World Wide Web Day: How to Protect Your Family Online

Read Time:4 Minute, 12 Second

The first of August marks the celebration of World Wide Web Day – a day dedicated to the global network that powers our online activity, creating a wealth of knowledge at our fingertips. The World Wide Web (WWW) has revolutionized the way we communicate, learn, and explore, becoming an integral part of our daily lives. With the importance of the internet only growing stronger, it’s only fitting to honor the World Wide Web with a special day of commemoration. But with the internet comes risks, and it’s important to make sure your family is protected from potential threats. Here are some tips and tricks to keep your family safe online. 

1. Phishing Scam Protection

Phishing scams are a type of fraud that involves sending emails or other messages that appear to be from a legitimate source. The goal of these messages is to trick users into providing personal information such as passwords, credit card numbers, and bank account details. To protect against phishing scams, teach your family to:  

Be suspicious of any emails or messages that look suspicious, even if they appear to come from a legitimate source.
Verify the source of any email or message before responding.
Never provide any personal information in response to an email or message.

2. Identity Scam Protection

Identity theft is a crime in which someone uses another person’s personal information to commit fraud or other crimes. Teach your family to protect against identity theft by:  

Being aware of what personal information they share online.
Using secure passwords for all accounts.
Regularly monitoring their credit reports.

3. VPN Protection

A virtual private network (VPN) is a type of technology that provides a secure connection to a private network over the internet. A VPN can help protect your family’s online activity by encrypting the data and hiding your online activity from others. To ensure your family’s online safety, teach them to:  

Use a reliable VPN service.
Always connect to a VPN when accessing public Wi-Fi networks.
Be aware of the country or region in which their VPN service is located.

4. Password Protection

Strong passwords are an important part of online security. Teach your family to create strong passwords and to never share them with anyone. Additionally, use a password manager to store and manage your family’s passwords. A password manager can help by:  

Generating secure passwords.
Encrypting and storing passwords in a secure, central location.
Automatically filling in passwords on websites.

To conclude, celebrations on World Wide Web Day allow us to give thanks for the incredible world of knowledge, commerce, entertainment, communication, and innovation that the internet has provided, and continues to provide for us all. By following these tips and tricks, your family can stay safe online and enjoy all the benefits of the internet. Happy World Wide Web Day! 

The WWW has enabled us to achieve so many things that were simply impossible before. From the ability to catch up with friends and family across the globe to finding information about virtually any topic, the power of the internet is remarkable. In fact, the World Wide Web has significantly enriched our lives in countless ways. 

Did you know that the first-ever image posted on the World Wide Web was a photo of Les Horribles Cernettes, a parody pop band founded by employees at CERN? It was uploaded in 1992 by Sir Tim Berners-Lee, who used a NeXT computer as the first-ever web server. And although we use the term “surfing the net” regularly, do you know who actually coined the phrase? A librarian by the name of Jean Armour Polly wrote an article titled “Surfing the Internet” in the Wilson Library Bulletin at the University of Minnesota in 1992. 

There are many other remarkable facts about the World Wide Web, including its growth over the years. By the start of the year 1993, there were only 50 servers worldwide, but that number had grown to over 500 by October of the same year. Advances in data compression enabled media streaming to happen over the web, which was previously impractical due to high bandwidth requirements for uncompressed media. Although the number of websites online was still small in comparison to today’s figure, notable sites such as Yahoo! Directory and Yahoo! Search were launched in 1994 and 1995, respectively, marking the beginning of web commerce. 

On World Wide Web Day, you can celebrate by exploring the capabilities of the internet and discovering how it has changed over the years. Many organizations worldwide host events featuring conversations and interviews with technology leaders, entrepreneurs, and creators. There are also different talks, activities, and discussions online that you can join, allowing you to delve deeper into the history and potential of the World Wide Web. You could even consider running an event at your local business to market the day and celebrate what WWW has done for us all! 

The post World Wide Web Day: How to Protect Your Family Online appeared first on McAfee Blog.

Read More

Hacking AI Resume Screening with Text in a White Font

Read Time:30 Second

The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font. The idea is that the programs rely primarily on simple pattern matching, and the trick is to copy a list of relevant keywords—or the published job description—into the resume in a white font. The computer will process the text, but humans won’t see it.

Clever. I’m not sure it’s actually useful in getting a job, though. Eventually the humans will figure out that the applicant doesn’t actually have the required skills. But…maybe.

Read More

librsvg2-2.56.3-1.fc38

Read Time:13 Second

FEDORA-2023-fc79ee273d

Packages in this update:

librsvg2-2.56.3-1.fc38

Update description:

librsvg 2.56.3 release, fixing CVE-2023-38633:

Fix arbitrary file read when href has special characters.
Fix cascade for symbol elements being referenced from use elements.

Read More

Top 15 Data Security Posture Management (DSPM) platforms for 2023

Read Time:6 Minute, 9 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Data Security Posture Management (DSPM) plays a critical role in identifying security risks, prioritizing misconfigurations, and implementing a zero-trust framework. It is an emerging technology, and there are only a few capable solutions that provide good product offerings. Check out the list of some of the best DSPM platforms that can be considered to streamline data protection, governance, and compliance efforts.

Top Data Security Posture Management (DSPM) tools to watch

1. Securiti DSPM

Securiti DSPM ranks at the top on Gartner’s list of DSPM platforms in this category. Gartner has given a rating of 4.7 which is the highest amongst other products. The tool is built to protect an organization’s data, especially sensitive data, everywhere. The platform covers data in numerous environments and across various formats, such as structured and unstructured data systems.

Users can gain visibility of their data at rest and in motion across public, private, hybrid, and multi-cloud systems. The solution also covers SaaS environments which is a plus since traditionally, DSPM covers only public clouds. The solution leverages AI/ML-powered sensitive data insights to streamline their data governance strategy, data lineage, access policies and controls, and privacy operations, such as cross-border transfer policies.

2.  Symmetry DataGuard

Symmetry DataGuard comes second to Securiti in ranking and rating as well. The DSPM solution has received a 4.6 rating in the Product Capabilities and Customer Experience categories. It delivers real-time data protection. With visibility of data and advanced analytics, security teams can not only ensure data security but also availability and integrity. Users can leverage that granular information to power their IAM engines to implement effective data controls, access, and permission.

Symmetry DataGuard can be an expensive and you’ll need to invest time to understand the product because of its extensive capabilities and features.

3. Sentra

Sentra’s DSPM platform is built for speed and efficiency. The platform offers agentless discovery, which means that data doesn’t leave an organization’s secure environment, and hence there’s zero disruption to the productivity of teams.

Another important aspect of Sentra’s DSPM solution is that it is easy to implement and scale. It further offers great integration capability and thus enables organizations to integrate with various ecosystems for discovering data.

4.  Dig Security Platform

Up to 77% of users would recommend Dig Security Platform, suggests Gartner. The DSPM platform has garnered a 4.2 rating on the review platform. The tool can help security and data teams to effectively identify and discover data and perform accurate categorization and classification.

The data detection and response capabilities of the solution further ensure robust data protection. Teams can have a complete understanding of their data spread across physical and virtual databases and protect sensitive data from security risks, such as data exfiltration, ransomware, and shadow data.

5.  Flow Security

Flow Security covers a large set of environments to discover all data of an organization. For instance, the solution can scan through on-prem infrastructure, multiple cloud environments, SaaS applications, and other self-managed databases.

The ML capabilities enable data teams to discover and classify data elements across structured and unstructured formats. The tool can further discover security vulnerabilities and track them for remediation.

6. Laminar

Laminar is another emerging solution provider that offers a DSPM platform. The platform offers an agile DSPM solution that delivers speed, accuracy, and efficiency. The tool has received a 4.1 rating by reviewers. Data teams can leverage the platform to gain the required data insights of their multi cloud and SaaS environments.

Various controls can be configured to enable robust data protection in the cloud, such as risk discovery and management, access policies, governance framework optimizations, and compliance management. Since Laminar has a lot of room for improvement, you may find the platform lacking in the department of scalability, which is a must for large-scale data-driven organizations.

7. TrustLogix

TrustLogix cloud data security platform, as the name suggests, is built for the cloud to gain data visibility and optimize controls around security, governance, and compliance. The DSPM platform is built for the cloud, and it can be deployed swiftly. It can be connected to a variety of cloud-native environments along with self-managed clouds and SaaS applications.

It doesn’t require access to the data, but it only scans for schemas and configuration metadata. TrustLogix further reviews the log files to detect any anomalies related to sensitive data access for enhanced protection.

8. Cyera

Cyera Platform is a well-trusted DSPM solutions provider in the industry. It provides organizations with comprehensive information on their sensitive data, geographies, and data access controls.

Its DSPM solution covers a lot of ground when it comes to ecosystems in that it can discover data in IaaS, PaaS, self-managed databases, managed databases, as well as DBaaS environments.

9. Concentric

The Concentric Semantic Intelligence product delivers DSPM capabilities to help businesses and security teams find their most important data, find security gaps, and prevent unauthorized access.

The complex ML capabilities of Concentric’s functionalities allow autonomous discovery of the data across a business’s data environment and classify a wide number of data elements, such as PCI data, PHI data, and PII data.

10. Veza

Veza’s DSPM solution provides businesses with a powerful vulnerability management system that allows them to discover identities and mitigate risks. The solution can be integrated with a number of cloud and SaaS systems, such as Okta, Slack, OneLogin, GitHub, GitLab, AWS, OCI, AWS DynamoDB, and GCP, to name a few.

11. BigID

BigID ranks as one of the top cloud data management solutions, and they are now also offering a DSPM solution. The solution comes with a decent data discovery and classification engine that categorizes data across different formats and systems. The solution can further identify and track data security risks, help optimize data access policies across roles and users, and enhance security posture.

12. Fasoo

Data Radar is Fasoo’s product that offers DSPM capabilities. The DSPM platform can replace a traditional data loss prevention solution with an advanced DSPM tool, offering powerful discovery and classification capabilities along with access controls and policies, and risk assessment.

13. Normalyze

With Normalyze DSPM platform, you can search, identify, and categorize data in your Google, Azure, and AWS data clouds. You can sift through data in cloud-native environments across various data formats.

14. OneTrust

OneTrust is also a well-known DSPM provider. The solution provides data discovery, classification, and inventorying. You can use the tool to discover security gaps and enhance access controls to implement a zero-trust framework.

15. Open Raven

Open Raven has a wide range of functionalities that can optimize data security posture. Its DSPM platform can enable businesses to discover and classify data, assess security posture risks, optimize controls, and implement guardrails to meet compliance.

Final thoughts

In today’s data-driven era, finding the best DSPM platform is crucial for businesses to safeguard data against cyber threats and derive business value while meeting compliance. So, go through the provided list of DSPM platforms and pick the best one to meet your business objectives.

Read More

php-8.2.9-1.fc38

Read Time:2 Minute, 17 Second

FEDORA-2023-1aa721a7bb

Packages in this update:

php-8.2.9-1.fc38

Update description:

PHP version 8.2.9 (03 Aug 2023)

Build:

Fixed bug GH-11522 (PHP version check fails with ‘-‘ separator). (SVGAnimate)

CLI:

Fix interrupted CLI output causing the process to exit. (nielsdos)

Core:

Fixed oss-fuzz php#60011 (Mis-compilation of by-reference nullsafe operator). (ilutov)
Fixed line number of JMP instruction over else block. (ilutov)
Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
Fixed oss-fuzz php#60411 (Fix double-compilation of arrow-functions). (ilutov)
Fixed build for FreeBSD before the 11.0 releases. (David Carlier)

Curl:

Fix crash when an invalid callback function is passed to CURLMOPT_PUSHFUNCTION. (nielsdos)

Date:

Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
Fixed bug GH-11600 (Can’t parse time strings which include (narrow) non-breaking space characters). (Derick)

DOM:

Fixed bug GH-11625 (DOMElement::replaceWith() doesn’t replace node with DOMDocumentFragment but just deletes node or causes wrapping <> depending on libxml2 version). (nielsdos)

Fileinfo:

Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)

FTP:

Fix context option check for “overwrite”. (JonasQuinten)
Fixed bug GH-10562 (Memory leak and invalid state with consecutive ftp_nb_fget). (nielsdos)

GD:

Fix most of the external libgd test failures. (Michael Orlitzky)

Intl:

Fix memory leak in MessageFormatter::format() on failure. (Girgias) Libxml:
Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)

MBString:

Fix GH-11300 (license issue: restricted unicode license headers). (nielsdos)

Opcache:

Fixed bug GH-10914 (OPCache with Enum and Callback functions results in segmentation fault). (nielsdos)
Prevent potential deadlock if accelerated globals cannot be allocated. (nielsdos)

PCNTL:

Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open). (nielsdos)

PDO:

Fix GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer filled). (SakiTakamachi)

PDO SQLite:

Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt). (KapitanOczywisty, CViniciusSDias)

Phar:

Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824) (nielsdos)

PHPDBG:

Fixed bug GH-9669 (phpdbg -h options doesn’t list the -z option). (adsr)

Session:

Removed broken url support for transferring session ID. (ilutov)

Standard:

Fix serialization of RC1 objects appearing in object graph twice. (ilutov) Streams:

Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper from itself). (ilutov)

SQLite3:

Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)

XMLReader:

Fix GH-11548 (Argument corruption when calling XMLReader::open or XMLReader::XML non-statically with observer active). (Bob)

Read More