CVE-2021-33360

Read Time:9 Second

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).

Read More

AT&T informs 9M customers about data breach

Read Time:29 Second

AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI).

The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud.

“We recently determined that an unauthorized person breached a vendor’s system and gained access to your ‘Customer Proprietary Network Information’ (CPNI),” AT&T said in the email.

To read this article in full, please click here

Read More

USN-5944-1: SnakeYAML vulnerabilities

Read Time:36 Second

It was discovered that SnakeYAML did not limit the maximal nested depth
for collections when parsing YAML data. If a user or automated system were
tricked into opening a specially crafted YAML file, an attacker could
possibly use this issue to cause applications using SnakeYAML to crash,
resulting in a denial of service. (CVE-2022-25857, CVE-2022-38749,
CVE-2022-38750)

It was discovered that SnakeYAML did not limit the maximal data matched
with regular expressions when parsing YAML data. If a user or automated
system were tricked into opening a specially crafted YAML file, an
attacker could possibly use this issue to cause applications using
SnakeYAML to crash, resulting in a denial of service. (CVE-2022-38751)

Read More

Protect the Whole Family with McAfee+ Ultimate Family Plan

Read Time:4 Minute, 46 Second

Dozens of content creators center their channels on highlighting the differences between today’s most prominent generations: the Silent Generation, baby boomers, Generation X, millennials, and Generations Z and Alpha. At quick glance, no generation seems to have much in common with the others.  

Despite our vastly different life experiences and philosophies, there’s something that people of any age should get behind: identity and online privacy protection. Young or old, cybercriminals don’t discriminate against who they target. In fact, some generations are more prone to certain scams than others. 

Education on current cyber threats is the first step to defending against them. Here’s how to protect every member of the family against online threats. 

Children 

Cybercriminals can steal identities even from young children who don’t yet have an online presence. Criminals can buy Social Security Numbers (SSNs) of minors on the dark web or gather them through medical record or school system breaches. Those SSNs are valuable to a cybercriminal, because the theft can go undetected for years. Since children aren’t opening credit cards or applying for mortgages, there’s seemingly no reason to keep tabs on their credit and ensure everything is normal.  

To check up on the online safety of your youngest family members, it’s never too early to start identity monitoring. Also, consider putting a credit freeze on your child’s credit. A credit freeze does not negatively affect their credit score. Since they won’t be needing it for several years anyway, might as well make your child’s credit inaccessible to everyone, including criminals. 

Tweens and Teens 

Teenagers crave independence. Often at this age, parents allow their teens to open and manage their first email addresses and social media profiles independently. It’s an important life lesson in organization, responsibility, and digital literacy; however, these platforms are not without risks like cyberbullying, fake news, and social engineering. 

The best way to avoid falling for each is through education. Globally, 13% of children experienced the most severe forms of cyberbullying, including harassment, physical threats, and stalking. Ensure that your tweens and teens who spend time unsupervised on their connected devices know what to do if they encounter cyberbullying. The best course of action is to report the incident to an adult, and in the meantime, to suspend their accounts.    

To steer clear of fake news perpetuated by social media bots and social engineering scams, a safe browsing extension may protect your teen’s device from risky sites. McAfee WebAdvisor not only alerts users to possible hidden malware, but also to phishing attempts, which may be difficult for teenagers to suss out. For teens who are eager to download a “free” TV or video game, they may miss the telltale signs of malicious sites, such as typos, blurry logos, or offers that are too good to be true. 

Adults 

While adults typically have more street smarts than teens, their schedules are brimming with important tasks. Juggling work, social obligations, and running a household often leaves adults feeling like they don’t have time to spare. The feeling that they have to rush through emails, social media direct messages, and even dating app correspondences could increase their susceptibility to phishing, malware, and computer viruses.  

The best advice to adults to avoid phishing or malicious bugs is this: slow down! Take your time when you receive any message from someone you don’t know or have never met in person. If you feel even an iota of suspicion, don’t engage any further with the sender. Delete the message. If it’s important, the person or organization will follow up.  

To fully protect expensive connected devices and the personally identifiable information they store, consider investing in safe browsing, antivirus software, and identity monitoring and restoration services to catch any threats that may have passed under your watchful eye. 

Seniors 

Cybercriminals often seek out seniors as easy targets for online scams. Because they aren’t digital natives like millennials and Gen Zers, seniors are typically less confident in their online skills. For example, they may not realize that every email in their inbox isn’t necessarily sent by someone with good intentions. What can start out as a friendly online pen pal can quickly spiral into divulging sensitive personal information or sending huge sums of money to a criminal. 

The best way to prepare the seniors in your life for online safety is to impart a few, easy-to-follow absolutes. Start with these three rules: 

Never tell anyone your password. Your bank, tax filing service, nor the IRS will ever need it. 
Never divulge your SSN over email. 
Never send money to a stranger, no matter how much their “story” tugs at your heartstrings. 

For peace of mind, enroll the seniors in your family in identity monitoring and restoration services. This will help them get back on their feet if their identity was compromised in a senior scam. 

 The Ultimate Plan to Protect the Whole Family 

Get the whole family committed to safer and more private online lives with the help of McAfee+ Ultimate Family Plan. The Family Plan covers up to six individuals and protects their online lives with an entire suite of comprehensive privacy, identity, and device security features. For example, families can receive up to $2 million in identity theft recovery and $50,000 in ransomware coverage. The plan also includes preventive measures to fight online crime, such as safe browsing tools, an advanced firewall, unlimited VPN, and antivirus software for unlimited devices. 

Empower your whole family with online confidence and protection for their digital life! 

The post Protect the Whole Family with McAfee+ Ultimate Family Plan appeared first on McAfee Blog.

Read More

Attacks on SonicWall appliances linked to Chinese campaign: Mandiant

Read Time:32 Second

A persistent malware targeting unpatched SonicWall Secure Mobile Access (SMA) appliances has been linked to a Chinese campaign dating back to 2021, according to a Mandiant research done in partnership with SonicWall’s in-house research team.

The responsible malware, dubbed UNC4540, has been found to be stealing user credentials, providing shell access, and persisting through firmware upgrades.

“This is not a new vulnerability, so a patch was not published,” a Mandiant spokesperson said. “The findings are based on the analysis of an extremely limited number of unpatched SMA 100 series appliances from the 2021 timeframe.”

To read this article in full, please click here

Read More