The astronomical costs of an asset disposal program gone wrong

Read Time:42 Second

Every entity should have an information technology asset disposal (ITAD) program as part of its information security process and procedure. Indeed, every time an IT asset is purchased, the eventual disposal of that asset should already be defined within an ITAD. When one doesn’t exist, data becomes exposed, compromises occur, and in many cases, fines are levied. Such was the case with Morgan Stanley Smith Barney (MSSB), which continues to feel the repercussions of their ITAD’s failure over the past several years, which has now resulted in $155 million USD in fines and penalties.

On September 20, 2022, the Securities and Exchange Commission (SEC) reached a settlement agreement in which MSSB paid a $35 million USD penalty for the improper disposal of devices containing MSSB customer persona identifying information (PII).

To read this article in full, please click here

Read More

git-lfs-2.10.0-2.el7

Read Time:21 Second

FEDORA-EPEL-2022-d8f75949c3

Packages in this update:

git-lfs-2.10.0-2.el7

Update description:

Rebuild with current EPEL 7 golang
Fixes CVE-2022-24675, resolves rhbz#2084673
Fixes CVE-2022-28327, resolves rhbz#2084854
Fixes CVE-2021-38297, resolves rhbz#2118476
Sync build steps with RHEL8/RHEL9
Add pre-generated manpages, resolves rhbz#1934043
Add provides for bundled golang libraries
Redirect scriptlet output to /dev/null

Read More

python-django3-3.2.15-1.fc38

Read Time:2 Minute, 20 Second

FEDORA-2022-0cba1bd104

Packages in this update:

python-django3-3.2.15-1.fc38

Update description:

Automatic update for python-django3-3.2.15-1.fc38.

Changelog

* Tue Oct 4 2022 Michel Alexandre Salim <salimma@fedoraproject.org> –
3.2.15-1
– Initial python-django3 release
* Sun Oct 2 2022 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-6
– Fork to python-django3, needed by the Mailman stack
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 3.2.9-5
– Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 17 2021 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-4
– Drop obsolete python_provide lines
* Wed Dec 15 2021 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-3
– Use build-dependency generator
– Use pyproject macros
* Wed Dec 15 2021 Michel Alexandre Salim <salimma@fedoraproject.org> – 3.2.9-2
– Drop old BR on python3-mock
* Wed Nov 24 2021 Karolina Surma <ksurma@redhat.com> – 3.2.9-1
– update to 3.2.9
– unskip fixed tests
– backport fix for building docs with python-sphinx 4.3.0
* Wed Sep 8 2021 Matthias Runge <mrunge@redhat.com> – 3.2.7-1
– update to 3.2.7 (rhbz#1999958)
* Mon Aug 9 2021 Matthias Runge <mrunge@redhat.com> – 3.2.6-1
– update to 3.2.6 (rhbz#1957630)
– skip failing test AssertionError: “Error: invalid choice: ‘test’
(choose from ‘foo’)”(rhbz#1898084)
* Tue Jul 27 2021 Fedora Release Engineering <releng@fedoraproject.org> – 3.2.1-3
– Second attempt – Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint@redhat.com> – 3.2.1-2
– Rebuilt for Python 3.10
* Tue May 4 2021 Matthias Runge <mrunge@redhat.com> – 3.2.1-1
– rebase to 3.2.1, fixes CVE-2021-31542
– rebase to 3.1.8 fixes CVE-2021-28658 (rbhz#1946580)
– rebase to 3.2.1 (rhbz#1917820)
* Fri Mar 5 2021 Matthias Runge <mrunge@redhat.com> – 3.1.7-1
– update to 3.1.7, fix CVE-2021-23336 (rhbz#1931542)
* Thu Feb 4 2021 Matthias Runge <mrunge@redhat.com> – 3.1.6-1
– update to 3.1.6, fix CVE-2021-3281 (rhbz#1923734)
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.5-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 4 2021 Matthias Runge <mrunge@redhat.com> – 3.1.5-1
– update to 3.1.5
* Thu Dec 3 2020 Matthias Runge <mrunge@redhat.com> – 3.1.4-1
– update to 3.1.4 (rhbz#1893635)

Read More

What is Doxxing?

Read Time:5 Minute, 49 Second

Social media has become a part of our everyday lives. Each day millions of people log on to Facebook, Twitter, and other social sites and engage with friends and family. We share our lives more freely and publicly than ever before, and connect with people around the world more easily than our ancestors could have dreamed of.   

While many beautiful things come from sharing online, most of us have experienced discord with other internet users while being social online. In some cases, exchanges can become hostile, with the aggrieved party becoming threatening or malicious. Doxxers also target popular online influencers, movie and tv stars, or anyone they don’t agree with, as a way to seek revenge, bully, shame, or intimidate them.  

One way someone may attempt to retaliate is to release sensitive personal private information about the person to the broader internet. This kind of online harassment is known as “doxxing.”  

This article explains what doxxing is and how to prevent it from happening to you.  

What is doxxing? 

Doxxing (or “doxing”) is the practice of revealing another individual’s personal information (home address, full name, phone number, place of work, and more) in an online public space without the person’s consent.  

The term “doxxing” comes from the hacker world and references the act of “dropping dox” (as in “docs”) with malicious intent to the victim. The severity of the personal data leak may also go beyond phone numbers and addresses to include releasing private photos, Social Security numbers (SSNs), financial details, personal texts, and other more invasive attacks.  

What’s an example of doxxing?

One of the first incidents of doxxing took place back in the late 1990s when users of the online forum Usenet circulated a list of suspected neo-Nazis. The list included the suspected individuals’ email accounts, phone numbers, and addresses.  

In 2021, rapper Kanye West famously doxxed Drake when he tweeted the star’s home address 

Is doxxing illegal? 

While doxxing can hurt people, it’s not necessarily a crime. In some cases, a doxxer finds publicly available information and shares it broadly. Since the data is public record, it’s not illegal to share it. A doxxer might invite others to visit the home or workplace of their target rather than taking a specific action. 

That said, it is illegal to hack a device or computer without permission from the owner — even if the information collected is never used. The legality of doxxing must be taken on a case-by-case basis, and law enforcement must build its case based on existing applicable laws.  

For example, if the doxxer attempted to apply for a credit card using your private data, they could be prosecuted for fraud or identity theft. 

How to protect yourself from doxxing

You can follow a few critical practices to help protect yourself from doxxing. Start by limiting what you share online, using strong passwords, and taking advantage of secure technologies like virtual private networks (VPNs).  

Limit the personal information you share online

Limiting the amount of personal information you share online is one of the best ways to protect yourself from doxxing. Avoid oversharing personal details of your life (like your child’s name, pet’s name, or place of work) and maintain the highest possible privacy settings for any social media app or website.  

You should also take caution when tagging friends, locations, and photos, as this may give doxxers more access to your data. Check out our Ultimate Guide to Safely Sharing Online to learn more.  

Check data broker websites for your information

Data brokers are companies that mine the internet and public records for financial and credit reports, social media accounts, and more. They then sell that data to advertisers, companies, or even individuals who may use it to doxx somebody.  

You might be surprised to see the amount of sensitive information available to anyone who wants it with an online search. Data brokers often have contact information, including real names, current and former addresses, birth dates, phone numbers, social media profiles, political affiliations, and other information that most consider private.   

While you can remove your private information from many data broker sites, they tend to make the process tedious and frustrating. McAfee® Personal Data Cleanup makes the process much easier. All you have to do is enter your name, date of birth, and home address, and we’ll scan it across high-risk data broker sites. We’ll then help you remove it.  

Use strong passwords and keep them secure

Having strong passwords can make you less vulnerable to hackers and doxxers. Keep yourself more secure by following a few simple rules. 

Have long and strong passwords (at least eight to 10 characters). 
Don’t create passwords that include any words from your social media sites (like pet or child names). 
Change your passwords frequently — at least every three months. 
Don’t use the same password for multiple online accounts — unique passwords only. 
Use random sequences of letters and numbers without identifiable words. 
Turn on two-factor or multi-factor authentication (MFA) for critical accounts (Gmail, LinkedIn, Facebook, online banking). 
Don’t write down passwords (or keep them in a secure location if you must).  

Make password management much easier by using a password manager and generator tool like True Key from McAfee. True Key uses the strongest encryption available to decrypt your existing passwords and can help generate new strong passwords 

Use a virtual private network

When browsing on public Wi-Fi networks like those at airports and coffee shops, your data is at greater risk of being compromised by cybercriminals who may lift sensitive information for personal gain.  

A virtual private network (VPN) service (like the one found in McAfee+) gives you an additional layer of protection by hiding your IP address and browsing activities when you’re on an unsecured network. 

Protect your device with antivirus protection

Scammers, doxxers, and hackers work hard to get personal information every day. With McAfee Total Protection, you can use the internet with confidence knowing you have the support of award-winning antivirus software to keep you and your family members safe online.  

Get real-time threat protection through malware detection, quarantine, and removal, and schedule real-time or on-demand file and application scanning. You’ll also benefit from an advanced firewall for home network security.  

Keep your online information secure with McAfee

We all increasingly rely on the internet to manage our lives. As a result, it’s important to address the risks that come with the rewards.  

Comprehensive cybersecurity tools like those that come with McAfee+ can help you avoid scams, doxxing attacks, identity theft, phishing, and malware. We can also help keep your sensitive information off the dark web with our Personal Data Cleanup.  

With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection. 

The post What is Doxxing? appeared first on McAfee Blog.

Read More

Tenable aims to unify your cybersecurity with exposure management platform

Read Time:35 Second

Tenable today announced the general availability of Tenable One, a unified exposure management platform designed to meet the changing needs of the modern cybersecurity professional by offering a holistic view of both on-premises and cloud-based attack surfaces.

The modern cybersecurity attack surface is complex, fast-changing, and involves a panoply of different target systems and users that are all interconnected in a range of ways. Modern cybersecurity measures, on the other hand, are, all too often, architected just as they have been in the past, leading to major challenges in combating threats, according to a white paper Tenable released along with its new product.

To read this article in full, please click here

Read More