by Scott Muniz | Feb 2, 2021 | Security, Technology
This article is contributed. See the original author and article here.
CISA is aware of a vulnerability in SonicWall Secure Mobile Access (SMA) 100 series products. SMA 100 series products provide an organization’s employees with remote access to internal resources. SonicWall security and engineering teams have confirmed a zero-day vulnerability that was reported by a third-party threat research team on Sunday, January 31, 2021. This vulnerability impacts only SMA 100 Series devices with firmware version 10.x, and SonicWall is working on a patch that is expected to be released by end of day Tuesday, February 2, 2021.
Earlier reports about other zero-day vulnerabilities remain unconfirmed and are still under investigation.
CISA encourages users and administrators to review the SonicWall security advisory and apply the necessary mitigations and patches when they become available. CISA also encourages users and administrators to monitor the SonicWall advisory for updates as new information becomes available.
As a risk-reduction measure, CISA recommends organizations implement multi-factor authentication on all virtual private network connections.
by Scott Muniz | Feb 2, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Using your own vehicle to deliver packages for Amazon and earn extra money. Sounds good, right? But has Amazon been keeping the tips its drivers are making when delivering for its Amazon Flex program? According to the complaint the FTC issued today, the answer is yes.
In its app and numerous marketing materials, Amazon advertises that drivers can earn $18 to $25 per hour — plus 100% of customer tips. According to the FTC, during a two-and-a-half year period, Amazon Flex used about $61.7 million in tips to subsidize drivers’ base pay. Customers thought they were tipping drivers — not Amazon — and drivers were left shortchanged.
The FTC also says that Amazon, despite receiving hundreds of complaints from drivers who saw their pay decrease, continued diverting drivers’ tips until the FTC notified the company of its investigation.
The settlement announced today would require Amazon to pay back the full $61.7 million to drivers, provide only accurate information about tips and pay to both customers and drivers, and get drivers’ consent before changing how it handles tips in the future.
Here are some things to consider before you become a gig worker.
- Do your research. Search for information about the company online, like how it pays its workers and any other conditions of the job.
- Talk to other gig workers. Reach out to your friends or family members who are gig workers and speak with them about their experiences, how they are paid, and how the company handles tips.
- Compare earnings. Will you be paid hourly? By gig? Will you get every dollar a customer tips you? And will the company reduce your pay based on the tips you receive? Once you’re on the job, ask the company for a breakdown of your earnings so you can be sure you’re getting what they promised.
- Compare costs and coverage. If you’re considering becoming a driver using your own vehicle, estimate your gas and maintenance costs, and check your car insurance. Does your auto policy cover you while you’re driving for work?
- Report your concerns. If a company doesn’t deliver on its promises, report it to the FTC at ReportFraud.ftc.gov.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Feb 2, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Apple has released security updates to address vulnerabilities in macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit some of these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the Apple security update and apply the necessary updates.
by Scott Muniz | Feb 2, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Sudo has released an advisory addressing a heap-based buffer overflow vulnerability—CVE-2021-3156—affecting sudo legacy versions 1.8.2 through 1.8.31p2 and stable versions 1.9.0 through 1.9.5p1. Sudo is a utility included in many Unix- and Linux-based operating systems that allows a user to run programs with the security privileges of another user. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to update to sudo version 1.9.5p2, refer to vendors for available patches, and review the following resources for additional information.
by Scott Muniz | Feb 1, 2021 | Security
This article was originally posted by the FTC. See the original article here.
The challenges that COVID-19 has brought include a higher risk of identity theft. In 2020, the FTC got about 1.4 million reports of identity theft, double the number from 2019. Repeatedly, identity thieves targeted government funds earmarked to help people hard hit financially by the pandemic. Join us for Identity Theft Awareness Week, February 1-5. Learn about protecting yourself from identity theft, and recovering if it happens to you
.
The FTC and its partners will co-host a series of free events. Among them, a webinar with the Identity Theft Resource Center (ITRC), and a Facebook Live event where experts from the AARP Fraud Watch Network and the FTC will take your questions. Visit ftc.gov/IDtheftweek to learn more.
2020’s biggest surge in identity theft reports to the FTC related to the nationwide dip in employment. After the government expanded unemployment benefits to people left jobless by the pandemic, cybercriminals filed unemployment claims using other people’s personal information. In 2020, we had 394,280 reports about government benefits fraud — overwhelmingly about identity theft involving unemployment benefits. Compare that with 12,900 reports in 2019.
People also reported identity theft in which criminals used their business or personal information to get money from government-sponsored small business loan programs. Last year, we had 99,650 reports of fraud involving business or personal loans, compared with 43,920 reports in 2019. Not all of the new reports related to the government relief effort, but they were a big share of the increase.
People told us about identity theft involving their federal stimulus payments from the IRS by reporting it as tax identity theft. In 2020, the FTC got 89,390 reports of tax identity theft, compared with 27,450 reports in 2019. While many of the reports concerned other types of tax identity theft, the report numbers began to swell when distribution of the stimulus payments began.
Join us for Identity Theft Awareness Week to learn more about identity theft during the pandemic.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments