FEDORA-FLATPAK-2023-873fc52e64
Packages in this update:
firefox-flatpak-120.0-1
Update description:
Update to 120.0
firefox-flatpak-120.0-1
Update to 120.0
While the majority of us look forward to Black Friday and Cyber Monday for the best deals, there’s another group that’s also eagerly anticipating these dates – cybercriminals. As the number of online shoppers increases, so do the opportunities for cybercriminals to steal personal and financial information. In this article, we will take a closer look at how these cybercriminals operate, and how you can protect yourself from becoming a victim.
With the advent of technology, more and more consumers are shifting towards online shopping. The COVID-19 pandemic has also forced a lot of people to favor this method of purchasing due to health and safety concerns. However, this shift has also opened up a new avenue for cybercriminals who are now focusing their efforts on gathering personal information from these online transactions. In this part of the article, we delve into how these criminals take advantage of Black Friday online sales to access and steal personal data.
The first step in understanding how to protect ourselves is to understand how cybercriminals operate. Black Friday and Cyber Monday provide the perfect opportunity for these criminals as the surge in online traffic can make their malicious activities less noticeable. They exploit the sense of urgency and excitement around these sales, using various tactics to deceive shoppers and gain access to their personal information.
One of the most common methods used by cybercriminals is phishing. It is a form of fraud where cybercriminals impersonate a legitimate organization in an attempt to steal sensitive data. During the Black Friday sale period, these criminals will send out emails or texts that appear to be from renowned retailers offering fantastic deals. However, these emails and texts are embedded with malicious links that when clicked, lead the shopper to a fake website designed to steal their personal and financial information. The shopper, lured by the enticing deal, unsuspectingly enters their details, giving the cybercriminals exactly what they want.
Another common tactic used by cybercriminals is the use of malware and ransomware. Malware is a type of software that is designed to cause damage to a computer, server, or computer network, while Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. During Black Friday, cybercriminals increase the distribution of such malicious software. Unsuspecting shoppers may download these onto their devices when they click on links or open attachments in emails offering Black Friday deals.
Once the malware or ransomware is downloaded onto the device, the cybercriminals can steal personal information, lock the device, or even use it to conduct other illegal activities. This type of attack is particularly dangerous as it not only compromises personal and financial information, but can also leave the victim with a non-functional device, adding insult to injury. The aftermath of such an attack could be extensive and costly, especially if valuable data is lost or if the ransom is paid to regain access to the device.
→ Dig Deeper: Online Shopping – How To Avoid The Bad So You Can Enjoy The Good!
Card skimming involves the illegal copying of information from the magnetic stripe of a credit or debit card. It is a serious problem in the brick-and-mortar retail sector, however, a new form of this crime has emerged and is becoming a major threat to online shoppers – E-skimming. E-skimming is a method used by cybercriminals to steal credit card information from online shoppers in real-time.
During the Black Friday period, the criminals may compromise a retailer’s website, typically by injecting malicious code into the site’s checkout process. When the shopper enters their credit card information, the criminals capture it. The information is then either used directly to make fraudulent purchases or sold on the dark web. This method is particularly challenging for retailers to combat as it can be difficult to detect, the e-skimming code may lay dormant until the checkout process is initiated, making it even harder to identify.
Now that we understand the methods used by cybercriminals, let’s explore how to protect our personal and financial information during this high-risk period. Cybersecurity should be everyone’s top priority and there are several measures you can take to ensure you don’t fall victim to these cyber-attacks.
Firstly, be skeptical of emails, texts, or advertisements offering too-good-to-be-true deals. Always double-check the source before clicking any links. It’s safer to directly navigate to the retailer’s website via your browser rather than clicking the link in an email or ad. If you receive an email from a retailer, cross-verify it by visiting their official website or contacting them directly. Avoid clicking on links from unknown or suspicious sources.
→ Dig Deeper: Invisible Adware: Unveiling Ad Fraud Targeting Android Users
Secondly, ensure your devices are equipped with up-to-date antivirus and anti-malware software. These tools can detect and block malicious activities, providing a layer of security. Regularly update your software and operating system to patch any vulnerabilities that cybercriminals might exploit. When shopping online, make sure the website’s URL begins with ‘https’, indicating it is secure and encrypted. Furthermore, regularly monitor your bank and credit card statements for any unauthorized transactions.
McAfee Pro Tip: Have you ever encountered a suspicious charge on your credit card and felt uncertain about the next steps to take? Protect yourself with McAfee’s credit monitoring service! Our tool can help you keep an eye on any unusual credit activity to detect potential signs of identity theft.
Finally, consider using a credit card instead of a debit card for online purchases. Credit cards often have better fraud protection and it’s easier to dispute fraudulent charges. Be mindful of where and how you’re sharing your personal information. Avoid making transactions over public WiFi as these networks can be easily compromised. Instead, use your mobile data or a trustworthy, private WiFi network.
While consumers can take steps to protect themselves, retailers also play a crucial role in ensuring the security of their customers’ data. They need to be proactive in implementing robust security measures and constantly monitoring for any suspicious activities. Regular audits and penetration testing can help identify potential vulnerabilities and fix them before they can be exploited.
Businesses should educate their employees on cybersecurity best practices and how to identify phishing attempts. Regular training can help prevent accidental breaches as well as deliberate insider threats. Employing secure payment systems and encryption are other steps retailers can take to safeguard customer data.
Multi-factor authentication can add an additional layer of security, making it harder for cybercriminals to gain access. Retailers should also have a response plan in place in case of a data breach, to minimize damage and swiftly communicate to affected customers.
Black Friday and Cyber Monday present lucrative opportunities for cybercriminals intent on stealing personal and financial information. However, understanding their tactics and taking proactive measures can significantly reduce the risk of falling victim to these attacks. From phishing and malware to E-skimming, the threats are diverse and evolving, but with caution and cybersecurity measures in place, both consumers and retailers can enjoy the benefits of these sales events safely.
Remember, if a deal seems too good to be true, it probably is. Be vigilant, keep your software updated, and prioritize safe shopping practices. Retailers, on the other hand, need to constantly monitor and update their security systems, educate their employees, and most importantly, ensure transparency with their customers. Together, we can make online shopping safer, not just during Black Friday, but throughout the year.
The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blog.
As a parent and a professional in the cybersecurity industry, I am incredibly aware of the importance of online safety, particularly as it relates to children. Despite vast improvements in technology and cybersecurity, the reality is that kids lack the resources and knowledge to protect themselves against the multitude of threats that exist online. The majority of domestic tech devices, such as personal computers and smartphones, only have basic consumer antivirus software, if any at all. This puts children at significant risk of falling victim to cyber threats like malware and phishing attacks.
However, the risks children face online aren’t limited to just these digital threats. The internet, in all its vastness, also exposes our children to many other potential dangers, from online predators in gaming environments to unrestricted internet usage in their downtime. This guide is geared towards educating and providing effective strategies for parents and other concerned individuals to ensure the online safety of children.
→ Dig Deeper: Reports of Online Predators on the Rise. How to Keep Your Kids Safe.
Recent statistics from Pew Research Center found that 46% of U.S. teenagers aged 13 to 17 have encountered at least one of six different cyberbullying behaviors. Among these behaviors, name-calling is the most prevalent, with 32% of teens reporting that they have been subjected to offensive name-calling online or on their phones. Additionally, 22% have had false rumors spread about them online, and 17% have received unsolicited explicit images.
Furthermore, 15% of teenagers have dealt with persistent inquiries from someone other than a parent about their whereabouts, activities, and companions. Additionally, 10% have faced physical threats, and 7% have had explicit images of themselves shared without their consent. In total, 28% of teenagers have experienced multiple forms of cyberbullying.
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
The high level of exposure and the increasing number of online threats led to the development of the McAfee’s Digital Safety Program, previously known as McAfee’s Online Safety for Kids. This program provides essential resources that can be used by cybersecurity experts to educate school children about the potential dangers that lurk online and how best to protect themselves. Over the past five years, the highly interactive program has been implemented in numerous school systems across the United States, shedding light on the depth and extent of the threats that children encounter daily.
→ Dig Deeper: McAfee Relaunches Award-Winning Online Safety Program for Kids
The McAfee Digital Safety Program is a collaborative effort that brings together the expertise of security professionals, the experiences of children, and the efforts of community partners. It involves not just theoretical learning, but also anecdotal sharing of online experiences, which greatly enhances the effectiveness of the program. Participants of the program, both children and adults alike, often leave with a profound sense of the multitude of threats that children encounter online. By sharing these real-world experiences, it allows everyone involved in the program to better understand the landscape of online dangers and reinforces the importance of adequate protection measures.
Recently, at our Technical Forum in Puerto Rico, the McAfee team and our partners introduced the Digital Safety Program to a private middle school, engaging more than 100 students from grades 6 to 8. Previous participants in the program have ranged from company owners and senior executives to sales and marketing teams. However, at this event, it was the technical experts delivering the message. This not only allowed their technical peers to understand the ease and satisfaction of participating in such a program but also inspired them to consider innovative ways of protecting children and getting their fellow peers and clients involved.
The McAfee Digital Safety Program does more than just promote online safety – it serves as a vessel of corporate social responsibility, connecting security professionals with their local communities and raising awareness of the need for better cybersecurity measures. Additionally, the program offers tangible benefits for partners involved. Many have reported increased brand awareness and appreciation from the communities they serve. Plus, delivering the online safety message serves as a valuable training tool that improves their sales and marketing skills.
While the quest for online safety for children comes with business benefits, it is an endeavor that is worth pursuing regardless. We encourage all our partners and anyone interested to learn more about the McAfee Digital Safety Program and consider how they can implement it in their local communities.
While certain elements of digital threats are beyond our control, what we can do is educate our children and ourselves about online safety and equip ourselves with tools that can help guard against such risks. McAfee’s Digital Safety Program aims to provide adequate knowledge and resources for this purpose. However, it is also important to use the available protection measures that can make the digital playground safer for our children.
One of the first measures to ensure online safety is having a strong and reliable security software installed on the devices used by children. This software should be effective in protecting against malware, phishing attacks, and other online threats. It is also important to keep the software updated, as new threats emerge regularly. Furthermore, parental control features, such as content filters and usage restrictions, can provide an extra layer of protection by limiting the exposure of children to inappropriate or dangerous online content.
Despite implementing technological measures to ensure online safety, the most effective tool is open and thorough conversations about the potential risks and threats that exist online. Children are often unaware of the potential dangers or may not fully comprehend the gravity of these threats. Therefore, it is essential to engage kids in an ongoing dialogue about online safety, equip them with the knowledge to make informed decisions, and encourage them to seek adult assistance when they encounter something unfamiliar or suspicious online.
It is important to have these discussions as early and as often as possible. But, of course, the content and tone of conversations should be age-appropriate. It is equally important to create a safe and non-judgemental environment where children feel comfortable discussing their online experiences without fear of punishment or ridicule. Building trust with children can go long way toward ensuring their safety online.
McAfee Pro Tip: Implement parental controls on their devices gradually, even if your kids may not be enthusiastic about it. This is akin to encouraging them to consume vegetables; it’s a measure taken for their well-being.
The internet is a wonderful tool for learning and communication but, like every innovation, it comes with its own set of risks and threats, especially for our children who are particularly vulnerable. As adults, we need to play our part in en/suring their online safety. Through proactive measures and ongoing open conversation’s, we can create a safer online environment for our children. Initiatives like McAfee’s Digital Safety Program are essential in making this a reality. It is a continuous journey, but the efforts to protect our children from online threats and to educate them about online safety are undoubtedly worth it.
The post Keeping Kids Safe from Online Threats appeared first on McAfee Blog.
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
Maxim Levitsky discovered that the KVM nested virtualization (SVM)
implementation for AMD processors in the Linux kernel did not properly
handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a
denial of service (host kernel crash). (CVE-2023-5090)
It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)
Murray McAllister discovered that the VMware Virtual GPU DRM driver in the
Linux kernel did not properly handle memory objects when storing surfaces,
leading to a use-after-free vulnerability. A local attacker in a guest VM
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-5633)
Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)
Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb)
Ethernet driver in the Linux kernel did not properly validate received
frames that are larger than the set MTU size, leading to a buffer overflow
vulnerability. An attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-45871)
Maxim Levitsky discovered that the KVM nested virtualization (SVM)
implementation for AMD processors in the Linux kernel did not properly
handle x2AVIC MSRs. An attacker in a guest VM could use this to cause a
denial of service (host kernel crash). (CVE-2023-5090)
It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)
python-pillow-9.5.0-2.fc38
Update patch for CVE-2023-44271
Microsoft highlighted a shift in tactics, with attackers directly sharing malicious APK files
It was discovered that RabbitMQ incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to cause a denial of service.
Fortinet researchers have detected a malicious Word document displaying Russian text
Joshua Rogers discovered that Squid incorrectly handled validating certain
SSL certificates. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-46724)
Joshua Rogers discovered that Squid incorrectly handled the Gopher
protocol. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. Gopher support has been disabled
in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, and Ubuntu 23.04. (CVE-2023-46728)
Keran Mu and Jianjun Chen discovered that Squid incorrectly handled the
chunked decoder. A remote attacker could possibly use this issue to perform
HTTP request smuggling attacks. (CVE-2023-46846)
Joshua Rogers discovered that Squid incorrectly handled HTTP Digest
Authentication. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-46847)
Joshua Rogers discovered that Squid incorrectly handled certain FTP urls.
A remote attacker could possibly use this issue to cause Squid to crash,
resulting in a denial of service. (CVE-2023-46848)