Tag Archive for: extra

Renewing car tags online might take an extra step after security breach to county provider

/in


Arkansans are experiencing a few hiccups when renewing their car tags online as a result of a service provider for many counties being hacked last year, Scott Hardin, spokesman for the Department of Finance and Administration, said Tuesday.  

The state’s 2.7 million passenger vehicles are required to be assessed at the county level before they can be renewed at the state level each year. As a consequence of the hacking of Apprentice Information Services of Rogers in November, many counties’ computer systems were unable to provide online services, according to reports from KAIT-TV in Jonesboro to the Texarkana Gazette. The county computer systems are still unable to communicate with the state’s computer systems, Hardin said. 

Pulaski County, the state’s most populous, is among the counties impacted by the security breach, Hardin said. 

The county systems have not been linked back up to the state’s computer system to ensure there’s no chance the state’s computer system could be made vulnerable to hackers. 

As a workaround for the online car tag renewals, the state is allowing residents unable to renew online to call the Department of Finance and Administration’s motor vehicle help desk to explain the situation. The help desk can override the requirement to assess the vehicle before renewing with the state. The help desk will notify the county that the vehicle has been renewed but has not been assessed, Hardin said. 

We want to be sure Arkansans understand vehicle renewal remains available both in person and online,” Hardin said via email. “However, for customers using the online option, one extra step (calling or emailing to request an override) may be required for those in counties affected by the security breach.”

An assessment is an owner’s declaration of personal property to the county so that property taxes can ultimately be paid on the vehicle, Hardin said. 

The issue only impacts online renewals. Arkansans who prefer to avoid these hiccups can still physically go to a county assessor’s office for assessment and one of the 134 state revenue offices for renewal. 

Hardin said the department recommends car owners try to renew online first. If…

Source…

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

/in


All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories.

WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites

The WordPress team this week announced the release of version 6.0.2 of the content management system (CMS), notes Security Week, with patches for three security bugs, including a high-severity SQL injection vulnerability.

AppSec/API Security 2022

“The content management system is subject to a SQL injection vulnerability. The issue exists in the WordPress Link functionality and usually affects older versions of WordPress. The functionality is disabled in newer versions of WordPress by default. The vulnerability exists because of improper sanitization of the limit argument of the link retrieval query in the get_bookmarks function. This vulnerability is patched in WordPress 6.0.2 and later.”

Over 1,000 iOS apps found exposing hardcoded AWS credentials

Security researchers are raising the alarm about mobile app developers relying on insecure practices that expose Amazon Web Services (AWS) credentials, making the supply chain vulnerable, Bleeping Computer reports.

“Both iOS and Android apps have exposed AWS credentials. With these credentials an attacker could gain access to databases or other services. It was estimated that 77% of the applications contained AWS tokens that could be used to access private cloud services. The security researchers noted that about 874 applications contained valid credentials that could be used to access database records that potentially contain sensitive personal information.”

Microsoft Discover Severe ‘One-Click’ Exploit for TikTok Android App

Microsoft on Wednesday disclosed details of a now-patched “high severity vulnerability” in the TikTok app for Android that could (Read more…)

Source…

Chrome Android Incognito Mode Adds Extra Layer of Security | PIN, Face Unlock, or Fingerprint Access

/in




Urian B., Tech Times

Chrome Android Incognito Mode Adds Extra Layer of Security | PIN, Face Unlock, or Fingerprint Access
(Photo : Image from Pexels) Chrome Android Incognito Mode Adds Extra Layer of Security | PIN, Face Unlock, or Fingerprint Access

Chrome Android incognito mode is adding an extra layer of security with PIN, face unlock, or even fingerprint access. The new feature highlights ways that can improve users’ security through their phone when accessing incognito mode.

Google Incognito Mode

According to the story by SlashGear, private browsing, otherwise known as incognito mode, is one of the very basic forms of privacy protection mechanisms existing in web browsers today. Although it can sometimes be mistaken for complete privacy protection, incognito mode actually only makes sure that the user won’t leave any traces of their activity on the browser itself.

The protection, however, can be considered quite pointless if there is already someone else that holds the users’ phone and the browser is left open. This is why Google has now been working on another re authentication mechanism for its incognito mode scheduled to come to Android pretty soon.

PIN or Biometric Authentication

Physical access to a particular device will almost always make security features quite moot. This is especially true when the users’ phone is already unlocked. Incognito mode can also be rendered useless when the tabs are already opened within the browsers’ background. Google allows complete search history deletion despite not even using incognito mode.

All that it would take is for an unauthorized user to simply switch everything back to it in order to see what the original user has been secretly browsing. Another lock for the incognito mode would add an extra layer of security. This is presumably if users already have enabled their PIN or biometric authentication on their device.

Chrome Android Canary Version

Chrome Story reports that a brand new flag in Chrome for Android’s very own development Canary version will add exactly that. Once the flag has reportedly been enabled and Chrome has finally been restarted, a brand…

Source…

Why Banks & Financial Institutions Must Take Extra Cybersecurity Measures During Festive Season

/in


Technological advancement in the past few decades has changed the way people live and how businesses operate all over the world. Everything in our life has become easier, faster and much more convenient. However, it’s impossible to ignore the flip side to such a scenario. Today, more crimes are being conducted via the internet and a computer rather than a gun. 

Each year, a growing number of individuals and organisations fall prey to cyberattacks. As cyber threats continue to evolve, the facts and figures become more and more concerning. This is even more so for banks, NBFCs and institutions belonging to the financial sector – a sector associated with money, information and the public.

Cyberattacks On The Financial Sector

Cybercriminals have diverse reasons to target banks and other financial institutions. The financial sector houses the most sensitive data and liquid assets. By gaining access to a financial institution’s database, hackers can steal money or spy on organisations and its customers. They can sell the stolen confidential data and use the money to fund terrorist attacks. By hacking into a network, cybercriminals can even manipulate or disrupt markets, which interests state actors. 

Hackers can damage, destroy and misuse important data, intellectual property, steal money, commit fraud, embezzlement, and identity theft. Cyberattacks, even unsuccessful ones, carry the potential to disrupt usual business activities, leading to loss of financial and other resources. Besides affecting a financial institution’s solvency, cybersecurity failures can also ruin an organisation’s reputation, proving even more crippling than financial losses. As most of the banking system lies interconnected, the spillover of cyberattacks on other banks can even paralyse the overarching financial system of a state. 

Over the past few years, hackers have been carrying out more sophisticated and large scale attacks on this sector. In 2016, Bangladesh’s central bank became victim to one of them, losing nearly $100 million. In 2017, Equifax, a credit reporting agency, reported the largest publicly disclosed breaches in history. Sensitive personal…

Source…