5 tips for protecting your YouTube account

youtube

Videos, videos, and more videos! The millions of YouTube users are probably unaware of the dangers when surfing the platform looking for the next viral hit. However, this Google service is in the eye-line of many cybercriminals.

Through phishing attacks, they try to obtain passwords to access information such as bank data associated with your YouTube channel. The problem may be even greater if the account you use is owned by the company for which you work.

So, in the event that you have a YouTube channel which you use frequently, take note. Carelessness can end up being very expensive taking some precautions will serve you in the long run.

5 tips to protect your YouTube account

1. Be careful with shortened links

To begin with, be wary of any shortened link that reaches you, no matter where it comes from. While most are safe, some hide nasty surprises, like a malware that is automatically downloaded to your computer to steal information. Before clicking, make sure you know where the link will lead you to.

password

2. Use secure passwords

A key aspect in preventing a phishing attack is to have a strong password. It should include a mix of uppercase, lowercase, numbers, symbols and the maximum number of possible. In addition, it is recommended to change your password every three months if you can. This way you’ll be able to ensure that the cybercriminals are stopped in their tracks.

3. Change your  password frequently

As if it needs to be repeated, but be cautious with your password – do not use the same one you use on other platforms and don’t have it written down. We must tread warily in the digital world, but the physical world can be just as dangerous.

4. Don’t give your information away via email

You shouldn’t trust emails that you receive that request the password with which you access your YouTube account. In fact, if it comes from Google itself, be extra wary – an attack uncovered a few months ago shows that a malicious URL, in the guise of a company link, could make users enter their information without realizing it.

5. Fill out the recovery form on Google

It is important that you fill out the recovery form on your Google account. Although you may not like the idea of ​​giving your phone number to the company, it is a good way to avoid bigger issues if you discover that someone tries to enter your account – you’re the only one who has access to the recovery code on your phone.

In short, common sense and some thoughtfulness when creating your password can save you some massive headaches later. Just check carefully where you enter your personal details and this will stop cybercriminals from getting their hands on it.

The post 5 tips for protecting your YouTube account appeared first on MediaCenter Panda Security.

Windows Phone Store scam: malicious mobile apps aren’t unique to Google Play

Although it’s possible to use third-party apps stores safely and securely, the fact that scams do still occur in a variety of app stores shouldn’t be ignored. On Sunday, a threat was discovered by a user who posted the issue on our forum. The scam, located within the Windows Phone Store, advertised three fraudulent versions of Avast Mobile Security. These fake apps not only include the Avast logo, but also feature actual screenshots from AMS in their image galleries. Our fast-acting team has since blocked the pages and has labeled them as malicious.

Fake AMS apps collect personal data and redirect users to adware



If downloaded, these fake versions of AMS found on the Windows Phone Store pose a risk to users’ security. Here’s how they work:

  1. New Avast security: This app includes three control buttons which show only advertisements. Even without actively clicking on the ads, the app redirects users to additional adware.
  2. Avast Antivirus Analysis: Claiming to “protect your phone from malware and theft”, this malicious app runs in the background of victims’ devices once downloaded and collects their data and location.
  3. Mobile Security & Antivirus – system 2: Simply put, this is a paid-for version of “New Avast security” that forcibly leads users to adware.

The fun doesn’t stop there!

After doing some additional research, our malware analysts discovered that TT_Game_For_All, the same user that published the fake AMS apps, isn’t solely impersonating Avast. Instead, this cybercriminal has published a large collection of close to fifty apps, the majority of which cost around the equivalent of 1.99 USD. Certain apps even claim to be from other well-known companies such as Qihoo 360, APUS, and Clean Master. 



Keep your eyes open for app store threats

This case goes to show that when it comes to mobile malware, it’s not only the Android platform that is vulnerable to attacks. Although Windows Phone devices aren’t currently as widely used as that of Android, it’s important to be careful regardless of the platform that you use. Finally, keep in mind that Google Play isn’t the only app store users should be paying attention to when it comes to avoiding mobile scams and threats — these threats can occur within any app store.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

WordPress 4.2.4 Security and Maintenance Release

WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.

Our thanks to those who have practiced responsible disclosure of security issues.

WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.4 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.2.4.

Already testing WordPress 4.3? The second release candidate is now available (zip) and it contains these fixes. For more on 4.3, see the RC 1 announcement post.

Release for CentOS 7 on AArch64

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We would like to announce the general availability of CentOS Linux 7
for AArch64 compatible machines.

This is the first major release of CentOS Linux 7 for ARM/AArch64
produced by the AltArch Special Interest Group. This release uses a
3.19 based kernel as well as incorporating fixes and updates provided
through-out the beta process. This release is built from sources
available at git.centos.org from the c7, c7-ppc64le, and c7-aarch64
branches.



Installation
============

This release provides media for a network install, as well as an
Everything ISO that can be used for USB based installation if desired.
This ISO is currently too large for standard DVD media, and so is best
used via USB media. Additionally, a compressed disk image has been
provided for rapid deployments of a development environment.


Downloads
=========

Everything iso:
http://mirror.centos.org/altarch/7/isos/aarch64/CentOS-7-aarch64-Everyth
ing.iso
sha256sum:
9294f741b4d63fd858e9234b86825fd214c1a86f91b9058d4d6440f96687a7a1
NetInstall iso:
http://mirror.centos.org/altarch/7/isos/aarch64/CentOS-7-aarch64-NetInst
all.iso
sha256sum:
1cd1bab57dbc49d43efd5fe540e02147814e0facaaeae26e3bedf9a317d24d7a
Disk Image:
http://mirror.centos.org/altarch/7/isos/aarch64/CentOS-7-aarch64.img.xz
sha256sum:
43930834944b3ac9c9348cc03ca1be215f5f96f3d6bd1a4100feaa34a92c1b69


Directions and Help
===================

Hardware specific installation instructions can be found at
http://wiki.centos.org/SpecialInterestGroup/AltArch/AArch64

Disk Image user/password information as well as the kickstart used to
generate it is contained README at
http://mirror.centos.org/altarch/7/isos/aarch64/ReadMe.txt


- -- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: < at >BitIntegrity | GPG Key: FA09AD77
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJVwEPEAAoJEBbHyC76Ca13i4gQAMJ6K4Jaju0lbnLeLUqJN9xz
4cxqM3VH3rqkMSZVHFzJis5OID8Q1DTzKsaugSxWS/FNoG7xyl1HrHqfm8i5RLii
WVZ9unxzJCIfMDPQ4Bd0AkkBgnNpFfI+0SZx1TWmbrNfcaN6qgQPzUHX03akBUh3
fSAsesMJy1WSEYz+mmStKercwJmO/bgbgQ5Y11cmcWo5S/OYBP87bpgJQCje7zUN
lZDXG+pdpq+U801MeqpXNVqUazUFN7VuXq9p+8ZwTaw9gNdPIJpwBwM5YdptELSh
2q/ORbvT6s73FkFI0FNjEOzgbCUme47J4vvhvPOw8EksyuNVFQRoAaTLCf25wJTb
VKm0ndnKMfnnjl/8+7cVkcGjJS0weavExTXqeYwxSb58jTn6E/aAa6yUj1XQkb2i
AydUBLhPzpuhvxy/G6QLJMGVUZL/fe9g+4cbMFUatp0Vyrv2GlBeCAQTSEiq8puz
76ByH3z/aXkN8qkPmlQc9ruFYidlm6l5dWT4pws1KL6lWbRC10z+SD2TVTZ2A7Eq
WE2KCvmFRL1ai2TzuIVF8WLUDtfT6P0ZzkH+guz01sCTq8GCaORyn3fX/hmnqn95
S5fAg+/IbEri4T/r84/Ervy9DekyZfGW2YTfHQX4Kp1fDd5AghYgmXAvIeAV6+Ke
4xMMY5b/TI1op1UigvYl
=+QdN
-----END PGP SIGNATURE-----

Fedora 21 Security Update: xen-4.4.2-9.fc21

Resolved Bugs
1243563 – CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access
1179352 – Utilize system-wide crypto-policies
1247142 – CVE-2015-5154 xen: qemu: ide: atapi: heap overflow during I/O buffer memory access [fedora-all]
1239309 – xen package does not create new entry in /boot/efi/EFI/fedora/grub.cfg<br
QEMU heap overflow flaw while processing certain ATAPI commands.
[XSA-138, CVE-2015-5154] (#1247142)
rebuild efi grub.cfg if it is present (#1239309),
add gcc5 build fixes, one needed for the following patch,
modify gnutls use in line with Fedora’s crypto policies (#117935)

Fedora 21 Security Update: devscripts-2.15.8-1.fc21

Resolved Bugs
1249635 – CVE-2015-5704 devscripts: arbitrary shell command injection
1249647 – CVE-2015-5705 devscripts: argument injection vulnerability [fedora-all]
1249227 – licensecheck cannot parse c/c++ files
1249636 – CVE-2015-5704 devscripts: arbitrary shell command injection [fedora-all]
1249645 – CVE-2015-5705 devscripts: argument injection vulnerability<br
Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705.
Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.

Fedora 22 Security Update: devscripts-2.15.8-1.fc22

Resolved Bugs
1249635 – CVE-2015-5704 devscripts: arbitrary shell command injection
1249645 – CVE-2015-5705 devscripts: argument injection vulnerability
1249227 – licensecheck cannot parse c/c++ files
1249636 – CVE-2015-5704 devscripts: arbitrary shell command injection [fedora-all]
1249647 – CVE-2015-5705 devscripts: argument injection vulnerability [fedora-all]<br
Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705.
Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
This update fixes licensecheck refusing to parse some text files such as C++ source files.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.
Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.