VMware has released security updates to address vulnerabilities in VMware ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to obtain sensitive information.
NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0016 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
Trend Micro recently asked a simple question on Twitter, “Are you worried about the safety of your data when using social media?”
More than 33,000 responses later and the answer is a toss up. The discussions in response to our tweet didn’t provide a clear answer either. This is despite months of high profile Facebook scandals and years of massive data breach headlines.
So what’s going on?
Posing a poll question is tricky. The question needs to be approachable enough to generate a lot of answers. It also needs to be a simple multiple choice, with only a few words per answer.
This will almost always result in a straightforward poll.
Not so this time. The answers are almost evenly divided across the three possible responses. Digging deeper, one of the challenges is how respondents chose to define the “safety” of their data.
As a security professional, I use one definition, but in my experience most people have their own idea when it comes to the “safety” of their data.
For some, it’s being in control of who can access that data. For others, safety is whether or not the data will be available when they want to access it. Others still think about whether or not they can get their data back out of the network once it has been shared.
The formal name for these concepts in information security is the CIA triad—I know, I know, I didn’t name it—confidentiality, integrity, and availability.
Whether you know it or not, for any definition of “safe,” you need all these of these attributes. Let’s look at each in turn.
If everything you posted on Facebook was public, how often would you share?
Confidentiality is the most important attribute for the safety of your data on social networks. Not having control of who can access your data makes social networks significantly less valuable.
How you control the confidentiality of your data depends on the network.
On Facebook, you can change each post to be visible by only you, your friends, or the public. Other finer grain options for each post exist as well if you know how to find them. Similarly “Groups” allow you to share with a different audience.
On LinkedIn, you get similar options as Facebook. Twitter is much simpler. Your tweets are either public, protected (you approved who can see them), or you send a 1:1 direct message.
WhatsApp allows for 1:1 messaging or groups. Instagram defaults to public sharing but also allows direct messages.
Each of these systems help you control who can see your data. They allow you to control the confidentiality of your data.
The more control you have and know how to use, the safer you will feel about your data.
Integrity is less of an issue with the major social networks. It’s understandable that once you’ve posted something, you expect the same information to be shown when appropriate.
But integrity issues do pop up in unexpected ways.
This happens most commonly when you post a video or photo and the network attempts to help you by automatically applying a filter, adjusting the levels, or possibly making edits on your behalf.
When your data changes without your permission or awareness, it could lead to unintended consequences.
Availability comes into play in two primary ways. It’s rare for social networks to have downtime or errors. This means that your data is almost always available when you want to view or share it.
The larger question of whether you can get your data back in its original format is much trickier. It’s a rare case that the social networks will let you export your complete information. It usually runs counter to their business model.
However, some networks do offer the ability to export said data from your account. This helps increase its availability to you.
The poll lacks context, which is the most likely reason why we saw the answers split almost evenly among the three choices.
While the availability and integrity of your data is important, in the context of your social media usage confidentialityshould be top of mind.
Most social networks provide a set of privacy controls that allow you to control who on the network can see your data.
Due to the nature of social media, these controls can change regularly. You should make a habit of checking the available options every so often to ensure that your data is safe.
Social media can be a fantastic way to engage with various communities, stay in touch with family & friends, and to expand your perspective. Unfortunately, there are down sides as well.
We’ve posted before about fake news, the privacy impact of networks selling data, and other issues related to social media usage.
Despite these challenges, there is still more upsides than down. The key to being a responsible social media user is to understand the control you have over your data.
Regardless of how you define “safe,” it’s important to be aware of the network you’re sharing on, how to use the control settings on that network, and have a clear understanding of what information you’re comfortable sharing.
What social media networks do you use most often? Do you feel you understand their privacy settings? Let us know down below or on social media (we’re @TrendMicro on most networks).
The post The Safety of Your Data On Social Media appeared first on .
I have never reverse engineered anything, but I did dismantle a Betamax VCR and put it back together without an instruction manual. My little brother liked to use the tape slot as a garage for his Hot Wheels® toy cars. We were usually able to take out the cars without any issues, but one day, he finally jammed enough cars in the tape slot and made it impossible to get them out. So, at the age of 10, I pulled out some tools, took the VCR apart, threw the cars at my little brother, and managed to rebuild the VCR so that it worked again.
While I can only boast about my useless skill of repairing obsolete video players, Jasiel Spelman, also known as @WanderingGlitch, does know a thing or two about reverse engineering. Earlier this week, he posted a blog on the Zero Day Initiative (ZDI) web site covering the topic of variant hunting as part of the MindshaRE blog series that provides insight on various reversing techniques to security researchers and reverse engineers. In his blog, he explores two Apple iOS vulnerabilities reported by two different teams from the most recent Mobile Pwn2Own contest. To get an introduction to variant hunting and find out why Apple determined that the two bugs were given the same CVE, click here.
Zero-Day Filters
There are 33 new zero-day filters covering six vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.
Adobe (4)
|
|
Advantech (1)
|
|
GE (1)
|
|
Microsoft (6)
|
|
Oracle (1)
|
|
WECON (20)
|
|
Missed Last Week’s News?
Catch up on last week’s news in my weekly recap.
The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 25, 2018 appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, House lawmakers approved legislation for securing technology used to power critical infrastructures from cyberattacks.
Read on to learn more.
The New Face of Necurs: Noteworthy Changes to Necurs’ Behaviors
Six years after it was first spotted in the wild, the Necurs malware botnet is still out to prove that it’s a malware chameleon. We recently discovered noteworthy changes to the way Necurs makes use of its bots, such as pushing infostealers on them and showing a special interest in bots with specific characteristics.
Cryptocurrency-Mining Bot Targets Devices With Running SSH Service via Potential Scam Site
The practicality of cryptocurrency mining on devices connected to the internet of things (IoT) is often a questionable matter in terms of computing power. Be that as it may, we’ve nonetheless seen miscreants targeting connected devices and even offering cryptocurrency malware in the underground.
Digging into the New ePrivacy Regulation: Balancing Privacy and Progress
After GDPR’s implementation, discussions have not waned as enterprises anticipate the impact of a proposed legislation to secure electronic communications — the ePrivacy Regulation (ePR).
House Passes Bill to Addressing Industrial Cybersecurity
House lawmakers approved legislation that aims at securing technology used to power critical infrastructure from cyberattacks.
Hospitality Industry Under Attack for Credentials, PII Theft
The study found that fake accounts and intrusions via botnets targeting hotel, airline, cruise, and travel websites have increased in particular countries.
Black Hat: Cybersecurity Is More Than A Tech Problem
A recent report by Black Hat on the current state of cybersecurity shows how experts are bundling issues such as personal privacy, politics, business, ethics and risk into the overall cybersecurity package.
Voice Data of 5.1 Million People Collected and Stored by UK Tax Authority
The U.K. privacy advocate group Big Brother Watch published a report about the biometric data — specifically voice data — collection practices of HM Revenue and Customs (HMRC).
A Quarter of UK Businesses Think Their Cybersecurity Isn’t Up to Scratch
A report recently released by the London Office for Rapid Cybersecurity Advancement shows that more than half of UK’s large businesses have suffered a cybersecurity attack in the past 12 months.
Phishing Emails Sidestep Microsoft Office 365 Filters Using ZeroFont
The technique, called ZeroFont, involves the manipulation of text font sizes to trick O365’s natural language processing, a tool that identifies malicious emails.
Do you think the new House bill will help successfully mitigate threats to cybersecurity for critical infrastructure technology? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Rules and Regulation appeared first on .
Metade dos brasileiros sofreu algum tipo de golpe digital em 2024 , segundo relatório da empresa de segurança BioCatch publicado nesta se...
