by Scott Muniz | Jan 28, 2022 | Security, Technology
This article is contributed. See the original author and article here.
CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
| CVE Number |
CVE Title |
Required Action Due Date |
| CVE-2022-22587 |
Apple IOMobileFrameBuffer Memory Corruption Vulnerability |
2/11/2022 |
| CVE-2021-20038 |
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability |
2/11/2022 |
| CVE-2014-7169 |
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability |
7/28/2022 |
| CVE-2014-6271 |
GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability |
7/28/2022 |
| CVE-2020-0787 |
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability |
7/28/2022 |
| CVE-2014-1776 |
Microsoft Internet Explorer Use-After-Free Vulnerability |
7/28/2022 |
| CVE-2020-5722 |
Grandstream Networks UCM6200 Series SQL Injection Vulnerability |
7/28/2022 |
| CVE-2017-5689 |
Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability |
7/28/2022 |
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.
by Scott Muniz | Jan 28, 2022 | Security
This article was originally posted by the FTC. See the original article here.
Anyone who sells you contact lenses without first getting a copy of your prescription or properly verifying your prescription information with your prescriber is selling them illegally — and putting your eye health at risk. That’s because wearing contacts that haven’t been fitted to your eyes can cause corneal scratches, eye sores and irritation, and conjunctivitis (pink eye).
The FTC just filed a complaint against Vision Path, doing business as Hubble, alleging that the company failed to get or properly verify contact lens prescription information submitted by customers, sold lenses after prescription verification requests were denied, altered prescriptions from the prescribed brands to Hubble lenses, and failed to maintain required records.
The complaint also alleges that Hubble deceptively claimed it would ensure customers got lenses with valid and accurate prescriptions, as determined by their eye care provider; falsely claimed that certain consumer reviews were independent when they were not; and failed to disclose material connections between Hubble and some reviewers.
The next time you’re shopping for contact lenses, remember that under the Contact Lens Rule:
- Sellers must have a process for verifying prescriptions. This includes letting you submit a copy of your contact lens prescription. If you don’t submit your prescription, but instead give your prescription information, the seller must verify your prescription information with your prescriber.
- Sellers must not substitute another brand of contact lens for the one prescribed. If you want a different brand than the one written on your prescription, you’ll need your eye care provider’s approval. The only time you don’t need your provider’s approval to switch brands is if a manufacturer offers a brand name and a generic or store brand version of the same lens.
If you come across someone selling contact lenses without getting or properly verifying a prescription, take your business elsewhere and report it to the FTC at ReportFraud.ftc.gov.
For a more in-depth look at your prescription rights for contacts — and glasses — read Buying Prescription Glasses or Contact Lenses: Your Rights. Your eyes will thank you.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jan 27, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A
lock (
) or
https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
by Scott Muniz | Jan 27, 2022 | Security
This article was originally posted by the FTC. See the original article here.
In 2021, more than 95,000 people told the FTC that they’d been scammed with a con that started on social media. In fact, more than one in four people who reported to the FTC that they lost money to any scam said the transaction started with a post, an ad, or a message on a social media platform. And the losses amount to about $770 million.
Today’s
Data Spotlight gives us insights into how scammers use social media to con people. Reports point to rampant investment, romance, and online shopping scams on social. People reported losing the most money to investment scams (particularly those involving bogus cryptocurrency investments) and romance scams. More than a third of the people who lost money to romance scams said it started on Facebook or Instagram.
The largest number of reports came from people who lost money trying to buy something they saw marketed on social media. Most said they didn’t get the stuff they paid for, while some reported ads that impersonated a real online retailer. Reports of social media fraud increased for all age groups in 2021, but people 18 to 39 were more than twice as likely to report losing money than older adults.
Scammers trying to get your money are always looking for new ways to reach people. And they’ll use whatever they know about you to target their pitch. Here are some things to do to protect yourself, no matter which social media platform you use:
- Try to limit who can see your posts and information on social media. Of course, all platforms collect information about you from your activities on social media, but visit your privacy settings to set some restrictions.
- Check if you can opt out of targeted advertising. Some platforms let you do that.
- If you see urgent messages from a “friend” asking for money, stop. It could be a hacker behind that post pretending to be your friend.
- Check out a company before you buy. Read Shopping Online for advice.
- Don’t deal with a vendor that requires payment by cryptocurrency, gift card, or wire transfer. That’s sure to be a scam.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Jan 27, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A
lock () or
https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Recent Comments