Dismiss this notice
Thor Foresight Home Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8636

Dismiss this notice
Avast Premier Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8637

Dismiss this notice
Kryptel Standard Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8635

Dismiss this notice
Driver Easy Professional Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8634

Dismiss this notice
O&O Software Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8633

Dismiss this notice
Ashampoo WinOptimizer 17 Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8626

Dismiss this notice
AIDA64 Extreme Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8625

Dismiss this notice
Ashampoo Movie Studio Pro 3 Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8624

Dismiss this notice
AirVPN Halloween 2019 Giveaway - https://www.geeks.fyi/showthread.php?tid=8623

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast Blog_Security News: Evernote vulnerability puts data of 4.6M users at risk
#1
Information 
Quote:
[Image: TVDumYE.png]

Radiohead, the FBI, and a new threat called GoldBrute round out the cybersecurity news of the week

4.6M Evernote users put at risk

Cybersecurity watchdogs discovered a critical flaw in the popular organization app Evernote, reported Bleeping Computer. The vulnerability allows attackers to access sensitive information stored on third-party sites connected to the Evernote account. By exploiting a logical coding error in the Evernote Web Clipper Chrome extension, attackers could gain privileges in Iframes beyond Evernote’s domain. Users can link various third-party sites to their Evernote app, creating an unintentional linked database of login credentials, financial data, personal communications, and more, which attackers could explore and steal.

Fortunately, a fix has already been developed. Evernote rolled out a patch for the universal cross-site scripting (UXSS) vulnerability on June 4. All users of the Evernote Web Clipper Chrome extension – estimated at 4.6 million – are advised to visit the Chrome extension page to ensure they have version 7.11.1 (or later) installed.

This week’s stat

The MIT Technology Review estimates that if the current level of public interest continues, commercial genetic databases will hold the info of 100 million people by 2021. Read more.

Cyberattack prompts Radiohead to release unheard tracks

The band Radiohead has released 18 hours of previously unheard – and, in some cases, unfinished – tracks to the streaming service Bandcamp. In a tweet the band’s guitarist Johnny Greenwood wrote that “someone stole [lead singer] Thom’s minidisk archive from around the time of (the 1997 album) ‘OK Computer’ and reportedly demanded $150,000 on threat of releasing it.” The majority of the material in the archive, according to Greenwood, is “only tangentially interesting. And very, very long.”

Never intended for public consumption, the music is available for 18 days only. The BBC reported that, “Among the treasures in the collection are a 12-minute version of ‘Paranoid Android,’ Thom Yorke’s demo recording of ‘Karma Police,’ and dozens of unreleased or unfinished songs.” Fans can listen for free on Bandcamp or buy the full 18 hours of music for £18. All proceeds of the new material will go to the nonviolent activist group Extinction Rebellion.

This week’s quote

“Using ideas like this requires creativity and experimentation, but at least they are informed by evidence about how humans actually make decisions.” – From a new Avast report urging cybersecurity pros to go beyond using warnings to encourage security updates.

FBI issues warning about phishing

The FBI posted a public service announcement earlier this week to educate the public on the phishing of websites with the prefix https (Hypertext Transfer Protocol Secure). Phishing emails are more frequently using the public’s trust that https indicates a safe site. For years, cybersecurity experts have been training the public to look for https (vs. http) and the lock icon in their browser’s address bar to ensure the site is secure. Cybercriminals are now taking advantage of that by “incorporating website certificates – third-party verification that a site is secure – when they send potential victims emails that imitate trustworthy companies or email contacts.” If a user mistakenly believes a phishing email is from the legitimate company it mimics, he or she may enter login credentials and any other info that would immediately become part of the attacker’s database.

The FBI provides the following tips to keep from falling victim to https phishing:

* Do not simply trust the name on an email. Question the intent of the email content.

* If you receive a suspicious email from a known contact that includes a link, confirm the email is legitimate by calling or emailing the contact. Do not reply directly to a suspicious email.

* Check for misspellings or wrong domains within a link (e.g., if an address that should end in .gov ends in .com instead).

* Do not trust a website just because it has a lock icon or https in the browser address bar.
Continue Reading
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
Avast Blog_Security News: DDoS attack ta...
Plus, Google cr...harlan4096 — 10:34
Avast Blog_News: Hottest gadgets at CES ...
Take a sneak pe...harlan4096 — 10:31
Funny pictures
Herran — 10:29
Intel Discontinues Boxed Xeon E-2274G Ov...
Intel has annou...harlan4096 — 09:51
Intel Core i9-9900K 9th Gen CPU Review: ...
Our Verdict ...harlan4096 — 09:41

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (51)Stefanos

[-]
Online Staff
There are no staff members currently online.

>