Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to get rid of ex ...

 Technology

Today, we’re following up on our recent post about noise-protection methods with hands-on reviews of four apps that we carefully selected based on their suitability for consumers: two for PCs, two for mobile devices. If that number seems small, the context is important; overall, the number of options is not   show more ...

overwhelming. Drilling down, we sought out programs that work only with specific models of headsets and microphones and avoided those designed (and priced) for large businesses. For PCs and laptops Before the pandemic drove workers into home offices, noise-filtering software for PCs was a niche product, but the mass shift to remote work caused a huge spike in demand. Here are a few solutions that get a thumbs-up from us. For Windows: Noise Blocker According to the developers, Noise Blocker uses microphone samples to combat the hum of laptop fans, the clatter of keyboard and mouse clicks, and distortions from the microphone. To begin, the user teaches noises to the app by clicking the Add button and, for example, typing something (to record the sounds of key presses). The program needs separate training for each bothersome sound: mouse clicks, kids playing outside, and so forth. Herein lies the disadvantage of Noise Blocker. Going through the recording process for every nuisance sound is tedious, and the app simply ignores unfamiliar noises (as our tests confirmed). What’s more, some key clicks got through the app’s defenses, even though we had trained the program to identify them. After recording the noises, you need to adjust the filter so that your voice passes through with no interference. We needed a few tries to get this part right, meaning the app’s effectiveness depends largely on the user’s familiarity with the intricacies of sound recording. Noise Blocker’s mechanics recall how voice commands worked a decade or two ago, when you couldn’t just start talking to your phone. Voice control during that time began with fairly extensive training on specific voice commands, after which the software might respond (if you were lucky) to the sounds it knew, although it completely ignored any unfamiliar ones. Use: Noise Blocker acts as a kind of intermediary between your recording device and the rest of the software. To activate the filter in the app for online calls, select Noise Blocker as a virtual microphone. Price: One hour per day free or unlimited use on up to three computers for $19.99. For Windows and macOS: Krisp Krisp picked up its noise-reduction skills through machine learning on thousands of recordings of a wide range of sounds and voices. As far as we’re concerned, the effort was worth it. For our testing, we created a variety of noises: clapping hands, tapping the keyboard, even holding the laptop next to a washing machine in spin mode. Krisp eliminated every interference we threw at it, leaving just the tester’s voice, and only very slightly distorted. But if someone close by (say, a child) suddenly screams during an important meeting, the filter will probably not block it. Use: Setup uses video instructions that clearly show the necessary steps. Like Noise Blocker, Krisp connects to the system as a virtual microphone. In addition, Krisp creates a virtual speaker. Selecting it as the sound source in Skype settings, for example, makes the app work both ways — that is, it filters noise from others on the call as well. Price: Two hours per week free or unlimited use for $60 per year. For smartphones and tablets Many modern smartphones have built-in noise cancellation. In addition to the main microphone, they have secondary mikes whose function is to detect extraneous sounds. The system subtracts those from the main microphone’s audio stream, so that your voice can be heard clearly at the other end of the line. That filtering enables clear conversations even in windy conditions. Communication apps usually include built-in noise reduction, too — for example, such a feature already exists in Google Meet and Zoom. That’s probably why little serious demand exists for dedicated noise-filtering solutions for mobile devices; that said, we still found a couple of handy services. For Android and iOS: NoiseWall NoiseWall (for Android and iOS) masks extraneous sounds by playing static artificial noise that is a user-defined mixture of four different varieties: white, pink, red and brown. Our experiments with NoiseWall were inconclusive. Ambient sounds were indeed unable to penetrate the “wall” of noise. However, that sometimes required turning up the app’s volume to near maximum. With prolonged use, the generated noise can become just as annoying as the neighbors or kids outside. All the same, NoiseWall does its job, and the service is worth a try. Use: To start, just open the app. Noise Wall’s additional settings include a choice of four types of noise and a switch-off timer. Price: Free with ads or $1.99 without. For Android: Safe Headphones The purpose of the Safe Headphones app is not to muffle ambient sounds, but rather to amplify them. In our tests, we were able to discern soft speech through an energetic track thumping in the headphones, a “superpower” that could be useful in situations where you need to hear important information such as a flight announcement at the airport. When no music is playing, Safe Headphones turns the smartphone into a kind of hearing aid by amplifying surrounding sounds. Use: The app features an on–off switch, a button to activate the background noise filter, and a volume adjuster. Price: Free with ads or $9.99 without. Conclusion Your noise issue may be resolved by traditional means such as simply talking to housemates or neighbors, warning them in advance of important videoconferences or calls and asking them to be quiet. The Krisp app for PCs and Macs combats noise pretty well, although depending on your needs, a noise-canceling microphone might suit you better. As for noise-cancelling apps for smartphones, we were unable to find any — probably because so many smartphones already have multiple microphones and built-in noise cancellation. Incidentally, it might make sense to use a smartphone instead of a computer for important video calls. For more on using digital and analog means to create a more comfortable home environment, visit our Digital Comfort Zone.

image for Experian’s Credit ...

 A Little Sunshine

In 2017, KrebsOnSecurity showed how easy it is for identity thieves to undo a consumer’s request to freeze their credit file at Experian, one of the big three consumer credit bureaus in the United States.  Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through   show more ...

Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. Experian’s page for retrieving someone’s credit freeze PIN requires little more information than has already been leaked by big-three bureau Equifax and a myriad other breaches. Dune Thomas is a software engineer from Sacramento, Calif. who put a freeze on his credit files last year at Experian, Equifax and TransUnion after thieves tried to open multiple new payment accounts in his name using an address in Washington state that was tied to a vacant home for sale. But the crooks were persistent: Earlier this month, someone unfroze Thomas’ account at Experian and promptly applied for new lines of credit in his name, again using the same Washington street address. Thomas said he only learned about the activity because he’d taken advantage of a free credit monitoring service offered by his credit card company. Thomas said after several days on the phone with Experian, a company representative acknowledged that someone had used the “request your PIN” feature on Experian’s site to obtain his PIN and then unfreeze his file. Thomas said he and a friend both walked through the process of recovering their freeze PIN at Experian, and were surprised to find that just one of the five multiple-guess questions they were asked after entering their address, Social Security Number and date of birth had anything to do with information only the credit bureau might know. KrebsOnSecurity stepped through the same process and found similar results. The first question asked about a new mortgage I supposedly took out in 2019 (I didn’t), and the answer was none of the above. The answer to the second question also was none of the above. The next two questions were useless for authentication purposes because they’d already been asked and answered; one was “which of the following is the last four digits of your SSN,” and the other was “I was born within a year or on the year of the date below.” Only one question mattered and was relevant to my credit history (it concerned the last four digits of a checking account number). The best part about this lax authentication process is that one can enter any email address to retrieve the PIN — it doesn’t need to be tied to an existing account at Equifax. Also, when the PIN is retrieved, Equifax doesn’t bother notifying any other email addresses already on file for that consumer. Finally, your basic consumer (read: free) account at Experian does not give users the option to enable any sort of multi-factor authentication that might help stymie some of these PIN retrieval attacks on credit freezes. Unless, that is, you subscribe to Experian’s heavily-marketed and confusingly-worded “CreditLock” service, which charges between $14.99 and $24.99 a month for the ability to “lock and unlock your file easily and quickly, without delaying the application process.” CreditLock users can both enable multifactor authentication and get alerts when someone tries to access their account. Thomas said he’s furious that Experian only provides added account security for consumer who pay for monthly plans. “Experian had the ability to give people way better protection through added authentication of some kind, but instead they don’t because they can charge $25 a month for it,” Thomas said. “They’re allowing this huge security gap so they can make a profit. And this has been going on for at least four years.” Experian has not yet responded to requests for comment. When a consumer with a freeze logs in to Experian’s site, they are immediately directed to a message for one of Experian’s paid services, such as its CreditLock service. The message I saw upon logging in confirmed that while I had a freeze in place with Experian, my current “protection level” was “low” because my credit file was unlocked. “When your file is unlocked, you’re more vulnerable to identity theft and fraud,” Experian warns, untruthfully. “You won’t see alerts if someone tries to access your file. Banks can check your file if you apply for credit or loans. Utility and service providers can see your credit file.” Experian says my security is low because while I have a freeze in place, I haven’t bought into their questionable “lock service.” Sounds scary, right? The thing is — except for the part about not seeing alerts — none of the above statement is true if you already have a freeze on your file. A security freeze essentially blocks any potential creditors from being able to view your credit file, unless you affirmatively unfreeze or thaw your file beforehand. With a freeze in place on your credit file, ID thieves can apply for credit in your name all they want, but they will not succeed in getting new lines of credit in your name because few if any creditors will extend that credit without first being able to gauge how risky it is to loan to you (i.e., view your credit file). It is now free to freeze your credit in all U.S. states and territories. Experian, like the other consumer credit bureaus, uses their intentionally confusing “lock” terminology to frighten consumers into paying for monthly subscription services. A key selling point for these lock services is they can be a faster way to let creditors peek at your file when you wish to apply for new credit. That may or may not be true in practice, but consider why it’s so important for Experian to get consumers to sign up for their lock programs. The real reason is that Experian makes money every time someone makes a credit inquiry in your name, and it does not want to do anything to hinder those inquiries. Signing up for a lock service lets Experian continue selling credit report information to a variety of third parties. According to Experian’s FAQ, when locked your Experian credit file remains accessible to a host of companies, including: -Potential employers or insurance companies -Collection agencies acting on behalf of companies you may owe -Companies providing pre-screened credit card offers -Companies that have an existing credit relationship with you (this is true for frozen files also) -Personalized offers from Experian, if you choose to receive them It is annoying that Experian can get away with offering additional account security only to people who pay the company a hefty sum each month to sell their information. It’s also amazing that this sloppy security I wrote about back in 2017 is still just as prevalent in 2021. But Experian is hardly alone. In 2019, I wrote about how Equifax’s new MyEquifax site made it simple for thieves to lift an existing credit freeze at Equifax and bypass the PIN if they were armed with just your name, Social Security number and birthday. Also in 2019, identity thieves were able to get a copy of my credit report from TransUnion after successfully guessing the answers to multiple-guess questions like the ones Experian asks. I only found out after hearing from a detective in Washington state, who informed me that a copy of the report was found on a removable drive seized from a local man who was arrested on suspicion of being part of an ID theft gang. TransUnion investigated and found it was indeed at fault for giving my credit report to ID thieves, but that on the bright side its systems blocked another fraudulent attempt at getting my report in 2020. “In our investigation, we determined that a similar attempt to fraudulently obtain your report occurred in April 2020, and was successfully blocked by enhanced controls TransUnion has implemented since last year,” the company said. “TransUnion deploys a multi-layered security program to combat the ongoing and increasing threat of fraud, cyber-attacks and malicious activity.  In today’s dynamic threat environment, TransUnion is constantly enhancing and refining our controls to address the latest security threats, while still allowing consumers access to their information.” For more information on credit freezes (also called a “security freezes”), how to request one, and other tips on preventing identity fraud, check out this story. If you haven’t done so lately, it might be a good time to order a free copy of your credit report from annualcreditreport.com. This service entitles each consumer one free copy of their credit report annually from each of the three credit bureaus — either all at once or spread out over the year.

 Malware and Vulnerabilities

A pair of bugs in John Deere's apps and website could have allowed hackers to find and download the personal data of all owners of the company's farming vehicles and equipment, as per a researcher.

 Trends, Reports, Analysis

In a Mimecast survey, a full 79% of respondents indicated their companies had experienced a business disruption, financial loss, or other setbacks in 2020 due to a lack of cyber preparedness.

 Trends, Reports, Analysis

A series of recent attacks on IoT devices implies bigger security risks that hover over them. It is even more concerning for consumers as they are unaware of threats and do not own the resources to mitigate them.

 Trends, Reports, Analysis

Analysis suggests that four different ransomware groups formed a cartel to leak stolen data via their partners. What surprised the researchers most is the missing element of profit-sharing.

 Feed

Red Hat Security Advisory 2021-1363-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-1361-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-1360-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-1362-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-1350-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-1352-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-1351-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2021-1353-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Issues addressed include bypass, spoofing, and use-after-free vulnerabilities.

 Feed

Ubuntu Security Notice 4922-2 - USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack. Various other issues were also addressed.

 Feed

Red Hat Security Advisory 2021-1225-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

 Feed

Red Hat Security Advisory 2021-1369-01 - Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private   show more ...

cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues.

 Feed

Red Hat Security Advisory 2021-1227-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

 Feed

Emotet, the notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks, was automatically wiped from infected computers en masse following a European law enforcement operation. The development comes three months after a coordinated disruption of Emotet as part of "Operation Ladybird" to seize control of servers used to run and maintain the malware

 Feed

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the

 Feed

Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project's code, which led to the school being banned from contributing to the open-source project in the future. "While our goal was to improve the security of Linux, we now understand that it was hurtful to the community to make it a

 Feed

New research has uncovered privacy weaknesses in Apple's wireless file-sharing protocol that could result in the exposure of a user's contact information such as email addresses and phone numbers. "As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," said a team of academics from the Technical University of Darmstadt,

 Feed

No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result,

 Feed only

Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! With Secrets Automation, 1Password now provides one place to house and manage all your secrets, from your team’s logins to infrastructure secrets. With everything under one roof,   show more ...

there’s no more disconnected audit logs, … Continue reading "Secure, orchestrate, and manage your company’s infrastructure secrets with 1Password Secrets Automation"

2021-04
Aggregator history
Monday, April 26
THU
FRI
SAT
SUN
MON
TUE
WED
AprilMayJune