Multiple Vulnerabilities in Mozilla Firefox and Thunderbird Could Allow for Arbitrary Code Execution

Read Time:38 Second

Multiple vulnerabilities have been discovered in Mozilla Firefox, Firefox Extended Support Release (ESR), and Thunderbird, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple Vulnerabilities in WordPress Could Allow for SQL Injection

Read Time:29 Second

Multiple vulnerabilities have been discovered in WordPress, the most severe of which could allow for SQL injection. WordPress is an open source content management system (CMS) which assist in the creation and hosting of web applications. Successful exploitation of the most severe of these vulnerabilities could allow for SQL injection. Depending on the privileges associated with the service, an attacker could then read, extract, or write to the backend database. Services which are configured to have fewer rights on the system and the backend database could be less impacted than those who operate with administrative rights.

Read More

Introducing next-generation firewall from Palo Alto Networks to support 5G-enabled IoT, OT and IT use cases

Read Time:5 Minute, 12 Second

Enterprises know they need defenses integrated into each aspect of their network while not being an inhibitor to innovation. Digital transformation realized through new 5G-enabled IoT, Operational Technologies (OT) and IT use cases are no exception. Therefore, security teams need to take a closer look at the best technology to support this innovation. Next-generation firewalls from Palo Alto Networks with AT&T Multi-Access Edge Computing (MEC) solutions are designed to help protect enterprises while optimizing security performance for these new use cases.

Prime time for innovation

AT&T MEC in combination with 5G/4G LTE create a private network solution that enables businesses to localize cellular data to improve their operations. The solution supports edge computing by routing application-specific traffic in a highly effective way. Built on a software-defined network, AT&T MEC enables direct access to cellular data for highly reliable local processing. This technology helps create new outcomes and capabilities by allowing applications to process data right where it’s needed. In addition, MEC enables customers to control their traffic flow, restrict devices and select application access for local business content, all while enabling macro cellular access when desired.

This means that businesses can locally process and transfer data-intensive files in near-real time, scale robotic operations, and offer highly immersive customer experiences. Some on-premises use cases for this include video AI, synchronous media collaboration and industrial manufacturing. These are just a few examples of how businesses are being transformed through edge computing technologies. And these use cases can span many industries – manufacturing, public sector, healthcare, education, stadiums, retail and more. AT&T MEC is leading the way in the rapidly evolving private cellular space driving the right innovation today and tomorrow. CRN has named AT&T to its 2021 Edge Computing 100 list – with recognition as one of those driving innovation in the IoT and 5G Edge Services Category.  The AT&T Multi-Access Edge Computing offering ties together cellular network architecture for real-time high bandwidth, low-latency access to latency-sensitive mobile applications. This is great news.  AT&T is helping businesses connect – harnessing LTE and 5G at the network edge.

Protection at every layer 

AT&T MEC not only helps to enable these business use cases but also provides additional privacy and control beyond the inherent security of AT&T’s 5G/4G LTE cellular network. With AT&T MEC your data is in your control so you can determine the location, cloud, local data center or somewhere else to route it. Data you consider sensitive or proprietary can be kept locally within your internal network, significantly mitigating the risk of it being illegally accessed or stolen. This helps give enterprise control and privacy of their data.

In addition to these privacy measures, security teams must also consider mobile devices that could inadvertently introduce threats. For example, a user accidentally downloads malicious software. Or, an IoT device becomes subject to a supply chain attack. In any environment, but especially in edge environments built for business-critical applications, businesses need to respond to these security events as fast as possible, identify malicious events, and act in real time. Therefore, defenses are needed to inspect the application flows to protect mobile devices and business-critical data in transit and at rest within your network. Adding this layer of security allows consistently enforced policies across all network environments, including private cellular networks like MEC network.

Proven, reliable technology and services

To protect against these advanced threats, AT&T now offers a managed next-generation premises-based firewall optimized to work with AT&T MEC. It starts with proven, reliable technology utilizing Palo Alto Networks ML-Powered Next-Generation Firewall platform based on a scalable, modular design that enables you to increase performance as your needs increase. This state-of-the-art firewall technology brings advanced capabilities to prevent known and unknown threats such as vulnerability exploits, ransomware, malware, phishing and data theft. It also includes unique technology from Palo Alto Networks called WildFire® which automatically detects and helps prevent unknown malware and taps into crowdsourced intelligence from more than 43,000 customers. Palo Alto Networks has been recognized by NSS Labs for having high security effectiveness and by Forrester Consulting for strong Return on Investment . Savings are possible  across many categories, but key areas are  in efficiency gains for IT and security and the reduced risk of a data breach.

Furthermore, this next-generation firewall is managed by AT&T’s state-of-the-art Security Network Operations Center (S/NOC) 24/7. The S/NOC team of security professionals use this highly secure, fully redundant site and its advanced intrusion detection capabilities to further analyze and respond to threats. They also help reduce complexity by assisting the customer with ongoing configuration changes to their firewall policies. 

Visibility and control

This next-generation firewall offering provides fully managed, end-to-end firewall protection for your mobile network data traffic including traffic routed through AT&T MEC. The firewall provides visibility of applications and mobile services including those using AT&T MEC Local Content Offload connectivity. In addition, it provides application layer protection by enabling application centric policies that could be used to block as many or all malicious applications or only certain types of malicious activities.

This offering can further help prevent malicious activity that could be concealed in encrypted traffic. Already without decrypting, it provides visibility into TLS traffic, such as the amount of encrypted traffic, TLS/SSL versions, cipher suites, and more. If an instance warrants decryption, the business has the flexibility to gain that additional insight for forensics, historical purposes, or data loss prevention (DLP) needs.

Conclusion

AT&T helps make it safer for you to innovate with leading edge technologies and the security elements to help protect this dynamic environment. Gain fully managed, end-to-end firewall protection for your private cellular network including traffic routed through AT&T MEC with next-generation firewalls provided by Palo Alto Networks.  To learn more- visit us at AT&T Cybersecurity Advanced 5G security solutions | AT&T Cybersecurity (att.com).

Read More

Protecting Your Privacy This Year

Read Time:5 Minute, 9 Second

If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. We have your back. And here’s why. 

In the U.S., reported cases of identity theft continue to rise. Comparing the first three quarters of 2020 to the first three quarters of 2021, we can see that the number of identity theft cases reported to the U.S. Federal Trade Commission (FTC)are up. Moreover, fraud connected with government documents and benefits has jumped by nearly 100,000 reported cases. Likewise, bank fraud saw a jump as well with a solid 30% increase. 

Figure-1-2021-FTC-Fraud-Reports-Q1-Q3

 

Figure 2- 2020 Fraud Reports, Q1-Q3

Likewise, compare 2021 to the same period in 2019 and the contrast is yet more striking: well over double the number of reports of identity theft. Also note the massive bump in fraud across the board as well—notably in government documents and benefits, which went from nearly 18,000 reported cases to more than a quarter-million cases. 

Figure 3- 2019 Fraud Reports, Q1-Q3

And that’s just what’s been reported in the U.S. Far more crime goes unreported, and it is estimated that the cost of identity theft and fraud goes well into the billions of dollars.

Yet behind each stat is a person, a family, and a household that dealt with anything from a financial headache to a major life event no thanks to identity theft and fraud. Accordingly, we’re seeing to it that each and every person has the tools to prevent this from happening to them.

Here’s a little bit about our approach. We looked at some of the key areas where people’s private information can be vulnerable and designed a tool that offers easy-to-use, intelligent protection for Windows, Android, and iOS devices, with a consistent feel on whichever device you’re using it.

Connect safely a VPN

Unsecured networks can leave us vulnerable, like when we use public Wi-Fi. What’s at issue is that a cybercriminal can potentially capture your login credentials and other personal information as you use a public network in a hotel, airport, coffee shop, library, and so forth.

So, we made sure to include a Virtual Private Network (VPN) to keep your information protected from prying eyes. It does this easily by detecting when you’re on a public network and automatically turning on on your VPN. The VPN then scrambles or encrypts, your data as it flows over the network. Unlike some VPNs that require advanced settings to shield your data, our app offers seamless security.

Dark Web Monitoring

Given that data breaches large and small continue to occur with more regularity than any of us would like, always-on monitoring of your private information is key.

Whether one of your personal accounts is hacked–or worse–another website somehow gets ahold of your data and subsequently gets breached, your data may end up on the dark web. This is where cybercriminals buy and sell information.

To detect these dangerous leaks, we included dark web monitoring, which alerts you if your log-in credentials have been exposed. It can even provide you with a link to the site that uses those credentials when the information is available. This allows you to swiftly reset your passwords, mitigating the risk.

Identity theft insurance and recovery support

Should the unfortunate happen to you, we have your back. In several ways.

Recovering from identity fraud or theft can be expensive. We’ll help relieve the burden with $1M coverage for lawyer fees, travel expenses, lost wages, and more. If money was stolen directly from a bank account, we’ll also reimburse up to $10,000 stolen funds.

No question about it, recovery can be time-consuming, confusing, and even frustrating. With that, we offer licensed recovery experts who can work with you any time, around the clock, all year long. These pros can use a limited power of attorney to do the heavy lifting for identity recovery, taking all necessary steps to repair identity and credit.

In all, we protect your time and your money as part of protecting your identity too.

New: Identity Protection Score

Knowing your safe and staying that way just got far simpler. With a colorful view, you can see exactly what your Identity Protection Score is at a glance, which compiles your overall levels of security, privacy, and identity theft protection. Better yet, if it spots gaps in your protection, it guides you through straightforward fixes that can make you safer than before.

It’s an industry first, and something we all deserve—the ability to clearly see exactly how secure you are and to quickly shore up your protection whenever it’s needed.

Ease of Use

Also on our list, we wanted to make personal protection easy to use and available across all your compatible devices. So, whether you’re out with just your phone, or at home working at your PC, you have access to your protection, and can even pick up where you left off on a different device.

It’s about enjoying the internet

Ultimately, that’s what any of us want—to enjoy the internet with confidence, knowing that whatever it is we’re doing online is secure.

The way we use the internet continues to evolve. After all, it wasn’t long ago that the idea of using a phone to see who’s at the front door may have seemed a bit odd. Let alone having a little chat with the speaker on your kitchen counter. Yet that’s where we are today. And as the internet evolves, so will we. The protection we offer will cover your increasingly connected life in whatever shape that takes.

No question about it. We’re committed to protecting you, your privacy, identity, and certainly your devices too—and making all of it simple.

Here’s to a happy and secure year!

 

The post Protecting Your Privacy This Year appeared first on McAfee Blogs.

Read More