Category Archives: News

CISA issues emergency warning over two new VMware vulnerabilities

Read Time:31 Second

The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive over two new vulnerabilities in VMware products. According to the advisory, threat actors are likely to exploit CVE-2022-22972 and CVE-2022-22973 in several products including VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, much like they did in relation to CVE 2022-22954 and CVE 2022-22960 in April. CISA has urged organizations to take swift action to mitigate the risks associated with the vulnerabilities.

To read this article in full, please click here

Read More

Two account compromise flaws fixed in Strapi headless CMS

Read Time:34 Second

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised.

According to researchers with the Synopsys Cybersecurity Research Center (CyRC), the flaws allow a user with low privileges to access sensitive data that can be used to perform a password reset for a higher privileged account, such as the administrator. This means attackers need to gain access to a low-privileged account first and this can be achieved via compromised credentials, phishing or other methods.

To read this article in full, please click here

Read More

QuSecure launches end-to-end post-quantum cybersecurity solution

Read Time:32 Second

Post-quantum cryptography company QuSecure has announced its debut with the launch of a new post-quantum cybersecurity solution, QuProtect. The firm claimed that QuProtect is the industry’s first end-to-end quantum software-based platform designed to protect encrypted communications and data using a quantum secure channel.

The solution addresses present classical attacks and future quantum computing threats for commercial enterprises and government agencies, QuSecure added. The release comes as increasing numbers of solutions providers are coming to market with quantum-resilient offerings built to withstand quantum computing security risks that threaten traditional public key cryptography.

To read this article in full, please click here

Read More

Websites that Collect Your Data as You Type

Read Time:1 Minute, 17 Second

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form.

Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States. They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.

After specifically crawling sites for password leaks in May 2021, the researchers also found 52 websites in which third parties, including the Russian tech giant Yandex, were incidentally collecting password data before submission. The group disclosed their findings to these sites, and all 52 instances have since been resolved.

“If there’s a Submit button on a form, the reasonable expectation is that it does something — that it will submit your data when you click it,” says Güneş Acar, a professor and researcher in Radboud University’s digital security group and one of the leaders of the study. “We were super surprised by these results. We thought maybe we were going to find a few hundred websites where your email is collected before you submit, but this exceeded our expectations by far.”

Research paper.

Read More

How To Do A Virus Scan

Read Time:5 Minute, 16 Second

How to Check for Viruses

Whether you think you might have a virus on your computer or devices, or just want to keep them running smoothly, it’s easy to do a virus scan. How to check for viruses depends on the software and device you have, so we’ll go through everything you need to know to run a scan effectively and keep your computers, phones and tablets in tip-top shape.

Do You Need a Virus Scan?

First, let’s cover a few of the telltale signs your device might have a virus. Is your computer or device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Or maybe, you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are all examples of signs that you may have a virus, but don’t get too worried yet, because many of these issues can be resolved with a virus scan.

What Does a Virus Scan Do?

Each antivirus program works a little differently, but in general the software will look for known malware that meets a specific set of characteristics. It may also look for variants of these known threats that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, it removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.

How to Check for Viruses

The process of checking for viruses depends on the device type and its operating system. Check out these tips to help you scan your computers, phones and tablets.

On a Windows computer

If you use Windows 10, go into “Settings” and look for the “Updates & Security” tab. From there you can locate a “Scan Now” button.

Of course, many people have invested in more robust antivirus software that has a high accuracy rate and causes less drain on their system resources, such as McAfee Total Protection. To learn how to run a virus scan using your particular antivirus software, search the software’s help menu or look online for instructions.

On a Mac computer

Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. There are some free antivirus applications available online, but we recommend investing in trusted software that can protect you from a variety of threats. Downloading free software and free online virus scans can be risky, since cybercriminals know that this is a good way to spread malware.

Whichever program you choose, follow their step-by-step instructions on how to perform a virus scan, either by searching under “help” or looking it up on their website.

On smartphones and tablets

Yes, you can get a virus on your phone or tablet, although they are less common than on computers. However, the wider category of mobile malware is on the rise and your device can get infected if you download a risky app, click on an attachment in a text message, visit a dangerous webpage, or connect to another device that has malware on it.

Fortunately, you can protect your devices with mobile security software. It doesn’t usually come installed, so you will have to download an application and follow the instructions.

Because the Android platform is an open operating system, there are a number of antivirus products for Android devices, allowing you to do a virus scan.

Apple devices are little different, because they have a closed operating system that doesn’t allow third parties to see their code. Although Apple has taken other security precautions to reduce malware risks, such as only allowing the installation of apps from Apple’s official app store, these measures aren’t the same as an antivirus program.

For more robust protection on your Apple devices, you can install mobile security software to protect the private data you have stored on your phone or tablet, such as contacts, photos and messages.

All-In-One Protection:

If safeguarding all your computers and devices individually sounds overwhelming, you can opt for a comprehensive security product that protects computers, smartphones and tablets from a central control center, making virus prevention a breeze.

Why are virus scans so important?

New online threats emerge every day, putting our personal information, money and devices at risk. In the first quarter of 2019 alone McAfee detected 504 new threats per minute, as cybercriminals employed new tactics. That’s why it is essential to stay ahead of these threats by using security software that is constantly monitoring and checking for new known threats, while safeguarding all of your sensitive information. Virus scans are an essential part of this process when it comes to identifying and removing dangerous code.

How often should you run a virus scan?

Most antivirus products are regularly scanning your computer or device in the background, so you will only need to start a manual scan if you notice something suspicious, like crashes or excessive pop-ups. You can also program regular scans on your schedule.

Preventing Viruses

Of course, the best protection is to avoid getting infected in the first place. Here are a few smart tips to sidestep viruses and other malware:

Learn how to surf safely so you can avoid risky websites, links and messages. This will go a long way in keeping you virus-free.
Never click on spammy emails or text messages. These include unsolicited advertisements and messages from people or companies you don’t know.
Keep the software on your computers and devices up to date. This way you are protected from known threats, such as viruses and other types of malware.
Invest in comprehensive security software that can protect all of your devices, such as McAfee LiveSafe.
Stay informed on the latest threats, so you know what to look out for. The more you know about the latest scams, the easier they will be to spot and avoid.

The post How To Do A Virus Scan appeared first on McAfee Blog.

Read More

WannaCry 5 years on: Still a top threat

Read Time:48 Second

Who doesn’t love an anniversary and the opportunity to reminisce about “where we were” when an historical event happened? Such is the case over the last several days when it comes to remembering WannaCry, the ransomware that infected thousands of computers five years ago and cost companies all over the world billions of dollars in damages.

WannaCry broke onto the infosec scene on May 12, 2017. Taking advantage of the vulnerable version of the Server Message Block (SMB) protocol, it ultimately infected approximately 200,000+ machines in more than 150 countries. While Microsoft had issued a patch for the SMB flaw more than a month before the attacks began, millions of computers had not been unpatched against the bug. The largest ransomware attack ever, it impacted several big names globally, including the UK’s National Health Service, US delivery giant FedEx, and Deutsche Bahn, the German railway company.

To read this article in full, please click here

Read More

Uber CISO’s trial underscores the importance of truth, transparency, and trust

Read Time:1 Minute, 13 Second

Truth, transparency and trust are the three T’s that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T’s can have serious consequences.

Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.

The case against Uber’s former CSO

By way of background, Uber’s former CSO faces a five-felony count superseding indictment associated with his handling of the company’s 2016 data breach. The court document, filed in December 2021, alleges Sullivan “engaged in a scheme designed to ensure that the data breach did not become public knowledge, was concealed, and was not disclosed to the FTC and to impacted users and drivers.” Furthermore, the two individuals, who are believed to have affected the hack and subsequently requested payment for non-disclosure ultimately received $100,000 from Uber’s bug bounty program. These individuals were identified in media as, Vasile Mereacre, a Canadian citizen living in Toronto, and Brandon Glover, a Florida resident, both of whom were later indicted for their breach of Lynda (a company acquired by Linkedin).

To read this article in full, please click here

Read More