Bitdefender-Smartphone Safe

Personally I have asked Bitdefender to add to the Enterprise Gravity Zone for 4 years no success
But-7 tips to keep your smartphone safe until Bitdefender adds to Gravity Zone!

Hello Folks,
Your smartphone stores a great deal of personal information. Let’s face it, your whole life is on that thing. You send emails and text messages, make calls, take and share videos and photos, use social media, shop online and so much more.
To make sure you don’t become part of a rising proportion of people targeted by hackers, we’ve compiled a list of seven tips to help you keep your smartphone and your data safe.
1) Keep your smartphone and apps up to date
Software updates protect you from vulnerabilities or loopholes that can be exploited. Install them as soon as they come up.
2) Delete unused apps from your device
If you don’t need/ use it, delete it. Old apps may have severe security flaws that can compromise your device.
3) Back up data
This action is essential in case of theft or malicious compromise such as a ransomware attack.
4) Stay away from SMS scams
Delete any unexpected SMS or email containing links to download something or ask you for personal or financial information, even if they seem to come from legit sources (your bank, delivery companies).
5) Hang up or don’t respond to suspicious phone calls
Scammers may also call you on the phone to convince you to reveal personally identifiable information, bank account numbers, PINs, credit card numbers.
6) Think twice before connecting to public WiFi networks
Public WiFi can face many threats, including theft of personal information such as login and financial data, especially if you don’t use a VPN to encrypt your data.
Use Bitdefender Mobile Security to protect your smartphone
No matter how cautious you are, you can never replace a security software tailor-made to keep you safe from the latest threats.
Find out more about the full protection of your iPhone or Android devices.
Stay Safe,
Roy Miehe
CEO MspPortal Partners Inc

Breach: Microsoft Power Apps records leaked via OData API

The big news this week is the data breach at the Microsoft Power Apps platform, leading to the disclosure of up to 38 million records with Personally Identifiable Information (PII). The details range from names and email addresses to COVID-19 vaccination status, and even Social Security numbers. The breach was discovered by researchers at UpGuard, who detail the underlying issue, the entities impacted, and the response from Microsoft in their recent blog.

Researchers discovered that an OData API that Power Apps used for accessing data publicly exposed sensitive user data which should have been private. The access to data is controlled with the setting called table permissions, which can be set to restrict access to sensitive records. Unfortunately, Microsoft had opted to switch off table permissions by default, meaning that they were publicly accessible unless users realized to switch it on. Microsoft did warn users on the impact of leaving this setting off, but as the breach shows, this might not have been the best call:

Article1_OData

Upon their discovery, UpGuard notified Microsoft about the issue. The initial response was that this public accessibility was by design, not a vulnerability. Not the first time we see this excuse with reported API vulnerabilities, often dressed up in the guise of “improved user experience”.

UpGuard then proceeded to notify the impacted entities, many of whom took swift action to remove the leaked PII data. To add insult to injury, many core Microsoft portals were also affected, and subsequently Microsoft appears to have notified impacted government cloud customers of the issue.

Since the disclosure of the breach, Microsoft has changed their stance here:

They have changed the default setting so that new lists enforce table permissions to protect underlying data.
They have provided a dedicated tool, Portal Checker, for finding OData lists that allow anonymous access.

The lessons learned here include:

This is a classic example of Broken Authentication on an API — the impact of having unauthenticated APIs can lead to unintended data disclosure. You could also argue that this falls under API7:2019 — Security misconfiguration, too.
As a developer, always ensure you understand the full impact of your chosen default settings and permissions.
As a platform designer providing API service, always ensure strict access restriction (deny-by-default, least privilege…). Allowing full anonymous access to data or other resources is not a sensible default, regardless of any warnings that you glue on top.
Subscribe to API Articles

From CVS to Chevron, FDA decision triggers vaccine mandates

PAUL WISEMAN and JOSEPH PISANI
Tue, August 24, 2021, 1:10 PM

From Walt Disney World and Chevron to CVS and a Michigan university, a flurry of private and public employers are requiring workers to get vaccinated against COVID-19 after the federal government gave full approval to the Pfizer shot. And the number is certain to grow much higher

Food for thought/opinion if all firms require employees be vaccinated or find a new job..then have your employer re-write there contract with you if you get sick..they pay for all medical expenses with no out of pocket expenses and they continue to pay you your full salary

Associated Press writers Carla K. Johnson, Anne D’Innocenzio, Tom Krisher and Ricardo Alonso-Zaldivar contributed to this story.

Opinion