FEDORA-2023-1ebf4507df
Packages in this update:
xorg-x11-server-Xwayland-22.1.8-1.fc36
Update description:
xwayland 22.1.8 – Security fix for CVE-2023-0494
xorg-x11-server-Xwayland-22.1.8-1.fc36
xwayland 22.1.8 – Security fix for CVE-2023-0494
syslog-ng-3.23.1-3.el8
Security fix for CVE-2022-38725
xorg-x11-server-Xwayland-22.1.8-1.fc37
xwayland 22.1.8 – Security fix for CVE-2023-0494
syslog-ng-3.35.1-6.el9
Security fix for CVE-2022-38725
community-mysql-8.0.32-1.fc37
MySQL 8.0.32
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html
community-mysql-8.0.32-1.fc36
MySQL 8.0.32
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-32.html
“Together for a better internet.” That’s the rallying cry of this year’s Safer Internet Day, and it’s one we’re happy to hear. Particularly from a parent’s perspective.
Safer Internet Day celebrates its 20th year on February 7th and focuses on ways we can all protect, empower, and respect all children when they go online—and gives us an opportunity to reflect on what that really means.
Consider that for some time now, children have found themselves born into an online world. As soon as they can pick up a toy, they can pick up a phone or tablet too. And they often do, given that they’re growing up in homes where one is practically always in reach. With that, their online life begins.
Learning how to live life online is simply another part of growing up nowadays. And that’s where we as parents play a significant role. Just as in every other aspect of life, they look to us for guidance, encouragement, and new things to see and do online. Safely, too.
Children have said as much. In our recent global report entitled “Life Behind the Screens of Parents, Tweens, and Teens,” we asked who is best suited to teach them about being safe online. Children said their parents are the clear winners. Nearly three-quarters of children pointed to parents, almost twice more than teachers at school (39%) and more than twice over for online resources (34%).
However, while parents agreed with this, it appears they didn’t always follow through. For starters, parents reported using basic protection on their own computers at a relatively low rate. Even the simplest of security steps scored relatively low despite how relatively easy they are to take. That included using antivirus software (68%), protecting the computer with a password (58%), or sticking to reputable online stores when shopping (50%). These figures dropped yet lower when asked if they took the same precautions for their children on their computers.
For example, only 57% of parents said they installed antivirus on their child’s computer and only 44% have their child password or passcode protect their computer, as illustrated by the drops in the chart below.
This trend extends to smartphones as well. While 56% of parents said that they protect their smartphone with a password or passcode, only 42% said they do the same for their child’s smartphone—a 14% difference. Again, considering how easy it is to create a password or passcode for a phone, and how much of our online lives course through those devices, that figure would ideally come in at 100%.
In all, many parents protect their children even less than they protect themselves.
Everyone loves their smartphone. Children particularly so. While parents placed their smartphone as their top device at 59%, followed by their computer or laptop at 42%, tweens and teens put their smartphone at the top of the at a decisive 74%. Second was their gaming console at 68%.
Unsurprisingly, that love for the smartphone pushes children’s internet usage quickly to an adult level at an early age, marking a sort of early mobile maturity where they are exposed to the broader internet full of apps, chats, entertainment, and social media—along with their benefits and risks nearly right away.
Taken with the low level of security measures parents place on their children’s phones, we can see how children are going online with a device that’s largely unprotected—in part because their parents leave their smartphones largely unprotected as well.
Beyond devices, parents have other concerns about their children as they increasingly spend more time online, particularly as they get older. Some of the top ones include:
Cyberbullying, is it happening to my child or is my child the bully?
Smartphones, what’s the right age for my child to get their first one?
Social media, what’s that new platform they’re all using—and is it safe?
All those apps, which ones are right for my children—and which ones aren’t?
Screen time, how can I help my child strike the right balance?
Increasingly, staying safe online involve more than protecting devices—it revolves around protecting the people who use them. Topics like the ones above are prime examples. They’re about people, not devices. Further, we have the broader issues of staying more private online and protecting your identity from hackers, scammers, and thieves—where once again, bad actors target people, not their devices.
It’s a lot to keep on top of.
And that can feel a bit overwhelming to a parent. Luckily, as with other aspects of parenting, you don’t have to think about all these topics all at once. They’ll crop up naturally over time, just as the umpteen other teaching moments do over the course of parenting.
It starts with asking a few questions. What might be on the horizon for our children as they go online over the next few weeks and months? How can you support them? And how can you prepare yourself for that support? Granted, those are some pretty broad questions. Yet we can help:
Our blog provides a wealth of information on topics that will surely come up, with plenty of articles aimed at parents who want to see their children have a healthy, happy time online.
Our McAfee Safety Series has several in-depth guides on topics like digital privacy, social media safety, identity protection, and shopping more safely online—all packed with straightforward steps you can take that can make your family safer than before.
As for tools you can use to help keep your children safer online, we just released our McAfee+ Family Plans, online protection that’s personalized for the ones closest to you. Whether you want to protect your partner, children, parents, or a loved one practically anywhere, they offer tailored device, identity, and privacy protection for up to six people.
For your children, that means you can protect them from viruses, sketchy websites, and inappropriate content—plus establish ground rules for screen time, all in a way that’s right for them. Each child also gets their own Protection Score, a reflection of just how safe they are online, which you can quickly review and then get guide you through steps that can make them safer still. In all, it’s a powerful tool for parents who care about their children’s safety online.
You have yet another powerful tool at your disposal: conversations. You’ll find that some of the best protection you provide stems from chats with your children.
Sit down with them while they play an online game, ask what apps they like to use, or ask to look when a TikTok reel makes them laugh. These are all natural moments to get a glimpse into their digital life and simply talk about it—without lectures or preaching. The more you can make talking about life online feel like a normal thing, the more opportunities you’ll get to support them when they need it.
As parents, we can look at our children now and wonder what the internet will bring to them in the next five, ten, or even twenty years from now. It’s exciting, perhaps a bit dizzying, yet it’s more reason to offer your guidance and encouragement, to learn about life online together. That will give them a foundation they can build on, so they can enjoy a fulfilling and safer life online.
The post Safer Internet Day: Through a Parent’s Eyes appeared first on McAfee Blog.
Criminals using Google search ads to deliver malware isn’t new, but Ars Technica declared that the problem has become much worse recently.
The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.
[…]
It’s clear that despite all the progress Google has made filtering malicious sites out of returned ads and search results over the past couple decades, criminals have found ways to strike back. These criminals excel at finding the latest techniques to counter the filtering. As soon as Google devises a way to block them, the criminals figure out new ways to circumvent those protections.
A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely.
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Recent trends show that car dealerships are becoming a prime target for cyber-attacks, partly due to the rise in autonomous and connected vehicles. This is in addition to more traditional attacks such as phishing. Therefore, car dealerships are urged to take measures to improve their cybersecurity posture.
Throughout this article, we will focus on how to protect your car dealership from cyber-attacks, from technological solutions to raising staff awareness, and more.
Car dealerships collect a significant amount of data which is often stored on-site. This data includes things like names, addresses, email addresses, phone numbers, and perhaps more importantly, financial information such as bank details and social security numbers. Gaining access to this database can be very lucrative for criminals.
A cybercriminal’s life is also made much easier if a car dealership uses outdated IT infrastructure and lacks sufficient processes in terms of protecting employee login details.
Before we discuss how to protect your car dealership from a cyber-attack, it is important to know what makes a car dealership vulnerable, and what sort of attacks it could be subjected to.
Open Wi-Fi networks – Many car dealerships have open Wi-Fi networks for their customers to use freely. However, this provides an opportunity for hackers who can potentially access other areas of the network that store sensitive data.
Malware – Malware is possibly the most likely form of cyber-attack, targeting individuals within your organization with malicious email attachments that execute software onto the victim’s device. This software can then grant the attacker remote access to the system.
Phishing – Phishing emails are much more sophisticated than they used to be, appearing much more legitimate, and targeting individuals within the company. If an email seems suspicious or is from an unknown contact, then it is advised to avoid clicking any links.
User error – Unfortunately, anyone working for the car dealership, even the owner, could pose a risk to security. Perhaps using lazy passwords, or not storing log-in details in a safe place. This is why cyber security training is now becoming mandatory at most businesses.
If a small-to-medium-sized car dealership is the victim of a cyber-attack, then it can have a much bigger impact than just a short-term financial loss. Many smaller businesses that suffer a data breach are said to go out of business within six months of such an event, losing the trust of their customer base, and failing to recover from the financial impact.
Research suggests that most consumers would not purchase a car from a dealership that has had a security breach in the past. Failing to prevent a cyber-attack and a criminal from gaining access to customer information is extremely detrimental to a business’s public image.
Regardless of whether you already have security measures in place, it is always advised to assess how they can be improved and constantly be on the lookout for vulnerabilities within the organization.
In this section, we will discuss how to improve cyber security within a car dealership, breaking down the process into three key stages.
Establishing strong foundational security is key to the long-term protection of your business. When creating your foundational security strategy you should focus on 7 main areas.
Ensure administrative access is only provided to users who need it as granting unnecessary permissions to standard users creates numerous vulnerabilities. Ensure that only the IT administrator can install new software and access secure areas.
Multi-factor authentication (MFA) means more than just a traditional username and password system. Once the log-in details have been entered, users will also need to enter a PIN that can be randomly generated on their mobile phone, or issued periodically by the administrator.
For added protection, you could also implement a zero-trust strategy.
The effects of ransomware attacks can be sometimes be avoided if important files are regularly backed up, such as each morning. Once stored, there should also be procedures in place to quickly restore this data to minimize any downtime.
Many car dealerships continue to use older firewall software and outdated security services. Newer, next-generation firewalls offer much more protection, securing even the deepest areas of the network while being more effective at identifying threats.
The endpoint refers to a user’s mobile device or computer that may be targeted by attacks such as phishing emails. Endpoint protection can help secure these devices, identifying malware and preventing it from spreading to other parts of the network.
Many businesses are also choosing to protect their phone systems by using a cloud solution.
Similar to the above, email and web scanning software is essential to protect data and business operations. This can identify threats and warn users to prevent them from clicking on links or opening suspicious attachments.
IT departments in many businesses regularly test their workforce by sending fake phishing emails to see how employees respond. If the correct actions are not taken, then the individual can be given cyber security training to raise their awareness so that they take appropriate action in the future.
Once all of the above has been assessed and the necessary course of action has been taken, it is time to think about the critical security processes that need to be implemented. These are vulnerability management, incident response, and training.
Firstly, an inventory of your assets (software and devices) needs to take place so you know what needs to be protected. Once this has been done, all software should be checked to determine if it has been patched with the latest update practical.
Finally, vulnerability scans should be run on a monthly or quarterly basis. This can be done via penetration testing or an internal network scan.
Policies should be drafted in the case of an incident or data breach. This can help ensure the correct course of action will be taken in terms of contacting necessary internal and external parties. Numerous people should also be trained to respond to an incident should a key individual (such as the IT manager) be unavailable.
Network analysis needs to take place immediately after an incident, whether this is in-house or externally. This is necessary for insurance purposes.
Cybersecurity and Acceptable Use policies need to be created so everyone knows what needs to be done in the event of a breach. This includes defining what everyone’s responsibilities are. This can be combined with thorough security training to increase awareness.
To ensure your business is protected at all times, it is vital that your IT team is on top of things and you do not rest on automated tasks and policies.
Key activities include:
Using an encrypted email solution
Employing a VPN for remote workers to encrypt the connection
Mobile device security, management, and protection
On-going monitoring, risk assessments, and sticking to best practices.
Car dealerships are being targeted by cybercriminals who see them as an opportunity to steal sensitive information and financial details. This can be done in multiple ways including phishing scams and malware.
To tackle this, car dealerships must evaluate their cybersecurity, focusing on three key areas, the business’ foundational security, implementing security processes, and performing key security activities on an ongoing basis.