Web browsers need a bit of care, just like other software. Many browsers can store your passwords or autofill settings, but over time the data stored by the browser can accumulate, and this isn't a secure place to store your passwords. So take a few minutes to check your browser settings, clear out old data, and ensure your browser's security settings are still keeping you safe. In particular, make sure that autofill doesn't contain sensitive information and that you don't store your passwords in your browser. Do you need all of the browsers on your system?
Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, macOS, macOS Server, iCloud for Windows and Safari which could allow for arbitrary code execution. watchOS is the mobile operating system of the Apple Watch and is based on the iOS operating system. iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch. tvOS is an operating system for the fourth-generation Apple TV digital media player. macOS is Apple’s desktop and server operating system for Macintosh computers. macOS Server is a separately sold operating system add-on which provides additional server programs along with management and administration tools for macOS. iCloud is a cloud storage and cloud computing service from Apple. Apple Safari is a web browser available for OS X and Microsoft Windows.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the ap...
Anti-Virus (AV) software scans files for certain patterns or signatures of known viruses. Virus authors continuously release new and updated viruses, which is why it's important to always have the latest AV version installed on your computer.
Set your AV software to scan your system automatically. And remember to manually scan files you get before opening them. These include files you download from the Internet, email attachments, and files on USB drives and other media.
The installation of unauthorized software can negatively affect your workplace’s security posture. This software can include everything from stand-alone programs to plug-ins for your web browser. Not only can this pose a stability issue leading to slower or unreliable system performance, but the installation of unmanaged software can pose a direct security threat either because it may be malicious software itself, or because this is introducing software that is not part of the patch management system in your environment. If this new unauthorized software ends up making you vulnerable to cyber-attacks in the future, but IT isn’t aware of it or implementing regular patches or fixes, you leave that avenue open for attackers who easily leverage these known vulnerabilities to compromise systems and potentially steal information.
Did you know that according to the Verizon DBIR team, you are 16 times more likely to lose a laptop or mobile devices than have it stolen? When you are traveling, always double-check to make sure you have your mobile device with you, such as when you finish going through airport security, leave your taxi or check out of your hotel.
One of the most risky things you can do is use the same password across multiple accounts or systems. Cyber threat actors are constantly stealing login credentials from numerous systems that may be more insecure, like online shopping sites for example. Many times, these credentials are leaked online for other cyber criminals to also exploit. They then are able to take these stolen credentials and use them to try to access more secure systems, like online banking, or your office systems. If you unfortunately follow this practice of re-using your work password elsewhere, you leave yourself and your organization open to this type of compromise.
The same concept applies here as in establishing a screen lock on your system. On the rare occasion a physical attacker gains access to your desk area, they will immediately look for written passwords and authentication material. Post-it notes, index cards, etc. aren’t secure from attackers even if you think they might be out of sight under your keyboard! From looking at your written password, they can get right into your sensitive protected office systems and start stealing data or compromising assets. This risk isn’t only from a completely unknown outsider, but could be coming from contractors or internal staff with malicious intent.
By checking your personal email on your office computer, you are extending the risk profile of your workplace to include your own personal activities. Attacks that target you as an individual, are now naturally extended to the entire enterprise. Your office email account is carefully managed and secured by policies and the vigilance of your IT team to minimize the risk from suspicious emails, links, and attachments. Once you open your own email account on your office computer, you bypass many of these defenses and render them less effective. If you open that suspicious attachment in your personal email on your office computer, you can infect your system (and eventually many other systems) with malicious software like ransomware that may prevent you or your colleagues from performing their duties.
On January 13, 2017, two unencrypted laptops were stolen from the home of a University of California, Santa Cruz (UC Santa Cruz) researcher/instructor. The theft was discovered the same day and a police report was filed, but at this time no items have been recovered. The university's investigation confirmed that the stolen laptop contained copies of students' UC Santa Cruz narrative evaluations. There is no indication that the student information was the intended target.
What Information Was Involved?
These UC Santa Cruz narrative evaluations dating from 2000 to 2004 contained personally identifiable information including name and Social Security Number (SSN) (which was used as the Student ID number prior to 2005). In addition to SSN, student record information including grades, narrative evaluations and email addresses were on the stolen laptops. The data was not encrypted."