Dumb Password Rules

Read Time:20 Second

Troy Hunt is collecting examples of dumb password rules.

There are some pretty bad disasters out there.

My worst experiences are with sites that have artificial complexity requirements that cause my personal password-generation systems to fail. Some of the systems on the list are even worse: when they fail they don’t tell you why, so you just have to guess until you get it right.

Read More

USN-5904-1: SoX vulnerabilities

Read Time:37 Second

Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
and Ubuntu 18.04 LTS. (CVE-2019-13590)

Helmut Grohne discovered that SoX incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2021-23159, CVE-2021-23172, CVE-2021-23210,
CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, and
CVE-2022-31651)

Read More

8 Common Cybersecurity issues when purchasing real estate online: and how to handle them

Read Time:5 Minute, 38 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

More and more, people are completing the entire real estate transaction process online. From searching for properties to signing documents, online convenience can make the process easier and more efficient. However, with all of this activity taking place on the internet, it is important to be aware of the potential security risks that come along with it. Here are the eight common cybersecurity issues that can arise during the purchase of real estate online and how you can protect yourself against them.

1. Cybercrime

This is, unfortunately, the world we live in – and it makes sense, given the large sums of money involved. Cybercriminals may attempt to hack into the system and gain access to private information. They may even try to interfere with the transaction process itself, delaying or preventing it from taking place at all.

To combat this threat, make sure you are using a secure online platform when completing the transaction and be sure to only provide personal information when necessary.

When you are completing a real estate transaction online, a lot of your personal information will be requested. This can include anything from your address and phone number to your bank account information. If this information is not properly secured, it could be at risk of being accessed by cybercriminals.

To keep yourself safe, it is important to know what to look out for. You should watch for the commonly attempted ways that remote real estate buyers might be targeted and understand what you should do in the event of a breach.

2. Data breaches

Buying real estate remotely involves a number of different tools, like online payment gateways and other web services. All of these tools can be vulnerable to data breaches, which means that hackers could gain access to your personal information stored on their servers. To protect yourself, research a service’s security standards before providing any sensitive information or look for an alternative if the security measures are inadequate.

Always make sure you are observing best practices during and after an online purchase, which include doing things like updating your passwords as appropriate and monitoring your credit cards for any suspicious activity. By following these tips, you can help ensure that your online real estate transaction is secure.

3.  Phishing scams

These are attempts to obtain your personal information by pretending to be a legitimate source and they are on the rise. Be sure to only provide your information on secure websites and look for signs of legitimacy, such as “https” in the web address or a padlock icon in the URL bar.

Phishing scams that target real estate buyers might include emails, text messages, and voicemails asking you to provide your credit card details or other personal information to make a purchase. Make sure to always look for signs of legitimacy before providing any sensitive information.

They might also include bogus emails from lawyers or other professionals with malicious links or attachments. Be sure to only open emails from verified sources and never click on suspicious links.

4. Malware threats

Malicious software can be used to steal your personal information, such as banking credentials and passwords, or to install ransomware that locks you out from accessing your own files. To protect yourself from malware, make sure to install trusted antivirus and anti-malware software on your computer. Additionally, make sure to always keep your operating system up to date with the latest security patches.

5. Identity theft

Identity theft is a growing problem online and can be especially dangerous for real estate buyers. Hackers may use stolen information to gain access to your bank accounts or other financial resources, making it important to protect all your personal information from potential thieves. Make sure to use secure passwords, avoid public Wi-Fi networks, and never provide sensitive information over email.

This is especially pressing in an age where people are so much more mobile and global than they ever have been. Real estate transactions can be conducted from airports, coffee shops and all manner of unsecured wireless networks, which demands extra vigilance when it comes to cybersecurity.

6. Website hacking

Hackers can also gain access to websites and steal information stored on them, including user data. To protect yourself from website hacking, make sure that the websites you use have strong security protocols in place. Additionally, look for signs of legitimacy such as a padlock icon in the URL bar and verify any third-party links or attachments before clicking on them.

If you are dealing with a real estate agent that uses a website, make sure it is secure and they have taken proper precautions to protect your data.

7. Social engineering attacks

Social engineering attacks are when hackers use psychological tactics to get you to reveal confidential information or take some sort of action. For example, they may send fraudulent emails that appear to come from a real estate agent asking for your personal details or credit card numbers. Make sure to always verify the source of any emails before taking any action.

The best way to identify a social engineering attack is to look for suspicious language, attachments, or links in the email. If anything looks out of the ordinary, it’s best to delete the message and report it to your security provider.

You can always take extra steps to protect yourself, like using two-factor authentication when logging into accounts or working with a cybersecurity professional. By staying vigilant and taking proactive measures, you can help ensure that your online real estate transactions are secure.

8. Having weak passwords

Another common cybersecurity issue is having weak passwords. Make sure to use strong passwords when creating any accounts associated with your real estate purchase. You should also change your passwords on a regular basis and never reuse old passwords or share them with anyone else.

Using a password manager can also help you keep track of all your different passwords and store them in a secure place. If you’re dealing with an agent, ask them to use strong passwords as well, and make sure that they keep all of your personal information safe.

Conclusion

Real estate transactions are increasingly taking place online, which can create potential security risks if proper precautions aren’t taken. By following best practices and being aware of the common cybersecurity issues associated with purchasing real estate online, you can help ensure that your transaction is secure. With a bit of extra effort and knowledge, you can rest assured knowing that your online property purchases are safe and secure.

Read More

Unpatched old vulnerabilities continue to be exploited: Report

Read Time:28 Second

Known vulnerabilities as old as 2017 are still being successfully exploited in wide-ranging attacks as organizations fail to patch or remediate them successfully, according to a new report by Tenable. 

The report is based on Tenable Research team’s analysis of cybersecurity events, vulnerabilities and trends throughout 2022, including an analysis of 1,335 data breach incidents publicly disclosed between November 2021 and October 2022. Of the events analyzed, more than 2.29 billion records were exposed, which accounted for 257 terabytes of data.

To read this article in full, please click here

Read More

dcmtk-3.6.7-3.fc39

Read Time:15 Second

FEDORA-2023-29c8c2d740

Packages in this update:

dcmtk-3.6.7-3.fc39

Update description:

Automatic update for dcmtk-3.6.7-3.fc39.

Changelog

* Thu Mar 2 2023 Carl George <carl@george.computer> – 3.6.7-3
– Backport fix for CVE-2022-43272, resolves rhbz#2150930

Read More

USN-5482-2: SPIP vulnerabilities

Read Time:50 Second

USN-5482-1 fixed several vulnerabilities in SPIP. This update provides
the corresponding updates for Ubuntu 20.04 LTS for CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122 and CVE-2021-44123.

Original advisory details:

It was discovered that SPIP incorrectly validated inputs. An authenticated
attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28984)

Charles Fol and Théo Gordyjan discovered that SPIP is vulnerable to Cross
Site Scripting (XSS). If a user were tricked into browsing a malicious SVG
file, an attacker could possibly exploit this issue to execute arbitrary
code. This issue was only fixed in Ubuntu 21.10. (CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123)

It was discovered that SPIP incorrectly handled certain forms. A remote
authenticated editor could possibly use this issue to execute arbitrary code,
and a remote unauthenticated attacker could possibly use this issue to obtain
sensitive information. (CVE-2022-26846, CVE-2022-26847)

Read More

Best and worst data breach responses highlight the do’s and don’ts of IR

Read Time:46 Second

In theory, enterprises should not only have security measures in place to prevent a data breach but should also have detailed plans for a response in the event of a breach. And they should periodically conduct drills to test those plans.

Industry-wide best practices for incident response are well established. “In general, you want breach responses to be fairly timely, transparent, communicate with victims in a timely manner, prevent further harm to victims as best as they can do that, and tell stakeholders what they are doing to mitigate future attacks,” says Roger Grimes, data-driven defense evangelist at KnowBe4.

However, as former heavyweight fighter Mike Tyson once said, “Everyone has a plan until they get punched in the mouth.” In other words, when a company gets hit with a serious data breach, the best-laid plans often go out the window.

To read this article in full, please click here

Read More