The Latest

Whether you’re dutifully attending open houses looking for your next home, or have lived in the same one for decades, you should always be on the lookout for water damage. That’s because it’s more than an eyesore: Water damage is a sign of a larger problem.

And if you come across water damage while shopping for a new home—or spot an area affected by it that you had never noticed before in your longtime home—you’ll want to figure out whether it happened recently, or is a remnant of a past problem. Here’s how to tell whether water damage is new or old.

How to tell whether water damage is new or old

Determining whether water damage is recent or has been there for a while isn’t as a straightforward as you might think (unless you’re a professional), but these strategies can help:

Touch it

Put on a pair of gloves, protective eyewear, and a face mask (there may be mold present) and gently press on an area with water damage. If it feels wet, but the drywall or ceiling behind it is still firm, the damage is probably new. But if the wall or ceiling is damp and squishy or spongy, the water has had a chance to soak in, and it’s likely older damage.

Look for rings

Like a tree, the more rings an area with water damage has around it, the older it is. Also pay attention to the color of the rings: If there are a variety of colors, it’s a sign that over the years, there have been multiple incidents that caused water damage in the same place. Single dark spots without rings are typically new.

Check for mold and decay

Mold typically starts to grow on an area with water damage within 48 hours, often appearing as small gray or black specs on walls, floors, or ceilings. If the mold has had a chance to spread beyond the area directly affected by water damage, it’s probably not new.

Similarly, if you notice that parts of your home with water damage have started to decay or deteriorate, it’s a sign that at least some of it is old, and that the area has likely flooded, or been the site of standing water multiple times in the past.

How to repair you home after water damage

Depending on what you find out about the water damage in your home (or potential home), you may need to do some repair work—or hire someone to do it for you.

This is a topic Lifehacker has covered from a few different angles, including posts on everything you need to do if your home has water damage, how to repair water damage in your home (and when to panic about it), and, once the root cause is taken care of, how to get rid of water stains on your ceiling.


from Lifehacker https://ift.tt/3HaPihZ
Photo: Nick Alias (Shutterstock)

Mattresses don’t come cheap, so it’s in your best interest to take care of them. In addition to covering them with a mattress protector and removing dirt and dust by vacuuming them regularly, it also means quickly cleaning up spills before they turn into stains. Here’s how to do that.

How to remove stains from a mattress

For whatever reason, a liquid or other substance was able to penetrate through your mattress protector and leave a stain on the mattress itself. Or maybe you thought you didn’t actually need a mattress protector, and find yourself with an even heavier stain.

Either way, your best chance of removing the stain is taking action as soon as possible so it doesn’t set. Here’s what to do, courtesy of the cleaning experts at Consumer Reports:

  1. Take off your bedding: Unlike your mattress, your sheets and blankets can go in the washing machine, so deal with those later.
  2. Dab the spill: Use a clean cloth or paper towel to blot the stain, soaking up as much of the liquid as possible.
  3. Spot-treat the stain: Use another clean cloth or paper towel to apply a small amount of a cleaning product, gently dabbing the stain until it’s gone. Liquid laundry detergent is a safe bet, as is a mild dish soap. If you don’t have either on hand, try an all-purpose stain remover. If you think the stain is gone, then notice that it’s still visible as it dries, apply the product again.

Certain stains require something a bit stronger. For instance, it’s best to use an enzyme cleaner (Consumer Reports suggests Angry Orange or Nature’s Miracle) to tackle urine, feces/diarrhea, and mud. It’ll also work for vomit, but prior to applying it, sprinkle some baking soda on top of the stain to absorb the odor, then vacuum it up.

Blood is a little trickier. Start by blotting the stain with cold water (hot water could set the stain, making it permanent), followed by hydrogen peroxide. After that, it’s time for the enzyme cleaner.

No matter what type of cleaning product you use and what kind of stain you have, it’s important to let your mattress dry completely before putting the protector and sheets back on. It could take a few hours—depending on how much liquid was on the mattress—but it’s better to wait than cover the mattress when it’s still damp.


from Lifehacker https://ift.tt/BD7HeKv

You’re in the shower shampooing your hair, and suddenly you catch a whiff of something unpleasant. Something that smells like sewage. Your first instinct is that it’s coming from the toilet. That might be true, but it could also be coming from your shower drain. Here are a few examples of what could be behind the stench, and how to get rid of it.

How to fix the sewer smell in your shower drain

There are a few potential sources of the sewage scent emanating from your shower, tub, or sink drain. Because drains aren’t out in the open, it often takes some trial and error to figure out what needs to be fixed in order to get rid of the smell. Your best bet is starting with the easiest solution, and going from there.

Clogged drain

Sometimes it’s obvious when your drain is clogged. Other times, a drain may appear to be functioning, but in reality, it’s getting close to capacity and a blockage.

If you’ve never had the privilege of cleaning a shower drain before, then you may be wondering how it could be the cause of the sewage smell. In that case, buckle up: Things are about to get gross.

Sure, there’s probably a lot of hair down there, but the foul odor usually comes from the bouquet of other slimy gunk trapped with it: Dead skin, bacteria, soap scum, body oils, debris, biofilm, and anything else you put down your shower drain.

Lifehacker has published several posts over the years on unclogging drains, so take a look at the different methods, and pick one.

Dry or dirty P-trap

A P-trap, or drain trap, is a U-shaped section of pipe that holds a small amount of water at all times to help prevent sewer gases from coming up through your drain. So when P-traps dry out, it could make your bathroom smell pretty disgusting.

This is most common in showers that are rarely used—like one in a guest bathroom—or that haven’t been used for a while, like if you’ve been out of town for a longer period of time. If that’s the cause of the odor, running the shower for about a minute to refill the pipe should do the trick.

On the other hand, if you use the shower on a regular basis, the P-trap could be dirty. To clean it, pour one cup of hot water down the drain, let it soak in for a minute, then pour one cup of undiluted chlorine bleach down next. Let it sit overnight, and by the next morning, your P-trap should be clean, sanitized, and odor-free.

If you try both methods and suspect the smell is coming from your P-trap, it may be broken. In that case, you’ll need to call in a professional.

Leaky pipes

If neither of the solutions above worked, you may be dealing with leaky pipes in your walls or under the shower. Wastewater from the shower and/or sewer gases could be escaping through cracks or damaged connections in the pipes, and cause your bathroom to smell like sewage. Finding and fixing the leak is a more complicated project best left to professionals.


from Lifehacker https://ift.tt/nBF0w4p

The week in security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

RSA Conference 2023
RSA Conference 2023 took place at the Moscone Center in San Francisco. Check out our microsite for related news, photos, product releases, and more.

Overcoming industry obstacles for decentralized digital identities
In this Help Net Security interview, Eve Maler, CTO at ForgeRock, talks about how digital identities continue to play a critical role in how we access online services securely. Maler also highlights the challenges encountered by various industries in implementing decentralized digital identities.

PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates
Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers.

Common insecure configuration opens Apache Superset servers to compromise
An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered.

3CX breach linked to previous supply chain compromise
Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture.

GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners.

Google Authenticator updated, finally allows syncing of 2FA codes
Google has updated Google Authenticator, its mobile authenticator app for delivering time-based one-time authentication codes, and now allows users to sync (effectively: back up) their codes to their Google account.

VMware fixes critical flaws in virtualization software (CVE-2023-20869, CVE-2023-20870)
VMware has fixed one critical (CVE-2023-20869) and three important flaws (CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) in its VMware Workstation and Fusion virtual user session software.

Google adds new risk assessment tool for Chrome extensions
Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment.

VMware plugs security holes in VMware Aria Operations for Logs (CVE-2023-20864, CVE-2023-20865)
VMware has fixed two vulnerabilities (CVE-2023-20864, CVE-2023-20865) in VMware Aria Operations for Logs (formerly vRealize Log Insight), a widely used cloud solution for log analysis and management.

The silent killers in digital healthcare
As digital transformation revolutionizes the healthcare industry, its use of API (application programming interfaces) technology is skyrocketing.

Over 70 billion unprotected files available on unsecured web servers
Critical exposures outside of an organization’s firewall are the greatest source of cybersecurity threats, according to CybelAngel.

How CISOs navigate security and compliance in a multi-cloud world
In this Help Net Security video, Kaus Phaltankar, CEO at Caveonix discusses how in today’s complex multi-cloud landscape, the role of CISOs is more crucial than ever.

Are you ready for PCI DSS 4.0?
In just under a year’s time, organizations will have had to comply with several new requirements under version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS).

Attackers are logging in instead of breaking in
Cyberattackers leveraged more than 500 unique tools and tactics in 2022, according to Sophos.

Securing the rapidly developing edge ecosystem
In this Help Net Security video interview, Theresa Lanowitz, Head of Cybersecurity Evangelism at AT&T Business, discusses the 12th annual Cybersecurity Insights Report, released at RSA Conference 2023.

Generative AI and security: Balancing performance and risk
Are we moving too fast with AI? This is a central question both inside and outside the tech industry, given the recent tsunami of attention paid to ChatGPT and other generative AI tools.

Unlocking the passwordless era
Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to using new technology that simplifies their lives, according to 1Password.

Why juice jacking is overhyped
In this Help Net Security video, Candid Wuest, VP of Global Research at Acronis, shares his insights into why juice jacking attacks are not easy for attackers – and why the actual risk for consumers is using public Wi-Fi networks.

The double-edged sword of generative AI
Before sophisticated models like ChatGPT were publicly available, organized disinformation campaigns required significantly more resources to function. For serious operations, multiple individuals were required to run campaigns effectively.

AI tools help attackers develop sophisticated phishing campaigns
Phishing scams are a growing threat, and cybercriminals’ methods are becoming increasingly sophisticated, making them harder to detect and block, according to Zscaler report.

Corporate boards pressure CISOs to step up risk mitigation efforts
While those working in InfoSec and GRC have high levels of confidence in their cyber/IT risk management systems, persistent problems may be making them less effective than perceived, according to RiskOptics.

New coercive tactics used to extort ransomware payments
The increase in reported ransomware victims across Q1 2023 reflects the continued prevalence of ransomware as a worldwide, industry agnostic threat, according to GuidePoint Security.

The double-edged sword of open-source software
The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming organizations, according to Lineaje.

Study of past cyber attacks can improve organizations’ defense strategies
Ransomware operators have been increasingly launching frequent attacks, demanding higher ransoms, and publicly exposing victims, leading to the emergence of an ecosystem that involves access brokers, ransomware service providers, insurance providers, and ransom negotiators, according to Deepwatch.

CISOs: unsupported, unheard, and invisible
A study conducted among CISOs worldwide from various industries sheds light on their strategies amid a challenging threat environment, identifies obstacles from business functions, and highlights their requirements for achieving success.

How product security reached maturity
Slava Bronfman, Co-Founder & CEO of Cybellum discusses his experience in watching the product security sector mature over the last decade in the recent episode of Left to our Own Devices podcast.

eBook: Security Compliance for CISOs
Security compliance often feels like the ever-present task that looms over every angle of your role as Chief Information Security Officer. Yet, regardless of the hours spent managing it, something can always slip through the cracks.

New infosec products of the week: April 28, 2023
Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, Arista Networks, Cyera,
Eclypsium, Halo Security, Immuta, ManageEngine, and Traceable AI.


from Help Net Security https://ift.tt/ZxmL12k

Researchers at dark web monitoring company Cyble recently wrote about a data-stealing-as-a-service toolkit that they found being advertised in an underground Telegram channel.

One somewhat unusual aspect of this “service” (and in this context, we don’t mean that word in any sort of positive sense!) is that it was specifically build to help would-be cybercriminals target Mac users.

The malware peddlers’ focus on Apple fans was clearly reflected in the name they gave their “product”: Atomic macOS Stealer, or AMOS for short.

They’re after passwords, cryptocoins and files

According to Cyble, the crooks are explicitly advertising that their malware can do all of these things:

  • Rip off passwords and authentication information from your macOS Keychain (Apple’s internal storage system for passwords and authentication credentials).
  • Steal files from your Desktop and Documents directories.
  • Retrieve comprehensive information about your system.
  • Plunder secret data from eight different browsers.
  • Slurp the contents of dozens of different cryptowallets.

Ironically, the one browser that doesn’t show up on the list is Apple’s own Safari, but the sellers claim to be able to exfiltrate data from Chrome, Firefox, Brave, Edge, Vivaldi, Yandex, Opera, and Opera’s gamer-centric browser, OperaGX.

As an AMOS “customer”, you also get an account on the cybergang’s online AMOS cloud portal, and a feature to send “crime logs” and stolen data directly to your Telegram account, so you don’t even need to login to the portal to check for successful attacks.

As well as that, you get what the crooks describe as a beautiful DMG installer, presuambly to improve the likelihood that you can lure prospective victims into installing the softare in the first place.

DMGs are Apple Disk Image files, commonly used by legitimate software developers as a well-known, good-looking, easy-to-use way of delivering Mac software.

All this for $1000 a month.

Watch out for password prompts

As you can imagine, attackers who want to access your macOS Keychain can’t do so simply by tricking you into running a program while you’re already logged in.

Running an app under your account is enough to read many or most of your files, but actions such as viewing and changing system settings, and viewing Keychain items, require you to put in your password every time, as an extra layer of safety and security.

In this case, Cyble researchers noted that the malware lures you into giving away your account password by popping up a dialog with the title System Preferences (in macOS Ventura, it’s actually now called System Settings), and claiming that macOS itself “wants to access System Preferences”.

Well-informed Mac users should spot that the popup produced clearly belongs to the malware app itself, which is imaginatively called Setup.

Password dialogs that are requested by the System Preferences (or System Settings) app itself come up as an integral part of the Preferences application window, and can only be accessed when the Preferences app itself has focus and thus shows up as the active application in your Mac’s menu bar.

What to do?

Malware that specifically targets Mac users is rare compared to malware aimed at Windows users, but this find by Cyble’s dark web diggers is a reminder that “unusual” is not the same as “non-existent”.

If you’re one of those Mac users who tends to treat cybersecurity as a curiosity instead of building it into your digital lifestyle, perhaps because a friend or family member once assured you that “Macs don’t get viruses”…

…please treat this article as a gentle reminder that malware attacks aren’t just things that happen to other people.

  • Stick to reputable download sites. Apple’s own App Store isn’t perfect, but it’s less of a free-for-all than sites and services you’ve never heard of. You can control the source of apps you install via the System Settings > Privacy & Security page, accessible directly from the Apple menu. If you need off-market apps, you can always give yourself access temporarily, and then lock your system down again immediately afterwards.
  • Don’t be fooled by what these crooks refer to as the “beauty” of an app. Modern software development tools make it easier than ever to produce professional-looking applications and installers, so malware doesn’t inevitably give itself away by looking sub-standard.
  • Consider running real-time malware blocking tools that not only scan downloads, but also proactively prevent you from reaching dangerous download servers in the first place. Sophos Home is free for up to three users (Mac and/or Windows), or modestly priced for up to 10 users. You can invite friends and family to share your licence, and help them by looking after their devices remotely via our cloud-based console, so you don’t need to run a server at home.

Note. Sophos products detect and block the malware in Cyble’s report under the name OSX/InfoStl-CP, if you are a Sophos user and would like to check your logs.


from Naked Security https://ift.tt/JG4RV7m

The UK Cyber Security Councilv has launched the first phase of its certification mapping tool.

It has been created to map all available cyber security certifications onto the 16 specialisms identified by the Council, with the first phase now available.

The tool currently includes at least one certification per specialism, with more to be added. The Council aims to deliver a comprehensive resource that contains all options of value to each career path, and the tool will be updated regularly to include new certifications when they become available.

The announcement follows the launch of the Council’s career mapping tool, which provides details about pathways into the 16 cyber security specialisms, based on knowledge areas, earlier this year. Once complete, the certification mapping tool and the career mapping tool will work in combination to provide a centralised platform detailing routes into each specialism alongside the certifications that will act as a clear and accessible roadmap for each individual’s career.

Professor Simon Hepburn, CEO at the UK Cyber Security Council said: “There are so many different certifications within cyber security, which makes it difficult for candidates to know where to start. We know that there are multiple perceived barriers to a career in cyber and at the Council we want to make sure that certification is not one of them.

“People spend time and money on getting certifications and it’s important that they do so knowing that the level they achieve is aligned to the specialism and role they want to secure.

“Starting out, a junior cyber professional may see senior people with multiple certifications – likely because they have acquired them throughout their career as different employers have required different skills. This can be overwhelming for new candidates, who may not realise they don’t need all of these certifications straight away.

“We are developing a solution to this problem by providing clear advice on what certifications are necessary for each specialism, along with course costs and known providers. Once you’ve identified your specialism through our career mapping tool, we want to ensure the next steps are as straightforward as possible through our certification mapping tool.”

Commissioned in 2019 by the then Department for Media Culture and Sport (DCMS), the Council is tasked with promoting and stewarding nationally recognised standards for cyber security in support of the UK Government’s National Cyber Security Strategy.


from Help Net Security https://ift.tt/Os1ZP0i

Whether you’re into classic, well-manicured American suburban landscape design, or favor a more natural look featuring native shrubs, you probably have some type of foundation plant around the perimeter of your house (or at least the parts visible from the street).

These hardworking plants, flowers, shrubs, and bushes can change the look of your home, introducing a variety of textures and colors, and adding visual interest. But not all greenery is up to the task. Here are a few examples of the best foundation plants.

What makes a good foundation plant?

When selecting foundation plants, it’s important to consider how much work you want to put into maintaining them—which, for most people, is as little as possible. For that reason, perennials, shrubs, and bushes are popular picks.

Also, before making a purchase, check to see whether a plant is able to survive in your USDA Hardiness Zone, and that the amount of sunlight it will get along the sides of your house meets its needs.

There are other factors to consider—like color, height, growth rate, blooming season, and shape—but those are more specific to your climate, property, and design preferences.

Best foundation plants and shrubs

Again, finding the best foundation plants for you has a lot to do with your local conditions and the amount of sunlight they’ll get as they surround your house, but here are a few examples of popular foundation plants and shrubs that are (relatively) easy to maintain:

  • Hydrangeas
  • Spireas
  • False cyprus
  • Inkberry holly
  • Allium (ornamental onion)
  • Azaleas
  • Stonecrop
  • Phlox
  • Boxwood
  • Daylilies
  • Yucca
  • Hostas
  • Mock orange
  • Dogwood
  • Arborvitae
  • Deutzia
  • Agapanthus
  • Peonies
  • Astilbe
  • Elderberry
  • Carex
  • Dwarf lilacs
  • Juniper
  • Coral bells
  • Weigela
  • Catmint
  • Abelia

And, as always, when in doubt, contact your local extension office for advice on selecting foundation plants that best suit your region and the growing conditions around your home.


from Lifehacker https://ift.tt/K4VszFD