Proactive Computing | Optimizing IT for usability, performance and reliability since 1997

Category: #Cybersecurity (Page 1 of 16)

How to Enable “Super Duper Secure Mode” in Microsoft Edge

Microsoft-Edge-Hide-or-Show-Extensions-o
Despite Microsoft’s slightly annoying tactics to push Edge, it is a soid web browser. One feature that sets it apart from Google Chrome is “Super Duper Secure Mode.” We’ll explain what this is and how you can use it.

Read This Article on How-To Geek ›

Source: https://www.howtogeek.com/780739/how-to-enable-super-duper-secure-mode-in-microsoft-edge/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Joe Fedewa

8 Cybersecurity Tips to Stay Protected in 2022

hacker-laptop.jpg?width=600&height=250&f
As new technology emerges, cybersecurity protocols also evolve. However, there are some basic tips you should carry with you everywhere to stay better protected against cyber attacks. Here are some general rules to follow to stay safe in 2022.

Read This Article on How-To Geek ›

Source: https://www.howtogeek.com/778547/cybersecurity-tips-to-stay-protected/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Marshall Gunnell

2021 was the year cybersecurity became everyone’s problem

This year marked a turning point for malicious attacks on computer systems, fueled by a rise in nation-state attacks and ransomware.

Why it matters: Once a worry mostly for IT leaders, the risk of a cyber intrusion is now a top concern for CEOs and world leaders.


Driving the news:

  • May’s Colonial Pipeline attack helped drive that message home, as did ransomware attacks on cities and hospitals — emphasizing the very real world impact that cyber attacks can have.
  • Meanwhile, the current Log4j flaw shows just how vulnerable our digital systems are. It’s a single piece of open source code, but it is used so broadly and the flaw so fundamental that it potentially opens nearly every business and government to attack.

The big picture: Evidence that cybersecurity has become the big issue abounds. Foreign Affairs devotes the current issue to the topic, while J.P. Morgan International Council identified it as the most significant threat facing businesses and government in a report released Thursday.

Between the lines: One can never permanently “win” the battle against malicious attacks, but it is possible to be losing the fight. 2021 definitely felt like a year in which the attackers had the upper hand.

  • The combination of cryptocurrency and ransomware has proven to be especially tough to fight as it is often in the business interests of a victim to pay up rather than take the risk of data loss or even a business disruption.

The rise in cyberattacks has also made for thorny diplomacy among nation states. With physical attacks, there has been a relatively clear line that acts as a deterrent, even for nations with significant conflicts. But in cyberspace, the division is murkier.

  • “The domain of cyberspace is shaped not by a binary between war and peace but by a spectrum between those two poles—and most cyberattacks fall somewhere in that murky space,” former deputy director of national intelligence Sue Gordon and former Pentagon chief of staff Eric Rosenbach wrote in a Foreign Affairs piece.
  • “In trying to analogize the cyberthreat to the world of physical warfare, policymakers missed the far more insidious danger that cyber-operations pose: how they erode the trust people place in markets, governments and even national power,” argues Hoover Institution’s Jacquelyn Schneider, in another Foreign Affairs article. “Cyberattacks prey on these weak points, sowing distrust in information, creating confusion and anxiety, and exacerbating hatred and misinformation.”

What’s next: Leaders are calling for much tighter cooperation between businesses and governments as the key way to fighting back. Also needed, many say, is an international agreement on what is and isn’t permissible, in much the way the Geneva Convention sets limits on traditional warfare.

Yes, but: The U.S. government is still woefully short of workers with needed cybersecurity skills.

Source: https://www.axios.com/2021-cybersecurity-ransomware-cyber-attack-91ccc592-b611-4825-8e0a-65e37d06a450.html
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Ina Fried

Facebook Will Soon Require Two-Factor Authentication for Some Users

66293734.png
In an effort to keep certain at-risk accounts even more secure, Facebook is updating its Protect program and will soon force enrolled users to enable two-factor authentication (2FA). These accounts include politicians, human rights activists, journalists, and other high-profile users.

Read This Article on Review Geek ›

Source: https://www.reviewgeek.com/104688/facebook-will-soon-require-two-factor-authentication-for-some-users/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Suzanne Humphries

The 200 Worst Passwords of 2021 Are Here and Oh My God

ba2489081b15d6b96cb1e72f9fb4745f.jpg

After a year filled with massive hacks and lord-knows how many exploits, you’d think we would all learn to be a bit—just a bit!—more cyber-savvy as 2021 comes to a close. But if this year’s list of the 200 most popular passwords is any indication, we’re just as dumb as we’ve ever been. Perhaps even dumber.

Read more…

Source: https://gizmodo.com/the-200-worst-passwords-of-2021-are-here-and-oh-my-god-1848073946
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Shoshana Wodinsky

Linux has a serious security problem that once again enables DNS cache poisoning

Linux has a serious security problem that once again enables DNS cache poisoning

Enlarge (credit: Getty Images)

As much as 38 percent of the Internet’s domain name lookup servers are vulnerable to a new attack that allows hackers to send victims to maliciously spoofed addresses masquerading as legitimate domains, like bankofamerica.com or gmail.com.

The exploit, unveiled in research presented today, revives the DNS cache-poisoning attack that researcher Dan Kaminsky disclosed in 2008. He showed that, by masquerading as an authoritative DNS server and using it to flood a DNS resolver with fake lookup results for a trusted domain, an attacker could poison the resolver cache with the spoofed IP address. From then on, anyone relying on the same resolver would be diverted to the same imposter site.

A lack of entropy

The sleight of hand worked because DNS at the time relied on a transaction ID to prove the IP number returned came from an authoritative server rather than an imposter server attempting to send people to a malicious site. The transaction number had only 16 bits, which meant that there were only 65,536 possible transaction IDs.

Read 14 remaining paragraphs | Comments

index?i=yz3Y2JF6Rms:EQ6oOKGDDAw:V_sGLiPB index?i=yz3Y2JF6Rms:EQ6oOKGDDAw:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA

Source: https://arstechnica.com/gadgets/2021/11/dan-kaminskys-dns-cache-poisoning-attack-is-back-from-the-dead-again/
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Dan Goodin

Android Users, Beware.

We’ve started seeing some almost believable malware, popping up on our Android devices. Remember never to click on ANYTHING that pops up while you’re browsing the web, no matter how much it looks like it came from your operating system or phone vendor.

We got the scary virus warning below clicking on an article on a political website TheHill.com (repeatedly, alternating with another dubious click-hole). It references a “hacking event” with yesterday’s date, and there’s even a 3 minute countdown-to-disaster timer. (HURRY! You better click NOW!) They even throw in the phone model for good measure, and it looks like it could be from Samsung, or a notice of an Android update. Yeah. Could be. But…It isn’t.

Don’t be fooled. Never click on pop ups. When in doubt, just hit BACK.

Microsoft accounts no longer need a password

99dd6e40-1577-11ec-bf34-0a23ad1dfe57

Microsoft says everyone can remove the password from their Microsoft account and use other methods to sign in starting today. The company rolled out the option to enterprise users earlier this year.

Rather than having to remember a password or using a password manager, you’ll be able to use the Microsoft Authenticator app, Windows Hello, a security key or SMS or emailed codes. You’ll be able to sign in to services such as Outlook, OneDrive, Microsoft Family Safety, and even Xbox Series X/S without a password. Microsoft is rolling out the option to everyone over the next few weeks as it gears up for the launch of Windows 11 on October 5th

Once you have installed the Authenticator app and linked it to your account, you can switch off your password. Go to your Microsoft account settings, then Advanced Security Options and Additional Security. From there, you can switch your account to a passwordless one. Then, follow the prompts and approve a notification on the Authenticator app to seal the deal.

You can re-activate your password at any time, but other login methods may be far more convenient and secure. Not only are passwords a cybersecurity minefield, they’re time-consuming to enter and, at best, annoying to deal with.

It’d be welcome to see other services ditch passwords if they can offer users alternative, secure methods of logging in. Until then, turn on two-factor authentication wherever possible, and get a password manager and use unique passwords for all of your accounts.

Source: https://www.engadget.com/microsoft-account-password-authenticator-130021174.html?src=rss
Proactive Computing found this story and shared it with you.
The Article Was Written/Published By: Kris Holt

« Older posts