Read Time:3 Second
Olympic champion athlete shares motivational advice for conference attendees
Monthly Archives: June 2023
Western Digital blocks unpatched My Cloud devices
Read Time:31 Second
Western Digital has blocked devices running vulnerable firmware versions from accessing its cloud services, the company said in an advisory.
The move comes about a month after the company released firmware updates for its My Cloud product line to address a critical path traversal bug that leads to remote code execution (RCE).
“Devices running unpatched firmware versions will not be able to connect to Western Digital cloud services starting June 15, 2023, and users will not be able to access their data until the device updates to the latest firmware,” the company said.
#InfosecurityEurope: Ironscales Launches GPT-Powered Chat Assistant for Self-Service Threat Reporting
Read Time:7 Second
The email security provider launched the Beta program for Themis Co-pilot, a large language model-based chat assistant for Microsoft Outlook security
3 Reasons to Think Twice About Enabling Location Sharing
Read Time:4 Minute, 19 Second
Do you remember the days of printing out directions from your desktop? Or the times when passengers were navigation co-pilots armed with a 10-pound book of maps? You can thank location services on your smartphone for today’s hassle-free and paperless way of getting around town and exploring exciting new places.
However, location services can prove a hassle to your online privacy when you enable location sharing. Location sharing is a feature on many connected devices – smartphones, tablets, digital cameras, smart fitness watches – that pinpoints your exact location and then distributes your coordinates to online advertisers, your social media following, or strangers.
While there are certain scenarios where sharing your location is a safety measure, in most cases, it’s an online safety hazard. Here’s what you should know about location sharing and the effects it has on your privacy.
The Benefits of Location Sharing
Location sharing is most beneficial when you’re unsure about new surroundings and want to let your loved ones know that you’re ok. For example, if you’re traveling by yourself, it may be a good idea to share the location of your smartphone with an emergency contact. That way, if circumstances cause you to deviate from your itinerary, your designated loved one can reach out and ensure your personal safety.
The key to sharing your location safely is to only allow your most trusted loved one to track the whereabouts of you and your connected device. Once you’re back on known territory, you may want to consider turning off all location services, since it presents a few security and privacy risks.
The Risks of Location Sharing
In just about every other case, you should definitely think twice about enabling location sharing on your smartphone. Here are three risks it poses to your online privacy and possibly your real-life personal safety:
1. Ad tracking
Does it sometimes seem like your phone, tablet, or laptop is listening to your conversations? Are the ads you get in your social media feeds or during ad breaks in your gaming apps a little too accurate? When ad tracking is enabled on your phone, it allows online advertisers to collect your personal data that you add to your various online accounts to better predict what ads you might like. Personal details may include your full name, birthday, address, income, and, thanks to location tracking, your hometown and regular neighborhood haunts.
If advertisers kept these details to themselves, it may just seem like a creepy invasion of privacy; however, data brokerage sites may sell your personally identifiable information (PII) to anyone, including cybercriminals. The average person has their PII for sale on more than 30 sites and 98% of people never gave their permission to have their information sold online. Yet, data brokerage sites are legal.
One way to keep your data out of the hands of advertisers and cybercriminals is to limit the amount of data you share online and to regularly erase your data from brokerage sites. First, turn off location services and disable ad tracking on all your apps. Then, consider signing up for McAfee Personal Data Cleanup, which scans, removes, and monitors data brokerage sites for your personal details, thus better preserving your online privacy.
2. Stalkers
Location sharing may present a threat to your personal safety. Stalkers could be someone you know or a stranger. Fitness watches that connect to apps that share your outdoor exercising routes could be especially risky, since over time you’re likely to reveal patterns of the times and locations where one could expect to run into you.
Additionally, stalkers may find you through your geotagged social media posts. Geotagging is a social media feature that adds the location to your posts. Live updates, like live tweeting or real-time Instagram stories, can pinpoint your location accurately and thus alert someone on where to find you.
3. Social Engineering
Social engineering is an online scheme where cybercriminals learn all there is about you from your social media accounts and then use that information to impersonate you or to tailor a scam to your interests. Geotagged photos and posts can tell a scammer a lot about you: your hometown, your school or workplace, your favorite café, etc.
With these details, a social engineer could fabricate a fundraiser for your town, for example. Social engineers are notorious for evoking strong emotions in their pleas for funds, so beware of any direct messages you receive that make you feel very angry or very sad. With the help of ChatGPT, social engineering schemes are likely going to sound more believable than ever before. Slow down and conduct your own research before divulging any personal or payment details to anyone you’ve never met in person.
Live Online Anonymously
Overall, it’s best to live online as anonymously as possible, which includes turning off your location services when you feel safe in your surroundings. McAfee+ offers several features to improve your online privacy, such as a VPN, Personal Data Cleanup, and Online Account Cleanup.
The post 3 Reasons to Think Twice About Enabling Location Sharing appeared first on McAfee Blog.
firefox-stable-3820230620083427.1
Read Time:6 Second
FEDORA-FLATPAK-2023-76df0d02a2
Packages in this update:
firefox-stable-3820230620083427.1
Update description:
Update to 114.0.2
Next-Generation Firewalls: A comprehensive guide for network security modernization
Read Time:6 Minute, 14 Second
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The terms computer security, information security and cybersecurity were practically non-existent in the 1980s, but believe it or not, firewalls have existed in some form since that time. Over the years, the traditional firewall has transformed to meet the demands of the modern workplace and adapt to an evolving threat landscape.
Next-Generation Firewalls (NGFWs), free from legacy technology constraints, take advantage of significant advancements in computational power, memory, and storage. NGFWs boast critical security features such as intrusion prevention, VPN, anti-virus, and encrypted web traffic inspection. This not only helps protect against malicious content but also aligns seamlessly with contemporary networking topologies like Software-Defined Wide Area Networks (SD-WAN) and zero-trust architectures.
But what sets NGFWs apart from traditional firewalls? How do you know what features to look for and why should you invest in an NGFW? And finally, what do you do if you don’t have the security resources to devote to managing firewalls?
In today’s crowded security marketplace, numerous firewall solutions are marketed as NGFWs. Without clear industry consensus on the definition of a next-gen firewall, it’s incumbent upon organizations to assess features and gauge if the solution aligns with their business needs.
What makes next-generation firewalls a compelling choice for network modernization?
NGFWs offer several advantages over traditional firewalls. Key among these are comprehensive application visibility and control, the ability to distinguish between dangerous and safe applications, and capabilities for preventing malware from penetrating a network.
Here are several crucial ways an NGFW bolsters an organization’s cybersecurity posture.
Protecting the Network from Viruses and Trojans: NGFW’s application awareness analyzes header information and the payload against established application signatures to validate the application’s integrity and permission for use. With so many apps and services required for employees to do their jobs, this is crucial for allowing users to download applications from the internet.
Adaptability to the hybrid workplace: Even before the pandemic, businesses have been rapidly embracing hybrid work models, with teams working from everywhere, using a myriad of devices. This shift towards decentralized operations requires a significant effort towards adaptability and flexibility. NGFW’s robust security functionality can be invaluable in a hybrid work environment where the network perimeter is blurred and traditional security measures may fall short. NGFWs are also designed to seamlessly integrate with modern network architectures such as software-defined wide area networks (SD-WAN) and cloud services, allowing businesses to maintain robust security protocols as they transition between on-premises, cloud, and hybrid work setups.
Preventing Known Productivity Distractors: With robust application control, organizations can manage which applications are run, which features are accessed, and which applications are prioritized for bandwidth. For example, social media or SaaS applications can be selectively enabled or disabled based on job function.
Application Awareness: One of the fundamental enhancements NGFWs offer over traditional firewalls is application awareness. This feature allows NGFWs to identify and control applications — regardless of network port and protocol. This helps prevent unauthorized access and provides greater visibility and context into network activity. By recognizing application-specific characteristics and behaviors, NGFWs can effectively control access, provide prioritization, and offer bandwidth allocation for specific applications, enhancing both network performance and security.
User-based Policies: User-based policies are another crucial NGFW functionality. Unlike traditional firewalls that enforce policies based on IP addresses, NGFWs align policies with specific users or groups. This ability to connect users with their applications and related network activities enables more precise control and more contextual reporting, which can be invaluable for both security and compliance.
Intrusion Prevention System (IPS): Integrated into NGFWs is an Intrusion Prevention System (IPS) that actively identifies and blocks potential threats. The IPS scans traffic for cyber attack patterns or signatures in real-time and takes action to prevent these threats from infiltrating the network. This is a significant upgrade from traditional firewalls, which required a separate IPS solution.
Deep Packet Inspection (DPI): DPI is a form of computer network packet filtering that inspects the data portion (and possibly also the header) of a packet as it passes an inspection point. This is critical in the identification, categorization, or blocking of packets with malicious data. NGFWs employ DPI to scrutinize both inbound and outbound traffic, providing protection against a broad range of cyber threats — from malware to data exfiltration.
Leveraging External Security Sources: NGFWs facilitate the use of external security data, including directory-based policies, white lists, and black lists, saving time and resources.
By incorporating these advanced features, NGFWs offer far more granular control and visibility into network traffic than traditional firewalls. They empower organizations to better understand and manage the intricacies of modern network security, allowing for a stronger security posture and efficient use of resources.
Why should you invest in a next-generation firewall?
Firewalls primarily serve to protect against undesirable or malicious network traffic. But as threats evolve and detection becomes increasingly challenging, enterprise network security must advance to address the threat difficulty level.
Traditional firewalls filter network traffic based on port number, IP address, or domain in an “all or none” approach. In a bygone era where most attacks targeted network services and components, this level of security sufficed. But nowadays, most exploits are directed towards specific application vulnerabilities.
The emergence of NGFWs address these vulnerabilities, offering superior control over network security.
Ready to Enhance Your Firewall Protection?
Explore our advanced firewall solutions and fortify your network security.
Next-Generation Firewalls vs. UTM and Virtual or Cloud-Based Firewalls
Security discussions often blur the distinctions between NGFWs and Unified Threat Management (UTM) solutions or between appliance, virtual, and cloud-based firewalls (commonly referred to as Firewall-as-a-Service or FWaaS).
NGFWs include IPS and some form of application intelligence. UTMs, however, include these features plus additional technologies such as wireless security, URL filtering, email security, VPNs, and web application firewalls. Given their multi-functional nature, UTMs simplify deployment and management, reduce costs, and enable quick incident response times.
When comparing appliance, virtual, and cloud-based firewalls, we need to examine the form factor or the firewall’s location, not their features. Irrespective of hosting, a firewall with any of the above-discussed technical capabilities can be considered next-generation. Cloud firewalls are typically managed, configured, and updated by a third-party vendor, thereby reducing the managerial burden for the deploying company.
How AT&T can help you leverage NGFWs for network modernization
In a business environment where digital transformation is rapidly reshaping operations, it’s critical that your business deploys robust, adaptive security measures. NGFWs offer multiple layers of defense — securing your hybrid workforce and bolstering your security posture. They provide centralized visibility, reduce risk, and relieve the administrative burden on your tech teams.
Whether you’re building a foundation or upgrading your existing setup, managed firewall services from AT&T Cybersecurity make the transition smooth and efficient. Don’t wait until it’s too late; boost and modernize your network security today and protect your business against tomorrow’s threats
Ready to Deepen Your Knowledge of Firewall Solutions?
Watch our on-demand webinar to discover how the perfect blend of managed firewall, modern access management, and endpoint protection can create a robust and human-centric security solutions.
Security budget hikes are missing the mark, CISOs say
Read Time:34 Second
Misguided expectations on security spend are causing problems for CISOs despite notable budget increases. That’s according to new research from risk and cybersecurity solutions provider BSS, which surveyed 150 security leaders. It found that while most CISOs are experiencing noteworthy increases in security funding, impractical expectations of budget holders are leading to significant amounts being spent on what’s hitting the headlines instead of strategic, business-centric investment in security defenses. This lack of understanding shows that a lot of work needs to be done to ensure that information security receives the attention it deserves, especially in the boardroom, the report said.
USN-6168-2: libx11 vulnerability
Read Time:23 Second
USN-6168-1 fixed a vulnerability in libx11. This update provides
the corresponding update for Ubuntu 14.04 ESM, Ubuntu 16.04 ESM,
and Ubuntu 18.04 ESM.
Original advisory details:
Gregory James Duck discovered that libx11 incorrectly handled certain
Request, Event, or Error IDs. If a user were tricked into connecting to a
malicious X Server, a remote attacker could possibly use this issue to
cause libx11 to crash, resulting in a denial of service.
USN-6179-1: Jettison vulnerability
Read Time:12 Second
It was discovered that Jettison incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service.
Digital dumpster diving: Exploring the intricacies of recycle bin forensics
Read Time:5 Minute, 12 Second
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
In the vast realm of digital investigations, there exists a fascinating technique known as recycle bin forensics. Delving into the depths of this captivating field unveils a world where seemingly deleted files can still reveal their secrets, allowing digital detectives to reconstruct user activities and uncover valuable information. So, let’s embark on a journey to demystify recycle bin forensics and understand its role in the realm of cybersecurity.
Recycle bin forensics is a specialized branch of digital forensics that focuses on the retrieval and analysis of deleted files from the recycle bin or trash folder. This intriguing technique holds the potential to unlock a treasure trove of evidence, shedding light on cybercrimes and aiding in the investigation process.
To comprehend the intricacies of recycle bin forensics, it’s essential to grasp how the recycle bin functions.
When you delete a file on your computer, it often finds its way to the recycle bin or trash folder. It’s a convenient feature that allows you to recover accidentally deleted files with a simple click. But did you know that even after you empty the recycle bin, traces of those files may still linger on your system?
Welcome to the fascinating realm of recycle bin forensics, where digital detectives can uncover valuable information and shed light on a user’s activities.
Location of Deleted files
C:RECYCLED Win 95/98/Me
C:RECYCLER Win NT/2000/ XP
C:$Recycle.bin Win Vista and later
Metadata file
INFO2(Win 95/98/Me)
C:RECYCLERSID*INFO2 (Win NT/2000/XP) (SID denotes security identifier)
Windows Vista and later
C:Recycle.binSID*$I******(Contains Metadata)
C:Recycle.binSID*$R******(Contents of deleted file)
Both files will be renamed to a random 6-character value. These directories are hidden by default; however, you can access them using command prompt with elevated privileges (Run as administrator) on your windows system using command dir /a.
Recycle bin forensics assumes a critical role in digital investigations, enabling law enforcement agencies, cybersecurity experts, and forensic analysts to piece together the puzzle. By analyzing deleted files, forensic professionals can reconstruct a timeline of events, unearth vital evidence, and recover seemingly lost data, aiding in the pursuit of justice.
Unveiling the secrets hidden within the recycle bin requires specialized tools and techniques. Forensic software empowers investigators to extract deleted files, even after the recycle bin has been emptied. Through careful analysis of file metadata, paths, and content, digital detectives can gain insights into file origins, modifications, and deletions, painting a clearer picture of the user’s activities.
One such utility we will be using is $IPARSE which can be downloaded here.
Steps to find metadata related to a deleted file ($I****** file)
Run command prompt as administrator
cd .. (Twice)
after that use command dir /a and check if you are able to see $RECYCLE.BIN directory
cd $RECYCLE.BIN to go inside the directory and use command dir /a
now you will see multiple entries starting with S in the list of directories.
To check users associated with the SID directories you can use command wmic useraccount get name,sid
It will list all the users associated with SID’s. After that copy any SID by selecting and using ctrl C (as well you can use tab key to autocomplete the SID after typing first few characters of SID).
Now, to move into the SID directory:
cd SID (paste the copied value)
for example, if the SID directory name was S-1-5-32
cd S-1-5-32
after that use command dir /a to list the components of that directory you shall see $I and $R files. In certain cases, only $I****** file will be available.
For illustration purposes, we are using files acquired from other systems.
Now, create a folder and give a path to copy the file. Syntax would be file name “path” ($IABTIOW.doc “D:DesktopTest filesi filesTESTOutput”), you can alternatively use the copy command.
Copy the file/folder name (while inside the said directory) and copy to path (where you wish to copy the said file or folder). The path can be copied by going in folder and clicking the address bar – your file will be copied and the associated software will try to open it, but won’t be able to open (like photos app for png/jpeg files)
Extract and run the $Iparse utility you downloaded. Browse the directory/folder you copied $I files in. Now, browse to the directory where you want to put the result file at and provide a file name.
Click on save. After that, you should be able to see an interface like below:
Then click parse. It will display the file for you if it has successfully parsed it – the output file will be in .tsv format. You can open the .tsv file with notepad or notepad++. Now, you will be able to see details pertaining to the said $I file.
While recycle bin forensics is a powerful tool, it is not without its challenges and limitations. As time progresses and new files are created and deleted, older remnants in the recycle bin may be overwritten, making the recovery of certain deleted files more challenging or even impossible. Additionally, the effectiveness of recycle bin forensics can vary based on the operating system and file system in use, presenting unique obstacles.
To protect sensitive information and thwart potential recovery through recycle bin forensics, implementing secure data deletion practices is vital. Merely emptying the recycle bin offers no guarantee of permanent erasure. Instead, employing specialized file shredding or disk wiping tools can ensure that deleted data is securely overwritten, rendering it irretrievable.
In conclusion, recycle bin forensics is a remarkable field that uncovers the hidden remnants of deleted files, holding the potential to transform investigations. As we navigate the digital landscape, understanding the power of recycle bin forensics reminds us of the importance of safeguarding our digital footprint. Through knowledge, diligence, and secure practices, we can protect our sensitive information and fortify the realm of cybersecurity for the benefit of all.