libmodsecurity-3.0.12-1.fc40
Automatic update for libmodsecurity-3.0.12-1.fc40.
* Sun Feb 11 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 3.0.12-1
– Update to 3.0.12 rhbz#2253518
– Fix CVE-2024-1019 rhbz#2262017 rhbz#2262018 rhbz#2262019
This International Day of Women and Girls in Science, #TeamMcAfee is proud to join forces with the incredible McAfee Women in Security Community (WISE) to celebrate the achievements of women in Science, Technology, Engineering, and Mathematics (STEM)!
WISE is a passionate group of women (and men!) who are dedicated to creating a more inclusive and welcoming environment for all at McAfee, actively supporting and empowering the next generation of female STEM leaders.
“At WISE, we believe in nurturing a diverse and thriving community where every individual, regardless of gender, can unleash their potential. This International Day of Women and Girls in Science, we’re proud to celebrate the journeys of Arati, Sai, Defne, Richa, and Sowmya. Their stories are testaments to the transformative power of STEM, and their voices inspire young women to dream big and pursue their passion for science and technology.”Brenda, President of WISE
Arati, Sai, Defne, Richa, and Sowmya illustrate the transformative power of STEM, the impact of McAfee and the WISE community on their journeys, and their insightful advice for young women embarking on their own STEM journeys.
Arati, Sr. Director, Engineering
“During my school days, I was a curious student who did well in Science and Maths. My classmates often sought my help understanding challenging concepts, which fueled my confidence and solidified my love for these fields. I thrived in stimulating environments where I could push boundaries and explore my full potential, and STEM offered exactly that. It was the perfect path to avoid succumbing to the boredom of routine and truly discover what I could achieve.
Being part of WISE has been instrumental in my STEM journey. It’s provided invaluable networking opportunities, connecting me with inspiring leaders both within and outside McAfee through summits and conferences. Having access to diverse role models, both male and female, fuelled my drive and ambition, giving me a wealth of knowledge and guidance to navigate my career path.
As a woman leader in the tech industry, I’ve witnessed many discussions about work-life balance, equal opportunities, and flexibility. While these are crucial conversations, I want to emphasize that there’s no substitute for the dedication and commitment required to excel in any field. For young women considering a career in STEM: Focus on continuous learning, fuel your passion for excellence, and cultivate a genuine desire to make a positive impact. Prioritize preparation, integrity, and striving for excellence over any sense of entitlement. When you put in the hard work, the opportunities, achievements, and empowerment will follow naturally. Remember, it’s important to “pay it forward” – mentor others and uplift the next generation of women in STEM!”
Sai: Sr. Technology & Innovation Researcher
“Right from my early school days I liked the evidence based scientific reasoning method – using experiments and observations to draw conclusions on a phenomenon. Naturally, pursuing a career in STEM was a path I couldn’t wait to explore. Today, as a Sr. Technology & Innovation Researcher at McAfee, I continue to delve into the unknown, but with the added benefit of having a supportive community and team around me.
Being part of a supportive community like WISE is invaluable. Navigating the corporate world can be challenging, and having a network of individuals who understand and can provide guidance makes a significant difference.
To young women considering a career in STEM: If science ignites your curiosity, follow that spark. There might be challenges along the way, but remember, the beauty of STEM lies in its constant evolution and endless possibilities. Embrace the journey, learn from supportive communities, and most importantly, never let anyone dim your passion for discovery.”
Defne: Director of Technology Services
“My path to STEM started with a simple spark: a love for solving problems. Growing up in a supportive environment, fueled by encouragement from parents and teachers, I was never afraid to ask questions and delve into the unknown. Fast forward to today, and I’m the Director of Technology Services at McAfee, leading a team that supports People Success and Legal systems.
McAfee has been instrumental in my growth. Here, I’ve tackled challenging programs that pushed my boundaries and provided invaluable learning experiences. I’ve also had great mentors at McAfee who have helped and supported me. And being part of the WISE community fosters a space for women to learn, collaborate, and empower each other.
To young women considering a career in STEM: Believe in yourself. Find mentors who inspire you, hone your math and science skills, and sharpen your problem-solving skills. Most importantly, don’t hesitate to speak up, stay curious and never stop learning – the possibilities in STEM are endless!”
Richa: Technical Program Manager
“Driven by a thirst for knowledge and a deep desire to contribute to the world, I embarked on my STEM journey fueled by my passion for science. Today, as a Technical Program Manager with over 10 years at McAfee, I’m proud to be part of a company that fosters innovation and empowers individuals to make a difference.
McAfee has been more than just a workplace; it’s a vibrant community where I’ve thrived. But the impact of the WISE community has been truly transformative. It’s provided invaluable support, fostered collaboration, and offered leadership development opportunities specifically for women at McAfee. Through WISE, I’ve connected with incredible individuals, celebrated our achievements, and found a sense of belonging and inclusion.
To young women considering a career in STEM: Don’t hesitate! This field empowers you to find your voice and gain invaluable experience. Embrace real-world projects; they’ll sharpen your thinking, unlock leadership potential, and open doors to endless learning opportunities. Remember, your unique perspective and contributions are essential in shaping the future of STEM.”
Sowmya: Data Governance Manager
“Growing up surrounded by academia, with a mother who rose to lead a women’s college, instilled in me a deep yearning for both career advancement and leadership. But it was the allure of logical problem-solving and the thrill of technology’s evolution, like witnessing the first Indian cell phone, that truly drew me to STEM. I embarked on a journey to unravel the intricacies of cellular and satellite communication systems with a bachelor’s in electronics and communications engineering, eager to play my part in shaping the future and being at the forefront of innovation and emerging technologies.
McAfee and the WISE community have played a pivotal role in my STEM career. As the leader of the India WISE group, I’ve had invaluable opportunities to engage with global leaders, foster stronger connections within the Indian WISE community, receive recognition, contribute to WISE publications, and establish trusted mentorship relationships. These experiences have not only empowered others but also provided me with a fulfilling outlet beyond my data governance role. Leading WISE has honed my soft skills, allowing me to influence, connect, and build confidence.
For young women considering a career in STEM remember: Failure persists only as long as fear dictates. Embrace lifelong learning and don’t shy away from changing domains or upskilling. My career, spanning 19+ years, has taken me from electronics engineer to data governance manager, requiring me to adapt and learn along the way. Take calculated risks, embrace change, and follow your instincts. The most transformative journeys often begin with a leap of faith. Remember, the investment in growth and change is always worthwhile.”
The post Celebrating International Day of Women and Girls in Science appeared first on McAfee Blog.
hugin-2023.0.0-2.fc38
Security fix for CVE-2024-25442 CVE-2024-25443 CVE-2024-25445 CVE-2024-25446
Two massive data breaches in France have impacted roughly half the nation’s population. The data of an estimated 33 million people has been compromised, making this the country’s largest-ever data breach.
Attackers targeted two French healthcare payment service providers, Viamedis and Almerys. Both companies manage third-party payments for health insurance in France. According to the CNIL, (Commission nationale de l’informatique et des libertés) France’s data protection agency, data was compromised during two separate breaches that struck in early February.
From a statement issued by the CNIL, affected records of policyholders and their families include:
Marital status.
Date of birth and social security number.
The name of the health insurer, as well as the guarantees of the contract.
The CNIL further stated that data such as banking info, medical data, health reimbursements, postal details, telephone numbers, and emails were not swept up by the breaches.
The concern with this breach, as with any other, is how this breached info might get combined with info from other breaches. Taken together, bad actors might use that combined info to conduct follow-on attacks, including identity theft.
As such, the CNIL suggests the following for policyholders:
Be wary of any requests you might receive, particularly if they concern reimbursement of health costs.
Periodically check the activities and movements on your various accounts.
In the meantime, the CNIL stated that it’s investigating the attack further, particularly to determine whether the security measures in place were in line with European data standards and obligations.
Any time a data breach occurs, it means that your personal info might end up in the hands of a bad actor. In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Report unauthorized use of your info or accounts immediately.
As noted by the CNIL, keep an eye on your account. If you note any unusual activity, notify Viamedis or Almerys immediately.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. So it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for info, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
With that, you can look into McAfee Scam Protection. It uses AI that detects suspicous links in email, texts, and social media messages. Further, it can block risky sites if you accidentally click or tap a link.
Change your passwords and use a password manager.
While it doesn’t appear that login info was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
Enable two-factor authentication.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Consider using identity monitoring.
Breached and stolen info often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your info was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
McAfee’s service monitors the dark web for your personal info, including email, government IDs, health IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from potential theft.
We also offer identity restoration services through our McAfee+ Ultimate subscriptions. Identity restoration includes access to experts who can help generate an effective and efficient plan to quickly restore your identity, so you don’t have to tackle the issue by yourself.
Consider using comprehensive online protection.
A complete suite of online protection software can offer layers of extra security. It offers you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account info. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your info. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
Whether you’re a French citizen or not, word of this data breach offers an opportunity to bolster your defenses. Major breaches like these occur, just as we saw with the Facebook breach in 2021, the PayPal breach in 2023, and the 23andMe breach, also in 2023. Taking preventative steps now can put you a step ahead of the next one.
Of those steps, using comprehensive online protection software is the strongest. Protection like ours safeguards your privacy, identity, and devices in breadth and depth — protecting you from data breaches and all manner of scams and attacks that often follow them.
The post France Gets Hit with Its Largest Data Breach Ever — What You Need to Know appeared first on McAfee Blog.
The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false.
Near as I can tell, a German reporter talking to someone at Fortinet got it wrong, and then everyone else ran with it without reading the German text. It was a hypothetical, which Fortinet eventually confirmed.
Or maybe it was a stock-price hack.
Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.
Sunnyvale, Calif. based Juniper Networks makes high-powered Internet routers and switches, and its products are used in some of the world’s largest organizations. Earlier this week KrebsOnSecurity heard from a reader responsible for managing several Juniper devices, who found he could use Juniper’s customer support portal to find device and support contract information for other Juniper customers.
Logan George is a 17-year-old intern working for an organization that uses Juniper products. Speaking on condition that his employer not be named, George said he found the data exposure earlier this week by accident while searching for support information on a particular Juniper product.
George discovered that after logging in with a regular customer account, Juniper’s support website allowed him to list detailed information about virtually any Juniper device purchased by other customers. Searching on Amazon.com in the Juniper portal, for example, returned tens of thousands of records. Each record included the device’s model and serial number, the approximate location where it is installed, as well as the device’s status and associated support contract information.
George said a few minutes of digging around the Juniper support portal revealed he could even see product and support information for the U.S. Department of Defense (DoD).
“If there’s one thing I know it’s that I should not be able to see the DoD’s Juniper products,” George said. “But this information was available for hundreds of companies, and I could see what products they had installed and where.”
Information exposed by the Juniper support portal. Columns not pictured include Serial Number, Software Support Reference number, Product, Warranty Expiration Date and Contract ID.
George said the exposed support contract information is potentially sensitive because it shows which Juniper products are most likely to be lacking critical security updates.
“If you don’t have a support contract you don’t get updates, it’s as simple as that,” George said. “Using serial numbers, I could see which products aren’t under support contracts. And then I could narrow down where each device was sent through their serial number tracking system, and potentially see all of what was sent to the same location. A lot of companies don’t update their switches very often, and knowing what they use allows someone to know what attack vectors are possible.”
In a written statement, Juniper said the data exposure was the result of a recent upgrade to its support portal.
“We were made aware of an inadvertent issue that allowed registered users to our system to access serial numbers that were not associated with their account,” the statement reads. “We acted promptly to resolve this issue and have no reason to believe at this time that any identifiable or personal customer data was exposed in any way. We take these matters seriously and always use these experiences to prevent further similar incidents. We are actively working to determine the root cause of this defect and thank the researcher for bringing this to our attention.”
The company has not yet responded to requests for information about exactly when those overly permissive user rights were introduced. However, the changes may date back to September 2023, when Juniper announced it had rebuilt its customer support portal.
George told KrebsOnSecurity the back-end for Juniper’s support website appears to be supported by Salesforce, and that Juniper likely did not have the proper user permissions established on its Salesforce assets. In April 2023, KrebsOnSecurity published research showing that a shocking number of organizations — including banks, healthcare providers and state and local governments — were leaking private and sensitive data thanks to misconfigured Salesforce installations.
Nicholas Weaver, a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI) and lecturer at UC Davis, said the complexity layered into modern tech support portals leaves much room for error.
“This is a reminder of how hard it is to build these large systems like support portals, where you need to be able to manage gazillions of users with distinct access roles,” Weaver said. “One minor screw up there can produce hilarious results.”
Last month, computer maker Hewlett Packard Enterprise announced it would buy Juniper Networks for $14 billion, reportedly to help beef up the 100-year-old technology company’s artificial intelligence offerings.
US companies using AI-generated voices during a call without prior consent could receive fines of up to $23,000 per call
As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.
Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.
Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.
One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.
→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.
Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.
While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.
One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.
When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.
For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.
Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.
McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.
If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.
Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.
→ Dig Deeper: How To Report An Online Scam
The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.
And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.
Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.
The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.
Facebook and other social media companies struggle with trust, with only 6% globally comfortable sharing personal data, according to a 2024 Thales survey
