Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Blog_Security News: Evernote vulnerability puts data of 4.6M users at risk
#1
Information 
Quote:
[Image: TVDumYE.png]

Radiohead, the FBI, and a new threat called GoldBrute round out the cybersecurity news of the week

4.6M Evernote users put at risk

Cybersecurity watchdogs discovered a critical flaw in the popular organization app Evernote, reported Bleeping Computer. The vulnerability allows attackers to access sensitive information stored on third-party sites connected to the Evernote account. By exploiting a logical coding error in the Evernote Web Clipper Chrome extension, attackers could gain privileges in Iframes beyond Evernote’s domain. Users can link various third-party sites to their Evernote app, creating an unintentional linked database of login credentials, financial data, personal communications, and more, which attackers could explore and steal.

Fortunately, a fix has already been developed. Evernote rolled out a patch for the universal cross-site scripting (UXSS) vulnerability on June 4. All users of the Evernote Web Clipper Chrome extension – estimated at 4.6 million – are advised to visit the Chrome extension page to ensure they have version 7.11.1 (or later) installed.

This week’s stat

The MIT Technology Review estimates that if the current level of public interest continues, commercial genetic databases will hold the info of 100 million people by 2021. Read more.

Cyberattack prompts Radiohead to release unheard tracks

The band Radiohead has released 18 hours of previously unheard – and, in some cases, unfinished – tracks to the streaming service Bandcamp. In a tweet the band’s guitarist Johnny Greenwood wrote that “someone stole [lead singer] Thom’s minidisk archive from around the time of (the 1997 album) ‘OK Computer’ and reportedly demanded $150,000 on threat of releasing it.” The majority of the material in the archive, according to Greenwood, is “only tangentially interesting. And very, very long.”

Never intended for public consumption, the music is available for 18 days only. The BBC reported that, “Among the treasures in the collection are a 12-minute version of ‘Paranoid Android,’ Thom Yorke’s demo recording of ‘Karma Police,’ and dozens of unreleased or unfinished songs.” Fans can listen for free on Bandcamp or buy the full 18 hours of music for £18. All proceeds of the new material will go to the nonviolent activist group Extinction Rebellion.

This week’s quote

“Using ideas like this requires creativity and experimentation, but at least they are informed by evidence about how humans actually make decisions.” – From a new Avast report urging cybersecurity pros to go beyond using warnings to encourage security updates.

FBI issues warning about phishing

The FBI posted a public service announcement earlier this week to educate the public on the phishing of websites with the prefix https (Hypertext Transfer Protocol Secure). Phishing emails are more frequently using the public’s trust that https indicates a safe site. For years, cybersecurity experts have been training the public to look for https (vs. http) and the lock icon in their browser’s address bar to ensure the site is secure. Cybercriminals are now taking advantage of that by “incorporating website certificates – third-party verification that a site is secure – when they send potential victims emails that imitate trustworthy companies or email contacts.” If a user mistakenly believes a phishing email is from the legitimate company it mimics, he or she may enter login credentials and any other info that would immediately become part of the attacker’s database.

The FBI provides the following tips to keep from falling victim to https phishing:

* Do not simply trust the name on an email. Question the intent of the email content.

* If you receive a suspicious email from a known contact that includes a link, confirm the email is legitimate by calling or emailing the contact. Do not reply directly to a suspicious email.

* Check for misspellings or wrong domains within a link (e.g., if an address that should end in .gov ends in .com instead).

* Do not trust a website just because it has a lock icon or https in the browser address bar.
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
GFYI [Official] EaseUS Data Recovery Wi...
I utilize EaseUS Par...zevish — 08:10
MultCloud 500GB Data Traffic Lifetime wi...
MultCloud offers a c...zevish — 07:59
O&O SafeErase Professional 17 Lifetime G...
O&O SafeErase Pr...zevish — 07:43
IM-Magic Partition Resizer Pro [PC]
IM-Magic Partition R...zevish — 07:27
ActivePresenter
ActivePresenter ...mertxgreen2 — 00:00

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>