USN-6465-2: Linux kernel (Raspberry Pi) vulnerabilities

Read Time:25 Second

Yu Hao and Weiteng Chen discovered that the Bluetooth HCI UART driver in
the Linux kernel contained a race condition, leading to a null pointer
dereference vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-31083)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)

Read More

Weak Passwords Can Cost You Everything

Read Time:6 Minute, 12 Second

In today’s digital age, most of our personal information and sensitive data are stored online. From banking transactions to vital records, everything lies behind the protective screen of our passwords. The importance of having strong, unique passwords cannot be overstated. However, most individuals tend to use weak passwords or reuse the same password over and over, exposing their digital assets to potential hackers.

Understand the Value of Your Digital Assets

Based on a study conducted by McAfee, consumers tend to estimate the value of their digital assets, distributed over multiple devices, to be around $35,000. These digital assets not only include music, videos, photos, and apps but also important information like emails, texts, health and financial records, resumes, and even portfolios. The very thought of losing all this data to cybercriminals is horrifying but is a potential risk if you rely on weak passwords.

Many individuals prefer to reuse their passwords as it’s easier to remember one password rather than a multitude. However, by doing so, you’re inviting a potential breach. If hackers decipher the password for one account, they gain access to all your accounts. Moreover, the challenge is further escalated by the inconsistent password policies across different websites, with some allowing usage of special characters while others don’t.

→ Dig Deeper: Digital Estate Planning – What to Do With Your Digital Assets

What Makes a Password ‘Weak’?

A weak password is one that lacks the necessary characteristics to withstand modern hacking techniques. These vulnerabilities often include brevity, where a password is too short to provide sufficient security. Short passwords, especially those with fewer than eight characters, are much easier for attackers to guess using brute force or dictionary attacks. Additionally, weak passwords often lack complexity, relying solely on letters or numbers without incorporating a mix of uppercase letters, lowercase letters, numbers, and special characters. This makes them susceptible to straightforward hacking attempts.

Furthermore, weak passwords may be derived from easily accessible personal information, such as the user’s name, birthdate, or other readily available details. Attackers can often exploit this information through social engineering or data breaches. Additionally, common words, phrases, or dictionary terms in passwords, like “password” or “qwerty,” are particularly weak, as they are frequently targeted in automated password-cracking attacks. To ensure the strength of a password, it is essential to create long, complex, and unique combinations that are challenging for attackers to decipher.

The Staggering Statistics

What are the potential consequences of a weak password? A determined hacker can track a person’s online activity, identify and hack weak passwords then use those weak passwords to access banking information, credit card numbers, and personal data used to steal a person’s identity. Remember: Just as you go to work each morning to put food on the table for your family, a hacker has similar goals. So, work with equal diligence to protect what’s yours.Here’s a look at some intriguing numbers that underline the scale of the problem:

Over 60% of us use more than three digital devices.
55% store irreplaceable digital assets on these devices.
More than 75% regularly visit five or more sites requiring passwords.
63% resort to easy-to-guess passwords or reuse the same password across multiple sites.
Shockingly, 17% do little or nothing to safeguard their passwords.
These figures highlight the importance of proper password management. If we continue to ignore this, then we are, in essence, handing over the keys to our digital kingdom to potential intruders.

Devise a Better Plan

The need for a better password management strategy is evident. Start by ensuring you use different passwords for each of your accounts. Even though it’s tempting, avoid using the ‘remember me’ function on your browsers or mobile apps. This function offers convenience but at the risk of revealing your passwords if your device gets stolen or lost.

Avoid entering passwords on computers that you don’t control, like those in an Internet café or library. Further, avoid accessing your accounts via unsecured Wi-Fi connections, such as those at an airport or coffee shop, as hackers can easily intercept your data. Use a VPN. Also, remember, your password is private. Do not share it with anyone. You never know when a trusted friend might turn into a threat.

→ Dig Deeper: Why You Need to Watch Out When Using Public Wi-Fi

How to Create a Strong Password

Creating a strong password is not as complicated as it seems, and there are several strategies you can apply to create one. A strong password should be long (at least 12 characters), include a mix of letters (both upper and lower case), numbers, and special characters. Avoid using dictionary words, personal information like your name, date of birth, etc., and avoid obvious keyboard paths like “qwerty” or “123456”.

One effective method to create a strong password is to use a phrase or sentence that is meaningful to you, and use the first letter of each word, include numbers or special characters to replace some letters. For example, “My cat Whiskers was born on July 7.” could be transformed into “McWwboJ7.”. This password is strong, unique, and easier to remember than a random string of letters, numbers, and special characters.

Use a Password Manager

Keeping track of different passwords for each account can be challenging. This is why using password managers can be useful. Password managers like LastPass, Dashlane, or McAfee’s password manager can securely store your passwords and help you log in to your accounts with just a click. They also generate strong, unique passwords for you and store them in an encrypted vault, only accessible with a master password.

The master password is the only one you need to remember, so make it a strong one. Also, most password managers offer multi-factor authentication, adding an extra layer of protection. Remember, just like your passwords, your master password should be kept private and not shared with anyone.

Combine Unique Passwords With MFA

Use unique passwords and MFA. If taken seriously, these two extra steps could save you a million headaches. Use unique passwords for each of your accounts. By using different passwords, you avoid having all of your accounts become vulnerable if you are hacked (think domino effect). Then activate MFA, a Multi-Factor Authentication (also called two-step verification or authentication ). MFA confirms a user’s identity only after presenting two or more pieces of evidence. Though not 100% secure, this practice adds a layer of security to an account.

McAfee Pro Tip: Whenever possible, opt for true two-factor and multi-factor authentication. These are robust and dependable verification methods, so make the most of their security benefits. Take advantage of biometric authentication like fingerprint reading and facial recognition. Learn more about 2FA and MFA.

Final Thoughts

Our digital assets are extremely valuable, and in our increasingly digital world, protecting them becomes even more critical. The key to strong password management involves creating unique, complex passwords, not reusing them across platforms, and changing them regularly. Using tools like password managers can simplify this process and provide additional security. And of course, adding antivirus, like McAfee antivirus, and other security solutions on top of password management is also encouraged. Ultimately, taking these steps can help you secure your digital life and avoid a potential cyber nightmare.

The post Weak Passwords Can Cost You Everything appeared first on McAfee Blog.

Read More

USN-6467-1: Kerberos vulnerability

Read Time:14 Second

Robert Morris discovered that Kerberos did not properly handle memory
access when processing RPC data through kadmind, which could lead to the
freeing of uninitialized memory. An authenticated remote attacker could
possibly use this issue to cause kadmind to crash, resulting in a denial
of service.

Read More