USN-6749-1: FreeRDP vulnerabilities

Read Time:54 Second

It was discovered that FreeRDP incorrectly handled certain context resets.
If a user were tricked into connecting to a malicious server, a remote
attacker could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2024-22211)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2024-32039, CVE-2024-32040)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2024-32041, CVE-2024-32458,
CVE-2024-32460)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
FreeRDP clients and servers to crash, resulting in a denial of service.
(CVE-2024-32459)

Read More

How to Tell If Your Text Message Is Real 

Read Time:3 Minute, 49 Second

According to reports from the Federal Trade Commission’s Consumer Sentinel database, text message scams swindled $372 million from Americans in 2023 alone. The staggering figure highlights a growing concern for consumers globally, who increasingly interact with brands and service providers via text, email, and even social media. As our reliance on technology continues, it is important for everyone to understand how to spot scam texts amid the real messages they receive.  amid the real messages they receive.

With such frequent communication from brands and organizations, you can be hard-pressed to figure out what is a scam or not. This practical and actionable advice may be able to help you spot the imposters and protect yourself against even the most hard-to-identify scam messages.    

Understand how brands say they’ll contact you  

Most of us probably avoid reading disclaimers and terms of service from brands and organizations. Paying attention to guidelines for how an organization will contact you will help you stay safe from scams. Just take it from entertainment host, Andy Cohen. 

Cohen received an email he thought was from his bank’s fraud department. Later, the scammer texted Cohen claiming to be from the bank, asking for more information. Cohen ended up sending the scammer money because he believed they were a bank representative. These days, many banks and brands have FYIs on their website about how to spot a legitimate text. Like this page from Chase, which goes over what a real Chase text looks like.  

We have a similar disclosure on our site. For example, our customer service teams will never request sensitive information such as social security numbers, PINs, or bank or payment details. As soon as you sign up for a new account, it’s a good idea to check for this sort of disclaimer and familiarize yourself with contact methods and the type of information organizations might request.  

Verify the message’s source 

Scam messages are so successful because scammers make them look real. During the holidays, when shoppers are ready to leap at deals, scam messages can be hard to resist. With an increased volume of scam texts during major shopping seasons, it’s no wonder open rates can be as high as 98%.  

Consumers can protect themselves against realistic-looking scam messages by verifying the source of the message. If an email hits your mobile inbox, click on the sender’s name to expand their full email address. Typical brand emails will have a “do not reply” somewhere in the address or an official “@branddomain.com” email address. Scam email addresses often appear as strings of gibberish.  

If unsure whether a text from a company is real, log into your account directly to see if it reflects the overdue bill or extra store credit that the text message suggests.  

Educate yourself about the latest scam trends 

Knowing about the latest cybersecurity trends is always good practice. Scammers change their tactics constantly. Text scams that were popular one year may be totally out of style the next time you get a scam message.  

Individuals looking for a place to start can check out FTC, FBI, and CISA websites. Those agencies offer valuable insights about fraud trends and recommendations about how people can protect themselves. The Better Business Bureau (BBB) has an interactive scam tracking tool, and AARP provides tips for older Americans who may not be as in tune with the latest tech trends and tools.  

Layer protection with cutting-edge software 

Thankfully, the software designed to protect against scams evolves, as well. Consumers can turn to product suites that offer features like finding and removing personal info from sites that sell it, adjusting social media controls, and even providing alerts about suspicious financial transactions. 

For scam texts, AI is here to help. McAfee Scam Protection uses AI to scan SMS text messages and alert you about unsafe links. Users can delete those messages without opening them, reducing the risk of compromise and removing any question about whether the message is fraudulent or for real.  

Take a proactive approach to prevent text scams  

The $372 million figure is a stark reminder of growing fraud. As we continue into the digital age, the threat of fraudulent communications from scammers looms. To safeguard against bad actors, consumers must be proactive. By paying attention to brand communication guidelines, verifying the source of messages, remaining educated, and using modern privacy and identity products, consumers can avoid scams before they start.  

The post How to Tell If Your Text Message Is Real  appeared first on McAfee Blog.

Read More