New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
Emotet Malware Now Hacks Nearby Wi-Fi Networks to Infect New Victims
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks.
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems.
Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA
After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products.
Adobe Releases First 2020 Patch Tuesday Software Updates
Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first...
Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw
Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three "moderately critical" vulnerabilities in its core system.
Latest Microsoft Update Patches New Windows 0-Day Under Active Attack
With its latest and last Patch Tuesday for 2019, Microsoft is warning billions of its users of a new Windows zero-day vulnerability that attackers are actively exploiting in the wild in combination with a Chrome exploit to take remote control over vulnerable computers.
Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus
Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection.
Avast and AVG Browser Extensions Spying On Chrome and Firefox Users
If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible; Avast Online Security, AVG Online Security,Avast SafePrice and AVG SafePrice.
Malicious Android SDKs Caught Accessing Facebook and Twitter Users Data
Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users' data associated with their connected social media accounts.
Responsible Computer Usage
Responsible Computer Usage
Computers and networks may never be completely safe from security risks but we can follow some simple rules and procedures to try and prevent attacks on our computer systems. Remember that the way you operate your computer has a definite impact on everyone else on the network. A compromised organization's computer can be used to sniff passwords from its neighbors' network traffic or cause poor network performance for other users so it is important to consider the following tips for responsible computer usage to help you mitigate the risks.
Always run up-to-date virus protection
You should make sure that your computer has an anti-virus program and that it is always updated. If it is not evidently running on your PC, you should contact your IT officer. Also, make sure that all the files you send to other people are virus free. Viruses are frequently spread through infected email attachments. So before forwarding an attachment to your colleagues or friends, scan it for viruses.
Check before you install software
While browsing the internet, users may encounter websites that tempt them to install something on their computers. Some software may also be installed without the user's knowledge. These programs may contain spyware or adware. Do not install software that you were not specifically looking for. Some websites trick people into installing programs that claim to improve the performance of their computers. More often than not, the opposite is true. It is also a good practice to research on any software before installing. If you are using a computer at work, do not install unauthorized or personal software. If you need a program installed, ask permission to your IT officer to do so.
Stop sending spam
Are you the type who forwards every joke or cute picture that gets emailed to you? If you are, then you may be considered a spammer. Professional spammers send out millions of email, flooding the network with junk email. This slows down the performance of the entire network. If everyone stops forwarding jokes and chain email, the speed and performance of our networks would greatly improve.
Avoid the use of non-business resource intensive software
Peer to peer programs like Napster, Morpheus and Kazaa are just a few examples of software that slow down computer resources. These programs are non-business tools that are usually a heavy load on the network. They run constantly, and allow people to download files from your computer so you should avoid installing these programs on your computer.
Passwords should be routinely change
The confidentiality of passwords is critical to the protection of any sensitive information and systems. In many cases, passwords offer the first line of defense in stopping unauthorized and malicious users from accessing a user's personal account, or from accessing an organization's systems. It is paramount that the passwords used are adequately protected and remain secret.
It is recommended to change your password routinely as a good practice and it is recommended to use a password that has a minimum of 8 characters. Where possible, passwords should not be identifiable with the user (such as first name, last name, spouse name, friends, relations, colleagues, or other easily guessed names, although you can use names or phrases that you can easily remember that contain a combination of numbers, upper and lower case letters, and non-alphanumeric characters (such as: !@#$%^&*()_~"?><,./\) so the password can be strong. E.g.: theMoon!3*
Never write down your password on a sheet of paper that can be found near your computer. Memorize the password instead. Non-disclosure of passwords: Do not share your password with co-workers since you may be held liable for any misuse or unauthorized activity using your password.
Avoid personal and unauthorized websites
There are some websites that install spyware and adware on your computer without your knowledge. Websites that are known to do this are adult/ sexually explicit sites, hacking sites and sites that distribute pirated software.
Pay attention to the usage and copyright of downloaded files
Check the legality of downloading the information, particularly with respect to copyright permission. If in doubt of the legality, staff members should contact the Center focal point on IP matters for advice.
Do not redistribute downloaded material unless the owner has given permission for them to do so either directly or in the copyright/license terms.
Do not download unlicensed software or violate limitations on the use of particular software as imposed by any license agreements.
Most downloaded software, including shareware and freeware, is copyrighted and subject to license, which sets limitations on its use. Downloading MP3, movie files and games slows down the network. You may also be violating company policy by downloading these files.
Avoid viewing of non-business related streaming media
Streaming media like internet radio or music videos eat up a lot of bandwidth. They run continuously and slow down the network. Avoid using these services if they are non-business related.
Make sure your operating system is patched
The IT departments in the organization are in charge of maintaining your operating system patched, but it is important that you verify that these updates are being implemented successfully because if not updated, your computer may be vulnerable to worms and viruses.
Backup your files
Make sure to regularly backup your most important data and files. Computers are never 100% safe. Even if you get attacked by a hacker or even hardware failure, backing up your data makes recovery much easier. The IT departments usually have some backup procedures in place, so please contact your IT officer for more information about the options in your center.
Be sure to use high-quality media to store your backups. CD-RWs, DVD+RWs, external hard drives are good storage devices you can use.
Keep backup copies in a fireproof and heatproof safe or vault, or offsite (a location separate from the computer site).
Check USB (universal serial bus) memories from virus
USB memories are portable devices that are convenient to transfer files from one place to another. However, it is very easy to get virus transmissions, corruption or loss of data with these devices, so it is recommended to check them before connecting them to your computer in office.
Be careful when transmitting Sensitive or Personal Information
You should not use the Internet to send sensitive information belonging to the center (such as non-public research data or passwords used to gain access to systems and devices within a center) in unencrypted form. This includes the sending of sensitive information using any of the following means: E- mail, Posting to newsgroups or Posting to forums, blogs or websites.
Lock your computer with password when away from your desk
When you leave your workstation unlocked, anyone can assume your identity and gain access to any applications or files that you may have access to. To prevent this, automatic password protection should be invoked after a minimum time period of inactivity (15 minutes recommended) and you should lock your workstation whenever you leave it.