USN-6137-1: LibRaw vulnerabilities

Read Time:14 Second

It was discovered that LibRaw incorrectly handled photo files. If a user or
automated system were tricked into processing a specially crafted photo
file, a remote attacker could cause applications linked against LibRaw to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Read More

10 Easy Things You Can Do Today to Improve Your Cybersecurity

Read Time:11 Minute, 51 Second

With the number of cyber threats and breaches dominating the headlines, it can seem like a Herculean task to cover all your cybersecurity bases. We’re aware that there are ten sections on this cybersecurity awareness checklist, but it won’t take hours and hours to tick every box. In fact, some of these areas only require you to check a box on your device or invest in the cybersecurity tools that will handle the rest for you. Also, you may already be doing some of these things!  

It’s easy to be cyber smart. Here are the cybersecurity awareness basics to instantly boost your safety and confidence in your online presence. 

1. Update Your Software

Software update notifications always seem to ping on the outskirts of your desktop and mobile device at the most inconvenient times. What’s more inconvenient though is having your device hacked. One easy tip to improve your cybersecurity is to update your device software whenever upgrades are available. Most software updates include security patches that smart teams have created to foil cybercriminals. The more outdated your apps or operating system is, the more time criminals have had to work out ways to infiltrate them.  

Enabling automatic updates on all your devices only takes a few clicks or taps. Many major updates occur in the early hours of the morning, meaning that you’ll never know your devices were offline. You’ll just wake up to new, secure software! 

2. Edit Your Social Media

Just because social media personalities document their entire days literally from the moment they wake up, doesn’t mean you should do the same. It’s best to leave some details about your life a mystery from the internet for various reasons. 

Doxing. When you post something online, it leaves its mark. At least one of your followers or friends is likely to catch a post, even if you delete it minutes later. Doxing is a scheme where a criminal unearths unflattering posts or personal details revealed online (like a home address or workplace) about someone and then releases them to a wide audience. A doxer “drops documents” – the origin of the term doxing – with the aim to embarrass their target or kick off a large-scale cyberbullying campaign.  
Social engineering. Cybercriminals lurk on social media channels hoping to find an over-sharer for their social engineering scams. A social engineer learns as much as they can about the personality and passions of their target and then tailors scams that are most likely to get a response. Especially with the help of artificial intelligence (AI) tools like ChatGPT, their scams are getting more believable by the day. 
Stalking. Geotagging, or the inclusion of your location on social media posts, can leave you vulnerable to stalking. Over-sharing about your life can also lead to you unknowingly dropping hints about where you live, your daily habits, and where one could expect you at a certain time and place. 

The best way to avoid all of the above is to set your online profiles to private and edit your list of followers to only people you have met in real life and trust. Also, you may want to consider revising what you post about and how often. 

If you genuinely love sharing moments from your daily life, consider sending a newsletter to a curated group of close friends and family. Aspiring influencers who still wants to capture and publish every aspect of their daily lives should be extremely careful about keeping sensitive details about themselves private, such as blurring their house number, not revealing their hometown, turning off location services, and going by a nickname instead of their full legal name. 

3. Strengthen Your Passwords

Most sites won’t even let you proceed with creating an account if you don’t have a strong enough password. A strong password is one with a mix of capital and lowercase letters, numbers, and special characters. What also makes for an excellent password is one that’s unique. Reusing passwords can be just as risky as using “password123” or your pet’s name plus your birthday as a password. A reused password can put all your online accounts at risk, due to a practice called credential stuffing. Credential stuffing is a tactic where a cybercriminal attempts to input a stolen username and password combination in dozens of random websites to see which doors it opens.  

Remembering a different password for each of your online accounts is almost an impossible task. Luckily, password managers make it so you only have to remember one password ever again! Password managers safeguard all your passwords in one secure desktop extension or smartphone app that you can use anywhere. 

It’s best to create passwords or passphrases that have a secret meaning that only you know. Stay away from using significant dates, names, or places, because those are easier to guess. You can also leave it up to your password manager to randomly generate a password for you. The resulting unintelligible jumble of numbers, letters, and symbols is virtually impossible for anyone to guess. 

4. Surf Safely

Not all corners of the internet are safe to visit. Some dark crevices hide malware that can then sneak onto your device without you knowing. There are various types of malware, but the motive behind all of them is the same: To steal your personally identifiable information (PII) or your device’s power for a cybercriminal’s own financial gain.  

Sites that claim to have free downloads of TV shows, movies, and games are notorious for harboring malware. Practice safe downloading habits, such as ensuring the site is secure, checking to see that it  looks professional, and inspecting the URLs for suspicious file extensions. 

Additionally, not all internet connections are free from prying eyes. Public Wi-Fi networks – like those in cafes, libraries, hotels, and transportation hubs – are especially prone. Because anyone can connect to a public network without needing a password, cybercriminals can digitally eavesdrop on other people on the same network. It’s unsafe to do your online banking, shopping, and other activities that deal with your financial or sensitive personal information while on public Wi-Fi.  

However, there is one way to do so safely, and that’s with a virtual private network (VPN). A VPN is a type of software you can use on your smartphone, tablet, laptop, or desktop. It encrypts all your outgoing data, making it nearly impossible for a cybercriminal to snoop on your internet session. 

5. Read Your Online Messages Carefully

You’ve likely already experienced a phishing attempt, whether you were aware of it or not. Phishing is a common tactic used to eke personal details from unsuspecting or trusting people. Phishers often initiate contact through texts, emails, or social media direct messages, and they aim to get enough information to break into your online accounts or to impersonate you.   

AI text generator tools are making it more difficult to pinpoint a phisher, as messages can seem very humanlike. Typos and nonsensical sentences used to be the main indicator of a phishing attempt, but text generators generally use correct spelling and grammar. Here are a few tell-tale signs of a phishing attempt:  

Choppy writing, or when one sentence doesn’t sound natural or flow into the one after it  
Links to suspicious-looking URLs  
A tone of urgency, fear, anger, or pleas for sympathy  
Requests for banking or personal details, passwords, or money wires 
Blurry logos and images 
Generally odd demands that seem out of character for the sender 

Never engage with a phishing attempt. Do not forward the message or respond to them and never click on any links included in their message. The links could direct to malicious sites that could infect your device with malware or spyware.   

Before you delete the message, block the sender, mark the message as junk, and report the phisher. Reporting can go a long way toward hopefully preventing the phisher from targeting someone else.  

6. Keep Up With the News

When a security breach occurs, you can be sure that the news will report it. Plus, it’s the law for companies to notify the Federal Trade Commission of a breach. Keep a keen eye on the news and your inbox for notifications about recent breaches. Quick action is necessary to protect your personal and financial information, which is why you should be aware of current events.  

The moment you hear about a breach on the news or see an email from a company to its customers about an incident, change your account’s password and double check your account’s recent activity to ensure nothing is amiss. Then await further action communicated through official company correspondences and official channels. 

Cybercriminals aren’t above adding insult to injury and further scamming customers affected in breaches. Phishers may spam inboxes impersonating the company and sending malware-laden links they claim will reset your password. Continue to scrutinize your messages and keep an eye on the company’s official company website and verified social media accounts to ensure you’re getting company-approved advice.  

7. Secure Every Home Device

One great mantra to guide your cybersecurity habits is: If you connect it, protect it. This means that any device that links to the internet should have security measures in place to shield it from cybercriminals. Yes, this includes your smart TV, smart refrigerator, smart thermostat, and smart lightbulbs!  

Compose a list of the smart home devices you own. (You probably have more than you thought!) Then, make sure that every device is using a password you created, instead of the default password the device came with. Default passwords can be reused across an entire line of appliances. So, if a cybercriminal cracks the code on someone else’s smart washing machine, that could mean they could weasel their way into yours with the same password. 

Another way to secure your connected home devices is by enabling two-factor authentication (2FA). This usually means enrolling your phone number or email address with the device and inputting one-time codes periodically to log into the connected device. 2FA is an excellent way to frustrate a cybercriminal, as it’s extremely difficult for them to bypass this security measure. It may add an extra 15 seconds to your login process, but the peace of mind is worth the minor inconvenience. 

Finally, encase your entire home network with a secure router, or the device that connects your home Wi-Fi network to the internet. Again, change the password from the factory setting. And if you decide to rename the network, have fun with it but leave your name and address out of the new name. 

8. Lock Your Devices

When flip phones arrived on the scene in the 1990s and early 2000s, the worst that happened when they went missing was that you lost a cache of your stored text messages and call history. Now, when you misplace or have your smartphone stolen, it can seem like your whole online life vanished. Mobile devices store a lot of our sensitive information, so that’s why it’s key to not only safeguard your accounts but the devices that house them. 

The best way to lock your device against anyone but yourself is to set up face or fingerprint ID. This makes it virtually impossible for a criminal to open your device. Also, passcode- or password-protect all your devices. It may seem like an inconvenience now, but your fingers will soon be able to glide across the keyboard or number pad fluently in just a few days, adding maybe an extra second to opening your device. 

Another way to safeguard your device and the important information within it is to disable your favorite internet browser from auto-filling your passwords and credit card information. In the hands of a criminal, these details could lead to significant losses. A password manager here comes in handy for quick and secure password and username inputting.  

9. Check Your Credit Regularly

Credit experts recommend checking your credit at least once yearly, but there’s no harm in checking your credit score more often. It’s only hard inquiries (or credit checks initiated by lenders) that may lower your credit score. Consider making it a habit to check your credit once every quarter. The first signs of identity theft often appear in a drastically lower credit score, which means that someone may be opening lines of credit in your name. 

Also, if you’re not planning to apply for a new credit card or a loan anytime soon, why not lock your credit so no one can access it? A credit freeze makes it so that no one (yourself included) can touch it, thus keeping it out of the hands of thieves. 

10. Invest in Identity Protection

Picking up the pieces after a thief steals your identity is expensive, tedious, and time-consuming. Identity remediation includes reaching out to all three credit bureaus, filing reports, and spending hours tracking down your PII that’s now strewn across the internet. 

Identity protection services can guard your identity so you hopefully avoid this entire scenario altogether. McAfee identity monitoring tracks the dark web for you and alerts you, on average, ten months sooner that something is amiss when compared to similar services. And if something does happen to your identity, McAfee identity restoration services offers $1 million in identity restoration and lends its support to help you get your identity and credit back in order. 

Great Habits With a Side of Device, Privacy, and Identity Protection Tools 

The best complement to your newfound excellent cyber habits is a toolbelt of excellent services to patch any holes in your defense. McAfee+ includes all the services you need to boost your peace of mind about your online identity and privacy. You can surf public Wi-Fi safely with its secure VPN, protect your device with antivirus software, freeze your credit with security freeze, keep tabs on your identity, and more! 

The post 10 Easy Things You Can Do Today to Improve Your Cybersecurity appeared first on McAfee Blog.

Read More

USN-6136-1: FRR vulnerabilities

Read Time:22 Second

It was discovered that FRR incorrectly handled parsing certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. This issue only affected Ubuntu
23.04. (CVE-2023-31489)

It was discovered that FRR incorrectly handled parsing certain BGP
messages. A remote attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. (CVE-2023-31490)

Read More

The Best Way to Stay Safe While Gaming

Read Time:5 Minute, 25 Second

When my boys were in the thick of their teen years (pre pandemic), bad mouthing their seeming gaming obsession was almost a sport amongst my mum friends. And it would sound something like this: 

‘They just waste so much time on those stupid games’. ‘No matter what I try, I just can’t seem to get them off that silly Xbox’. ‘Can you believe they want to spend all their pocket money on the new version of COD?’ ‘I am so close to throwing all their gaming stuff in the bin!!’ 

Fast forward to life post pandemic and I think it’s fair to say that most of us have changed our attitude around gaming. There is no doubt that gaming helped many of us survive the incredible loneliness that resulted from protracted quarantine periods and seemingly endless lockdowns. It took just a few days of lockdown for things to change real fast in our house: daily gaming time caps were scrapped; screen time limits became a thing of history as survival became our top priority! 

Exactly How Much Gaming Is Happening In Australia? 

But now that life has returned to our ‘new normal’, have our gaming habits and attitudes really changed? Well, a 2022 report, entitled Digital Australia, has done a deep-dive into the gaming lives of Aussies and the insights are quite fascinating. Here are the most interesting takeaways: 

17 million Aussies play games.  
35 years is the age of the average player. 
83 minutes a day is what most players spend gaming. 
Gaming is the 2nd most popular ‘online’ household activity after streaming TV and movies. 
36% of participants have made friends through gaming. 
80% of participants believe gaming has a positive effect on their mental health. 
76% of parents play online games with their kids with the majority nominating connection as the motivation. 
2/3 of parents set rules for game play. 
70% of parents use parental controls. 

The Best Way to Stay Safe While Gaming 

So, there’s no doubt that gaming has become both a more regular and widely accepted part of our daily lives. But that doesn’t mean that we can take our eye off the ball. While there is a lot to love about gaming, there are still steps we should all take to ensure the experience is safe and positive for everyone, particularly our kids. Here are my top tips: 

1. Passwords 

If you read my blog regularly, I have no doubt you’re rolling your eyes! Yes, I’m talking about passwords again!! And here’s why – if you (or your kids) use the same password for each of your online accounts and one of those accounts get hacked, then you risk losing control of your entire digital life. Yes, I know it sounds dramatic but that is the reality. The easiest way of avoiding this scenario is by ensuring each of your online accounts, including your gaming accounts, has its own unique password. Now remember, passwords need to be at least 10 characters, have a combination of numbers, symbols and upper and lower-case letters and have no connection to anything about you at all. I’m a fan of a long, nonsensical sentence but, I’m an even bigger fan of a password manager that can both create and remember these unique passwords for you. Check out McAfee+ – it will make your life so much easier! 

2. Consider a VPN  

Keeping your location on the ‘down low’ when you game online is an important way of securing your privacy and a Virtual Private Network (or VPN) can do that. When you connect using a VPN, your location is concealed making it impossible for hackers or stalky types to find you. A VPN can also protect you against DDoS attacks which can be used by gaming opponents when the competition stakes are high! McAfee’s True Protection security software offers a VPN, check it out here. 

3. Say Yes To Two Factor Authentication 

‘Yes please’ needs to be the answer if your online gamer is offered 2-factor or multi factor authentication from a game or distributor. This adds another layer of security by adding an additional stage to the login process. Usually, a code will be sent to an email address or mobile phone number that needs to be entered before the user can access their account. And it appears as though distributors are getting behind player security with some games even offering in-game rewards to those who sign up for it. How good! 

4. Only Download Games (and Cheats) From Reputable Sources – No Exceptions! 

Scammers know we love gaming, so they have spent much energy creating websites that offer free downloads of the most popular online games. But unfortunately, visitors to these websites won’t be getting free games anytime soon as these websites are all about extracting vital personal information from gaming hungry types. So, ensure your kids understand this and that it is essential that they only download games, third-party add-ons, or cheat codes from reputable sites otherwise they risk introducing viruses or game malware into their beloved machines. 

5. Choosing The Right Games 

If you’ve got kids, then helping them choose the right games to play is essential. Instead of taking an authoritarian approach here, why not think of it as a collaboration? Ask them to do some research on the games they would like to play and ask them to include the recommended age, an overview of the content & whether there are privacy settings available. I then suggest reviewing the list together to see whether the potential games are good for problem solving skills, creativity, or purely social interactions. I also recommend checking out the Australian Classification Board’s review of potential games plus top notch digital parenting sites like Common Sense Media before making your final decision. 

Without doubt, the best way you can keep your kids safe while online gaming is to ensure the lines of communication are open and clear. If they know they can come to you if they experience an issue while gaming (and that you won’t immediately punish them and ack away the Xbox) then you’re ahead. Not sure how to kick start the communication? How about a family session on the Xbox. I promise, it will be time well spent! 

Happy digital parenting! 

Alex   

The post The Best Way to Stay Safe While Gaming appeared first on McAfee Blog.

Read More

Atomic Wallet hack leads to at least $35M in stolen crypto assets

Read Time:23 Second

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent  on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million. 

“Think it could surpass $50m. Keep finding more and more victims sadly,” said  ZachXBT, in a tweet.

To read this article in full, please click here

Read More

Atomic Wallet hack leads to at least $35M in stolen crypto assets

Read Time:29 Second

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT. The five most significant losses account for $17 million. 

“Think it could surpass $50m. Keep finding more and more victims sadly,” said Twitter user ZachXBT, who is an on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects.

The biggest victim of the Atomic Wallet was an individual who reportedly lost $7.95 million in Tether. 

To read this article in full, please click here

Read More

The Software-Defined Car

Read Time:1 Minute, 47 Second

Developers are starting to talk about the software-defined car.

For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

The behavior of new cars is increasingly defined by software, too. This is merely the progression of a trend that began at the end of the 1970s with the introduction of the first electronic engine control units; today, code controls a car’s engine and transmission (or its electric motors and battery pack), the steering, brakes, suspension, interior and exterior lighting, and more, depending on how new (and how expensive) it is. And those systems are being leveraged for convenience or safety features like adaptive cruise control, lane keeping, remote parking, and so on.

And security?

Another advantage of the move away from legacy designs is that digital security can be baked in from the start rather than patched onto components (like a car’s central area network) that were never designed with the Internet in mind. “If you design it from scratch, it’s security by design, everything is in by design; you have it there. But keep in mind that, of course, the more software there is in the car, the more risk is there for vulnerabilities, no question about this,” Anhalt said.

“At the same time, they’re a great software system. They’re highly secure. They’re much more secure than a hardware system with a little bit of software. It depends how the whole thing has been designed. And there are so many regulations and EU standards that have been released in the last year, year and a half, that force OEMs to comply with these standards and get security inside,” she said.

I suppose it could end up that way. It could also be a much bigger attack surface, with a lot more hacking possibilities.

Read More

SAFE Security claims to predict data breaches with new generative AI offering

Read Time:57 Second

AI-based cyber risk management SaaS vendor SAFE Security has announced the release Cyber Risk Cloud of Cloud – a new offering it claims uses generative AI to help businesses predict and prevent cyber breaches. It does so by answering questions about a customer’s cybersecurity posture and generating likelihoods for different risk scenarios. These include the likelihood of a business suffering a ransomware attack in the next 12 months and the dollar impact of an attack, the firm added. This enables organizations to make informed, prognostic security decisions to reduce risk, SAFE Security said.

The emergence of generative AI chat interfaces that use large language models (LLMs) and their impact on cybersecurity is a significant area of discussion. Concerns about the risks these new technologies could introduce range from the potential issues of sharing sensitive business information with advanced self-learning algorithms to malicious actors using them to significantly enhance attacks. Some countries, US states, and enterprises are considerting or have ordered bans on the use of generative AI technology such as ChatGPT on data security, protection, and privacy grounds.

To read this article in full, please click here

Read More

CISOs, IT lack confidence in executives’ cyber-defense knowledge

Read Time:34 Second

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners.

Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents were confident. A similar percentage (26%) applying to security teams’ trust in high-level executives to securely set up their home network and protect their personal computers from viruses.

To read this article in full, please click here

Read More

USN-6112-2: Perl vulnerability

Read Time:22 Second

USN-6112-1 fixed vulnerabilities in Perl. This update provides the
corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu
22.10, and Ubuntu 23.04.

Original advisory details:

It was discovered that Perl was not properly verifying TLS certificates
when using CPAN together with HTTP::Tiny to download modules over HTTPS.
If a remote attacker were able to intercept communications, this flaw
could potentially be used to install altered modules.

Read More