Security Of Your PC Is At Risk

Software and Operating systems (OS) sometimes are vulnerable to attacks. These vulnerability can be extremely harmful for our computer system.

The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the Week of October 13, 2014

The National Institute of Standards and Technology (NIST) have found vulnerabilities that can make a system prone to malware attacks and unauthorized access.

Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:

  • Vulnerability in the DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), 9.1 before 9.1(5.7), and 9.2 before 9.2(2) allows remote attackers to cause a denial of service attacks via crafted DNS packets. Find out other vulnerable versions from here: http://1.usa.gov/10gX7zB
  • Microsoft Word file format vulnerability in Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 and SP2, and Word Web Apps 2010 Gold, SP1, and SP2 allow remote attackers to execute arbitrary code via crafted properties in a Word document. Find out other vulnerable versions from here: http://1.usa.gov/1w0JQYY
  • Internet Explorer’s memory corruption vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malicious web site. Find out other vulnerable versions from here: http://1.usa.gov/122jSrC
  • Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. Find out the other vulnerable versions from here: http://1.usa.gov/1t3LUNV
  • Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via malicious URL. Find out other vulnerable versions from here: http://1.usa.gov/10gZgLL
  • NET Framework Remote Code Execution Vulnerability in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted request to a .NET web application. Find out other vulnerable versions from here: http://1.usa.gov/1COUMrB

There are many such vulnerable software ranked in the division of high, medium, and low severities.

To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: http://1.usa.gov/1t3MgE4

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , | Leave a comment

Poodle SSL 3.0 – Latest Security Flaw Discovered

Three Google security engineers said that the Web encryption standard Secure Socket Layer (SSL) can be exploited due to a new vulnerability named “POODLE.”

Poodle ssl 3.0 beware

According to experts, POODLE is a new security hole in a very old Secure Socket Layer (SSL) 3.0 that could allow encrypted, ostensibly-secret information to be exposed by an attacker with network access. Both websites and Web browsers must be reconfigured to prevent using SSL 3.0, as POODLE will remain a problem as long as SSL 3.0 is supported, says expert.

However, SSL 3.0 is not mostly used for Web encryption, in case either browser or server runs into problems connecting with the latest encryption Transport Layer Security (TLS), then these sites or browsers will often fall back to SSL. The problem is that attackers can force a connection failure which would force a site to use SSL 3.0, says Google security engineers. The reason that POODLE can be a major security issue is that attackers can force your browser to downgrade to SSL 3.0.

In such case, experts recommended that administrators should add support for TLS_FALLBACK_SCSV, a TLS protocol that prevents connection failure. It not only stops browsers from using SSL 3.0, but TLS 1.0 and 1.1 as well. Moreover, experts add that legacy browsers are especially at risk, most notably Internet Explorer 6, which only supports SSL 3.0.

Also, users can be at risk if they are using public Wi-Fi and other unencrypted Wi-Fi networks, as not only the actual password can be hacked, but it would give hackers the session cookies of the user, which could be used to log in to users’ accounts easily.

It should also be noted that in comparison with HeartBleed or ShellShock, the severity of this threat is quite low. One can assume that, on a scale of 0-10 depicting the scale of severity, HeartBleed and ShellShock take the position 10 then Poodle is somewhere near 6.

This is what you should do:

  • If you are worried about having your Internet traffic spied through SSL 3.0, expert recommend that you avoid using any public Wi-Fi connection.
  • If you are a Chrome user and want to disable SSL 3.0, then Google advises that you add this command line flag to the browser – ssl-version-min=tls1.
  • If you are a Mozilla Firefox user, you can install a Mozilla security add-on that disables SSL 3.0.
  • If you are using Internet Explorer 7 and newer, then you can got to Internet Options, click the Advanced tab, uncheck SSLv3, and click the OK button.

Stay Aware, Stay Protected

Posted in eScan 11, eScan 14, Security | Tagged , , , , | Leave a comment

Cyber-Criminals Using Ebola Epidemic to Launch Phishing Attacks

Phishing scams

Scammers are extensively using big news event to entice people into giving up their personal information. This time they are making use of the Ebola virus, which is increasingly receiving media coverage in the past couple of months, making it a perfect atmosphere for scammers to launch phishing attacks and spread malware.

An increase in phishing attempts are seen when cybercriminals use social engineering techniques to scare people during such events. The eagerness of knowing more and more about the disease online, takes the user to a malicious website or phishing page.

Also, during such events, unsuspecting users are sent phishing emails informing them about the latest health news and in this case, such emails may provide the current status of Ebola virus. Phishing emails are fake emails sent on behalf of a legitimate source. It may contain links that direct users to malicious websites where users are enticed to provide their personal details such as login credentials, credit/debit card numbers etc. It may also contain malicious attachments that can even infect a system.

The United States Computer Emergency Readiness Team (US-CERT) issued an alert on October 16, 2014 to remind users to protect against email scams and cyber campaigns using the Ebola virus disease as a theme.

US-CERT encourages users to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

For complete security against phishing attacks and to protect your computer system always remember to use eScan Total Security Suite with Cloud Security.

For a free trial of eScan Total Security Suite with Cloud Security follow this link: http://bit.ly/1rLWjxg

Posted in eScan 11, eScan 14, Security | Tagged , , , , , | Leave a comment

Your Online Privacy Is At Risk- Protect It From Identity Theft

Why Is It Significant To Secure Your Identity?

Identity Theft Protection

In today’s information-based world, the most valuable thing is your identity.  It includes all your personal details such as your name, credit/debit card number, address, phone number or your online profile. Identity theft is a white collar crime that strikes millions of online users annually. An identity thief steals your identity, your credit and damages your reputation. With your personal information and a little knowledge, these thieves can easily use your identity for their gain.

Additionally, with social media sites like Facebook and Twitter, cyber criminals are able to access a wealth of personal details online. These criminals thoroughly go through your social networks to see what they can find to help them steal your money. This information available online can help cyber-criminals to hack into your other accounts, such as banking and online storage as well.

Moreover, users carelessly post their opinions, photos, and personal data on social networking sites. There are many examples where TMI (too-much-information) sharing online has led to bad outcomes for those users who over-share. A campaign in the US called ProtectYourProfile.org, shows how easily a computer hacker can breach a consumer’s data from their own Facebook account.

Hence, it is extremely important to do all you can to help prevent identity theft. Here are few tips to avoid it:

  • Update your system with the latest antivirus software such as eScan that provides enhanced protection against evolving internet threats.
  • Never keep an easy password based on personal information for your online accounts. Use a combination of letters, numbers, and special characters.
  • Split your emails, rather than connecting Facebook, Twitter, newsgroups, shopping and banking sites to one email address.
  • Be suspicious of URLs sent in unsolicited email or text messages.
  • Do not provide sensitive information through email, and use caution when clicking on links in email messages.
  • Regularly check your accounts for any unusual activity.
  • Before providing personal or financial information, check the website’s privacy policy.
  • Monitor your child’s online activity to protect him/her from online danger and consider implementing parental controls in your computer, tablet and mobile. Additionally, parents need to educate their kids about the online dangers too.

However for enhanced Identity Protection, Install eScan Total Security Suite with Cloud Security that efficiently protects your sensitive personal information, such as credit card numbers, mobile numbers or passwords for online services. Upon detecting any attempt to send protected information to the Internet, eScan blocks the transmission automatically, thus protecting you from falling prey of Identity theft.

To get the free trial of eScan Total Security Suite with Cloud Security, click the following link: http://bit.ly/1rLWjxg

Posted in eScan 11, eScan 14, Security | Tagged , , , , , | Leave a comment