Jump to content

Search the Community

Showing results for tags 'security risk'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 7 results

  1. Government agencies must update Microsoft Exchange as feds warn of ‘unacceptable’ security risk KEY POINTS Microsoft on Tuesday issued new patches for the 2013, 2016 and 2019 versions of Exchange. CISA ordered all federal agencies to deploy the patches by Friday, saying the vulnerabilities pose an “unacceptable” risk. Unlike patches issued in March, which fixed gaps that had been exploited by Chinese hackers, Microsoft said it is not aware of exploits of these new vulnerabilities. Dado Ruvic | Reuters Microsoft on Tuesday released patches for three versions of its Exchange Server email and calendar software that companies use in on-premises data centers, and the federal government has ordered all agencies to install them, warning that the vulnerabilities being patched “pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action.” The updates come a month after Microsoft took action to respond to attacks on other flaws in Exchange Server, which the company said had been exploited by Chinese hackers. But unlike last time, Microsoft said in a blog post it has not yet observed exploits of the newly discovered holes. Nonetheless, the widespread usage of Exchange, and the importance of email in general, has spurred the federal government to sound the alarm. In a Tuesday directive, the U.S. Cybersecurity and Infrastructure Security Agency noted that these vulnerabilities are “different from the ones disclosed and fixed in March 2021” and ordered all government agencies to deploy the patches before Friday. “Given the powerful privileges that Exchange manages by default and the amount of potentially sensitive information that is stored in Exchange servers operated and hosted by (or on behalf of) federal agencies, Exchange servers are a primary target for adversary activity,” CISA wrote. “This determination is based on the likelihood of the vulnerabilities being weaponized, combined with the widespread use of the affected software across the Executive Branch and high potential for a compromise of integrity and confidentiality of agency information.” The new patches apply to the 2013, 2016 and 2019 versions of Exchange Server. The company said organizations using the cloud-based Exchange Online service included in Microsoft 365 subscription bundles is already protected. Microsoft gave credit to the U.S. National Security Agency for reporting the new vulnerabilities. Source: Government agencies must update Microsoft Exchange as feds warn of ‘unacceptable’ security risk
  2. NEW YORK (AP) — U.S. Attorney General Bill Barr said Tuesday that increased encryption of data on phones and computers and encrypted messaging apps are putting American security at risk. Barr’s comments at a cybersecurity conference mark a continuing effort by the Justice Department to push tech companies to provide law enforcement with access to encrypted devices and applications during investigations. “There have been enough dogmatic pronouncements that lawful access simply cannot be done,” Barr said. “It can be, and it must be.” The attorney general said law enforcement is increasingly unable to access information on devices, and between devices in the virtual world, even with a warrant supporting probable cause of criminal activity. Barr said that terrorists and cartels often will switch mid-communication to an encrypted application to plan especially deadly operations. He described a transnational drug cartel’s use of WhatsApp group chat to specifically coordinate murders of Mexico-based police officials. Gail Kent, Facebook’s global public policy lead on security, recently said that allowing the government’s ability to gain access to encrypted communications would jeopardize cybersecurity for millions of law-abiding people who rely on it. WhatsApp is owned by Facebook. “It’s impossible to create any backdoor that couldn’t be discovered, and exploited, by bad actors,” Kent said. Kent said changing encryption practices won’t stop bad actors from using encrypted devices or applications on other services that might pop up to enable this. Encrypted communications are ones that are only available to users on either end of the communications. The increasing use of this technology has long been coined by the Justice Department as the “going dark” problem. The remarks acknowledged the need for encryption to ensure overall cybersecurity that has enabled people to bank relatively securely online and engage in e-commerce. Barr said that to date, law enforcement in Garland, Texas, have been unable to access 100 instant messages sent between terrorists who carried out an attack there. “The status quo is exceptionally dangerous, it is unacceptable and only getting worse,” Barr said. “It’s time for the United States to stop debating whether to address it and start talking about how to address it.” Ex-FBI director James Comey championed the need for a law enforcement workaround to encrypted devices and communications. He led a highly publicized push to gain access to an iPhone belonging to a perpetrator of a terrorist attack in San Bernardino, California, that killed 14 people in 2015. From the Senate floor on Tuesday, Sen. Ron Wyden, D-Ore., responded to Barr’s remarks in New York calling it an “outrageous, wrongheaded and dangerous proposal.” Wyden said Barr wants to “blow a hole” in a critical security feature for Americans’ digital lives by trying to undermine strong encryption and advocating for government backdoors into the personal devices of Americans. He said strong encryption helps keep health records, personal communications and other sensitive data secure from hackers. “Once you weaken encryption with a backdoor, you make it far easier for criminals, hackers and predators to get into your digital life,” Wyden said. He said he fears and expects that Barr and President Donald Trump would abuse the power to break encryption if they were allowed to do so. Given their records “it is clear to me that they cannot be trusted with this kind of power,” Wyden said. Source
  3. DNA matching can produce interesting data on family trees, but may also expose us to serious risk. DNA testing is no longer simply a tool in the medical field -- in recent years, DNA profiling has become a product offered by private companies and third-party services. These tests, often conducted with a home swab and posted away for analysis, can reveal family matches and possible connections, as well as clues to our ethnic heritage. As records pile up in the databases of companies including Ancestry.com and MyHeritage, third-party websites -- such as GEDmatch -- can also be used to compare DNA sequences submitted by other people. It is undisputably interesting to learn more about our genetic traits and family trees, but as noted by academics from the University of Washington, there may be a trade-off when it comes to our privacy and security. GEDmatch is the focus of new research into the security risks of DNA profiling. The paper (.PDF), published by University of Washington academics and accepted at the Network and Distributed System Security Symposium for presentation in February, explains how small numbers of comparisons made through the platform can be used to "extract someone's sensitive genetic markers," as well as construct fake profiles to impersonate relatives. "People think of genetic data as being personal -- and it is. It's literally part of their physical identity," said lead author Peter Ney from the UW Paul G. Allen School of Computer Science & Engineering. "This makes the privacy of genetic data particularly important. You can change your credit card number but you can't change your DNA." The researchers created an account on GEDmatch and uploaded different genetic profiles by sourcing data from anonymous genetic profiles. The platform then assigned these profiles an ID. When one-to-one comparisons are made, GEDmatch creates graphics to show how two samples match or differ, including a bar for each 22 non-sex chromosome. It is this bar that the researchers honed in on, creating four "extraction profiles" to try and deduce the target profile's DNA by making continual comparisons. "Genetic information correlates to medical conditions and potentially other deeply personal traits," added co-author Luis Ceze. "Even in the age of oversharing information, this is most likely the kind of information one doesn't want to share for legal, medical and mental health reasons. But as more genetic information goes digital, the risks increase." Millions of us have already submitted our DNA for tests, and as more individuals jump on the trend, the risks are likely to increase. Another GEDmatch graphic, together with 20 experimental profiles, revealed that larger samples could be exploited to target a single record with an average of 92 percent of a test profile's unique sequences becoming harvested with roughly 98 percent accuracy. False relationships, too, are a possibility. The researchers created a fake child containing 50 percent of its DNA from one of their experimental profiles. After launching a comparison, GEDmatch came back with an estimated parent-child relationship. By doing so, it is theoretically possible for attackers to also create any family relationship they want by changing shared DNA fractions. "If GEDmatch users have concerns about the privacy of their genetic data, they have the option to delete it from the site," Ney said. "The choice to share data is a personal decision, and users should be aware that there may be some risk whenever they share data." The academics reached out to GEDMatch prior to publication and said that the platform is "working to resolve these issues." The research was funded in part by the University of Washington Tech Policy Lab, with the help of a grant from the Defense Advanced Research Projects Agency (DARPA) Molecular Informatics Program. GEDmatch told ZDNet: Source: GEDmatch highlights security concerns of DNA comparison websites (via ZDNet)
  4. Many of the drones are made in China or use Chinese parts The US Interior Department, which oversees federal land and resource management, says it’s grounding its entire aerial drone fleet of more than 800 UAVs out of concern for Chinese spying and drone-aided cyberattacks. The news was first reported by The Wall Street Journal today, and the department confirmed the grounding to The Verge. Every drone in use by the Interior Department is either manufactured in China or uses some Chinese-made parts, the WSJ reports. Interior Secretary David Bernhardt made the order earlier today, and the drones will remain grounded until the department completes a review of the security risks they may pose. “Secretary Bernhardt is reviewing the Department of the Interior’s drone program. Until this review is completed, the Secretary has directed that drones manufactured in China or made from Chinese components be grounded unless they are currently being utilized for emergency purposes, such as fighting wildfires, search and rescue, and dealing with natural disasters that may threaten life or property,” reads a statement from Department of the Interior spokesperson Melissa Brown given to The Verge. Many of the drones are currently used by the department to help with combating forest fires, monitoring dams and floods, inspecting land for property and environmental damage due to erosion, and monitoring endangered species. Some of the concern is centered on whether the drones could be used to transmit data, including photography and video, of sensitive US infrastructure that may be the subject of future cyberattacks, The Wall Street Journal reports. The move is the US government’s latest escalation in its push to punish Chinese companies for years of alleged trade secret theft, despite the US purchasing billions of dollars in products and equipment from Chinese firms every year. US lawmakers last month introduced a bill that would prevent federal agencies from purchasing drones from China, something that could greatly impact Chinese drone giant DJI’s business. Federal agencies have warned against using DJI products in the past, but the company has never faced an outright ban. The Department of Homeland Security also warned against using Chinese-made drones in a federal capacity earlier this year. Beyond the drone market, the Trump administration has gone to great lengths since early last year to completely cut off Chinese telecom giant Huawei from operating in the US in any capacity, out of similar national security concern. And, as a function of the ongoing US-China trade war, those steps have had a significant effect on Huawei’s business and its relationship with major partners like Android steward Google, with Huawei losing its Android license and the ability to access Google Play apps. Source: US Interior Department is grounding its drone fleet due to risks of Chinese spying (via The Verge)
  5. Japan to check 200M devices for security risks as 2020 Olympics nears A government institute will randomly try to sign into devices using common passwords but won't actually break in. The Tokyo 2020 Olympics already has its mascots: Miraitowa (left) and Someity. Security preparations are underway too. Getty Images Japan is ramping up cybersecurity as it plans for the summer Olympics next year in Tokyo. The government's National Institute of Information and Communications Technology will survey about 200 million internet-connected devices in Japan for potential security vulnerabilities starting in February, Channel News Asia reported this week. The institute will get the permission of internet service providers to do the work. Researchers will randomly try to break into devices by using common but unsafe IDs and passwords often exploited by malware such as "abcd," "1234" or "admin" to see whether devices are vulnerable to hackers, Channel News Asia reported. The gadgets will include routers, webcams and web-connected appliances in homes and businesses -- mostly devices that use physical cables to connect to the internet. Mobile phones won't be included. ISPs will be notified if a device is deemed vulnerable to risks. The institute won't view the data stored on devices it's able to break into, according to the publication. Sporting events have been vulnerable to cyberattacks in the past. The Pyeongchang Winter Olympics in South Korea fell victim to a hacking campaign last February. Source
  6. Microsoft hides file extensions in Windows by default even though it's a security risk that is commonly abused by phishing emails and malware distributors to trick people into opening malicious files. A file extension is the letters immediately shown after the last period in a file name and is used by the operating system to determine what program is used to open, view, and utilize the file. For example, the file report.txt has an extension of .txt, which is associated with the Windows Notepad program to open and view its contents. By default, Microsoft decides to hide file extensions in Windows so that a file named 'report.txt' is simply shown in File Explorer as 'report'. The original reason for this was probably to make it less confusing to users, but regardless of the reason, it is a security risk that attackers abuse. Windows default settings abused by attackers To illustrate how the hiding of file extensions is a security risk, let's take a look at the following folder containing two files. With file extensions disabled, they look like the same PDF file as they both have the same name and the same icon. File extensions are hidden in Windows If we enable extensions, though, we quickly see that these are two different files with one being a PDF as expected, but the other being an executable file that uses a PDF icon. File extensions are now enabled In this case, the malware executable purposely used the PDF icon normally shown by Adobe Reader to trick users who have file extensions disable that it is a PDF file. This is not to say strange PDFs you receive via email cannot be a risk, but receiving executables disguised as PDFs should definitely raise more alarms. Real phishing example abusing file extensions As an example of how attackers are abusing file extensions, let's take a look at a real phishing email that was sent last year. This email pretends to be a requested scan of an agreement with an attached ZIP file named Scan_002_01.zip. Real phishing email with zip file attachment When we extract the attachment, we see what appears to be a harmless PDF file. Extracted folder with extensions disabled When we enable the displaying of file extensions, though, we see that this is not a PDF file, but an executable instead. Extracted folder with extensions enabled Just by unhiding file extensions in Windows, we were able to see that this is not a safe file to execute and potentially saved our computer from being infected with ransomware or installing backdoors that could have compromised the entire network. How to enable file extensions in Windows 10 I strongly suggest that users enable the showing of all file extensions in Windows 10 so that they know exactly what type of file they are interacting with. To enable file extensions in Windows 10, please follow these steps: Search for 'Folder Options' in the Windows 10 Start Menu and when 'File Explorer Options' appears, click on it. Search for Folder Options When the File Explorer Options screen appears, click on the View tab and scroll through the Advanced settings until you see an option labeled "Hide extensions for known file types". Now uncheck the option as shown below. Search for Folder Option Now press the Apply button followed by the OK button and the File Explorer Options screen will close. Now all files displayed on the desktop, in folders, or in File Explorer will display a file extension. Source
  7. By Kate O'Flaherty Apple’s iOS 14 gives you the ability to customize your iPhone home screen, but this can actually be a security risk. Here’s why. Apple’s iOS 14 operating system comes with a bunch of cool new features, including the ability to customize your home screen. Unsurprisingly, the new iOS 14 upgrade has been pretty popular, and people have been keen to share their customized home screens on social media sites such as Facebook and Twitter. But sharing your customized iPhone home screen far and wide isn’t actually a good idea—surprisingly, it can be a major security risk. This is because that screenshot of your iOS 14 home screen can give away a lot of information about you that could be of use to malicious hackers. You’ve probably added your favorite apps for example, which could help adversaries tailor their cyber-attacks to effectively trick you to give away your personal details. Say you have Netflix on your iOS 14 home screen: The attacker could send you a specifically crafted email or text message offering you a free month of the streaming service. It might seem legit—hackers are good at making their communications appear to be from the brands you know and trust. “It might be exciting to share you new-look iOS 14 home screen with vibrant new icons and widget placements but the truth is, the more personal information you hand over to the internet, the more threat actors have to play with to engineer a scam,” says Jake Moore, cybersecurity specialist at ESET. Many people think attackers won’t have anything to gain from them, but you should never underestimate what a cybercriminal can achieve with a seemingly innocuous amount of information, says Moore. “With so much information on us all already out there from large data breaches, often all that is required are small missing pieces in the jigsaw,” Moore explains. Your iOS 14 home screen could reveal a lot of information So sharing your iOS 14 home screen could reveal a lot of information about you. For example, Moore says, your weather widget will offer up your location and the photo reel may show your family members. The music widget can show what music you’re in to and the calendar, reminders and notes widgets offer up more personal information. Then there’s the apps themselves on your home screen which tend to be your most used. “Placed collectively together, this information can help attackers piece together those potential vital missing pieces into the data mix which could lead to targeted phishing attacks,” Moore warns. So, what should you do? It’s actually more about what you shouldn’t do. It might look cool, but don’t share your customized iOS 14 home screen on social media and be very wary of emails offering anything for free, especially if they ask you to enter your credentials. Ideally, don’t click any links—always log into the site separately to the email or text to avoid getting caught out by any malicious actors looking to steal your details. As well as the customized home screen capability, you can also take advantage of the new security and privacy features available in iOS 14, using my simple guide. It’ll help you feel more confident about privacy and security on your iPhone, which is more important today than ever before. Source
  • Create New...