📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
Recently, we shared the results of a new survey on phishing knowledge and click habits of 7,000 workers in the U.S., U.K., Australia/New Zealand, Germany, France, Italy and Japan. In it, we focused a fair bit on COVID-19 and its effects on people and their online habits with the increase in WFH, as well as on cybercriminal tactics themselves. We then worked with Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and technology, to get his take on the survey results. Below are snippets from our interview with Dr. Rajivan, where we asked him about some of the nitty-gritty in the report and what he thinks the numbers mean. Thanks for taking the time to share additional information with our Community. I’d like to dive right in by examining some the numbers around the mass shift to working from home. In the survey, 54% of workers worldwide said they had increased the amount of time they spend working from home due to the COVID-19 pande
Hackers’ motives are often widely misunderstood. Some act behind the scenes to make the internet a safer place by bringing vulnerabilities to light.Hacking often conjures up images of shadowy hooded figures, illuminated only by the six computer screens in front of them. They furiously type away at a keyboard as code cascades down their screens, racing to take down a computer network for vengeance or personal gain. This is how Hollywood has personified hackers, anyway.The truth is, there are many reasons people get into hacking and not all of them are bad. Sure, there are bad actors who earn the ire of the FBI for network takedowns and ransomware heists – these are known as black-hat hackers. But there are also hackers that act as forces for good and help companies protect their networks. These are known as white hat hackers. What is white hat hacking? A white hat hacker is defined by Wikipedia as “an ethical computer hacker or computer security expert, who specializes in penetration te
Windows' error- and crash-reporting system sends a wealth of data unencrypted and in the clear, information that eavesdropping hackers or state security agencies can use to refine and pinpoint their attacks, a researcher said today. Not coincidentally, over the weekend the popular German newsmagazine Der Spiegel reported that the [url=http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html]U.S. National Security Agency (NSA) collects Windows crash reports[/url] from its global wiretaps to sniff out details of targeted PCs, including the installed software and operating systems, down to the version numbers and whether the programs or OSes have been patched; application and operating system crashes that signal vulnerabilities that could be exploited with malware; and even the devices and peripherals that have been plugged into the computers. "This information would definitely give an attacker a significant advantage. I
The hacktivist collective [url=http://www.scmagazine.com/search/Syrian+Electronic+Army/]Syrian Electronic Army[/url] (SEA) plans to release U.S. military data it obtained in an alleged hack of the U.S. Central Command. On Friday, the group [url=https://twitter.com/Official_SEA16/status/444507843475955712/photo/1/large]posted a screenshot[/url] via a Twitter account of information it allegedly gained access to as part of ongoing operation, dubbed “CENTCOM.” Namely, a folder containing 21,866 Fleet Forces Command files were shown in the image. The U.S. Fleet Forces Command provides training, coordination and support for the U.S. Navy. That day, SEA also tweeted that operation CENTCOM was “now in motion” due to President Obama's decision to “attack Syria with electronic warfare.” The group also said that “in the coming days,” it will update the public with “specific details and hundreds of documents” that it obtained. SEA claimed on Twitter that it had “already success
Patch Tuesday Continues there is an Update for Java so be sure to install this update and be on look out for unwanted add-ons also if you run a 64bit OS be sure to Download both 32bit & 64bit offline installers! ;) [url=http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html]Download Java SE Runtime Environment 7u10[/url] [url=http://www.oracle.com/technetwork/java/javase/7u10-relnotes-1880995.html]Update Release Notes for Java SE 7u10[/url] or [url=http://www.oracle.com/technetwork/java/javase/downloads/jre6u38-downloads-1877409.html]Download Java SE Runtime Environment 6 Update 38[/url] [url=http://www.oracle.com/technetwork/java/javase/6u38-relnotes-1880997.html]Update Release Notes for Java SE 6 Update 38[/url] [i][b]TH[/b][/i]
[h2][b]Welcome to the Webroot Community![/b][/h2] The mission of this online community is to provide a virtual meeting space where Webroot users and cybersecurity enthusiasts can learn, share, and connect. While our community is aimed at Webroot customers and users, we welcome everyone with an interest in cybersecurity, as long as you observe these community rules: [b][u]Be Respectful[/u][/b] We work hard to keep spammers and trolls away from the Webroot Community, and we expect users to treat one another with respect. Differing viewpoints, constructive criticism, and requests for clarification are all welcome. Insensitive topics and comments, name-calling, profanity, and anything you wouldn’t want someone to say to you in person will be removed at the moderators’ discretion. Multiple offenses will result in a temporary or permanent ban. [b][u]Keep the Positivity[/u][/b] The Webroot Community is a place to ask questions, get answers, and share ideas in a positive environment
Ladies and gents, we have a new Sr. Community Expert Advisor - [user=9186][/user]! Please join me in congratulating him on this very well deserved promotion!
Description: Security solutions alone are no longer enough in the modern threat environment. The only way to truly reduce the risk that advanced threats present is to take a layered approach to your policy. In this session, you’ll learn the key aspects of a layered security policy that can actually keep you protected, instead of leaving gaps wide open. [b]What you'll walk away with:[/b] [list] [*]Ways to better incorporate regular patch management processes [*]Most common policy failures [*]How to ensure a proper backup practices[/list][url=https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&partnerref=webroot&eventid=1066191&sessionid=1&key=7CFDAD6E04AFEBA6781ECD2B4CF66EA3&regTag=&sourcepage=register]Register here[/url]
Well when any tragedy happens or is occurring it is ripe picking for the scammers and the Ebola epidemic is no exception at all and they will whenever given a chance exploit it, so be on uour guard. [b]Posted on 17 October 2014.[/b][i]"US-CERT released an [url=https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns]advisory[/url] warning users about email scams and cyber campaigns using the Ebola virus disease as a theme.[/i] [i] "Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system," they pointed out.[/i] [i] They advise users to be careful when dealing with these types of email messages, and urge them not to follow links or open attachments contained in them."[/i] [url=http://www.net-security.org/secworld.php?id=17509&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetS
This story really makes you wonder how may malicious apps may already be on Apple's App Store. Apple is very proud of its review process, which it claims prevents any malware from making into the store. However, this exploit proves quite the opposite, and it also proved exactly how rigorous the Apple review process is. And how rigorous is that? Well, according to the researchers, Apple runs an app for a few seconds and then gives it a green light if it doesn't find any issues using a static form of analysis - in other words, it's not exactly a robust process. [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/5824i380538A651047454.jpg[/img] From [url=http://www.technologyreview.com/news/518096/remotely-assembled-malware-blows-past-apples-screening-process/]TechnologyReview.com[/url]: [i]Mystery has long shrouded how Apple vets iPhone, iPad, and iPod apps for safety. Now, researchers who managed to get a malicious app up for sale in th
[i]Latest iPad and iPad firmware reveals attachments in clear text.[/i] Apple has been busted for falsely claiming that email attachments sent from iOS are encrypted. German researcher Andreas Kurtz found email attachments for POP, IMAP and ActiveSync accounts were available in clear text on iPhone 4, 5s and iPad 2 devices. "A few weeks ago, I noticed that email attachments within the iOS 7 MobileMail.app are not protected by Apple's data protection mechanisms," Kurtz said in a [url=http://www.andreas-kurtz.de/2014/04/what-apple-missed-to-fix-in-ios-711.html]blog[/url]. "Considering the long time iOS 7 is available by now (sic) and the sensitivity of email attachments many enterprises share on their devices - fundamentally relying on data protection - I expected a near-term patch." [url=http://www.theregister.co.uk/2014/05/02/nope_ios_email_attachments_arent_encrypted/]Full Article[/url]
[b]Google Chrome 43.0.2357.134 Stable[/b] The stable channel has been updated to 43.0.2357.134 for Windows, Mac, and Linux. This release contains a critical update to Adobe Flash Player (18.0.0.209) and a fix for a full screen casting [url=https://code.google.com/p/chromium/issues/detail?id=506016]issue[/url]. A partial list of changes is available in the [url=https://chromium.googlesource.com/chromium/src/+log/43.0.2357.132..43.0.2357.134?pretty=fuller&n=10000]log[/url]. [url=http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_14.html]http://googlechromereleases.blogspot...update_14.html[/url][url=https://dl.google.com/chrome/install/standalonesetup.exe] Google Chrome Standalone Offline Installer (32-bit)[/url] [url=https://dl.google.com/chrome/install/standalonesetup64.exe]Google Chrome Standalone Offline Installer (64-bit)[/url] Alternative Links: (other working download links) [url=http://www.google.com/chrome/eula.html?standalone=1]Googl
[url=https://www.denverbiztechexpo.com/]https://www.denverbiztechexpo.com/[/url] [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/21838iDEDF07EFCD79DBF0.jpg[/img] [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/21839i70C1B83EF5B8A19E.jpg[/img] [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/21840i1D1B61C924FAC5CE.jpg[/img]
[b]DNS amplification distributed denial-of-service (DDOS) is not the only type of efficient DDOS attack. Over the past days, researchers have spotted Network Time Protocol (NTP) reflection attacks being launched by cybercriminals.[/b] They are abusing poorly configured servers to launch cyberattacks against the systems of various organizations. On December 16, the number of IPs involved in such attacks peaked at almost 15,000. This is a considerable increase, taking into account that before December 7, the IP count was less than 1,000. NTP is used to synchronize time between various devices within a network. Since it’s not an important protocol, network administrators often neglect to upgrade it and configure it properly. According to experts from Symantec, NTP can be a highly efficient DDOS tool. That’s because an attacker can send a small forged request to which the server responds with a large amount of data. [url=http://news.softpedia.com/news/Cybercriminals-Abuse-Networ
This is not specifically about Webroot, at all, but my Facebook suddenly went to Spanish, including the HELP page. Everything except my own posts and comments. All "Facebook generated" text is Spanish. I can't seem to make the Chrome browser translate it, either. Does anyone have experience with this? Thank you, Jerry
Earlier this week, researchers from MX Lab warned that cybercriminals started sending out malicious emails purporting to contain [url=http://news.softpedia.com/news/Fake-Adobe-License-Themed-Emails-Carry-Kuluoz-Malware-411166.shtml]license keys[/url] for various Adobe products. After learning of the cybercriminal campaign, Adobe has published an alert to warn customers. “Adobe is aware of reports that a phishing campaign is underway involving malicious email purporting to deliver license keys for a variety of Adobe offerings. Customers who receive one of these emails should delete it immediately without downloading attachments or following hyperlinks that may be included in the message,” the [url=http://blogs.adobe.com/psirt/2013/12/20/alert-adobe-license-key-email-scam/]alert reads[/url]. The company advises customers to check out their “[url=http://www.adobe.com/security/prevent-phishing.html]Prevent Phishing[/url]” page to learn more on how to protect themselves. The scam notific
The widespread vBulletin CMS has a vulnerability that allows remote attackers to create new administrative accounts. Back in August, users of versions in the 4.1+ and 5+ series were advised to delete the /install/ or /core/install/ directories (depending on version) as a workaround against the bug, but vBulletin didn't advise of the impact of the problem. [url=http://www.theregister.co.uk/2013/10/10/vbulletin_vuln_opens_backdoor_to_rogue_accounts/]Full Article[/url]
[b]SecureAnywhere Internet Security Complete is Webroot’s top-of-the-line product for consumers; it encompasses all the functionality the company has to offer for this category of customers in order to deliver easy to configure comprehensive protection without putting a heavy load on the system.[/b] [img]https://d1qy7qyune0vt1.cloudfront.net/webroot-en/attachment/7835i424B14FE38CF2DA5.png[/img] ll Webroot consumer products have the same installer, which is less than 1MB in size, and the same interface, the package-specific components being enabled through the license code inputted during the installation process. Getting the package on the system is an easy task that does not require rebooting. Among the options available for this operation there is the possibility to rename the installed file name to a random string in order to bypass certain threats that may attempt the installation of a security product on an infected machine. The entire procedure is swift and involv
