Smashing Security podcast #315: Crypto hacker hijinks, government spyware, and Utah social media shocker

Read Time:18 Second

A cryptocurrency hack leads us down a mazze of twisty little passages, Joe Biden’s commercial spyware bill, and Utah gets tough on social media sites.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register’s Iain Thomson.

Read More

CVE-2022-1274

Read Time:12 Second

A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.

Read More

CVE-2021-41526

Read Time:10 Second

A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.

Read More

CVE-2019-8963

Read Time:9 Second

A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher’s lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.

Read More

CVE-2017-6894

Read Time:14 Second

A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.

Read More

How You May be Sharing Private Information Online Without Even Knowing

Read Time:5 Minute, 13 Second

When I started my job as Cybermum – over 10 years ago – it was quite common to strategise ways to prevent your private information appearing online. But those days have long gone. Unless you have been living off the grid and opted out of life completely, having an online presence is now essential. Whether you’re paying bills, booking appointments or renewing your insurance premiums, many companies have made it almost impossible to conduct your business in person, forcing even the most reluctant of us online. 

Now, many of us consider ourselves to be proactive in managing just what we share online by using VPNs, not always setting up accounts with online stores and ensuring our social media privacy settings are nice and tight. But unfortunately, managing your privacy online is more complicated than that. In fact, most of us maybe sharing our private information online every day without even knowing. So, in the spirit of keeping you safe – here are three different areas that I suggest you focus on to ensure you know exactly where you are sharing your private information 

1. Your Everyday Browsing 

Every time you visit an online site, send an email, search for information or basically do anything online, multiple parties collect this information. Your Internet Service Provider (ISP), Wi-Fi network administrator, operating system e.g. Windows or iOS, search engine plus the websites and apps you use will all keep a record of what’s you’re up to – even if you are in Incognito Mode! 

This information is often gathered using cookies – small files that are placed on your device by the website that you visit. These are created whenever you visit a website, and they contain data about your visit. Some websites are required by law to advise you if and when they use cookies but if you choose to reject cookies, your browsing experience can become really clunky. 

What each of these parties does with your private information varies. Your ISP, for example, can easily put together a pretty accurate profile based on your searching, location and downloads and link this to your IP (unique) address. This data can be held for years – subject to your country’s laws and could potentially be used for surveillance, policing and even advertising.  

Now I appreciate that my ISP is required to collect information for the greater good but I am far less comfortable when search engines, websites and apps collect my private data. Since the Cambridge Analytica Scandal of 2018, the industry has definitely had a shake-up however this can still be a risky business.  

How To Stay Safe 

Consider using a VPN to ensure the private information you share online is encrypted and protected. 
Refrain from setting up accounts on every website you visit. Buy items as a guest to avoid creating login details. 
Consider a search engine that doesn’t collect and store your information. And there are loads of more ‘privacy focussed’ options to choose from. Check out DuckDuckGo – a website that doesn’t profile users or track or sell your information to third parties.  
Never download apps from unknown sources. They may be designed to mine your personal information. Only download apps from reputable sources e.g. App Store for Apple or the Google Play store for Android devices.  
Always read reviews to see if anyone has had a problem with an app and always check the fine print before you download.

2. Adware 

You know those annoying pop-up adds that just randomly appear on your devices? Well – that’s adware, software that is designed to generate revenue through advertisements. Many of us download it without knowing – you may have downloaded a free program or app without realising it contained bonus adware software. Alternatively, hackers can insert it into your system by exploiting a vulnerability in your software – that’s why you need to keep all your software updated! 

And while those pop-ups can be super irritating what you really need to worry about is that adware can compromise your online privacy. Adware is designed to track your search and browsing history so it can display ads that are most relevant to you. And once the adware developer has your location and browser history, they are likely to sell this info to a third party, making themselves a nice, tidy profit – all without you even knowing!! 

How To Stay Safe 

Use a super-duper internet security software like McAfee’s Total Protection that will identify and remove adware.  
Keep your software and operating systems updates to prevent hackers from introducing adware into your system. 
Phishing emails are a renowned source of adware links – never open links in an email if you aren’t 100% sure it’s safe. 

3. AutoFill 

When I first discovered autofill, I was hooked! No need to tediously enter your name, address, telephone number- even credit card – every time you need it! How good?? But I have since learnt that having autofill enabled on your computer means your personal information is at risk of being hacked. Cybercrims have mastered the art of capturing our credentials by tricking browsers to share our personal details and here’s how: unsuspecting people are lured to a compromised website that has an invisible form. Autofill identifies that there is a form on the site and then gives up your private information allowing the hacker to collect your credentials. 

My Top Tips 

Disable auto-fill – yes it’s convenient but it’s just too risky. Here’s some advice on how to make that happen. 
Use a Safe Search service to ensure you don’t get involved in fraudulent websites. Check out McAfee’s WebAdvisor – it’s free! 

Not sure whether it’s worth the effort? Well, let me make it simple – if you want to lock down your online identity to ensure your financial health and reputation aren’t compromised then you need to do something very soon! Imagine losing your hard-earned savings or having your Instagram account hacked and your reputation compromised? Not fun at all – so it’s time to take action, my friends. 

Stay Safe 

Alex 

The post How You May be Sharing Private Information Online Without Even Knowing appeared first on McAfee Blog.

Read More