ESET research discovers ESPecter bootkit – FontOnLake targeting Linux – Fake SafeMoon app update
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks
The post FontOnLake: Previously unknown malware family targeting Linux appeared first on WeLiveSecurity
Two-factor authentication is a simple way to greatly enhance the security of your account
The post Google to turn on 2FA by default for 150 million users, 2 million YouTubers appeared first on WeLiveSecurity
Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze
The post To the moon and hack: Fake SafeMoon app drops malware to spy on you appeared first on WeLiveSecurity
What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves, because when we are no longer keeping tabs on what’s happening with old accounts, they can become targets for cybercrime.
In fact, quite a few recent high-profile breaches targeted inactive accounts. The Colonial Pipeline ransomware attack came through an inactive account that didn’t use multifactor authentication, according to a consultant who investigated the incident. And in the case of the recent T-Mobile breach this summer, information from inactive prepaid accounts was accessed through old billing files. Inactive accounts can pose a serious security risk.
For Google users, Inactive Account Manager helps with that problem. You can decide when Google should consider your account inactive and whether Google should delete your data or share it with a trusted contact.
Here’s How it Works
Once you sign up for Inactive Account Manager, available in My Account settings, you are asked to decide three things:
- When the account should be considered inactive: You can choose 3, 6, 12 or 18 months of inactivity before Google takes action on your account. Google will notify you a month before the designated time via a message sent to your phone and an email sent to the address you provide.
- Who to notify and what to share: You can choose up to 10 people for Google to notify once your Google Account becomes inactive (they won’t be notified during setup). You can also give them access to some of your data. If you choose to share data with your trusted contacts, the email will include a list of the selected data you wanted to share with them, and a link they can follow to download that data. This can include things like photos, contacts, emails, documents and other data that you specifically choose to share with your trusted contact. You can also choose to set up a Gmail AutoReply, with a custom subject and message explaining that you’ve ceased using the account.
- If your inactive Google Account should be deleted: After your account becomes inactive, Google can delete all its content or send it to your designated contacts. If you’ve decided to allow someone to download your content, they’ll be able to do so for 3 months before it gets deleted. If you choose to delete your Google Account, this will include your publicly shared data (for example, your YouTube videos, or blogs on Blogger). You can review the data associated with your account on the Google Dashboard. If you use Gmail with your account, you’ll no longer be able to access that email once your account becomes inactive. You’ll also be unable to reuse that Gmail username.
Setting up an Inactive Account plan is a simple step you can take to protect your data, secure your account in case it becomes inactive, and ensure that your digital legacy is shared with your trusted contacts in case you become unable to access your account. Our Privacy Checkup now reminds you to set up a plan for your account, and we’ll send you an occasional reminder about your plan via email.
At Google, we are constantly working to keep you safer online. This October, as we celebrate Cybersecurity Awareness Month, we want to remind our users of the security and privacy controls they have at their fingertips. For more ways to enhance your security check out our top five safety tips and visit our Safety Center to learn all the ways Google helps keep you safer online, every day.
ESET research discovers a previously undocumented UEFI bootkit with roots going back all the way to at least 2012
The post UEFI threats moving to the ESP: Introducing ESPecter bootkit appeared first on WeLiveSecurity
New ESET Threat Report is out – Cybersecurity Awareness Month begins today – What organizations should do to secure their VPNs
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Over the past year we have made a number of investments to strengthen the security of critical open source projects, and recently announced our $10 billion commitment to cybersecurity defense including $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities.
Today, we are excited to announce our sponsorship for the Secure Open Source (SOS) pilot program run by the Linux Foundation. This program financially rewards developers for enhancing the security of critical open source projects that we all depend on. We are starting with a $1 million investment and plan to expand the scope of the program based on community feedback.
Why SOS?
SOS rewards a very broad range of improvements that proactively harden critical open source projects and supporting infrastructure against application and supply chain attacks. To complement existing programs that reward vulnerability management, SOS’s scope is comparatively wider in the type of work it rewards, in order to support project developers.
What projects are in scope?
Since there is no one definition of what makes an open source project critical, our selection process will be holistic. During submission evaluation we will consider the guidelines established by the National Institute of Standards and Technology’s definition in response to the recent Executive Order on Cybersecurity along with criteria listed below:
- The impact of the project:
- How many and what types of users will be affected by the security improvements?
- Will the improvements have a significant impact on infrastructure and user security?
- If the project were compromised, how serious or wide-reaching would the implications be?
- The project’s rankings in existing open source criticality research:
- Is the project included in the Havard 2 Census Study of most-used packages, or does it have a score of 0.6 or above in the OpenSSF Critically Score project?
What security improvements qualify?
The program is initially focused on rewarding the following work:
- Software supply chain security improvements including hardening CI/CD pipelines and distribution infrastructure. The SLSA framework suggests specific requirements to consider, such as basic provenance generation and verification.
- Adoption of software artifact signing and verification. One option to consider is Sigstore’s set of utilities (e.g. cosign).
- Project improvements that produce higher OpenSSF Scorecard results. For example, a contributor can follow remediation suggestions for the following Scorecard checks:
- Code-Review
- Branch-Protection
- Pinned-Dependencies
- Dependency-Update-Tool
- Fuzzing
- Use of OpenSSF Allstar and remediation of discovered issues.
- Earning a CII Best Practice Badge (which also improves the Scorecard results).
We’ll continue adding to the above list, so check our FAQ for updates. You may also submit improvements not listed above, if you provide justification and evidence to help us understand the complexity and impact of the work.
Only work completed after October 1, 2021 qualifies for SOS rewards.
Upfront funding is available on a limited case by case basis for impactful improvements of moderate to high complexity over a longer time span. Such requests should explain why funding is required upfront and provide a detailed plan of how the improvements will be landed.
How to participate
Review our FAQ and fill out this form to submit your application.
Please include as much data or supporting evidence as possible to help us evaluate the significance of the project and your improvements.
Reward amounts
Reward amounts are determined based on complexity and impact of work:
- $10,000 or more for complicated, high-impact and lasting improvements that almost certainly prevent major vulnerabilities in the affected code or supporting infrastructure.
- $5,000-$10,000 for moderately complex improvements that offer compelling security benefits.
- $1,000-$5,000 for submissions of modest complexity and impact.
- $505 for small improvements that nevertheless have merit from a security standpoint.
Looking Ahead
The SOS program is part of a broader effort to address a growing truth: the world relies on open source software, but widespread support and financial contributions are necessary to keep that software safe and secure. This $1 million investment is just the beginning—we envision the SOS pilot program as the starting point for future efforts that will hopefully bring together other large organizations and turn it into a sustainable, long-term initiative under the OpenSSF. We welcome community feedback and interest from others who want to contribute to the SOS program. Together we can pool our support to give back to the open source community that makes the modern internet possible.
The campaign may last for a month, but we should remember that cybersecurity is a year-round affair
The post October is Cybersecurity Awareness Month! Why being cyber‑smart matters appeared first on WeLiveSecurity
Flaws in Apple Pay and Visa could allow criminals to make arbitrary contactless payments – no authentication needed, research finds
The post Hackers could force locked iPhones to make contactless payments appeared first on WeLiveSecurity
Easy Contact
253 Main Ave, Passaic NJ 07055Call 973-777-5656
info@advantagecomputers.com
Fax 973-777-5821
© 2025 ~ All Rights Reserved
Advantage Computer Solutions, Inc