- 0
Asked by
Barney T.,
-
Recently Browsing 0 members
No registered users viewing this page.
-
Similar Content
-
By Usama Jawad96
Google banned over 100,000 malicious developers in 2020
by Usama Jawad
The Play Store is not exactly known for its security, but Google continually makes efforts to improve the overall situation. To that end, the company has now disclosed the various methodologies it used to fight malicious apps and developers in 2020, and has shared some accompanying statistics as well.
In 2020, over 100 billion installed apps were scanned by Play Protect on a daily basis. Play Protect was introduced back in 2017 to give users more visibility over Android security. With 2020 being a particularly difficult year due to growing fake news, U.S. elections, as well as people scrambling to find reliable information regarding COVID-19 and vaccines, Google took several steps to ensure that apps do not harm users via misinformation.
Among these was the requirement that apps dealing with sensitive use-cases such as displaying information about COVID-19 testing sites should meet a high-level of user data privacy and should be endorsed by government or healthcare authorities. New guidelines were introduced for apps which market themselves as "News" to improve transparency for users of the Play Store. Finally, specific teams and processes were put in place to focus on U.S. elections and to prevent related abuse via the Play Store.
Google's machine learning algorithms stopped over 962,000 apps from release on the Play Store because they violated certain policies. In the same vein, 119,000 malicious and spammy developer accounts received the banhammer.
Other enhancements include the review of all apps requesting access to location in the background and enforcing developers to provide user benefit when they request this information. Apps which do not follow these guidelines will be removed from the Play Store. Google plans to disclose more information about this process soon.
Lastly, the company also released a new tab in the Play Store containing "Teacher approved" apps, containing recommendations from academic experts and advisors.
Google says that it will continue investing in efforts that prevent malicious content from being distributed in the Play Store. The company hopes to build and sustain trust not only with users, but developers as well. It noted that its enforcement actions in the past year have resulted in increased developer satisfaction and a reduced number of appeals overall.
-
By Usama Jawad96
All major Microsoft services will exclusively use SHA-2 from next month
by Usama Jawad
Secure Hash Algorithm 1 (SHA-1) is a 25-year-old method of generating hashes using a cryptographic function. Google successfully managed to demonstrate the weaknesses of the algorithm in 2017 and major browsers also began to block websites using SHA-1 certificates. Similarly, Apple dropped support for it in 2019.
Microsoft has announced that all its major services and processes will be exclusively using SHA-2 from next month.
Background image of micro circuit with binary code via Shutterstock As the name suggests, SHA-2 is an enhanced version of SHA-1, and is more secure and performant. As such, Microsoft will allow the SHA-1 Trusted Root Certificate Authority (CA) to expire, and all major processes such as TLS certificates, file hashing, and code signing will exclusively use SHA-2 from May 9, 2021 at 4PM PT.
This move is not particularly surprising considering that in 2019, Microsoft enforced Windows updates signing via SHA-2 and deprecated SHA-1 signed content from the Download Center in late 2020 too.
Microsoft says that the expiration will only impact SHA-1 certificates that are linked to the associated Root CA. However, certificates that are manually signed using SHA-1 by enterprises themselves will not be impacted. That said, it is obviously recommended that organizations migrate to SHA-2 as well.
Overall, the Redmond tech giant considers the move to be quite "uneventful" as it says that it has done full-fledged testing of major applications and potential issues. Regardless, if organizations face problems, they are recommended to peruse Microsoft's dedicated support article or reach out to the firm's technical teams.
-
By Usama Jawad96
Microsoft releases security updates for Exchange Server following report by the NSA
by Usama Jawad
In March, Exchange Server headlined the cybersecurity news section when it was discovered that it is under attack from state-sponsored groups. Microsoft was quick to release out-of-band updates for both supported and unsupported versions of Exchange, tools to break the attack chain, as well as advisories for customers. As a result of its efforts, hundreds of thousands of on-premises Exhange Server instances were patched against vulnerabilities. It is important to note that Exchange Online was not affected by this incident.
Now, Microsoft has released yet another set of security updates for Exchange Server to tackle newly discovered Remote Code Execution (RCE) vulnerabilities.
This time around, security updates are only available to Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9. If you're not on any of the aforementioned cumulative updates (CUs), Microsoft recommends that you first upgrade to a supported environment and then apply the security updates. Once again, Exchange Online customers do not need to do anything.
The Redmond tech giant says that the April 2021 security updates (SUs) patches RCE vulnerabilities that were privately reported to the firm by the National Security Agency (NSA). Although Microsoft's investigation indicates that the exploit is not being utilized by attackers, it still urges customers to apply the SU as quickly as possible.
It is important to note that since SUs are cumulative, customers who apply the April updates will also be protected against vulnerabilities reported in March. However, customers with SUs released in March are unprotected against these new security flaws. Microsoft has cautioned that unlike last time, it does not plan to release out-of-band SUs for unsupported versions of Exchange Server. There are 47 old CUs affected by this flaw and it's not possible for Microsoft to invest effort in releasing updates for all of them. As such, it recommends updating to a current environment in order to apply the updates. Finally, the company has also noted that SUs have not been released for Exchange Server 2010 as it is unaffected by the latest vulnerabilities. You can find out more about the updates by heading over to Microsoft's blog post here.
-
By zikalify
NortonLifeLock: Two out of every five Americans affected by cybercrime in 2020
by Paul Hill
New data from NortonLifeLock and The Harris Poll has found that nearly 108 million Americans experienced cybercrime in the past 12 months resulting in a cumulative 719 million hours spent trying to resolve issues or about 6.7 hours per person. In total, 10,030 adults from 10 countries were involved in the survey to help shed light on cybersecurity issues.
The survey was conducted in February between the 15th and the 28th. There were around 1,000 respondents from Australia, France, Germany, India, Italy, Japan, Netherlands, New Zealand, United Kingdom, and the United States and the results were weighted to bring them in line with their actual proportions in the population. Weighted variables differed by country but included things like age, gender, ethnicity, region, education, marital status, internet usage, household size and income, size of the place, and propensity to be online.
According to the report, 65% of people are spending more time online as a result of the pandemic and that cybercriminals are taking advantage of this fact by launching attacks against unsuspecting victims. The survey data suggests that 330 million people across the 10 countries were affected by cybercrime and 55 million suffered identity theft. Collectively, it’s predicted that 2.7 billion hours were spent trying to resolve the problems arising from these attacks in the 10 countries.
Commenting on the findings, Paige Hanson, chief of cyber safety education at NortonLifeLock, said:
With regards to people fighting back against cybercrime, NortonLifeLock’s report found that 77% of Americans are taking more precautions online with 99% of those who noticed unauthorized access on an account taking action to improve their cyber safety. Two-thirds created stronger passwords for their account and 51% contacted the company to let them know their account had been hacked. A third of respondents said they turned to family members or the internet for cybersecurity assistance while a fifth invested more money in security software.
Another interesting finding in this study is that those under 40 – those normally portrayed as technically savvy – were less likely to know what to do if their identity was stolen compared to those over 40 (62% vs. 37%).
While there are many internet security suites including Norton Internet Security, common sense and caution go a long way in helping you stay safe online. In addition to security software, you should be careful clicking any links you receive, make sure you use different passwords, and ensure all the software you use is kept up-to-date.
-
By News Staff
The Essential Guide to Security - free eBook download
by Steven Parker
Claim this complimentary eBook for free today, before the offer expires.
What's it about?
How to Get Started Using Splunk’s Security Suite to Solve Your Everyday Challenges
What’s your plan for cybersecurity? Are you simply “planning for the worst, but hoping for the best?” With digital technology touching every part of our lives and new threats popping up daily, it’s imperative that your organization is precise, informed and prepared when it comes to defending your assets and hunting your adversaries.
High-profile breaches, global ransomware attacks and the scourge of cryptomining are good enough reasons why your organization needs to collect, leverage and understand the right data.
You’ll also need to implement the right processes and procedures, often alongside new technologies, methods and requirements–all with an ever-increasing velocity and variety of machine data.
So how can you best defend your organization and hunt down new adversaries? Ultimately, by taking a holistic approach to your defense system across the enterprise. This is why Splunk believes every organization needs a security nerve center, implemented by following a six-stage security journey that we will describe for you.
How to get it
Please ensure you read the terms and conditions to claim this offer. Complete and verifiable information is required in order to receive this free offer. If you have previously made use of these free offers, you will not need to re-register. While supplies last!
>> The Essential Guide to Security - free eBook download <<
Offered by Splunk, view other free resources | Limited time offer
Not for you?
That's OK, there are other free eBooks on offer you can check out here.
Enter giveaways: Polycade Home Arcade | $5K in cash | $10K in Crypto Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store
Disclosure: A valid email address is required to fulfill your request. Complete and verifiable information is required in order to receive this offer. By submitting a request, your information is subject to TradePub.com's Privacy Policy.
-
Question
This topic is for the placement of links to how-to articles, tips, FAQs, or helpful information related to internet, network, and security. Please post links to the actual articles.
Internet Basics
Networking Basics
Security Basics
Security Tools
Security Tools for basic users:
FAQ's
Link to post
Share on other sites
17 answers to this question
Recommended Posts