, making them impossible for humans to detect without artificial intelligence (AI) to support their decision-making.
Decentralized currencies are at the center of attacks
Meanwhile, cryptocurrency has become a primary target of cyberattacks. Huge sums of money are frequently present on cryptocurrency exchanges and wallets, making them a powerful attraction for attackers trying to make money from their attacks.
These are sometimes straightforward social engineering attacks, and other times they are far more sophisticated technically. We expect to see more cyberattacks on decentralized currencies given the amount of money that can be stolen in a single successful attack (possibly reaching millions of dollars). For example, in December 2021 criminals stole nearly $200 million from the crypto trading platform Bitmart.
However, we should anticipate law enforcement and governments to become more actively involved in both the investigation of cryptocurrency assaults and the use of cryptocurrency vulnerabilities. For example, government agencies like the Securities Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) may try to regulate cryptocurrencies more strictly as they regulate traditional currencies.
Attacks bypassing MFA
Although multi-factor authentication is a prerequisite for enabling strong customer authentication, the latest attacks against Cisco and Uber have profoundly demonstrated that fraudsters can bypass MFA. Using sophisticated tactics and tools like auto-diallers, criminals have managed to intercept one-time passwords (OTP) and compromise banking accounts. Automating the process and creating what is known as MFA fatigue they force customers to give up OTPs to malicious bots.
OTP interception is now trivial compared to what it has been historically, and that innovation fundamentally shifts the economics in the favor of the attackers. The LexisNexis report highlighted this concern saying that balancing fraud detection with customer friction is a top challenge for banks. Banks need to embrace phishing-resistant MFA methods that eliminate the risk of being defrauded while offering a superb customer experience for all possible use cases and authentication journeys.
A bigger attack surface and higher attack sophistication levels are a result of the rising use of complicated technologies and interaction with third-party systems. Today, maintaining a strong cybersecurity posture entails more than merely defending sensitive systems and data from damaging external attacks. Additionally, it entails better data privacy, identity protection, and vulnerability management. Banks and financial institutions can outsource part of the burden of staying compliant with regulations and securing customer financial data by partnering with a trusted managed services provider. These companies aggregate experience and expertise to help banking institutions stay one step ahead of their adversaries.
python3.7-3.7.15-1.fc36
FEDORA-2022-9bca9dd6a5
Packages in this update:
python3.7-3.7.15-1.fc36
Update description:
The release you’re looking at is Python 3.7.15, a security bugfix release for the legacy 3.7 series. https://docs.python.org/release/3.7.15/whatsnew/changelog.html#python-3-7-15-final
USN-5673-1: unzip vulnerabilities
It was discovered that unzip did not properly handle unicode strings under
certain circumstances. If a user were tricked into opening a specially crafted
zip file, an attacker could possibly use this issue to cause unzip to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-4217)
It was discovered that unzip did not properly perform bounds checking while
converting wide strings to local strings. If a user were tricked into opening a
specially crafted zip file, an attacker could possibly use this issue to cause
unzip to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-0529, CVE-2022-0530)