Gary Davis – McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Wed, 16 Jan 2019 01:22:34 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png Gary Davis – McAfee Blogs https://securingtomorrow.mcafee.com 32 32 Children’s Charity or CryptoMix? Details on This Ransomware Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/#respond Wed, 16 Jan 2019 01:22:34 +0000 https://securingtomorrow.mcafee.com/?p=93839

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making […]

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making a donation instead of a ransom payment. While CryptoMix has used this guise in the past, they’ve recently upped the ante by using legitimate information from crowdfunding pages for sick children to further disguise this scheme.

So, how does CryptoMix trick users into making ransom payments? First, the victim receives a ransom note containing multiple email addresses to contact for payment instructions. When the victim contacts one of the email addresses, the “Worldwide Children Charity Community” responds with a message containing the profile of a sick child and a link to the One Time Secret site. This website service allows users to share a post that can only be read once before it’s deleted. CryptoMix’s developers use One Time Secret to distribute payment instructions to the victim and explain how their contribution will be used to provide medical help to sick children. The message claims that the victim’s data will be restored, and their system will be protected from future attacks as soon as the ransom is paid. In order to encourage the victim to act quickly, the note also warns that the ransom price could double in the next 24 hours.

After the victim makes the payment, the ransomware developers send the victim a link to the decryptor. However, they continue to pretend they are an actual charity, thanking the victim for their contribution and ensuring that a sick child will soon receive medical help.

CryptoMix’s scam tactics show how ransomware developers are evolving their techniques to ensure they make a profit. As ransomware threats become stealthier and more sophisticated, it’s important for users to educate themselves on the best techniques to combat these threats. Check out the following tips to help keep your data safe from ransomware:

  • Back up your data. In order to avoid losing access to your important files, make copies of them on an external hard drive or in the cloud. In the event of a ransomware attack, you will be able to wipe your computer or device and reinstall your files from the backup. Backups can’t always prevent ransomware, but they can help mitigate the risks.
  • Never pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments.
  • Use security software. Adding an extra layer of security with a solution such as McAfee Total Protection, which includes Ransom Guard, can help protect your devices from these types of cyberthreats.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/feed/ 0
That’s a Wrap! Read the Top Technology Takeaways From CES 2019 https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/#respond Sat, 12 Jan 2019 00:16:11 +0000 https://securingtomorrow.mcafee.com/?p=93785

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not […]

The post That’s a Wrap! Read the Top Technology Takeaways From CES 2019 appeared first on McAfee Blogs.

]]>

The sun has finally set on The International Consumer Electronics Show (CES) in Las Vegas. Every year, practically everyone in the consumer electronics industry comes from all over to show off the latest and greatest cutting-edge innovations in technology. From flying taxis, self-driving suitcases, and robots that will fold your laundry, CES 2019 did not disappoint. Here are some of my main takeaways from the event:

5G is the future

It seems that anyone and everyone who attended the event was talking about 5G. However, there wasn’t exactly a definitive answer to when the service would be available to consumers. According to Forbes, 5G is an abbreviation that stands for the fifth generation of the cellular wireless transmission. And while many companies at CES discussed 5G, the number of products that are actually capable of tapping into the network is minimal. This doesn’t mean we shouldn’t get excited about 5G. The faster connection, speed, and responsiveness of the 5G network will help enable IoT, autonomous driving, and technology that hasn’t even been invented yet.

Gaming gets an upgrade

Gamers everywhere are sure to enjoy the exciting new gadgets that launched this year. From wireless charging grips for the Nintendo Switch to curved monitors for better peripheral vision, tech companies across the board seemed to be creating products to better the gaming experience. In addition to products that are enhancing gamer’s capabilities, we also saw gaming products that are bringing the digital world closer to reality. For example, Holoride partnered with Disney and Audi to create a Guardians of the Galaxy virtual reality (VR) experience for car passengers that mimics the movements of the vehicle.

Optimized IoT devices, AI-driven assistants

This year’s event was colored with tons of new smart home and health IoT technology. Although smart home technology made a big splash at last year’s show, CES 2019 focused on bringing more integrated smart home products to consumers. For example, the AtmosControl touch panel acts as a simplified universal remote so consumers can control all of their gadgets from a single interface. We also saw the Bowflex Intelligent Max, a platform that allows consumers to download an app to complete Bowflex’s fitness assessment and adjust their workout plan based on the results.

Voice assistants seemed to dominate this year’s show, as well. Google and Amazon upped the ante with their use of improved AI technology for the Google Assistant and Amazon Alexa. Not only has Google brought Google Assistant to Google Maps, but they’ve also created a Google Assistant Interpreter Mode that works in more than 20 languages. Not to be shown up, Amazon announced some pretty intriguing Alexa-enabled products as well, including the Ring Door View Cam, a smart shower system called U by Moen, and the Numi 2.0 Intelligent Toilet.

The takeoff of autonomous vehicles

Not only did AI guide new innovations in IoT device technology, but it also paved the way for some futuristic upgrades to vehicles. Mercedes showcased their self-driving car called the Vision Urbanetic, an AI-powered concept vehicle that can hold up to 12 people. BMW created a rider-less motorcycle designed to gather data on how to make motorcycles safer on the road. And we can’t forget about Uber’s futuristic flying taxi, created in partnership with Bell Nexus, and expected to take flight in 2020.

Cybersecurity’s role in the evolving technological landscape

At McAfee, we understand the importance of securing all of these newfangled IoT gadgets that make their way into consumers’ homes. To do this, we announced the launch of Secure Home Platform voice commands for the Google Assistant, allowing users to keep track of their entire network through one interface.

To reflect the upgrades in gaming technology, we also launched the beta mode of McAfee Gamer Security. Many antivirus solutions are notorious for slowing down PCs, which can really hinder the gaming experience. This security solution, designed for PC gamers, provides a light but mighty layer of protection that optimizes users’ computing resources.

If there’s one thing we took away from this year’s event, it’s that technological innovations won’t be slowing down any time soon. With all of these new advancements and greater connectivity comes the need for increased cybersecurity protection. All in all, CES 2019 showed us that as software and hardware continues to improve and develop, cybersecurity will also adapt to the needs of everyday consumers.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post That’s a Wrap! Read the Top Technology Takeaways From CES 2019 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2019/feed/ 0
Level Up Your Cybersecurity: Insights from Our Gaming Survey https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/#respond Wed, 02 Jan 2019 05:30:20 +0000 https://securingtomorrow.mcafee.com/?p=93063

Online gaming has seen a rise in popularity over the years. Many people see it as a way to unwind from a stressful day or complete new challenges. However, just like any other internet-connected channel, online gaming can expose users to a variety of cybersecurity risks. So, to examine the relationship between cybersecurity and gaming, […]

The post Level Up Your Cybersecurity: Insights from Our Gaming Survey appeared first on McAfee Blogs.

]]>

Online gaming has seen a rise in popularity over the years. Many people see it as a way to unwind from a stressful day or complete new challenges. However, just like any other internet-connected channel, online gaming can expose users to a variety of cybersecurity risks. So, to examine the relationship between cybersecurity and gaming, we decided to survey 1,000 U.S. residents ages 18 and over who are frequent gamers. *

Time to Upgrade Your Online Safety

Of those surveyed, 75% of PC gamers chose security as the element that most concerned them about the future of gaming. This makes sense since 64% of our respondents either have or know someone who has been directly affected by a cyberattack. And while 83% of the gamers do use an antivirus software to protect their PCs, we found that gamers still participate in risky online behavior.

Poor Habits Could Mean Game Over for Your Cybersecurity

So, what does this risky behavior look like, exactly? The following sums it up pretty well:

  • 55% of gamers reuse passwords for multiple online accounts, leading to greater risk if their password is cracked.
  • 36% of respondents rely on incognito mode or private browsing to keep their PC safe.
  • 41% read the privacy policies associated with games, though this technique won’t help to keep their device secure.

With these lax habits in place, it’s not hard to believe that 38% of our respondents experienced at least one malicious attack on their PC. And while 92% installed an antivirus software after experiencing a cyberattack, it’s important for gamers to take action against potential threats before they occur.

Level Up Your Gaming Security

Now the question is – what do these gamers need to do to stay safe while they play? Start by following these tips:

  • Do not reuse passwords. Reusing passwords makes it easier for hackers to access more than one of your accounts if they crack one of your logins. Prevent this by using unique login credentials for all of your accounts.
  • Click with caution. Avoid interacting with messages from players you don’t know and don’t click on suspicious links. Cybercriminals can use phishing emails to send gamers malicious files and links that can infect their device with malware.
  • Use a security solution. Using a security service to safeguard your devices can help protect you from a variety of threats that can disrupt your gaming experience. Look out for our newest product McAfee Gamer Security, which we launched just in time for CES 2019. Although this product is still in beta mode, it could be used to combat cyberthreats while optimizing your computing resources.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

*Survey respondents played video games at least four times a month and spent at least $200 annually on gaming.

The post Level Up Your Cybersecurity: Insights from Our Gaming Survey appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-gaming-survey/feed/ 0
Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/#respond Sat, 22 Dec 2018 01:35:46 +0000 https://securingtomorrow.mcafee.com/?p=93358

As the Internet of Things works its way into almost every facet of our daily lives, it becomes more important to safeguard the IoT devices we bring into our homes. One device that has become increasingly popular among consumers is the drone. These remote-controlled quadcopters have enhanced the work of photographers and given technology buffs […]

The post Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat appeared first on McAfee Blogs.

]]>

As the Internet of Things works its way into almost every facet of our daily lives, it becomes more important to safeguard the IoT devices we bring into our homes. One device that has become increasingly popular among consumers is the drone. These remote-controlled quadcopters have enhanced the work of photographers and given technology buffs a new hobby, but what happens when these flying robots cause a safety hazard for others? That’s exactly what happened at the Gatwick airport on Wednesday night and again today when two drones were spotted flying over the airfield, causing all departing flights to remain grounded and all arriving flights to be diverted to other airports.

The drones were spotted flying over the Gatwick airport’s perimeter fence into the area where the runway operates from. This disruption affected 10,000 passengers on Wednesday night, 110,000 passengers on Thursday, and 760 flights expected to arrive and depart on Thursday. More than 20 police units were recruited to find the drone’s operator so the device could be disabled. The airport closure resulted in 31.9 hours with no planes taking off or landing between Wednesday and Thursday.

You might be wondering, how could two drones cause an entire airport to shut down for so long? It turns out that drones can cause serious damage to an aircraft. Evidence suggests that drones could inflict more damage than a bird collision and that the lithium-ion batteries that power drones could become lodged in airframes, potentially starting a fire. And while the probability of a collision is small, a drone could still be drawn into an aircraft turbine, putting everyone on board at risk. This is why it’s illegal to fly a drone within one kilometer of an airport or airfield boundary. What’s more, endangering the safety of an aircraft is a criminal offense that could result in a five-year prison sentence.

Now, this is a lesson for all drone owners everywhere to be cognizant of where they fly their devices. But beyond the physical implications that are associated with these devices, there are digital ones too — given they’re internet-connected. In fact, to learn about how vulnerable these devices can be, you can give our latest episode of “Hackable?” a listen, which explores the physical and digital implications of compromised drones,

Therefore, if you get a drone for Christmas this year, remember to follow these cybersecurity tips to ensure you protect them on the digital front.

  • Do your research. There are multiple online communities that disclose bugs and potential vulnerabilities as well as new security patches for different types of drones. Make sure you stay informed to help you avoid potential hacks.
  • Update, update, update! Just as it’s important to update your apps and mobile devices, it’s also important to update the firmware and software for your drone. Always verify the latest updates with your drone manufacturer’s website to make sure it is legitimate.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Rogue Drones Cause Gatwick Airport to Close for Over 30 Hours: More on This Threat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rogue-drones-cause-gatwick-airport-to-close/feed/ 0
Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/#respond Fri, 21 Dec 2018 19:00:39 +0000 https://securingtomorrow.mcafee.com/?p=93346

With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is […]

The post Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat appeared first on McAfee Blogs.

]]>

With the holidays rapidly approaching, many consumers are receiving order confirmation emails updating them on their online purchases for friends and family. What they don’t expect to see is an email that appears to be a purchase confirmation from the Apple App Store containing a PDF attachment of a receipt for a $30 app. This is actually a stealthy phishing email, which has been circulating the internet, prompting users to click on a link if the transaction was unauthorized.

So how exactly does this phishing campaign work? In this case, the cybercriminals rely on the victim to be thrown off by the email stating that they purchased an app when they know that they didn’t. When the user clicks on the link in the receipt stating that the transaction was unauthorized, they are redirected to a page that looks almost identical to Apple’s legitimate Apple Account management portal. The user is prompted to enter their login credentials, only to receive a message claiming that their account has been locked for security reasons. If the user attempts to unlock their account, they are directed to a page prompting them to fill out personal details including their name, date of birth, and social security number for “account verification.”

Once the victim enters their personal and financial information, they are directed to a temporary page stating that they have been logged out to restore access to their account. The user is then directed to the legitimate Apple ID account management site, stating “this session was timed out for your security,” which only helps this attack seem extra convincing. The victim is led to believe that this process was completely normal, while the cybercriminals now have enough information to perform complete identity theft.

Although this attack does have some sneaky behaviors, there are a number of steps users can take to protect themselves from phishing scams like this one:

  • Be wary of suspicious emails. If you receive an email from an unknown source or notice that the “from” address itself seems peculiar, avoid interacting with the message altogether.
  • Go directly to the source. Be skeptical of emails claiming to be from companies asking to confirm a purchase that you don’t recognize. Instead of clicking on a link within the email, it’s best to go straight to the company’s website to check the status of your account or contact customer service.
  • Use a comprehensive security solution. It can be difficult to determine if a website, link, or file is risky or contains malicious content. Add an extra layer of security with a product like McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cybercriminals Disguised as Apple Are After Users’ Personal Data: Insights on This Threat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-phishing-scam/feed/ 0
The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/#respond Thu, 20 Dec 2018 00:39:12 +0000 https://securingtomorrow.mcafee.com/?p=93318

Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have a world of possibilities at our fingertips. But what happens when the bad guys take advantage of our reliance on mobile and IoT technology to threaten our cybersecurity? According to the latest McAfee Labs Threats […]

The post The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite appeared first on McAfee Blogs.

]]>

Today, we are all pretty reliant on our mobile technology. From texting, to voice messaging, to mobile banking, we have a world of possibilities at our fingertips. But what happens when the bad guys take advantage of our reliance on mobile and IoT technology to threaten our cybersecurity? According to the latest McAfee Labs Threats Report, cybercriminals are leveraging fake apps and banking trojans to access users’ personal and financial information. In fact, our researchers saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices during the last quarter. Let’s take a look at how these cyberthreats gained traction over the past few months.

While new mobile malware declined by 24% in Q3, our researchers did notice some unusual threats fueled by fake apps. Back in June, we observed a scam where crooks released YouTube videos with fake links disguised as leaked versions of Fortnite’s Android app. If a user clicked on the link to download this phony app, they would be asked to provide mobile verification. This verification process would prompt them to download app after app, putting money right in the cybercriminals’ pockets for increased app downloads.

Another fake app scheme that caught the attention of our researchers was Android/TimpDoor. This SMS phishing campaign tricked users into clicking on a link sent to them via text. The link would direct them to a fabricated web page urging them to download a fake voice messaging app. Once the victim downloaded the fake app, the malware would begin to collect the user’s device information. Android/TimpDoor would then be able to let cybercriminals use the victim’s device to access their home network.

Our researchers also observed some peculiar behavior among banking trojans, a type of malware that disguises itself as a genuine app or software to obtain a user’s banking credentials. In Q3, cybercriminals employed uncommon file types to carry out spam email campaigns, accounting for nearly 500,000 emails sent worldwide. These malicious phishing campaigns used phrases such as “please confirm” or “payment” in the subject line to manipulate users into thinking the emails were of high importance. If a user clicked on the message, the banking malware would be able to bypass the email protection system and infect the device. Banking trojans were also found using two-factor operations in web injects, or packages that can remove web page elements and prevent a user from seeing a security alert. Because these web injects removed the need for two-factor authentication, cybercriminals could easily access a victim’s banking credentials from right under their noses.

But don’t worry – there’s good news. By reflecting on the evolving landscape of cybersecurity, we can better prepare ourselves for potential threats. Therefore, to prepare your devices for schemes such as these, follow these tips:

  • Go directly to the source. Websites like YouTube are often prone to links for fake websites and apps so criminals can make money off of downloads. Avoid falling victim to these frauds and only download software straight from a company’s home page.
  • Click with caution. Only click on links in text messages that are from trusted sources. If you receive a text message from an unknown sender, stay cautious and avoid interacting with the message.
  • Use comprehensive security. Whether you’re using a mobile banking app on your phone or browsing the internet on your desktop, it’s important to safeguard all of your devices with an extra layer of security. Use a robust security software like McAfee Total Protection so you can connect with confidence.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Homeon Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Results Are In: Fake Apps and Banking Trojans Are A Cybercriminal Favorite appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-apps-and-banking-trojans/feed/ 0
How to Stay Secure from the Latest Volkswagen Giveaway Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/#respond Thu, 13 Dec 2018 20:46:19 +0000 https://securingtomorrow.mcafee.com/?p=93089

You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the company will be giving away 20 free vehicles before the end of the year. If you think you’re about to win a new car, think again. This is likely a fake Volkswagen phishing scam, which […]

The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blogs.

]]>

You’re scrolling through Facebook and receive a message notification. You open it and see it’s from Volkswagen, claiming that the company will be giving away 20 free vehicles before the end of the year. If you think you’re about to win a new car, think again. This is likely a fake Volkswagen phishing scam, which has been circulating social media channels like WhatsApp and Facebook, enticing hopeful users looking to acquire a new ride.

This fake Volkswagen campaign works differently than your typical phishing scam. The targeted user receives the message via WhatsApp or Facebook and is prompted to click on the link to participate in the contest. But instead of attempting to collect personal or financial information, the link simply redirects the victim to what appears to be a standard campaign site in Portuguese. When the victim clicks the buttons on the website, they are redirected to a third-party advertising site asking them to share the contest link with 20 of their friends. The scam authors, under the guise of being associated with Volkswagen, promise to contact the victims via Facebook once this task is completed.

As of now, we haven’t seen indicators that participants have been infected by malicious software or had any personal information stolen as a result of this scam. But because the campaign link redirects users to ad servers, the scam authors are able to maximize revenue for the advertising network. This encourages malicious third-party advertisers to continue these schemes in order to make a profit.

The holidays in particular are a convenient time for cybercriminals to create more scams like this one, as users look to social media for online shopping inspiration. Because schemes such as this could potentially be profitable for cybercriminals, it is unlikely that phishing scams spread via social media will let up. Luckily, we’ve outlined the following tips to help dodge fake online giveaways:

  • Avoid interacting with suspicious messages. If you receive a message from a company asking you to enter a contest or share a certain link, it is safe to assume that the sender is not from the actual company. Err on the side of caution and don’t respond to the message. If you want to see if a company is actually having a sale, it is best to just go directly to their official site to get more information.
  • Be careful what you click on. If you receive a message in an unfamiliar language, one that contains typos, or one that makes claims that seem too good to be true, avoid clicking on any attached links.
  • Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help safeguard you from malware and warn you of phishing attempts so you can connect with confidence.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Stay Secure from the Latest Volkswagen Giveaway Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/volkswagen-giveaway-scam/feed/ 0
How To Tell If Your Smartphone Has Been Hacked https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/#respond Mon, 10 Dec 2018 17:00:19 +0000 https://securingtomorrow.mcafee.com/?p=92956

Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it. […]

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>

Your home screen is just a matrix of numbers. Your device loses its charge quickly, or restarts suddenly. Or, you notice outgoing calls that you never dialed. Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it.

Given that our smartphones have become our new wallets, containing a treasure trove of personal and financial information, a breach can leave you at serious risk.

The intruder could log in to your accounts as you, spam your contacts with phishing attacks, or rack up expensive long-distance charges. They could also access any passwords saved on your phone, potentially opening the door to sensitive financial accounts. That’s why it’s important to be able to recognize when your smartphone has been hacked, especially since some of the signs can be subtle.

Here are some helpful clues:

Performance Differences

Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? What about your data plan? Are you exceeding your normal limits? These are all signs that you have malware running in the background, zapping your phone’s resources.

You may have downloaded a bad app, or clicked on a dangerous link in a text message. And malware, like Bitcoin miners, can strain computing power, sometimes causing the phone to heat up, even when you aren’t using it.

Mystery Apps or Data

If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, a hacker is probably in your system. They may be using your device to send premium rate calls or messages, or to spread malware to your contacts.

Pop-ups or Strange Screen Savers

Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.

What To Do

If any of these scenarios sound familiar, it’s time to take action. Start by deleting any apps or games you didn’t download, erasing risky messages, and running mobile security software, if you have it. Warn your contacts that your phone has been compromised, and to ignore any suspicious links or messages coming from you.

If the problem still doesn’t go away, consider restoring your phone to its original settings. Search online for instructions for your particular phone and operating system to learn how.

Now, let’s look at how to avoid getting hacked in the first place.

Secure Smartphone Tips

1. Use mobile security software—These days your smartphone is just as data rich as your computer. Make sure to protect your critical information, and your privacy, by using comprehensive mobile security software that not only protects you from online threats, but offers anti-theft and privacy protection.

2. Lock your device & don’t store passwords—Make sure that you are using a passcode or facial ID to lock your device when you’re not using it. This way, if you lose your phone it will be more difficult for a stranger to access your information.

Also, remember not to save password or login information for banking apps and other sensitive accounts. You don’t want a hacker to be able to automatically login as you if they do gain access to your device.

3. Avoid using public Wi-Fi—Free Wi-Fi networks, like those offered in hotels and airports, are often unsecured. This makes it easy for a hacker to potentially see the information you are sending over the network. Also, be wary of using public charging stations, unless you choose a “charging only” cable that cannot access your data.

 4. Never leave your device unattended in public—While many threats exist online, you still have to be aware of real-world threats, like someone grabbing your device when you’re not looking. Keep your smartphone on you, or within view, while in public.

If you have a “phone visibility” option, turn it off. This setting allows nearby devices to see your phone and exchange data with it.

5. Stay aware—New mobile threats are emerging all the time. Keep up on the latest scams and warning signs, so you know what to look out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-tell-if-your-smartphone-has-been-hacked/feed/ 0
Attention Red Dead Redemption 2 Players: Dodge This New Download Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/#respond Thu, 06 Dec 2018 17:00:58 +0000 https://securingtomorrow.mcafee.com/?p=92879

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a […]

The post Attention Red Dead Redemption 2 Players: Dodge This New Download Scam appeared first on McAfee Blogs.

]]>

Rockstar Games’ Red Dead Redemption 2 has struck a popular chord with many online gamers. Unfortunately, the Western-themed action-adventure game has also become a popular vessel for malicious activity among cybercriminals as well. Scammers are tricking gamers into giving up their personal information with phony “free” downloads of the online game, while simultaneously making a profit on these downloads.

You’re probably wondering how exactly this scam works. It first begins with cybercriminals planting their phony download traps in ads on platforms like YouTube, Twitter, and blog postings. With other, less sophisticated scams, a user would be prompted to install several bundled applications at this point, each one generating revenue for the scammer. But this scheme works a little bit differently. When the user clicks on the “download” button, they are presented with a fake install screen showing the progression of the game’s download process.  The fake install takes about an hour to complete, further giving the illusion that a large file is actually being downloaded on the user’s device.

Once the fake installation is complete, the user is asked to enter a nonexistent license key (a pattern of numbers and/or letters provided to licensed users of a software program). If a user clicks on one of the buttons on this screen, they are redirected to a website asking for human verification in the form of surveys and questionnaires. These surveys trick the user into divulging their personal information for the cybercriminal’s disposal. What’s more, the scammer earns revenue for their malicious acts.

Because this scheme tricks users into handing over their personal information, it affects a victim’s overall privacy. Luckily, there are steps users can take to combat this threat:

  • Browse with caution. Many scammers target gamers through popular websites like YouTube and Twitter to push out malicious content. Use discretion when browsing these websites.
  • Only download content from trusted sources. If you come across a download offer that seems too good to be true, it probably is. Only download software from legitimate sources and avoid sites if you can’t tell whether they are trustworthy or not.
  • Use security software to browse the internet. Sometimes, it can be hard to distinguish whether a site is malicious or not. Security solutions like McAfee WebAdvisor can detect the URLs and scam installers associated with this threat.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Red Dead Redemption 2 Players: Dodge This New Download Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/red-dead-redemption-2-scam/feed/ 0
Software Company WakeNet AB Discovered Spreading PUPs to Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/#respond Tue, 04 Dec 2018 05:01:48 +0000 https://securingtomorrow.mcafee.com/?p=92891

Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, […]

The post Software Company WakeNet AB Discovered Spreading PUPs to Users appeared first on McAfee Blogs.

]]>

Pay-per-install, or PPI for short, is a type of software program that presents users with third-party offers while they are in the middle of another download. If a user clicks on the third-party advertisement, the software developer earns money from the download. One specific PPI program has caught the attention of our McAfee ATR team, as they recently investigated a company that has taken advantage of this software and is using deceptive techniques to spread malicious files. Meet WakeNet AB, a Swedish pay-per-install software developer that has generated a large amount of revenue – even more so than some of the most prevalent ransomware families – from spreading PUPs (potentially unwanted programs).

So, how does WakeNet AB infect users’ devices with PUPs? WakeNet sets up PPI sites to entice affiliate hackers to spread malicious files and adware. WakeNet’s most recent distribution vessel is the site FileCapital. FileCapital provides affiliate hackers with a variety of “marketing tools” such as embedded movies, landing pages, banners, and buttons. These deceptive tools are intended to coax victims into installing bundled applications that house different PUPs. Victims may install these applications because they are disguised as legitimate programs. For example, a user may think they are installing a helpful performance cleaner onto their computer. What they don’t know is that the “performance cleaner” is actually disguising other malicious files that could lead to irritating adverts and decreased computer performance.

As of now, it seems unlikely that PUP development will slow since it helps their distributors earn a considerable amount of money. With that said, it’s important now more than ever for users to be aware of the security risks involved with PUPs like the ones spread by WakeNet’s FileCapital. Check out the following tips to better protect yourself from this threat:

  • Click with caution. Be wary of pop-ups and websites asking you to click on items like movie playbacks and other software downloads. These items could infect your device with annoying adverts and malware.
  • Only download software from trusted sources. If you receive a pop-up asking you to update or install software, be vigilant. Adware and PUPs are often disguised as legitimate sites or software companies. Your best bet is to play it safe and go directly to the source when updating or installing new software.
  • Use a robust security software. Using a security solution like McAfee Total Protection could help protect your device from exposure to PUPs that have been spread by WakeNet’s FileCapital. McAfee Total Protection blocks auto-play videos on websites that decrease computer performance and warns you of risky websites and links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Software Company WakeNet AB Discovered Spreading PUPs to Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wakenet-ab-pups-users/feed/ 0
What To Do When Your Social Media Account Gets Hacked https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/#respond Mon, 03 Dec 2018 17:00:15 +0000 https://securingtomorrow.mcafee.com/?p=92869

You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account has been hacked. What do you do? This is a timely question […]

The post What To Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.

]]>

You log in to your favorite social media site and notice a string of posts or messages definitely not posted by you. Or, you get a message that your account password has been changed, without your knowledge. It hits you that your account has been hacked. What do you do?

This is a timely question considering that social media breaches have been on the rise. A recent survey revealed that 22%of internet users said that their online accounts have been hacked at least once, while 14% reported they were hacked more than once. And, earlier this year Facebook itself got hacked, exposing the identity information of 50 million users.

Your first move—and a crucial one—is to change your password right away, and notify your connections that your account has been hacked. This way your friends know not to click on any suspicious posts or messages that appear to be coming from you because they might contain malware or phishing attempts. But that’s not all. There may be other, hidden threats to having your social media account hacked.

The risks associated with a hacker poking around your social media have a lot to do with how much personal information you share. Does your account include personal information that could be used to steal your identity, or guess your security questions on other accounts?

These could include your date of birth, address, hometown, or names of family members and pets. Just remember, even if you keep your profile locked down with strong privacy settings, once the hacker logs in as you, everything you have posted is up for grabs.

You should also consider whether the password for the compromised account is being used on any of your other accounts, because if so, you should change those as well. A clever hacker could easily try your email address and known password on a variety of sites to see if they can log in as you, including on banking sites.

Next, you have to address the fact that your account could have been used to spread scams or malware. Hackers often infect accounts so they can profit off clicks using adware, or steal even more valuable information from you and your contacts.

You may have already seen the scam for “discount Ray-Ban” sunglasses that plagued Facebook a couple of years ago, and recently took over Instagram. This piece of malware posts phony ads to the infected user’s account, and then tags their friends in the post. Because the posts appear in a trusted friend’s feed, users are often tricked into clicking on it, which in turn compromises their own account.

So, in addition to warning your contacts not to click on suspicious messages that may have been sent using your account, you should flag the messages as scams to the social media site, and delete them from your profile page.

Finally, you’ll want to check to see if there are any new apps or games installed to your account that you didn’t download. If so, delete them since they may be another attempt to compromise your account.

Now that you know what do to after a social media account is hacked, here’s how to prevent it from happening in the first place.

How To Keep Your Social Accounts Secure

  • Don’t click on suspicious messages or links, even if they appear to be posted by someone you know.
  • Flag any scam posts or messages you encounter on social media to the website, so they can help stop the threat from spreading.
  • Use unique, complicated passwords for all your accounts.
  • If the site offers multi-factor authentication, use it, and choose the highest privacy setting available.
  • Avoid posting any identity information or personal details that might allow a hacker to guess your security questions.
  • Don’t log in to your social accounts while using public Wi-Fi, since these networks are often unsecured and your information could be stolen.
  • Always use comprehensive security software that can keep you protected from the latest threats.
  • Keep up-to-date on the latest scams and malware threats

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What To Do When Your Social Media Account Gets Hacked appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-media-account-hacked/feed/ 0
Affected by a Data Breach? 6 Security Steps You Should Take https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/#respond Fri, 30 Nov 2018 22:48:01 +0000 https://securingtomorrow.mcafee.com/?p=92893

It’s common for people to share their personal information with companies for multiple reasons. Whether you’re checking into a hotel room, using a credit card to make a purchase at your favorite store, or collecting rewards points at your local coffee shop, companies have more access to your data than you may think. While this […]

The post Affected by a Data Breach? 6 Security Steps You Should Take appeared first on McAfee Blogs.

]]>

It’s common for people to share their personal information with companies for multiple reasons. Whether you’re checking into a hotel room, using a credit card to make a purchase at your favorite store, or collecting rewards points at your local coffee shop, companies have more access to your data than you may think. While this can help you build relationships with your favorite vendors, what happens if their security is compromised?

A high-profile hotel and another popular consumer brand’s perks program recently experienced data breaches that exposed users’ personal information. If you think you were affected by one of these breaches, there are multiple steps you can take to help protect yourself from the potential side effects.

Check out the following tips if you think you may have been affected by a data breach, or just want to take extra precautions:

  • Change your password. Most people will rotate between the same three passwords for all of their personal accounts. While this makes it easier to remember your credentials, it also makes it easier for hackers to access more than one of your accounts. Try using a unique password for every one of your accounts or employ a password manager.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.
  • Update your privacy settings. Be careful with how much of your personal information you share online. Make sure your social media accounts and mobile apps are on private and use multi-factor authentication to prevent your accounts from being hacked.
  • Be vigilant about checking your accounts. If you suspect that your personal data has been compromised, frequently check your bank account and credit activity. Many banks and credit card companies offer free alerts that notify you via email or text messages when new purchases are made, if there’s an unusual charge, or when your account balance drops to a certain level. This will help you stop fraudulent activity in its tracks.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Affected by a Data Breach? 6 Security Steps You Should Take appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-breach-security-steps/feed/ 0
The Spotify Phishing Scam: How to Reel in This Cyberthreat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/#respond Wed, 28 Nov 2018 18:16:13 +0000 https://securingtomorrow.mcafee.com/?p=92859

Many music-lovers around the world use Spotify to stream all of their favorite tunes. While the music streaming platform is a convenient tool for users to download and listen to their music, hackers are capitalizing on the company’s popularity with a recent phishing campaign. The campaign lures users into giving up their account details, putting […]

The post The Spotify Phishing Scam: How to Reel in This Cyberthreat appeared first on McAfee Blogs.

]]>

Many music-lovers around the world use Spotify to stream all of their favorite tunes. While the music streaming platform is a convenient tool for users to download and listen to their music, hackers are capitalizing on the company’s popularity with a recent phishing campaign. The campaign lures users into giving up their account details, putting innocent Spotify customers’ credentials at risk.

So, how are the account hijackers conducting these phishing attacks? The campaign sends listeners fraudulent emails that appear to be from Spotify, prompting them to confirm their account details. However, the link contained in the email is actually a phishing link. When the user clicks on it, they are redirected to a phony Spotify website where they are prompted to enter their username and password for the hacker’s disposal.

This phishing campaign can lead to a variety of other security risks for victims exposed to the threat. For example, many users include their birthday or other personal information in their password to make it easier to remember. If a hacker gains access to a user’s Spotify password, they are given a glance into the victim’s password creation mindset, which could help them breach other accounts belonging to the user.

Fortunately, there are multiple steps users can take to avoid the Spotify phishing campaign and threats like it. Check out the following tips:

  • Create complex passwords. If a hacker gains access to a victim’s username and password, they will probably analyze these credentials to determine how the victim creates their passwords. It’s best to create passwords that don’t include personal information, such as your birthday or the name of your pet.
  • Avoid reusing passwords. If victims reuse the same password for multiple accounts, this attack could allow cybercriminals to breach additional services and platforms. To prevent hackers from accessing other accounts, create unique usernames and passwords for each online platform you use.
  • Look out for phishing red flags. If you notice that the “from” address in an email is a little sketchy or an unknown source, don’t interact with the message. And if you’re still unsure of whether the email is legitimate or not, hover your mouse over the button prompting you to click on the link (but don’t actually click on it). If the URL preview doesn’t seem to be related to the company, it is most likely a phishing email.
  • Be skeptical of emails claiming to come from legitimate companies. If you receive an email asking to confirm your login credentials, go directly to the company’s website. You should be able to check the status of your account on the company website or under the settings portion of the Spotify app to determine the legitimacy of the request.
  • Use security software to surf the web safely. Make sure you use a website reputation tool like McAfee WebAdvisor to avoid landing on phishing and malicious sites.

And, as always, to stay on top of the latest and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?and ‘Like’ us on Facebook.

The post The Spotify Phishing Scam: How to Reel in This Cyberthreat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spotify-phishing-scam/feed/ 0
What Your Password Says About You https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/#respond Fri, 16 Nov 2018 21:50:22 +0000 https://securingtomorrow.mcafee.com/?p=92744

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is […]

The post What Your Password Says About You appeared first on McAfee Blogs.

]]>

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is easy to remember rather than super secure.

The urge to pick simple passwords is understandable given the large number of passwords that are required in our modern lives—for banking, social media, and online services, to simply unlocking our phones. But choosing weak passwords can be a major mistake, opening you up to theft and identity fraud.

Even if you choose complicated passwords, the recent rash of corporate data breaches means you could be at even greater risk by repeating passwords across accounts. When you repeat passwords all a hacker needs to do is breach one service provider to obtain a password that can unlock a string of accounts, including your online banking services. These accounts often include identity information, leaving you open to impersonation. The bad guys could open up fraudulent accounts in your name, for example, or even collect your health benefits.

So, now that you know the risks of weak password security, let’s see what your password says about you. Take this quiz to find out, and don’t forget to review our password safety tips below!

Password Quiz – Answer “Yes” or “No”

  1. Your passwords don’t include your address, birthdate, anniversary, or pet’s name.
  2. You don’t repeat passwords.
  3. Your passwords are at least 8 characters long and include numbers, upper and lower case letters, and characters.
  4. You change default passwords on devices to something hard to guess.
  5. You routinely lock your phone and devices with a passcode or fingerprint.
  6. You don’t share your passwords with people you’re dating or friends.
  7. You use a password manager.
  8. If you write your passwords down, you keep them hidden in a safe place, where no one else can find them.
  9. You get creative with answers to security questions to make them harder to guess. For example, instead of naming the city where you grew up, you name your favorite city, so someone who simply reads your social media profile cannot guess the answer.
  10. You make sure no one is watching when you type in your passwords.
  11. You try to make your passwords memorable by including phrases that have meaning to you.
  12. You use multi-factor authentication.

Now, give yourself 1 point for each question you answered “yes” to, and 0 points for each question you answered “no” to. Add them up to see what your password says about you.

9-12 points:

You’re a Password Pro!

You take password security seriously and know the importance of using unique, complicated passwords for each account. Want to up your password game? Use multi-factor authentication, if you don’t already. This is when you use more than one method to authenticate your identity before logging in to an account, such as typing in a password, as well as a code that is sent to your phone via text message.

4-8 points

You’re a Passable Passworder

You go through the basics, but when it comes to making your accounts as secure as they can be you sometimes skip important steps. Instead of creating complicated passwords yourself—and struggling to remember them—you may want to use a password manager, and let it do the work for you. Soon, you’ll be a pro!

1-3 points

You’re a Hacker’s Helper

Uh oh! It looks like you’re not taking password security seriously enough to ensure that your accounts and data stay safe. Start by reading through the tips below. It’s never too late to upgrade your passwords, so set aside a little time to boost your security.

Key Tips to Become a Password Pro:

  • Always choose unique, complicated passwords—Try to make sure they are at least 8 characters long and include a combination of numbers, letters, and characters. Don’t repeat passwords for critical accounts, like financial and health services, and keep them to yourself.Also, consider using a password manager to help create and store unique passwords for you. This way you don’t have to write passwords down or memorize them. Password managers are sometimes offered as part of security software.
  • Make your password memorable—We know that people continue to choose simple passwords because they are easier to remember, but there are tricks to creating complicated and memorable passwords. For instance, you can string random words together that mean something to you, and intersperse them with numbers and characters. Or, you can choose random letters that comprise a pattern only know to you, such as the fist letter in each word of a sentence in your favorite book.
  • Use comprehensive security software—Remember, a strong password is just the first line of defense. Back it up with robust security softwarethat can detect and stop known threats, help you browse safely, and protect you from identity theft.

For more great password tips, go here.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Your Password Says About You appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-your-password-says-about-you/feed/ 0
Don’t Get PWNed by Fake Gaming Currency Sites https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/#respond Fri, 16 Nov 2018 01:34:35 +0000 https://securingtomorrow.mcafee.com/?p=92740

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and […]

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.

]]>

If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and time-consuming to complete. As a result, many players look to various websites as an easier way to download more gaming currency. Unfortunately, malicious actors are taking advantage of this trend to scam gamers into downloading malware or PUPs (potentially unwanted programs).

There are a variety of techniques scammers use to trick players into utilizing their malicious sites. The first is fake chat rooms. Scammers will set up seemingly legitimate chat rooms where users can post comments or ask questions. What users don’t know is that a bot is actually answering their inquiries automatically. Scammers also ask these victims for “human interaction” by prompting them to enter their personal information via surveys to complete the currency download. What’s more – the message will show a countdown to create a sense of urgency for the user.

These scammers also use additional techniques to make their sites believable, including fake Facebook comments and “live” recent activity updates. The comments and recent activity shown are actually hard-coded into the scam site, giving the appearance that other players are receiving free gaming currency.

These tactics, along with a handful of others, encourage gamers to use the scam sites so cybercriminals can distribute their malicious PUPs or malware. So, with such deceptive sites existing around the internet, the next question is – what can players do to protect themselves from these scammers? Check out the following tips to avoid this cyberthreat:

  • Exercise caution when clicking on links. If a site for virtual currency is asking you to enter your username, password, or financial information, chances are the website is untrustworthy. Remember, when in doubt, always err on the side of caution and avoid giving your information to a site you’re not 100% sure of.
  • Put the chat room to the test. To determine if a chat site is fake, ask the same question a few times. If you notice the same response, it is likely a phony website.
  • Do a Google search of the Facebook comments. An easy way to check if the Facebook comments that appear on a site are legitimate is to copy and paste them into Google. If you see a lot of similar websites come up with the same comments in the description, this is a good indication that it is a scam site.
  • Use security software to surf the web safely. Products like McAfee WebAdvisor can help block gamers from accessing the malicious sites mentioned in this blog.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Don’t Get PWNed by Fake Gaming Currency Sites appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-gaming-currency-sites/feed/ 0
Preventing WebCobra Malware From Slithering Onto Your System https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/#respond Wed, 14 Nov 2018 21:15:31 +0000 https://securingtomorrow.mcafee.com/?p=92720

Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need […]

The post Preventing WebCobra Malware From Slithering Onto Your System appeared first on McAfee Blogs.

]]>

Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need a ton of computer resources, since successful bitcoin mining requires a large amount of hardware. Unfortunately, these miners can be used for more nefarious purposes if they’re included within malicious software. Enter WebCobra, a malware that exploits victims’ computers to help cybercriminals mine for cryptocurrencies, a method also known as cryptojacking.

How does WebCobra malware work, exactly? First, WebCobra uses droppers (Trojans designed to install malware onto a victim’s device) to check the computer’s system. The droppers let the malware know which cryptocurrency miner to launch. Then, it silently slithers onto a victim’s device via rogue PUP (potentially unwanted program) and installs one of two miners: Cryptonight or Claymore’s Zcash. Depending on the miner, it will drain the victim’s device of its computer processor’s resources or install malicious file folders that are difficult to find.

The most threatening part of WebCobra malware is that it can be very difficult to detect. Often times, the only sign of its presence is decreased computer performance. Plus, when the dropper is scanning the victim’s device, it will also check for security products running on the system. Many security products use APIs, or application programming interfaces, to monitor malware behavior – and WebCobra is able to overwrite some. This means it can essentially unhook the API and disrupt the system’s communication methods, and therefore remain undetected for a long time.

While cryptocurrency mining can be a harmless hobby, users should be cautious of criminal miners with poor intentions. So, what can you do to prevent WebCobra from slithering onto your system? Check out the following tips:

  • If your computer slows down, be cautious. It can be hard to determine if your device is being used for a cryptojacking campaign. One way you can identify the attack – poor performance. If your device is slow or acting strange, start investigating and see if your device may be infected with malware.
  • Use a comprehensive security solution. Having your device infected with malware will not only slow down its performance but could potentially lead to exposed data. To secure your device and help keep your system running smoothly and safely, use a program like McAfee Total Protection. McAfee products are confirmed to detect WebCobra.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Preventing WebCobra Malware From Slithering Onto Your System appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/webcobra-cryptojacking-malware/feed/ 0
“League of Legends” YouTube Cheat Links: Nothing to “LOL” About https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/#comments Fri, 09 Nov 2018 19:27:02 +0000 https://securingtomorrow.mcafee.com/?p=92621 If you’re an avid gamer, you’ve probably come across a game that just seems impossible to complete. That’s because, thanks to the internet, it’s so simple to look for cheats to games on YouTube to help you level up. Most cheats exist in the form of software patches that execute files in order to activate […]

The post “League of Legends” YouTube Cheat Links: Nothing to “LOL” About appeared first on McAfee Blogs.

]]>
If you’re an avid gamer, you’ve probably come across a game that just seems impossible to complete. That’s because, thanks to the internet, it’s so simple to look for cheats to games on YouTube to help you level up. Most cheats exist in the form of software patches that execute files in order to activate the cheat. However, malware and PUP (short for “potentially unwanted program”) authors are using gaming cheats to trick users into downloading their malicious files in order to make a profit. And that’s exactly what YouTube channel owner “LoL Master” has been doing to “League of Legends” players.

So how exactly does this “LoL Master” trick these innocent users? The cybercriminal uploads videos to his or her YouTube channel that demonstrate how to use various cheat files, which also provide links pointing to websites that allegedly distribute cheats and stolen accounts. When players click on these links, however, they’re now exposed to cyberthreats.

When on these sites, players will be prompted to download the cheat files, but the files are actually bundled with other malicious files uploaded by wannabe cybercriminals. If users click download, PUP installers distribute the bundled files and push them onto a victim’s device. “LoL Master” makes a profit on these downloads while the victim’s device suffers from malware.

“League of Legends” players may not pick up on this scheme for a number of reasons. First, the file hosting site falsely claims that the malware analysis software VirusTotal scanned the file. Second, the site attempts to block antimalware scanners from detecting the malicious files by putting them in a password-protected zip file. If the player isn’t using antimalware software, the PUP installer will push adware or other malicious software onto the victim’s device once they unzip the file.

So, what steps can players take to avoid this malicious trick? Check out the following tips to help protect your online security:

  • Browse with caution. Although it may seem harmless to peruse YouTube comments and descriptions, malware and PUP authors use this as a vector to push their malicious downloads. Use discretion when clicking on any links included in these comments.
  • Don’t download something unless it comes from a trusted source. It is one thing to browse around YouTube comments, it is another entirely to download items from sketchy sites. Only download software from legitimate sources, and if you’re unsure if the site is trustworthy, it is best to just avoid it entirely.
  • Use security software to surf the web safely. It can be hard to identify which sites out there are malicious. Get some support by using a tool like McAfee WebAdvisor, which safeguards you from cyberthreats while you browse.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post “League of Legends” YouTube Cheat Links: Nothing to “LOL” About appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/league-of-legends-youtube-cheat-links/feed/ 2
Connected or Compromised? How to Stay Secure While Using Push Notifications https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/#respond Tue, 06 Nov 2018 19:02:17 +0000 https://securingtomorrow.mcafee.com/?p=92499 You’re probably familiar with push notifications – messages sent by app publishers that pop up on your desktop or mobile device. Browser push notifications are messages from websites that users have granted permission to serve them the latest news without having to open the actual website. While push notifications are a handy way to stay current […]

The post Connected or Compromised? How to Stay Secure While Using Push Notifications appeared first on McAfee Blogs.

]]>
You’re probably familiar with push notifications – messages sent by app publishers that pop up on your desktop or mobile device. Browser push notifications are messages from websites that users have granted permission to serve them the latest news without having to open the actual website. While push notifications are a handy way to stay current with social media and the latest news from your favorite apps, the researchers here at McAfee have observed that these notifications have some compromising features, which impact both Chrome and Firefox browsers.

It turns out there are some real cybersecurity risks involved with taking advantage of the convenience of browser push notifications. That’s because to show push notifications, website owners must utilize pop-up ads that first request permission to show notifications. Essentially, users are tricked into thinking that the request is coming from the host site instead of the pop-up. This feature is currently being exploited by adware companies, which are using it to load unwanted advertisements onto users’ screens. Often times, these ads contain offensive or inappropriate material and users can even be exposed to irritating pop-ups that could potentially lead to viruses and malware.

So, how can users enjoy the convenience of push notifications without putting themselves at risk of a cyberattack? Check out the following tips:

  • Follow Google Chrome’s instructions on how to allow or block notifications. Check out this step-by-step guide to customize which sites you receive push notifications from and which ones you don’t.
  • Customize your Firefox notification options. You can check the status of which sites you have given permission to send notifications your way and choose whether to have the browser always ask for permission, allow or block notifications.
  • Use parental controls.No one wants inappropriate ads, especially parents of young children. To prevent exposing your kids to the inappropriate adverts that could result from push notifications, implement parental controls on your desktop. This additional filtering could prevent your child from accidentally clicking on malicious content that could infect your device.
  • When in doubt, block it out. If you come across a push notification pop-up from a suspicious-looking website or unfamiliar app, click on the ‘Block’ option to stay on the safe side.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Connected or Compromised? How to Stay Secure While Using Push Notifications appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/browser-push-notifications/feed/ 0
Hackable?, the Original Podcast from McAfee, is Back for Season Three https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/#respond Tue, 06 Nov 2018 17:00:23 +0000 https://securingtomorrow.mcafee.com/?p=92467 Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age. But we can’t fight it alone. That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. […]

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age.

But we can’t fight it alone.

That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. The more we can educate and collaborate, the better we can fight cybercrime together.

That’s why I’m so excited to announce that our award-winning podcast “Hackable?” has returned for its third season. I’m proud that its resonated and been downloaded millions of times by loyal listeners.

For two seasons, host Geoff Siskind and cybersecurity expert Bruce Snell have used rich storytelling and expert advice to captivate audiences while raising cybersecurity awareness. Each episode, Geoff invites a white-hat hacker to try and crack a device he is using. These hacks are inspired by TV shows and movies, and in the second season, he put his own passwords and credit cards on the line and was even trapped in an internet-connected car wash.

In the third season, Geoff is going to strap on a hacked virtual reality headset, risk his laptop’s security, investigate if drones are vulnerable and much more.

Thankfully, Bruce is there to provide tips and help make sure that none of this happens to any of the show’s listeners.

After all, internet-connected devices are great. They offer entertainment, utility, and convenience. “Hackable?” isn’t about scaring you from using smart technologies, but about raising awareness so that you can understand where they are susceptible to a cyberattack. Often, a few simple steps are all it takes to protect you, your home, your loved ones, and your personal data.

New episodes of Hackable? will launch every two weeks. Listen on Apple Podcasts, Spotify, Castbox, Stitcher, Google Podcasts, and Radio Public. Don’t forget to rate, review, and subscribe! Check out the podcast site for bonus content, illustrations, and a behind-the-scenes look at each episode.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/feed/ 0
Hackable?, the Original Podcast from McAfee, is Back for Season Three https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/#respond Mon, 05 Nov 2018 19:02:33 +0000 https://securingtomorrow.mcafee.com/?p=92506 Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age. But we can’t fight it alone. That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. […]

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
Here at McAfee, everything we do is driven by our desire to make the digital world more secure. The proliferation of internet-connected technology has made cybercrime the greatest challenge of the digital age.

But we can’t fight it alone.

That’s why as Chief Consumer Security Evangelist, one of my biggest concerns is raising cybersecurity awareness. The more we can educate and collaborate, the better we can fight cybercrime together.

That’s why I’m so excited to announce that our award-winning podcast “Hackable?” has returned for its third season. I’m proud that its resonated and been downloaded millions of times by loyal listeners.

For two seasons, host Geoff Siskind and cybersecurity expert Bruce Snell have used rich storytelling and expert advice to captivate audiences while raising cybersecurity awareness. Each episode, Geoff invites a white-hat hacker to try and crack a device he is using. These hacks are inspired by TV shows and movies, and in the second season, he put his own passwords and credit cards on the line and was even trapped in an internet-connected car wash.

In the third season, Geoff is going to strap on a hacked virtual reality headset, risk his laptop’s security, investigate if drones are vulnerable and much more.

Thankfully, Bruce is there to provide tips and help make sure that none of this happens to any of the show’s listeners.

After all, internet-connected devices are great. They offer entertainment, utility, and convenience. “Hackable?” isn’t about scaring you from using smart technologies, but about raising awareness so that you can understand where they are susceptible to a cyberattack. Often, a few simple steps are all it takes to protect you, your home, your loved ones, and your personal data.

New episodes of Hackable? will launch every two weeks. Listen on Apple Podcasts, Spotify, Castbox, Stitcher, Google Podcasts, and Radio Public. Don’t forget to rate, review, and subscribe! Check out the podcast site for bonus content, illustrations, and a behind-the-scenes look at each episode.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.


{
"metadata": {
"id": "cc720909-8437-4fa4-9314-305295d86f6c",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-podcast-season-three/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/img_1616344032909327.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/img_1616344032909327.jpg",
"pubDate": "Tue 06 Nov 2018 12:35:48 +0000"
}
}

The post Hackable?, the Original Podcast from McAfee, is Back for Season Three appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/hackable-podcast-season-three-2/feed/ 0
How to Protect Yourself from Tech Support Imposters https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/#respond Fri, 02 Nov 2018 19:13:30 +0000 https://securingtomorrow.mcafee.com/?p=92410 Many of us rely on our technology throughout our everyday lives. So, when something goes wrong, we look to tech support to save the day. Unfortunately, cybercriminals have used our reliance on tech support to make a profit in the form of tech support scams. And now it appears that a brand new scheme has […]

The post How to Protect Yourself from Tech Support Imposters appeared first on McAfee Blogs.

]]>
Many of us rely on our technology throughout our everyday lives. So, when something goes wrong, we look to tech support to save the day. Unfortunately, cybercriminals have used our reliance on tech support to make a profit in the form of tech support scams. And now it appears that a brand new scheme has emerged, which has disguised itself as a McAfee tech support pop-up and is going after victims’ financial information.

While there have been other tech support scams impersonating McAfee, this one is a bit different. Previous scams would redirect users to McAfee’s site using an affiliate link (site clicks generate commission), whereas this one starts by stating the user’s subscription is about to expire.

If the user believes the faulty expiration messages and clicks on the “Renew Now” button, they will be prompted to enter their credit card and personal information. Once the user submits this information, they will be redirected to a page asking to call a tech support number to set up the service. The so-called “agent” will refer to themselves as “Premium Technical Support” and claim to be either McAfee or a partner of McAfee. They will then request to remotely connect to the user’s device in order to install the software and will tell the user that the credit card information did not go through. At this point, the victim will be prompted to purchase the software through McAfee’s site and connect to what appears to be a McAfee affiliate link – which actually distributes adware and unwanted software.

Essentially, these victims were just tricked into giving up their credit card information to scammers and their device could potentially be infected with malware. They’re now at risk of having even more information swooped and could even be a victim of identity fraud. Fortunately, there are proactive steps these users can take to avoid these scams and keep their data safe. Start by following these tips:

  • Go straight to the source. If you receive a pop-up claiming to be from a company, do not click on it. Instead, go directly to the company’s website. From here you will be able to get in contact with the company’s real tech support and check the status of your subscription. If you are a McAfee customer, you can always reach us at https://service.mcafee.com/.
  • Be extremely cautious about giving out personal information. Before handing over your personal or credit card information, do your homework. Research the company and check the customer reviews. If you decide to make a purchase, make sure it is directly from the company’s website.
  • Be suspicious of callers claiming to be tech support. You need to field each call from a random number with caution, especially if they reached out to you first. Never respond to unsolicited calls or pop-ups warning you of a technical issue, and never let anyone remotely take over your device.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How to Protect Yourself from Tech Support Imposters appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-imposters/feed/ 0
Kraken Ransomware Emerges from the Depths: How to Tame the Beast https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/#respond Tue, 30 Oct 2018 21:03:58 +0000 https://securingtomorrow.mcafee.com/?p=92295 Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware. In fact, the attackers behind the ransomware were able to access […]

The post Kraken Ransomware Emerges from the Depths: How to Tame the Beast appeared first on McAfee Blogs.

]]>
Look out, someone has released the Kraken — or at least a ransomware strain named after it. Kraken Cryptor ransomware first made its appearance back in August, but in mid-September, the malicious beast emerged from the depths disguised as the legitimate spyware application SuperAntiSpyware. In fact, the attackers behind the ransomware were able to access the website superantispyware.com and distribute the ransomware from there.

So how did this stealthy monster recently gain more traction? The McAfee Advanced Threat Research team, along with the Insikt group from Recorded Future, decided to uncover the mystery. They soon found that the Fallout Exploit kit, a type of toolkit cybercriminals use to take advantage of system vulnerabilities, started delivering Kraken ransomware at the end of September. In fact, this is the same exploit kit used to deliver GandCrab ransomware. With this new partnership between Kraken and Fallout, Kraken now has an extra vessel to employ its malicious tactics.

Now, let’s discuss how Kraken ransomware works to encrypt a victim’s computer. Kraken utilizes a business scheme called Ransomware-as-a-Service, or RaaS, which is a platform tool distributed by hackers to other hackers. This tool gives cybercriminals the ability to hold a victim’s computer files, information, and systems hostage. Once the victim pays the ransom, the hacker sends a percentage of the payment to the RaaS developers in exchange for a decryption code to be forwarded to the victim. However, Kraken wipes files from a computer using external tools, making data recovery nearly impossible for the victim. Essentially, it’s a wiper.

Kraken Cryptor ransomware employs a variety of tactics to keep it from being detected by many antimalware products. For example, hackers are given a new variant of Kraken every 15 days to help it slip under an antimalware solution’s radar. The ransomware also uses an exclusion list, a common method utilized by cybercriminals to avoid prosecution. The exclusion list archives all locations where Kraken cannot be used, suggesting that the cybercriminals behind the ransomware attacks reside in those countries. As you can see, Kraken goes to great lengths to cover its tracks, making it a difficult cyberthreat to fight.

Kraken’s goal is to encourage more wannabe cybercriminals to purchase this RaaS and conduct their own attacks, ultimately leading to more money in the developers’ pockets. Our research team observed that in Version 2 of Kraken, developers decreased their profit percentage by 5%, probably as a tactic to attract more affiliate hackers. The more criminal customers Kraken can onboard, the more attacks they can flesh out, and the more they can profit off of ransom collections.

So, what can users do to defend themselves from this stealthy monstrosity? Here are some proactive steps you can take:

  • Be wary of suspicious emails or pop-ups. Kraken was able to gain access to a legitimate website and other ransomware can too. If you receive a message or pop-up claiming to be from a company you trust but the content seems fishy, don’t click on it. Go directly to the source and contact the company from their customer support line.
  • Backup your files often. With cybercrime on the rise, it’s vital to consistently back up all of your important data. If your device becomes infected with ransomware, there’s no guarantee that you’ll get it back. Stay prepared and protected by backing up your files on an external hard drive or in the cloud.
  • Never pay the ransom. Although you may feel desperate to get your data back, paying does not guarantee that all of your information will be returned to you. Paying the ransom also contributes to the development of more ransomware families, so it’s best to just hold off on making any payments.
  • Use a decryption tool. No More Ransom provides tools to help users free their encrypted data. If your device gets held for ransom, check and see if a decryption tool is available for your specific strain of ransomware.
  • Use a comprehensive security solution. Add an extra layer of security on to all your devices by using a solution such as McAfee Total Protection, which now includes ransom guard and will help you better protect against these types of threats.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Kraken Ransomware Emerges from the Depths: How to Tame the Beast appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/kraken-ransomware/feed/ 0
“Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/#respond Wed, 24 Oct 2018 19:13:48 +0000 https://securingtomorrow.mcafee.com/?p=92249 Over the past two decades, we’ve seen a huge rise in the popularity of online gaming among both children and adults. One particular game that has experienced huge success is “Grand Theft Auto,” or GTA, which has been developed and produced by Rockstar Games. The most recent edition of the game, “Grand Theft Auto V,” […]

The post “Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug appeared first on McAfee Blogs.

]]>
Over the past two decades, we’ve seen a huge rise in the popularity of online gaming among both children and adults. One particular game that has experienced huge success is “Grand Theft Auto,” or GTA, which has been developed and produced by Rockstar Games. The most recent edition of the game, “Grand Theft Auto V,” hit $6 billion in sales as of April 2018, creating a record-breaking impact in the gaming industry. However, the game’s massive success doesn’t mean it’s immune to cyberattacks. A recent vulnerability in “Grand Theft Auto V” allowed malicious trolls to take over users’ games who were entering into single-player mode. By leveraging the flaw, these hackers were not only able to kick gamers off of their single-player session but could also continually kill their avatar.

So how exactly did these trolls carry out these attacks? Beginning last week, reports began to circulate that one popular ‘mod menu,’ or a series of alterations sought out and installed by players, was all the sudden advertising the ability to discover an online player’s Rockstar ID – a problem potentially originating from a bug found in the game’s most recent update. Taking advantage of this opportunity, hackers gained access to users’ Rockstar IDs and took control of their single-player games. Soon enough, legitimate players’ games were hijacked and sabotaged.

It is unclear as to whether this vulnerability came out of Rockstar’s most recent update or if this hack has been around for years and just now found its way to public PC mod menus. Either way, it sheds light on how persistent cyberthreats are in the world of online gaming – even impacting some of the most popular video games out there, such as “Grand Theft Auto V.”

Fortunately, reports are already circulating the bug was quietly patched over the weekend (despite confirmation from the game’s developer) – so to protect against the hack, all users should update their game as soon as possible. However, that doesn’t mean there still aren’t some steps these gamers can take to protect themselves from future hacks and vulnerabilities. Check out the following tips:

  • Limit the personal info on your online profile. Gamers are required to create a user profile in order to access the appropriate console/computer network. When creating your profile, avoid displaying your personal information that could potentially be used against you by hackers, such as your name, address, date of birth, and email address.
  • Create a unique and complex password for your online profile. The more complex the password, the more difficult it will be for a hacker to access your personal information. And, of course, make sure you don’t share your password with other users.
  • Be careful who you chat with. Online games will usually have a built-in messenger service that allows players to contact each other. It’s important to be aware of the risks associated with chatting to strangers. If you choose to use the chat feature in your online game, never give out your account details and avoid opening messages with attached files or links.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post “Grand Theft Auto V” Hack: How to Defeat the Online Gaming Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grand-theft-auto-v-bug/feed/ 0
How to Squash the Android/TimpDoor SMiShing Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/#respond Wed, 24 Oct 2018 16:00:38 +0000 https://securingtomorrow.mcafee.com/?p=92160 As technology becomes more advanced, so do cybercriminals’ strategies for gaining access to our personal information. And while phishing scams have been around for over two decades, attackers have adapted their methods to “bait” victims through a variety of platforms. In fact, we’re seeing a rise in the popularity of phishing via SMS messages, or […]

The post How to Squash the Android/TimpDoor SMiShing Scam appeared first on McAfee Blogs.

]]>
As technology becomes more advanced, so do cybercriminals’ strategies for gaining access to our personal information. And while phishing scams have been around for over two decades, attackers have adapted their methods to “bait” victims through a variety of platforms. In fact, we’re seeing a rise in the popularity of phishing via SMS messages, or SMiShing. Just recently, the McAfee Mobile Research team discovered active SMiShing campaigns that are tricking users into downloading fake voice-messaging apps, called Android/TimpDoor.

So how does Android/TimpDoor infect a user’s device? When a victim receives the malicious text, the content will include a link. If they click on it, they’ll be directed to a fake web page. The website will then prompt the victim to download the app in order to listen to phony voice messages. Once the app has been downloaded, the malware collects the device information including device ID, brand, model, OS version, mobile carrier, connection type, and public/local IP address. TimpDoor allows cybercriminals to use the infected device as a digital intermediary without the user’s knowledge. Essentially, it creates a backdoor for hackers to access users’ home networks.

According to our team’s research, these fake apps have infected at least 5,000 devices in the U.S. since the end of March. So, the next question is what can users do to defend themselves from these attacks? Check out the following tips to stay alert and protect yourself from SMS phishing:

  • Do not install apps from unknown sources. If you receive a text asking you to download something onto your phone from a given link, make sure to do your homework. Research the app developer name, product title, download statistics, and app reviews. Be on the lookout for typos and grammatical errors in the description. This is usually a sign that the app is fake.
  • Be careful what you click on. Be sure to only click on links in text messages that are from a trusted source. If you don’t recognize the sender, or the SMS content doesn’t seem familiar, stay cautious and avoid interacting with the message.
  • Enable the feature on your mobile device that blocks texts from the Internet. Many spammers send texts from an Internet service in an attempt to hide their identities. Combat this by using this feature to block texts sent from the Internet.
  • Use a mobile security software. Make sure your mobile devices are prepared for TimpDoor or any other threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, as always, to stay up-to-date on the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Squash the Android/TimpDoor SMiShing Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-timpdoor-smishing-scam/feed/ 0
Breaking Down the Rapidly Evolving GandCrab Ransomware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/#respond Wed, 17 Oct 2018 00:15:28 +0000 https://securingtomorrow.mcafee.com/?p=92088 Most ransomware strains have the same commonalities – bitter ransom notes, payment demanded in cryptocurrency, and inventive names. A select few, however, can go undetected by a handful of antimalware products. Meet GandCrab ransomware, a strain that somehow manages to accomplish all of the above. Our McAfee Labs team has found that the ransomware, which […]

The post Breaking Down the Rapidly Evolving GandCrab Ransomware appeared first on McAfee Blogs.

]]>
Most ransomware strains have the same commonalities – bitter ransom notes, payment demanded in cryptocurrency, and inventive names. A select few, however, can go undetected by a handful of antimalware products. Meet GandCrab ransomware, a strain that somehow manages to accomplish all of the above. Our McAfee Labs team has found that the ransomware, which first appeared in January, has been updating rapidly during its short lifespan, and now includes a handful of new features, including the ability to remain undetected by some antimalware products.

First and foremost, let’s break down how GandCrab gets its start. The stealthy strain manages to spread in a variety of ways. GandCrab can make its way to users’ devices via remote desktop connections with either weak security or bought in underground forums, phishing emails, legitimate programs that have been infected with the malware, specific exploits kits, botnets, and more.

GandCrab’s goal, just like other ransomware attacks, is to encrypt victims’ files and promise to release them for a fee paid in a form of cryptocurrency (often Dash or Bitcoin). It can also be sold across the dark web as ransomware-as-a-service, or RaaS, which allows wannabe cybercriminals to purchase the strain to conduct an attack of their own.

So, the next question is what can users do to defend against this tricky attack? Thankfully, McAfee gateway and endpoint customers are protected against the latest GandCrab versions but beyond using security software, there are a handful of other things you can do to ensure you’re protected from GandCrab ransomware. Start by following these tips:

  • Don’t pay the ransom. Many ransom notes seem convincing, and many only request small, seemingly doable amounts of money. Doesn’t matter – you still don’t pay. Paying does not promise you’ll get your information back, and many victims often don’t. So, no matter how desperate you are for your files, hold off on paying up.
  • Do a complete backupWith ransomware attacks locking away crucial data, you need to back up the data on all your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption toolsNo More Ransom – an initiative that teams up security firms, including McAfee, and law enforcement – provides tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Breaking Down the Rapidly Evolving GandCrab Ransomware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gandcrab-ransomware/feed/ 0
The Dangers of Linking Your Apple ID to Financial Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/#respond Fri, 12 Oct 2018 21:40:07 +0000 https://securingtomorrow.mcafee.com/?p=92037

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers […]

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.

]]>

The digital wallets of Chinese citizens are under attack thanks to a few bad apples. A recent string of cyberattacks in China utilized stolen Apple IDs to break into customers’ accounts and steal an undisclosed amount of money, according to a Bloomberg report. Almost immediately, Chinese e-transaction giants Tencent Holdings and Alipay warned their customers to monitor their accounts carefully, especially those who have linked their Apple IDs to Alipay accounts, WeChat Pay or their digital wallets and credit cards.

While Alipay works with Apple to figure out how this rare security breach happened and how hackers were able to hijack Apple IDs, they’re urging customers to lower their transaction limits to prevent any further losses while this investigation remains ongoing. Because Apple has yet to resolve this issue, any users who have linked their Apple IDs to payment methods including WeChat Pay — the popular digital wallet of WeChat which boasts over a billion users worldwide and can be used to pay for almost anything in China — remain vulnerable to theft. Apple also advises users to change their passwords immediately.

This security breach represents a large-scale example of a trend that continues to rise: the targeting of digital payment services by cybercriminals, who are capitalizing on the growing popularity of these services. Apple IDs represent an easy entry point of attack considering they connect Apple users to all the information, devices and products they care about. That interconnectivity of personal data is a veritable goldmine for cybercriminals if they get their hands on something like an Apple ID. With so much at stake for something as seemingly small as an Apple ID, it’s important for consumers to know how to safeguard their digital identifiers against potential financial theft. Here are some ways they can go about doing so:

  • Make a strong password. Your password is your first line of defense against attack, so you should make it as hard as possible for any potential cybercriminals to penetrate it. Including a combination of uppercase and lowercase letters, numbers, and symbols will help you craft a stronger, more complex password that’s difficult for cybercriminals to crack. Avoid easy to guess passwords like “1234” or “password” at all costs.
  • Change login information for different accounts. An easy trap is using the same email and password across a wide variety of accounts, including Apple IDs. To better protect your Apple ID, especially if it’s linked to your financial accounts, it’s best to create a wholly original and complex password for it.
  • Enable two-factor authentication. While Apple works on identifying how these hackers hijacked Apple IDs, do yourself a favor and add an extra layer of security to your account by enabling two-factor authentication. By having to provide two or more pieces of information to verify your identity before you can log into your account, you place yourself in a better position to avoid attacks.
  • Monitor your financial accounts. When linking credentials like Apple IDs to your financial accounts, it’s important to regularly check your online bank statements and credit card accounts for any suspicious activity or transactions. Most banks and credit cards offer free credit monitoring as well. You could also invest in an identity protection service, which will reimburse you in the case of identity fraud or financial theft.

Stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listening to our podcast Hackable?, and ‘Liking’ us on Facebook.

The post The Dangers of Linking Your Apple ID to Financial Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-dangers-of-linking-your-apple-id-to-financial-accounts/feed/ 0
As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/#respond Wed, 10 Oct 2018 19:22:25 +0000 https://securingtomorrow.mcafee.com/?p=91911 Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more […]

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

]]>
Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more than six million websites with malware scanners to arrive at this figure, noting that there was also a six percent decrease in websites being blacklisted over the previous year.

Many internet users rely on these search engines to flag malicious websites and protect them as they surf the web, but this decline in blacklisting sites is leaving many users just one click away from a potential attack. This disregard of a spam attack kit on search engine results for these infected sites can lead to serious disruption, including a sharp decline in customer trust. Internet users need to be more vigilant than ever now that search engines are dropping the ball on blacklisting infected sites, especially considering that total malware went up to an all-time high in Q2, representing the second highest attack vector from 2017-2018, according to the recent McAfee Labs Threats Report.

Another unsettling finding from the report was that incidents of cryptojacking have doubled in Q2 as well, with cybercriminals continuing to carry out both new and traditional malware attacks. Cryptojacking, the method of hijacking a browser to mine cryptocurrency, saw quite a sizable resurgence in late 2017 and has continued to be a looming threat ever since. McAfee’s Blockchain Threat Report discovered that almost 30,000 websites host the Coinhive code for mining cryptocurrency with or without a user’s consent—and that’s just from non-obfuscated sites.

And then, of course, there are just certain search terms that are more dangerous and leave you more vulnerable to malware than others. For all of you pop culture aficionados, be careful which celebrities you digitally dig up gossip around. For the twelfth year in a row, McAfee researched famous individuals to assess their online risk and which search results could expose people to malicious sites, with this year’s Most Dangerous Celebrity to search for being “Orange is the New Black’s” Ruby Rose.

So, how can internet users protect themselves when searching for the knowledge they crave online, especially considering many of the most popular search engines simply aren’t blacklisting as many bot malware infected sites as they should be? Keep these tips in mind:

  • Turn on safe search settings. Most browsers and search engines have a safe search setting that filters out any inappropriate or malicious content from showing up in search results. Other popular websites like iTunes and YouTube have a safety mode to further protect users from potential harm.
  • Update your browsers consistently. A crucial security rule of thumb is always updating your browsers whenever an update is available, as security patches are usually included with each new version. If you tend to forget to update your browser, an easy hack is to just turn on the automatic update feature.
  • Be vigilant of suspicious-looking sites. It can be challenging to successfully identify malicious sites when you’re using search engines but trusting your gut when something doesn’t look right to you is a great way of playing it safe.
  • Check a website’s safety rating. There are online search tools available that will analyze a given URL in order to ascertain whether it’s a genuinely safe site to browse or a potentially malicious one infected with bot malware and other threats.
  • Browse with security protection. Utilizing solutions like McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, or McAfee Total Protection, a comprehensive security solution that protects devices against malware and other threats, will safeguard you without impacting your browsing performance or experience.

To keep abreast of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/search-engines-blacklist-fewer-sites-users-more-vulnerable-to-attack/feed/ 0
How To Spot Tech Support Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/#respond Wed, 10 Oct 2018 18:49:25 +0000 https://securingtomorrow.mcafee.com/?p=89474  When something goes wrong with your computer or devices, it can cause a panic. After all, most of us depend on technology not only to work and connect with others, but also to stay on top of our daily lives. That’s why tech support scams are often successful. They appear to offer help when […]

The post How To Spot Tech Support Scams appeared first on McAfee Blogs.

]]>

When something goes wrong with your computer or devices, it can cause a panic. After all, most of us depend on technology not only to work and connect with others, but also to stay on top of our daily lives. That’s why tech support scams are often successful. They appear to offer help when we need it the most. But falling for these scams can put your devices, data, and money at even greater risk.

Although support scams have been around almost as long as the internet, these threats have increased dramatically over the last couple of years, proving to be a reliable way for scammers to make a quick buck.

In fact, the Internet Crime Complaint Center (IC3) said that it received nearly 11,000 tech support related complaints in 2017, leading to losses of $15 million, 90% higher than the losses reported in 2016. Microsoft alone saw a 24% increase in tech scams reported by customers in 2017 over the previous year, with 15% of victims saying they lost money.

Often, scammers convince users that there is a problem with their computer or device by delivering pop-up error messages. These messages encourage the user to “click” to troubleshoot the problem, which can download a piece of malware onto their machine, or prompt them to buy fake security software to fix the issue. In some cases, users wind up downloading ransomware, or paying $200 to $400 for fake software to fix problems they didn’t actually have.

And, in a growing number of instances, scammers pose as legitimate technology companies, offering phony support for real tech issues. Some even promote software installation and activation for a fee, when the service is actually provided for free from the software provider. They do this by posting webpages or paid search results using the names of well-known tech companies. When a user searches for tech help, these phony services can appear at the top of the search results, tricking people into thinking they are the real deal.

Some cybercriminals have even gone so far as to advertise fake services on legitimate online forums, pretending to be real tech companies such as Apple, McAfee, and Amazon. Since forum pages are treated as quality content by search engines, these phony listings rank high in search results, confusing users who are looking for help.

The deception isn’t just online. More and more computer users report phone calls from cybercrooks pretending to be technology providers, warning them about problems with their accounts, and offering to help resolve the issue for a fee. Or worse, the scammer requests access to the victim’s computer to “fix the problem”, with the hopes of grabbing valuable data, such as passwords and identity information. All of these scams leave users vulnerable.

Here’s how to avoid support scams to keep your devices and data safe:

  • If you need help, go straight to the source—Type the address of the company you want to reach directly into the address bar of your browser—not the search bar, which can pull up phony results. If you have recently purchased software and need help, check the packaging the software came in for the correct web address or customer support line. If you are a McAfee customer, you can always reach us at https://service.mcafee.com.
  • Be suspicious—Before you pay for tech support, do your homework. Research the company by looking for other customer’s reviews. Also, check to see if your technology provider already offers the support you need for free.
  • Be wary of callers asking for personal information, especially if they reach out to you first—Situations like this happen all the time, even to institutions like the IRS. McAfee’s own policy is to answer support questions via our website only, and if users need assistance, they should reach out here directly. Never respond to unsolicited phone calls or pop-up messages, warning you about a technical issue, and never let anyone take over your computer or device remotely.
  • Surf Safe—Sometimes it can be hard to determine if search results are safe to click on, or not. Consider using a browser extension that can warn you about suspicious sites right in your search results, and help protect you even if you click on a dangerous link.
  • Keep informed—Stay up-to-date on the latest tech support scams so you know what to watch out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Spot Tech Support Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-spot-tech-support-scams/feed/ 0
Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/#respond Fri, 05 Oct 2018 18:09:14 +0000 https://securingtomorrow.mcafee.com/?p=91811 Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee […]

The post Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ appeared first on McAfee Blogs.

]]>
Every three months, our team crafts the McAfee Labs Threats Report. The quarterly report ranges in topic and severity but always touches on the most important and impactful threats afflicting consumers and companies alike. This year, the McAfee Labs team analyzed an average of 1,800,000 URLs, 800,000 files and 200,000 high-risk files to produce the McAfee Labs Threats Report: September 2018, which features digital assistants, cryptocurrencies, and cybercriminal gangs up to no good. Overall, it’s been an eventful quarter.

So, what are the key takeaways for you? Notably, our team has continued to track a downward trend in new malware attacks for the second successive quarter. Good news on the surface, but that trend may not be indicative of much; as we also saw a spike in new malware in Q4 2017. We’ll continue to watch this into next year. Significantly, we found that a good portion of net new malware is designed for mobile, which increased 27 percent over the previous quarter. In addition, here’s a look at the other trending stories we uncovered.

Digital Assistants

Digital assistants are advanced programs that we can converse with to research, act on our behalf and overall help make our digital lives more comfortable. Siri, Bixby and Google Assistant are few. But one digital assistant, Microsoft’s Cortana, is a little too helpful. The good news, Microsoft quickly rolled out a fix for this vulnerability to protect your Windows 10 computer. Be sure your software is up to date.

Cryptocurrency

The second story involves cryptocurrencies. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain. Blockchains, by their nature, are relatively secure. But an account that is connected to a blockchain — usually, in this case, associated with a cryptocurrency — is not. And that’s where cybercriminals are focusing their efforts, with coin miner malware up 86% in Q2 2018.

Our report found cybercriminals are chasing after access to cryptocurrencies and they’re doing so using familiar tactics. For example, phishing attacks — where cybercriminals pose as someone else online — are popular tools to take over a cryptocurrency-related account. Malicious programs are also deployed to collect passwords and other information related to an account before stealing virtual currency. You can read more about blockchain and cryptocurrency vulnerabilities here. 

Malicious Apps

Finally, the McAfee Mobile Research team found a collection of malicious applications facilitating a scam in the Google Play store. The apps in question siphon money from unwary users through billing-fraud. Billing-fraud collects money from victims for “using” a “premium” service, such as sending texts to a particular number.

In this case, the cybercriminal ring known as the AsiaHitGroup Gang attempted to charge at least 20,000 victims for downloading fake or copied versions of popular applications. To increase its potential, AsiaHitGroup Gang is using geolocation to target vulnerable populations.

So, what can you do to stay safe in the face of these threats? Here are three quick tips:

  • Limit device access. If you can, limit the ability and access a digital assistant has to your device. Often, you can adjust where and how an assistant is activated through your settings. Otherwise, update your software regularly, as many updates contain security fixes.
  • Create strong passwords. If you’re participating in the cryptocurrency market, then make sure you use strong, robust passwords to protect your accounts. This means using upper case, lower case, symbols and numbers for passwords that are 12 characters long. Afraid you might forget the key to your account? Consider using a password manager.
  • Be careful what you download. Always do some light research on the developer of a mobile application. If the information is hard to come across or absent, consider using an alternative program. Additionally, never download mobile applications from third-party app stores. Genuine stores, like Google Play and Apple’s App Store, should provide you with what you need.

And, of course, stay informed. To keep atop of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Digital Assistants, Cryptocurrency, Mobile Malware: Trends from ‘McAfee Labs Threats Report’ appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/consumer-trends-mcafee-labs-threats-report-sept-2018/feed/ 0
McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/#respond Tue, 02 Oct 2018 04:01:15 +0000 https://securingtomorrow.mcafee.com/?p=91701 Every rose has its thorn, right? Apparently, the same goes for actress Ruby Rose, as her newfound popularity from “Orange is the New Black” has made her both famous, and maybe even dangerous. At least when it comes to online interactions. You heard correctly, the newly announced Batwoman has also been crowned McAfee’s Most Dangerous […]

The post McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage appeared first on McAfee Blogs.

]]>
Every rose has its thorn, right? Apparently, the same goes for actress Ruby Rose, as her newfound popularity from “Orange is the New Black” has made her both famous, and maybe even dangerous. At least when it comes to online interactions. You heard correctly, the newly announced Batwoman has also been crowned McAfee’s Most Dangerous Celebrity this year. For the twelfth year in a row, McAfee researched famous individuals to reveal the riskiest celebrity to search for online, or, which search results could expose fans to malicious sites. Ruby Rose took home the top spot in 2018, but curious about who the runner-ups are? Here’s the full list:

Recent popular reality and sitcom shows have driven some stars (Kristin Cavallari, Debra Messing, Kourtney Kardashian) to the top of our list. Which is one of the few reasons this list is so different than last year’s. Unlike 2017’s list of Most Dangerous Celebrities, musicians ranked low on this year’s list. Adele was the highest ranked musician at No. 21 followed by Shakira (No. 27), 2017’s top celebrity Avril Lavigne (No. 30), and Lady Gaga (No. 35).

So, whether you’re looking up what Ruby did on the latest “Orange is the New Black” episode, or what Kristin Cavallari wore the latest awards show, make sure you’re searching the internet safely. To keep your internet activity secure and danger-free, follow these tips:

  • Be careful what you click. Users looking for a sneak-peek of the CW series, Batwoman starring Ruby Rose should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
  • Apply system and application updates as soon as they are available. Very often the operating system and application updates include security fixes. Applying updates is an important step to help ensure devices stay protected.
  • Browse with security protection. McAfee Total Protection is a comprehensive security solution that can help keep devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can help protect against going to malicious websites.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee’s Most Dangerous Celebrities Study 2018: Ruby Rose Takes Center Stage appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-celebrities-2018/feed/ 0
Facebook Announces Security Flaw Found in “View As” Feature https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/#respond Fri, 28 Sep 2018 19:43:57 +0000 https://securingtomorrow.mcafee.com/?p=91683 Another day, another Facebook story. In May, a Facebook Messenger malware named FacexWorm was utilized by cybercriminals to steal user passwords and mine for cryptocurrency. Later that same month, the personal data of 3 million users was exposed by an app on the platform dubbed myPersonality. And in June, millions of the social network’s users […]

The post Facebook Announces Security Flaw Found in “View As” Feature appeared first on McAfee Blogs.

]]>
Another day, another Facebook story. In May, a Facebook Messenger malware named FacexWorm was utilized by cybercriminals to steal user passwords and mine for cryptocurrency. Later that same month, the personal data of 3 million users was exposed by an app on the platform dubbed myPersonality. And in June, millions of the social network’s users may have unwittingly shared private posts publicly due to another new bug. Which brings us to today. Just announced this morning, Facebook revealed they are dealing with yet another security breach, this time involving the “View As” feature.

Facebook users have the ability to view their profiles from another user’s perspective, which is called “View As.” This very feature was found to have a security flaw that has impacted approximately 50 million user accounts, as cybercriminals have exploited this vulnerability to steal Facebook users’ access tokens. Access tokens are digital keys that keep users logged in, and they permit users to bypass the need to enter a password every time. Essentially, this flaw helps cybercriminals take over users’ accounts.

While the access tokens of 50 million accounts were taken, Facebook still doesn’t know if any personal information was gathered or misused from the affected accounts. However, they do suspect that everyone who used the “View As” feature in the last year will have to log back into Facebook, as well as any apps that used a Facebook login. An estimated 90 million Facebook users will have to log back in.

As of now, this story is still developing, as Facebook is still investigating further into this issue. Now, the question is — if you’re an impacted Facebook user, what should you do to stay secure? Start by following these tips:

  • Change your account login information. Since this flaw logged users out, it’s vital you change up your login information. Be sure to make your next password strong and complex, so it will be difficult for cybercriminals to crack. It also might be a good idea to turn on two-factor authentication.
  • Update, update, update. No matter the application, it can’t be stressed enough how important it is to always update an app as soon as an update is available, as fixes are usually included with each version. Facebook has already issued a fix to this vulnerability, so make sure you update immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Announces Security Flaw Found in “View As” Feature appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-announces-security-flaw/feed/ 0
Netflix Users: Don’t Get Hooked by This Tricky Phishing Email https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/#respond Tue, 25 Sep 2018 22:25:54 +0000 https://securingtomorrow.mcafee.com/?p=91938 If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last […]

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last week, fake Netflix emails have been circulating claiming there are issues with users’ accounts. But of course, there is no issue at all – only a phishing scam underway.

The headline in itself should be the first indicator of fraud, as it reads “Update your payment information!” The body of the fake email then claims that there’s an issue with a user’s account or that their account has been suspended. The email states that they need to update their account details in order to resolve the problem, but the link actually leads victims to a genuine-looking Netflix website designed to steal usernames and passwords, as well as payment details. If the victim updates their financial information, they are actually taken to the real Netflix home page, which gives this trick a sense of legitimacy.

In short – this phishing email scheme is convincing and tricky. That means it’s crucial all Netflix users take proactive steps now to protect themselves this stealthy attack. To do just that, follow these tips:

  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Go directly to the source. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal. You should be able to check their account status on the Netflix website, and determine the legitimacy of the request from there. If there’s still anything in question, feel free to call their support line and check about the notice that way as well.
  • Place a fraud alert. If you know your financial data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "8b4876aa-14b9-441d-a8b7-d62cc6a9e821",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1612609358087423-cropped.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1612609358087423-cropped.jpg",
"pubDate": "Tue 25 Sept 2018 12:35:48 +0000"
}
}

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/netflix-users-phishing-email-2/feed/ 0
Netflix Users: Don’t Get Hooked by This Tricky Phishing Email https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/#comments Tue, 25 Sep 2018 19:35:25 +0000 https://securingtomorrow.mcafee.com/?p=91643 If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last […]

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
If you own a smart TV, or even just a computer, it’s likely you have a Netflix account. The streaming service is huge these days – even taking home awards for its owned content. So, it’s only natural cybercriminals are attempting to leverage the service’s popularity for their own gain. In fact, just discovered last week, fake Netflix emails have been circulating claiming there are issues with users’ accounts. But of course, there is no issue at all – only a phishing scam underway.

The headline in itself should be the first indicator of fraud, as it reads “Update your payment information!” The body of the fake email then claims that there’s an issue with a user’s account or that their account has been suspended. The email states that they need to update their account details in order to resolve the problem, but the link actually leads victims to a genuine-looking Netflix website designed to steal usernames and passwords, as well as payment details. If the victim updates their financial information, they are actually taken to the real Netflix home page, which gives this trick a sense of legitimacy.

In short – this phishing email scheme is convincing and tricky. That means it’s crucial all Netflix users take proactive steps now to protect themselves this stealthy attack. To do just that, follow these tips:

  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Go directly to the source. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal. You should be able to check their account status on the Netflix website, and determine the legitimacy of the request from there. If there’s still anything in question, feel free to call their support line and check about the notice that way as well.
  • Place a fraud alert. If you know your financial data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Netflix Users: Don’t Get Hooked by This Tricky Phishing Email appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/netflix-users-phishing-email/feed/ 3
5 Ways to Protect Your Finances Online https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/#respond Mon, 24 Sep 2018 23:20:24 +0000 https://securingtomorrow.mcafee.com/?p=91945 Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security. This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. […]

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security.

This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. Regulations simply haven’t kept up, leaving security concerns up to the individual providers, and the consumers who use them.

To deal with issues like protecting customers’ data, privacy, and transactions, today’s fintech companies often use a patchwork of security software and tools. A recent survey found that many major financial service providers use between 100 and 200 disparate security solutions[1]. And these solutions rarely share threat intelligence. This can leave security teams overwhelmed, and customer information more vulnerable to data leaks and hacking.

In fact, research released earlier this year revealed that hackers are using “hidden tunnels” in the infrastructure used to transmit data between financial applications to conceal theft. This means that breaches could go weeks or months without detection, all while customer information is exposed.

Underscoring the problem, the financial services industry was recently named the most targeted sector for cyber attacks for the second year in a row. And, cyber attacks reported to the Financial Conduct Authority grew 80% in the last year.

This isn’t hard to believe given that last year seven of the U.K.’s largest banks, including Santander and HSBC, were forced to reduce operations or shut down systems all together after they were targeted in a coordinated denial of service (DoS) attack aimed at flooding servers with traffic.

Even though new regulations, like the European Union’s General Data Protection Regulation, are aimed at helping companies reduce security risks, and even fine them for privacy violations, there are still challenges when it comes to finding integrated solutions.

This means consumers have to be vigilant when it comes to protecting their money and information.

Here are 5 tips to protect your online finances:

  • Monitor your financial accounts & credit report—Regularly check your online bank statements and credit card accounts for any suspicious transactions.You’ll also want to review your credit scores once a quarter to make sure that no new accounts were opened in your name, without your permission. Check to see if your bank or credit card company offers free credit monitoring. You might also consider investing in an identity protection service, since these often include credit monitoring and will even reimburse you in the case of identity fraud or theft.
  • Use multi-layered security and alerts—Take advantage of advanced security tools if your providers offer them, such as multi-factor authentication. (Multi-factor means you provide two or more pieces of information to verify your identity before you can login to your account, such as typing a password and responding to a text message sent to your smartphone.)Also, many companies now offer free text or email alerts when a new charge is made, or when a change is made to any account information. Sign up for these to help monitor your accounts.
  • Do your homework—Before using a new financial service, make sure to research the Read other user’s reviews, and look into whether the company uses tools like encryption and multi-factor authentication to safeguard your data.
  • Don’t give away too much personal information—When we quickly sign up for accounts, sharing bank or identity information, we make it easy for the bad guys. Only share information that is absolutely necessary for the service you want to use.
  • Use comprehensive security—Just as fintech companies need to do their part, you have to do your part by using comprehensive security software.Make sure that all of your computers and devices are protected, including IoT devices. You may also want to look into new solutions that provide security at the network level.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1] Closing the Cybersecurity Gaps in Financial Services, a global survey from Ovum and sponsored by McAfee


{
"metadata": {
"id": "ba7ae803-1722-4e9f-98e7-8471653df0f5",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1613982001459115.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1613982001459115.jpg",
"pubDate": "Mon 24 Sept 2018 12:35:48 +0000"
}
}

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/5-ways-to-protect-your-finances-online-2/feed/ 0
5 Ways to Protect Your Finances Online https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/#respond Mon, 24 Sep 2018 16:00:06 +0000 https://securingtomorrow.mcafee.com/?p=91578 Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security. This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. […]

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
Financial companies continue to innovate with their online products and services, bringing conveniences for customers, but challenges when it comes to security.

This is because the current “fintech” (financial technology) landscape doesn’t just include traditional banks with online services. New players, like cryptocurrency sites, robo advisors and online loan providers have all joined the party. Regulations simply haven’t kept up, leaving security concerns up to the individual providers, and the consumers who use them.

To deal with issues like protecting customers’ data, privacy, and transactions, today’s fintech companies often use a patchwork of security software and tools. A recent survey found that many major financial service providers use between 100 and 200 disparate security solutions[1]. And these solutions rarely share threat intelligence. This can leave security teams overwhelmed, and customer information more vulnerable to data leaks and hacking.

In fact, research released earlier this year revealed that hackers are using “hidden tunnels” in the infrastructure used to transmit data between financial applications to conceal theft. This means that breaches could go weeks or months without detection, all while customer information is exposed.

Underscoring the problem, the financial services industry was recently named the most targeted sector for cyber attacks for the second year in a row. And, cyber attacks reported to the Financial Conduct Authority grew 80% in the last year.

This isn’t hard to believe given that last year seven of the U.K.’s largest banks, including Santander and HSBC, were forced to reduce operations or shut down systems all together after they were targeted in a coordinated denial of service (DoS) attack aimed at flooding servers with traffic.

Even though new regulations, like the European Union’s General Data Protection Regulation, are aimed at helping companies reduce security risks, and even fine them for privacy violations, there are still challenges when it comes to finding integrated solutions.

This means consumers have to be vigilant when it comes to protecting their money and information.

Here are 5 tips to protect your online finances:

  • Monitor your financial accounts & credit report—Regularly check your online bank statements and credit card accounts for any suspicious transactions.

    You’ll also want to review your credit scores once a quarter to make sure that no new accounts were opened in your name, without your permission. Check to see if your bank or credit card company offers free credit monitoring. You might also consider investing in an identity protection service, since these often include credit monitoring and will even reimburse you in the case of identity fraud or theft.

  • Use multi-layered security and alerts—Take advantage of advanced security tools if your providers offer them, such as multi-factor authentication. (Multi-factor means you provide two or more pieces of information to verify your identity before you can login to your account, such as typing a password and responding to a text message sent to your smartphone.)

    Also, many companies now offer free text or email alerts when a new charge is made, or when a change is made to any account information. Sign up for these to help monitor your accounts.

  • Do your homework—Before using a new financial service, make sure to research the Read other user’s reviews, and look into whether the company uses tools like encryption and multi-factor authentication to safeguard your data.
  • Don’t give away too much personal information—When we quickly sign up for accounts, sharing bank or identity information, we make it easy for the bad guys. Only share information that is absolutely necessary for the service you want to use.

  • Use comprehensive security—Just as fintech companies need to do their part, you have to do your part by using comprehensive security software.

    Make sure that all of your computers and devices are protected, including IoT devices. You may also want to look into new solutions that provide security at the network level.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1] Closing the Cybersecurity Gaps in Financial Services, a global survey from Ovum and sponsored by McAfee

The post 5 Ways to Protect Your Finances Online appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-ways-to-protect-your-finances-online/feed/ 0
Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/#respond Tue, 18 Sep 2018 04:01:08 +0000 https://securingtomorrow.mcafee.com/?p=91553 We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all […]

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all now have ransomware campaigns named after them. But just how effective are these politically-themed threats and how do they impact users? Let’s break it down.

Just recently identified, the Obama ransomware campaign is a bit non-traditional in its approach. The threat only targets specific files on a user’s computer and actually attempts to stop some anti-malware products from doing their job. What’s more – the malware also uses a victim’s device to mine for cryptocurrency. Said to be created by the same cybercriminal group behind the Obama ransomware, the Trump ransomware variant is similar in its capabilities to the Obama variant, but is not nearly as developed.

Now, the ransomware campaign named after German leader Angela Merkel encrypts files using an extension dubbed .angelamerkel. It also demands Euros when making its ransom demand, so it stays pretty true to theme.

In short, all these ransomware campaigns are unique in their capabilities and objectives, similar to the politicians they are named for. Now, with all these strains out in the wild, what are the next steps for users wishing to stay protected from a ransomware attack? Start by following these tips:

  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/feed/ 0
Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/#respond Mon, 17 Sep 2018 23:42:31 +0000 https://securingtomorrow.mcafee.com/?p=91961 We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all […]

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
We all hear politicians’ names week over week – what policies they’re working on, new initiatives they’re implementing for their respective country, the list goes on. And now, we’re hearing about their names in a new context. Specifically, former U.S. President Barack Obama, current U.S. President Donald Trump, and Chancellor of Germany Angela Merkel all now have ransomware campaigns named after them. But just how effective are these politically-themed threats and how do they impact users? Let’s break it down.

Just recently identified, the Obama ransomware campaign is a bit non-traditional in its approach. The threat only targets specific files on a user’s computer and actually attempts to stop some anti-malware products from doing their job. What’s more – the malware also uses a victim’s device to mine for cryptocurrency. Said to be created by the same cybercriminal group behind the Obama ransomware, the Trump ransomware variant is similar in its capabilities to the Obama variant, but is not nearly as developed.

Now, the ransomware campaign named after German leader Angela Merkel encrypts files using an extension dubbed .angelamerkel. It also demands Euros when making its ransom demand, so it stays pretty true to theme.

In short, all these ransomware campaigns are unique in their capabilities and objectives, similar to the politicians they are named for. Now, with all these strains out in the wild, what are the next steps for users wishing to stay protected from a ransomware attack? Start by following these tips:

  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "11f9b5ff-5988-404c-80ad-ccf1bea47810",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/three-politically-themed-ransomware/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611908913354303-small.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611908913354303-small.jpg",
"pubDate": "Mon 17 Sept 2018 12:35:48 +0000"
}
}

The post Insights on the Capabilities of Three Politically-Themed Ransomware Campaigns appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/three-politically-themed-ransomware-2/feed/ 0
Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/#respond Fri, 14 Sep 2018 00:14:09 +0000 https://securingtomorrow.mcafee.com/?p=91970 A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. […]

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. And now, this exact scenario has come to life, as news emerged this week about a flaw in both Safari and Microsoft’s Edge browser that could expose users to a cyberattack.

You know how when you type in a URL into your web browser, it can often take a few seconds to load? This flaw relies on exactly that. While a safe URL is loading, a cybercriminal could actually edit and update the address bar and redirect users to a potentially malicious website. Essentially, a hacker could send a user to an attack site of their choosing and make the user believe they’re still accessing a safe site.

Of course, the security researcher who discovered the vulnerability informed both Microsoft and Apple and waited 90 days until publishing his report about the flaw. As of now, Microsoft has issued a fix, but Apple has not.

So, what can internet users do next to ensure they don’t fall victim to a cyberattack that leverages this flaw? Start by following these tips

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a user’s computer. Now that this vulnerability has been disclosed, it’s important that you keep a close eye on your computer until you apply any necessary updates.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Microsoft’s patch is already available, and the Apple patch is hopefully on the way. If you tend to forget to update your browser, a simple trick is just turning on automatic update.
  • Remain alert of malicious sites. It can be challenging to successfully identify malicious sites when you’re on them, especially with a flaw such as this one out there. That’s why you should utilize a solution such as McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, without impacting your browsing performance or experience.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "fc4bf199-a260-4372-942d-dbb74750bf68",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611519512177491-small.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/10/img_1611519512177491-small.jpg",
"pubDate": "Wed 10 Oct 2018 12:35:48 +0000"
}
}

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/safari-and-edge-browser-flaw-2/feed/ 0
Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/#respond Thu, 13 Sep 2018 18:49:47 +0000 https://securingtomorrow.mcafee.com/?p=91483 A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. […]

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
A browser is our connection to the world wide web – it allows us to access websites, gain information, make online purchases, the list goes on. As the key to our internet usage, browsers can also be the key to unlocking our personal information. So, unfortunately, browser flaws can have a major impact on users. And now, this exact scenario has come to life, as news emerged this week about a flaw in both Safari and Microsoft’s Edge browser that could expose users to a cyberattack.

You know how when you type in a URL into your web browser, it can often take a few seconds to load? This flaw relies on exactly that. While a safe URL is loading, a cybercriminal could actually edit and update the address bar and redirect users to a potentially malicious website. Essentially, a hacker could send a user to an attack site of their choosing and make the user believe they’re still accessing a safe site.

Of course, the security researcher who discovered the vulnerability informed both Microsoft and Apple and waited 90 days until publishing his report about the flaw. As of now, Microsoft has issued a fix, but Apple has not.

So, what can internet users do next to ensure they don’t fall victim to a cyberattack that leverages this flaw? Start by following these tips

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a user’s computer. Now that this vulnerability has been disclosed, it’s important that you keep a close eye on your computer until you apply any necessary updates.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Microsoft’s patch is already available, and the Apple patch is hopefully on the way. If you tend to forget to update your browser, a simple trick is just turning on automatic update.
  • Remain alert of malicious sites. It can be challenging to successfully identify malicious sites when you’re on them, especially with a flaw such as this one out there. That’s why you should utilize a solution such as McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, without impacting your browsing performance or experience.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Safari and Edge Browser Users: This Flaw May Help Hackers Hijack Your Internet Activity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/safari-and-edge-browser-flaw/feed/ 0
A Look Back at the Equifax Data Breach, One Year Later https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/#respond Tue, 04 Sep 2018 22:00:23 +0000 https://securingtomorrow.mcafee.com/?p=91417 WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take […]

The post A Look Back at the Equifax Data Breach, One Year Later appeared first on McAfee Blogs.

]]>
WannaCry, Petya, and Equifax first come to mind when you think of the most impactful cyber events in recent years, with the first-year anniversary of the latter coming up September 7th. Impacting nearly 150 million Americans (essentially half the country), the breach changed the nature of identity theft. Now, just before its anniversary, let’s take a look back on the impact of the Equifax data breach, what it all means for consumers, and the current state of identity theft.

Equifax reported that the breach exposed as many as 147.9 million consumer accounts, potentially compromising information such as names, dates of birth, addresses, and Social Security numbers.

To its credit, Equifax launched a program to alert potentially affected consumers that their data may have been exposed, and offered a free year subscription to its credit monitoring service, TrustID.

Unfortunately, identity theft breaches are not an uncommon occurrence. Such incidents are up 44% overall with 1,579 reports last year, and there are likely even more that went unreported. Exposed records due to data breaches are up 389%. Roughly 179 million records have been stolen, with 14.2 million credit card numbers exposed in 2017, an 88% increase over 2016. What’s more, 158 million Social Security numbers were exposed last year, an increase of more than 8 times from 2016. And all this theft has added up – consumers reported $905 million in total fraud losses last year, a 21% increase. So, it only makes sense that identity theft ranked as roughly 14% of all consumer complaints to the FTC last year.

However, despite all the publicity about major data breaches, consumers have done very little or have changed very little largely due to optimism bias. In fact, a recent McAfee survey shows that despite increased consumer concerns, only 37% of individuals use an identity theft protection solution and 28% have no plans to sign up for an ID theft protection solution.

So now the next question is, what should consumers do to protect themselves against identity theft? Start by following these tips:

  • Place a fraud alert. If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post A Look Back at the Equifax Data Breach, One Year Later appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/equifax-anniversary/feed/ 0
The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/#respond Fri, 31 Aug 2018 16:44:53 +0000 https://securingtomorrow.mcafee.com/?p=91320 When we think about credit cards, we usually think of our own – what we use them for, how our credit is doing, and most importantly, that they remain in our hands and not in that of a cybercriminal. But something many parents forget – the cyberthreats that could potentially impact our financial information could […]

The post The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know appeared first on McAfee Blogs.

]]>
When we think about credit cards, we usually think of our own – what we use them for, how our credit is doing, and most importantly, that they remain in our hands and not in that of a cybercriminal. But something many parents forget – the cyberthreats that could potentially impact our financial information could very well impact our children’s, given they have credit cards of their own. As a matter of fact, there’s a new law that helps parents with exactly that – protecting their kids’ credit, amongst a few other things. It’s called the Economic Growth, Regulatory Relief and Consumer Protection Act, and it takes effect on September 21st of this year.

So, what does this law mean for parents and their kids? With this law, free credit freezes will be available for anyone – including children under the age of 16 – in the country (currently, there may be fees depending on state laws). That way, if a cybercriminal tries to open up an account with a minor’s information, the impacted family can freeze that account immediately. Additionally, it will extend fraud alerts from 90 days to a full year.

As a result of this law, Equifax, Experian, and TransUnion will each set up a web page for requesting fraud alerts and credit freezes. The FTC will also post links to those web pages on IdentityTheft.gov.

So, with this law coming into effect in no time, what next steps should parents take to reap its benefits? Start by following these tips:

  • Find out if your child has a credit report. First and foremost, head here and go to the ‘Child Identity Theft’ section. It will have instructions on how to find out if your child has a credit report. Most young children shouldn’t have credit files, but if they do, the page includes contact information for credit agencies and advice on how to freeze credit.
  • Keep the record of freezes in a safe place. If you do have to freeze a credit report, keep the records stored in a safe place. Make sure your family can find it when needed, and a crook can’t access it.
  • Invest in an identity theft monitoring and recovery solution. The best way to protect you or a family member from identity theft is by being proactive. That’s precisely why you should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Economic Growth, Regulatory Relief and Consumer Protection Act: What Parents Should Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/the-economic-growth-regulatory-relief-and-consumer-protection-act/feed/ 0
Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/#respond Wed, 29 Aug 2018 16:44:05 +0000 https://securingtomorrow.mcafee.com/?p=91295 Back in June, Fortnite fans, hopeful for an Android version of the game, were teased with fake apps, which were in turn part of a cybercriminal’s scheme. Fast forward to present day, and their prayers have been answered, as a real Android version of the popular game has been released. However, a recently revealed flaw […]

The post Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability appeared first on McAfee Blogs.

]]>
Back in June, Fortnite fans, hopeful for an Android version of the game, were teased with fake apps, which were in turn part of a cybercriminal’s scheme. Fast forward to present day, and their prayers have been answered, as a real Android version of the popular game has been released. However, a recently revealed flaw in the app is raining on their parade, as Google security researchers have revealed this week that the Fortnite Android app is vulnerable to man-in-the-disk (MitD) attacks.

For some context, a man-in-the-disk (MitD) attack is rooted in an app’s ability to use ‘External Storage,’ which is one of the two types of data storage methods supported by the Android OS. With this attack, a cybercriminal can watch a particular app’s External Storage space and tamper with the data stored in this storage space since its shared by all apps.

Now, you may be wondering how does this work with this new Fortnite Android app vulnerability? This recently disclosed vulnerability allows for malicious apps (that are already installed on a user’s phone) to hijack the Fortnite app’s installation process and download other malicious apps. This means a hacker could essentially install any nasty software they wanted on to a victim’s phone. And according to recent McAfee research, this is precisely what some parents fear when their children game online. In fact, 52% worry about cybercriminals hacking gaming accounts.

Fortunately, Epic Games is already on the case. The major video game company has already released version 2.1.0 of this application, which patches this vulnerability. However, Fortnite users must still take a few important security steps of their own in order to protect themselves from this attack. If you’re a Fortnite gamer, be sure to follow these tips:

  • Update, update, update. No matter the application, it can’t be stressed enough how important it is to always update your app as soon as an update is available. Patches (like the one released by Epic Games) are typically included with every update.
  • Clean house. Given this hack relies on preexisting malicious apps a victim’s phone, do your due diligence and clean up the applications on your device. This means deleting any old apps you don’t use, or ones that you may have downloaded from outside an official app store. If you’re unsure if an application is secure or not, do some research – conduct a quick google search or scan through the app’s review section on an app store and see if it has had any issues with security.
  • Use a mobile security solution. As app vulnerabilities such as this one continue to impact mobile users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Fortnite Fans: The New Android App Was Found Containing a Massive Vulnerability appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fornite-android-app-vulnerability/feed/ 0
Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/#respond Wed, 22 Aug 2018 04:01:46 +0000 https://securingtomorrow.mcafee.com/?p=91030 If you use social media, you love posting pictures of your life and all the people in it. More often than not, those people in your posts are your family. In fact, social media has become a way many parents show their pride and document their children as they grow and move through life. In […]

The post Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey appeared first on McAfee Blogs.

]]>
If you use social media, you love posting pictures of your life and all the people in it. More often than not, those people in your posts are your family. In fact, social media has become a way many parents show their pride and document their children as they grow and move through life. In fact, 30% of parents report posting a photo of their child(ren) to social media at least once per day. To find out if parents actually get permission from their kids to post this content, and how that posting affects children’s privacy, we chatted with 1,000 parents of children ages 1 month to 16 years old in the U.S. and conducted what we call our Age of Consent survey*. Let’s take a look at the findings.

As it turns out, most parents (58%) do not ask for permission from their children before posting images of them on social media. Of those parents who do not ask for permission, 22% think that their child is too young to provide permission, and another 19% claim that it’s their own choice, not their child’s choice.

However, almost three quarters (71%) of parents agree that the images they share online could end up in the wrong hands. According to these parents, the biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%). Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

And yet, despite understanding the risks associated with sharing photos and videos online, most of these parents still post all the same. This begs that question – why aren’t these parents taking action to protect their family’s online security? The good news is they can start right now, by following these security tips:

  • Think before you post. Before posting a picture on social media, ensure that there is nothing in the photo that could be used as an identifier like birthdates, visible home addresses, school uniforms, financial details or passwords in the photo. Parents should ask themselves if this is a photo that they would be ok with a stranger seeing. 
  • Watch out for geotagging. Many social networks will tag a user’s location when a photo is uploaded. Parents should ensure this feature is turned off so as not to give away their current location. This is especially important when posting photos away from home.
  • Lock down privacy settings. Parents should make sure to only share photos and other social media posts with their intended audience. Services like Facebook and Instagram have features that allow you to share posts with only the people you are connected to/friends with.
  • Set ground rules with friends and family. Be clear with friends and family about guidelines when posting about your children. These rules can help avoid unwanted situations where a family member has shared photos without explicit permission.
  • Use an identity theft protection service. As the number of reported data breaches continue to rise, so too does the possibility of identity theft. An identity theft protection solution like McAfee Identity Theft Protection can help consumers proactively protect their identity and keep their personal information secured from misuse.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

*Survey Methodology: McAfee commissioned OnePoll to conduct a survey of 1,000 parents of children ages 1 month to 16 years old in the U.S.

The post Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/age-of-consent-survey-insights/feed/ 0
McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/#respond Tue, 21 Aug 2018 13:01:43 +0000 https://securingtomorrow.mcafee.com/?p=91083 From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family, but their poor security standards also make them conveniently flawed for someone else: cybercriminals. As a matter of fact, our McAfee Labs […]

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>
From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family, but their poor security standards also make them conveniently flawed for someone else: cybercriminals. As a matter of fact, our McAfee Labs Advanced Threat Research team has uncovered a flaw in one of these IoT devices: the Wemo Insight Smart Plug, which is a Wi-Fi–connected electric outlet.

Once our research team figured out how exactly the device was vulnerable, they leveraged the flaw to test out a few types of cyberattacks. The team soon discovered an attacker could leverage this vulnerability to turn off or overload the switch. What’s more – this smart plug, like many vulnerable IoT devices, creates a gateway for potential hackers to compromise an entire home Wi-Fi network. In fact, using the Wemo as a sort of “middleman,” our team leveraged this open hole in the network to power a smart TV on and off.

Now, our researchers have already reported this vulnerability to Belkin on May 21st. However, regardless if you’re a Wemo user or not, it’s still important you take proactive security steps to safeguard all your IoT devices. Start by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away. If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Keep your firmware up-to-date. Manufacturers often release software updates to protect against these potential vulnerabilities. Set your device to auto-update, if you can, so you always have the latest software. Otherwise, just remember to consistently update your firmware whenever an update is available.
  • Secure your home’s internet at the source. These smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/feed/ 0
Access Denied! New Instagram Hack Kicks Users Out of Their Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/#respond Wed, 15 Aug 2018 16:12:15 +0000 https://securingtomorrow.mcafee.com/?p=90958 Instagram is undoubtedly one of, if not the most popular social media platform among users today. Everyone from celebrities to young teens use it to post images of their day-to-day lives. And now, according to Mashable, hundreds of these users have reported having their Instagram accounts hacked. The attack logs them out of their account […]

The post Access Denied! New Instagram Hack Kicks Users Out of Their Accounts appeared first on McAfee Blogs.

]]>
Instagram is undoubtedly one of, if not the most popular social media platform among users today. Everyone from celebrities to young teens use it to post images of their day-to-day lives. And now, according to Mashable, hundreds of these users have reported having their Instagram accounts hacked. The attack logs them out of their account and changes their personal details on the platform.

This hack started popping up in early August when users began to report all the same issues with their account — they’re suddenly logged out, their handles and profile pictures are changed (usually to a Disney or Pixar character), and their bios are deleted. When these social media fans try to reset their password, they find that the account has been linked to a new email address with a Russian domain and a random phone number has been associated with the account.

This makes it particularly difficult for users to gain control over their accounts, as Instagram’s support messages now go to the new email address. However, beyond locking these people out of their accounts, the hackers haven’t done any other damage, such as deleting old photos or posting any new ones.

From tweeting at Instagram’s official Twitter account to just starting a brand-new account – these unlucky Instagram users are now taking whatever next steps they can to get back on their favorite social media platform. However, there’s still more to be done. To ensure both their online social media activity and personal information remain secure from this attack, these users should follow these security tips:

  • Enable two-factor authentication. Though it’s not known yet how these hackers were able to get inside of these accounts, make note you can always add some extra armor on your online accounts by enabling two-factor authentication. Now, two-factor authentication cannot be treated as the be-all and end-all when it comes to your online security, but it does help. Just by adding the extra layer of security, you’ll put yourself in a better position to avoid attacks such as this one.
  • Change up your login information to other accounts. Some people have a bad habit of using the same password and email combination across multiple accounts. If this is the case for the account login information you use for Instagram, it’s best to go ahead and mix up the login information on any other account that uses either the same email or password.
  • Make your passwords strong. When you’re making your new passwords, make sure they’re strong and difficult to guess in the chance cybercriminals try to come after additional accounts. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Access Denied! New Instagram Hack Kicks Users Out of Their Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-hack-kicks-users-out-of-their-accounts/feed/ 0
Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/#respond Fri, 10 Aug 2018 18:46:15 +0000 https://securingtomorrow.mcafee.com/?p=90803 Fore! That’s not a ball hitting the 9th hole, that’s a ransomware attack. You heard correctly – the PGA (Professional Golfers’ Association) was hit with a ransomware attack this week, just days ahead of its annual championship tournament. Specifically, the attack was on the PGA’s computer servers, and is keeping officials from accessing files, such […]

The post Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship appeared first on McAfee Blogs.

]]>
Fore! That’s not a ball hitting the 9th hole, that’s a ransomware attack. You heard correctly – the PGA (Professional Golfers’ Association) was hit with a ransomware attack this week, just days ahead of its annual championship tournament. Specifically, the attack was on the PGA’s computer servers, and is keeping officials from accessing files, such as numerous PGA banners, logos, and signage, for the PGA Championship 2018.

Though it’s unsure how the crooks were able to get inside the PGA’s system, they have made their motives clear. Per Golfweek’s report, the cybercriminals left a message for the PGA staff, stating, “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm.” “Any attempt to break the encryption could cause the loss of all of the work. This may lead to the impossibility of recovery of certain files,” the message threatened. They also included a Bitcoin wallet number for the PGA, however, the organization has yet to put anything in there.

That means, as of now, the PGA is still without access to a few of their promotional materials as their tournament is underway. However, the 2018 championship is still carrying on successfully, as planned.

Now, what can we take away from this situation? The tournament is still running smoothly, even despite the disruption from hackers. So, take a page out of PGA’s book – stand up to cybercriminals and don’t pay the ransom. Beyond not paying the ransom, here are a few additional security tips to follow if you’re ever faced with a ransomware attack on your personal device:

  • Keep your devices up-to-date. Though it’s not exactly known how cybercriminals gained access to the PGA’s systems, usually, ransomware attacks depend on a known vulnerability. So, make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
  • Do a complete backup. With ransomware attacks locking away crucial data, you need to back up the data on all of your machines. If a machine becomes infected with ransomware, there’s no promise you’ll get that data back – it could even become wiped entirely in some cases. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or in the cloud.
  • Use decryption tools. No More Ransom, an initiative McAfee is a part of, has a suite of tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then check out No More Ransom’s decryption tools and see if one is available for your specific strain of ransomware.
  • Use comprehensive security. To be prepared for ransomware or any other type of cyberattack that may come your way, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive security solution.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Hackers Tee Up a Ransomware Attack for the PGA Ahead of the 2018 Championship appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pga-ransomware/feed/ 0
5 Tips To Protect Your IoT Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/#respond Thu, 09 Aug 2018 22:45:44 +0000 https://securingtomorrow.mcafee.com/?p=90805 Do you think as yourself as living in a “smart home”? If you look around you may notice that you are surrounded by internet-connected, computing devices, including IP cameras, speakers, doorbells, and even refrigerators. These physical products embedded with electronics and software are generally referred to as the Internet of Things (IoT). IoT products differ […]

The post 5 Tips To Protect Your IoT Devices appeared first on McAfee Blogs.

]]>
Do you think as yourself as living in a “smart home”? If you look around you may notice that you are surrounded by internet-connected, computing devices, including IP cameras, speakers, doorbells, and even refrigerators. These physical products embedded with electronics and software are generally referred to as the Internet of Things (IoT).

IoT products differ from dedicated tech devices, like computers, smartphones and tablets, in that their primary function is to do offline tasks, which are enhanced by connecting to the internet. An internet-enabled car, for instance, is still made for driving, but it can also potentially connect to the driver’s device and home electronics, make phone calls, and display cameras.

There’s no doubt that the Internet of Things can make our lives more convenient (just think how easy it is to ask an interactive speaker to place an order online), but it also opens us up to new risks. This is because most IoT devices lack built-in security features, making them vulnerable to malware and hacking.

Take the 2016 Mirai botnet attack, which took down a large part of the internet on the East Coast. This botnet was actually made up of 2.5 million compromised IoT devices, such as webcams and routers, which were infected by malware programmed to guess default passwords. The combined power of these IoT devices was then used to flood the internet’s Domain Name System servers with traffic, crippling the internet’s address book.

And since Mirai, IoT attacks have increased substantially both in number and sophistication. The IoT_Reaper malware, for instance, leveraged nine different vulnerabilities in webcams and routers to infect millions of devices, creating a massive army of “bots” that could potentially be used to launch attacks.

These threats are increasing at the same time as our thirst for more connected devices is growing. Everything from smart thermostats to interactive eyeglasses are expected to make up the 20.8 billion connected devices that are predicted to exist in consumer homes by 2020.

The more connected devices we have in our homes and lives, the more opportunities cybercriminals have to infiltrate our networks, and reach other data-rich devices. This can potentially put your private and financial information at risk, not to mention your privacy.

So, what can we as consumers do to protect our data and devices, while enjoying all the convenience that IoT brings?

Here are some important IoT Safety Tips:

  • Research before you buy—Look for devices that have built-in security features, when possible, and check other users’ reviews before you buy to see if there are any issues, such as known exploits or vulnerabilities, that you should know about.
  • Change Default Passwords—As soon as you bring a new connected device home make sure you change the default password to something hard to guess. This is because cybercriminals often know these default settings and can use them to access your devices. If the device has advanced security options, take advantage of them.
  • Keep them separate—Consider setting up a separate network just for your IoT devices. This way, even if a device is compromised the attacker will not be able to leapfrog to other data-rich devices on the same network, like computers and smartphones. Check your router’s user manual to learn how to setup a second, or “guest” network. Or, consider investing in a network that has built-in protection for IoT devices. Security is now being integrated into home routers, providing first-line protection for all the devices connected to the network.
  • Keep your firmware up-to-date—Manufacturers often release software updates to protect against potential vulnerabilities and upgrade features. Set your device to auto-update, if you can, so you always have the latest software.
  • Use comprehensive security software—Keep all your computers and devices protected by using robust security software that can help safeguard your private information and stop known threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips To Protect Your IoT Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-to-protect-your-iot-devices/feed/ 0
Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/#respond Wed, 08 Aug 2018 00:46:45 +0000 https://securingtomorrow.mcafee.com/?p=90774 Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive […]

The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.

]]>
Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive cryptojacking campaign that’s targeting MikroTik routers.

The attack first finds its footing by taking advantage of a vulnerability within MikroTik routers. Once it leverages the flaw, the attack changes the devices’ configuration to inject Coinhive cryptocurrency mining malware into users’ web traffic. For context, Coinhive is a cryptocurrency mining service. Set up as a legitimate service, Coinhive is unfortunately often used by cybercriminals to hack websites and cryptojack users, aka steal the processing power of their devices to mine for cryptocurrency without their consent.

Which is precisely what’s happening to over 200,000 MikroTik customers, largely in Latin America. However, the attack has the potential to start spreading all over the world, given there are 1.7 million MikroTik routers all over.

Now, the next question is – what can these MikroTik users do to protect themselves from this attack? Start by following these proactive security tips:

  • Update your router’s firmware. MikroTik actually patched this vulnerability back in April, but that doesn’t necessarily mean that users applied the required patch. Therefore, this attack is a reminder of just how important it is to regularly update your router’s firmware, as these fixes are typically included within each update.
  • Check online notices. When made aware of vulnerabilities, manufacturers will notify the public, as well as make them aware of incoming fixes. Therefore, scan technical service bulletins or notices on a company site so that if a vulnerability does pop up with your router, you can learn what to do to help your device stay secure.
  • Secure your home’s internet at the source. Your home router allows your entire family to connect to the internet. If it’s vulnerable, your internet activity can be compromised as a result – just like with this MikroTik attack. So, be sure to use a router with built-in security like McAfee Secure Home Platform, which provides protection against threats at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptojacking-campaign-mikrotik-routers/feed/ 0
The Reddit Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/#respond Wed, 01 Aug 2018 23:28:29 +0000 https://securingtomorrow.mcafee.com/?p=90653 With the tagline, “giving you the best of the internet in one place,” Reddit is a popular website designed for discussion, news aggregation, and the creation of social content. Boasting over 330 million users, the platform is characterized by an engaged community. Which also means it contains treasure troves of consumer data. Unfortunately, there’s now […]

The post The Reddit Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
With the tagline, “giving you the best of the internet in one place,” Reddit is a popular website designed for discussion, news aggregation, and the creation of social content. Boasting over 330 million users, the platform is characterized by an engaged community. Which also means it contains treasure troves of consumer data. Unfortunately, there’s now a chance that information has been exposed, as Reddit announced today that its systems were hacked at some point earlier this summer.

Announcing the breach on its r/announcements section, Reddit informed users that its internal systems were accessed by attackers sometime between June 14th to June 18th. The cybercriminals managed to bypass the SMS-based two-factor authentication the company had in place to access user data. This information includes some current email addresses and a 2007 database backup containing old salted and hashed passwords (meaning, passwords that haven’t been stored in plaintext). Additionally, email digests sent in June 2018 were also accessed by the hackers as well.

Now, the amount the impacted emails and passwords is not yet exactly known, but it’s crucial Reddit users (particularly those who joined by 2007) start taking steps now to secure their personal security. Start by following these tips:

  • Change up your password. If you joined Reddit in 2007 or before, you should change up your password immediately. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Avoid common and easy to crack passwords like “12345” or “password.”
  • Keep an eye out for sketchy emails and messages. If you received an email from a Reddit digest in June, then there’s a chance the hacker has your email address. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Don’t solely rely on SMS two-factor authentication (2FA). If anything, we can all learn a lesson from this Reddit breach – we can’t solely rely on SMS two-factor authentication anymore to secure our data. In fact, SMS is one of the weakest forms of 2FA. If you wish to lock down your data on your devices, it’s best to use app-based two-factor authentication, such as Google Authenticator.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Reddit Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/reddit-data-breach/feed/ 0
5 Tips for Managing Your Digital Footprint and Online Reputation https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/#respond Wed, 01 Aug 2018 18:38:58 +0000 https://securingtomorrow.mcafee.com/?p=90642 Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not. Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information […]

The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.

]]>
Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not.

Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information you intentionally post to promote yourself, such as online resumes and professional profiles. This is why you should take some time to manage your online reputation.

A recent study by CareerBuilder found that 70% of employers use search engines and social media to screen candidates. What’s more, 54% of employers surveyed said that they reconsidered candidates after getting a bad impression of them online.

This situation should be especially concerning for younger adults who are entering the job market for the first time, after years of carefree posting.

And if you think that once you have a job you can forget about looking after your digital footprint, think again. Employers also said that they check employees’ online presence when considering promotions.

Even colleges and universities rely on social media checks to get a better sense of applicants, according to a recent survey of admissions officers.

Of course, having a negative online presence is one problem, but having no presence at all is an even bigger red flag, so don’t start deleting profiles and accounts, or making everything “private”.

Over half of employers surveyed said that they are less likely to interview a candidate with no visible presence online. In this age, everyone is expected to have a digital footprint—it’s what that footprint says about you that matters the most.

So, how do you make sure that your digital footprint gives a good impression of you?

Here are some important tips:

  • Start Online Awareness Early—It’s easier to build a positive digital footprint from a young age, than to clean up a questionable presence later on. (When you consider that many kids get a smartphone at the age of 10, editing 8 years of online activity before college could be a real chore!) Talk to your kids about the importance of giving a positive impression online before they engage. When you do decide to let your kids connect, make sure to use parental controls that limit the kinds of content they can access, and protects them from online threats.
  • Be cautious about over-sharing—Yes, social media was made for sharing, but try to avoid venting online or engaging in heated arguments. If you have a problem with someone, talk it out offline.
  • Turn off tagging—Just because you’re paying attention to your online reputation, doesn’t mean your friends are. Being “tagged” in photos or videos you didn’t post could leave you open to the wrong impressions. That’s why it’s best to turn off tagging in your social media settings.
  • Keep positive content public—If you have a great online presence, sharing your accomplishments and skills, make sure to make the posts public. This goes for your social channels, as well as your professional profiles.
  • Be yourself, but speak clearly and respectfully—Show your unique personality and creativity, since people respond to genuineness But remember to be articulate in the process. Check posts for spelling or grammar errors before you hit “send”, and avoid offensive language. When commenting on other people’s posts, do it respectfully.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/managing-your-digital-footprint-online-reputation/feed/ 0
Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/#respond Tue, 31 Jul 2018 18:42:02 +0000 https://securingtomorrow.mcafee.com/?p=90624 More and more, ransomware attacks are targeting one specific industry – health care. As detailed in our McAfee Labs Threats Report: March 2018, health care experienced a dramatic 210% overall increase in cyber incidents in 2017. Unfortunately, 2018 is showing no signs of slowing. In fact, just this week it was revealed that patient records […]

The post Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach appeared first on McAfee Blogs.

]]>
More and more, ransomware attacks are targeting one specific industry – health care. As detailed in our McAfee Labs Threats Report: March 2018, health care experienced a dramatic 210% overall increase in cyber incidents in 2017. Unfortunately, 2018 is showing no signs of slowing. In fact, just this week it was revealed that patient records from the Missouri-based Blue Springs Family Care have been compromised after cybercriminals attacked the provider with a variety of malware, including ransomware.

Though it’s not entirely sure yet how these attackers gained access, their methods were effective. With this attack, the cybercriminals were able to breach the organization’s entire system, making patient data vulnerable. The attack resulted in 44,979 records being compromised, which includes Social Security numbers, account numbers, driver’s licenses, disability codes, medical diagnoses, addresses, and dates of birth.

The company’s official statement notes, “at this time, we have not received any indication that the information has been used by an unauthorized individual.”  However, if this type of data does become leveraged, it could be used by hackers for both identity and medical fraud.

So, with a plethora of personal information out in the open – what should these patients do next to ensure their personal data is secure and their health information is private? Start by following these tips:

  • Talk with your health provider. With many cyberattacks taking advantage of the old computer systems still used by many health care providers, it’s important to ask yours what they do to protect your information. What’s more, ask if they use systems that have a comprehensive view of who accesses patient data. If they can’t provide you with answers, consider moving on to another practice that has cybersecurity more top of mind. 
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Keep your eyes on your health bills and records. Just like you pay close attention to your credit card records, you need to also keep a close eye on health insurance bills and prescription records, which are two ways that your health records can be abused. Be vigilant about procedure descriptions that don’t seem right or bills from facilities you don’t remember visiting.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

 And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Ransomware Hits Health Care Once Again, 45,000 Patient Records Compromised in Blue Springs Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blue-springs-ransomware-breach/feed/ 0
Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/#respond Wed, 25 Jul 2018 18:56:01 +0000 https://securingtomorrow.mcafee.com/?p=90529 Similar to smartphones and computers, Bluetooth is one of the modern-day pieces of tech that has spread wide and far. Billions of devices of all types around the world have the technology woven into their build. So when news about the BlueBorne vulnerabilities broke back in late 2017, everyone’s ears perked up. Fast forward to […]

The post Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug appeared first on McAfee Blogs.

]]>
Similar to smartphones and computers, Bluetooth is one of the modern-day pieces of tech that has spread wide and far. Billions of devices of all types around the world have the technology woven into their build. So when news about the BlueBorne vulnerabilities broke back in late 2017, everyone’s ears perked up. Fast forward to present day and a new Bluetooth flaw has emerged, which affects devices containing Bluetooth from a range of vendors—including Apple, Intel, Google, Broadcom, and Qualcomm.

Whether it’s connecting your phone to a speaker so you can blast your favorite tunes, or pairing it with your car’s audio system so you can make phone calls hands-free, the pairing capabilities of Bluetooth ensures the technology remains wireless. And this bug affects precisely that — Bluetooth’s Secure Simple Pairing and Low Energy Secure Connections, which are capabilities within the tech designed to assist users with pairing devices in a safe and secure way.

Essentially, this vulnerability means that when data is sent from device to device over Bluetooth connections, it is not encrypted, and therefore vulnerable. And with this flaw affecting Apple, Google and Intel-based smartphones and PCs, that means millions of people may have their private data leaked. Specifically, the bug allows an attacker that’s within about 30 meters of a user to capture and decrypt data shared between Bluetooth-paired devices.

Lior Neumann, one of the researchers who found the bug, stated, “As far as we know, every Android—prior to the patch published in June—and every device with a wireless chip from Intel, Qualcomm or Broadcom is vulnerable.” That includes iPhone devices with a Broadcom or Qualcomm chip as well.

Fortunately, fixes for this bug within Apple devices have already been available since May with the release of iOS 11.4. Additionally, two Android vendors, Huawei and LG, say they have patched the vulnerability as well. However, if you don’t see your vendor on this list, or if you have yet to apply the patches – what next steps should you take to secure your devices? Start by following these tips:

  • Turn Bluetooth off unless you have to use it. Affected software providers have been notified of these vulnerabilities and are working on fixing them as we speak. But in the meantime, it’s crucial you turn off your Bluetooth unless you absolutely must use it. To do this on iOS devices, simply go to your “Settings”, select “Bluetooth” and toggle it from on to off. On Android devices, open the “Settings” app and the app will display a “Bluetooth” toggle button under the “Wireless and networks” subheading that you can use to enable and disable the feature.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Patches for iOS and some Android manufacturers are already available, but if your device isn’t on the list, fear not – security patches for additional providers are likely on their way.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bluetooth-bug/feed/ 0
iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/#respond Wed, 18 Jul 2018 17:17:02 +0000 https://securingtomorrow.mcafee.com/?p=90426 The iPhone and many of the apps designed to live on the device have the ability to track our location. Whenever they set up these apps, however, users get the option to opt in or out of location tracking services. But what happens when a malicious campaign doesn’t give users the option to opt of […]

The post iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location appeared first on McAfee Blogs.

]]>
The iPhone and many of the apps designed to live on the device have the ability to track our location. Whenever they set up these apps, however, users get the option to opt in or out of location tracking services. But what happens when a malicious campaign doesn’t give users the option to opt of having their location tracked by cybercriminals? In fact, just this week, it has been discovered that iPhone users may be faced with that very possibility, as a sophisticated mobile malware campaign is gaining access to devices by tricking users into downloading an open-source mobile device management (MDM) software package.

First, let’s back up – how does a mobile device management software package work, exactly? Well, according to Continuum, Mobile device management (MDM) is a type of software used by an IT department to monitor, manage, and secure employees’ mobile devices. Therefore, once hijacked by hackers, this software could be used to gain almost complete access to a mobile device.

So, with this malicious MDM campaign, cybercriminals can gain access to a device and steal various forms of sensitive information, including the phone number, serial number, location, contact details, user’s photos, SMS messages, and Telegram and WhatsApp chat messages.

As of now, it’s not entirely clear how this campaign is being spread – though many signs point to social engineering. So, given the information we do know – the next question is what should iPhone users do next to stay secure? Start by following these tips:

  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Turn off location services. It’s one thing for a cybercriminal to have ahold of your data, but it’s another thing entirely if they have the ability to track your location. This hack could not only impact your digital security but your physical security as well. So, turn off the location services immediately on your phone – that way if they gain access to your device, they won’t be able to track you.
  • Use a mobile security solution. As schemes like this MDM campaign continue to impact mobile users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iPhone Users: This Mobile Malware Could Allow Cybercriminals to Track Your Location appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iphone-users-mobile-malware-cybercriminals-track-your-location/feed/ 0
Major International Airport’s Security System Found for Sale on Dark Web RDP Shop https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/#respond Wed, 11 Jul 2018 13:01:56 +0000 https://securingtomorrow.mcafee.com/?p=90281 The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One […]

The post Major International Airport’s Security System Found for Sale on Dark Web RDP Shop appeared first on McAfee Blogs.

]]>
The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One type of marketplace is called a remote desktop protocol (RDP) shop, which provides access to stolen systems for a small fee. Found in one of these RDP shops by McAfee’s ATR team: a major international airport’s security and building automation systems, which could be purchased for only $10 USD.

You might be wondering – what does “access” mean in this scenario? Just like Spotify and Apple Music sell access to artist’s songs, or a gym sells access to their exercise machines, the dark web can sell remote access to hacked machines through these RDP shops. Once access is purchased, crooks can obtain logins to a victim’s computer system and essentially have full control of it.

Now, the McAfee ATR team is not exactly sure how the cybercriminals got their hands on these systems. But they do know that once something like an airport security system is purchased, crooks can do serious damage. This access could allow cybercriminals to do essentially anything they want – create false alerts to the internal security team, send spam, steal data and credentials, mine for cryptocurrency, or even conduct a ransomware attack on the organization.

So, what happens if your information was potentially compromised in the sale of one of these systems on the dark web? To protect your personal data from larger cybercriminal schemes that originate from RDP shops, be sure to follow these tips: 

  • Be selective about what you share. The best way to control where your information goes is by reducing the sources you share it with. That means not providing your personal information to every app, network, or system that asks for it. Be strict and diligent, and only provide something with information when it’s crucial to the service or experience it provides.
  • Set up an alert. Compromised information could potentially include financial data. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft monitoring and recovery solution. If enough personal data becomes compromised by cybercriminals accessing stolen systems, users could be potentially faced with the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Major International Airport’s Security System Found for Sale on Dark Web RDP Shop appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/airport-security-system-dark-web-rdp-shop/feed/ 0
Popular Social Media App Timehop Hit With Huge Data Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/#respond Tue, 10 Jul 2018 16:41:47 +0000 https://securingtomorrow.mcafee.com/?p=90274 The Fourth of July is characterized by barbeques, fireworks, and patriotism – and now cyberattacks! Just this past Independence Day, the popular social media app Timehop was hacked – as cybercriminals set their sights on the company’s servers, rather than enjoying hot dogs and sparklers. The attack affects a whopping 21 million Timehop users and […]

The post Popular Social Media App Timehop Hit With Huge Data Breach appeared first on McAfee Blogs.

]]>
The Fourth of July is characterized by barbeques, fireworks, and patriotism – and now cyberattacks! Just this past Independence Day, the popular social media app Timehop was hacked – as cybercriminals set their sights on the company’s servers, rather than enjoying hot dogs and sparklers. The attack affects a whopping 21 million Timehop users and has put their personal information at risk of being compromised.

The key ingredient for this attack: multi-factor authentication. Or, lack thereof. Hackers were able to access the company’s cloud servers on July 4th because Timehop had not turned on multi-factor authentication. “The breach occurred because an access credential to our cloud computing environment was compromised,” the company said. Once they obtained the credential to access the servers, the crooks managed to remain inside the system for approximately two hours.

In a company blog post, Timehop stated that the security breach compromised the names and emails of these 21 million users, which is essentially its entire user base. And 4.7 million of those affected users had a phone number that was attached to their account breached in the attack as well. Fortunately, Timehop says that no financial data was compromised in the attack, and all access to social media platforms was deactivated immediately by Timehop, which actually logged all users out of their accounts.

This breach joins the Exactis and Adidas breaches that have occurred in the past week, leaving millions of consumers out there concerned for their personal security. So, what next steps should Timehop users take to ensure they secure their personal information? Start by following these tips:

  • Change up your passwords. With this personal data already in hand, it’s likely cybercriminals are going to take a guess at your password and attempt to get inside your Timehop account. Therefore, make sure you change up your password to Timehop and any other accounts that use the same one.
  • Use two-factor authentication. If this breach has made anything clear, it’s that we cannot rely on passwords that use single-factor authentication to protect our accounts. Learn a lesson from Timehop and always enable two-factor authentication when given the option.
  • Invest in an identity theft monitoring and recovery solution. With the increase in data breaches, people everywhere are facing the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Popular Social Media App Timehop Hit With Huge Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/timehop-data-breach/feed/ 0
Attention Gmail Users: App Developers Can Potentially Read Your Private Emails https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/#respond Tue, 03 Jul 2018 22:25:40 +0000 https://securingtomorrow.mcafee.com/?p=90222 Email has been the norm for decades now, as most digitally connected people use it to communicate in both their personal and professional lives. One of the most popular email services out there today is Google’s offering, Gmail, which has 1.4 billion users. Many people use the platform daily, even connecting it to third-party apps […]

The post Attention Gmail Users: App Developers Can Potentially Read Your Private Emails appeared first on McAfee Blogs.

]]>
Email has been the norm for decades now, as most digitally connected people use it to communicate in both their personal and professional lives. One of the most popular email services out there today is Google’s offering, Gmail, which has 1.4 billion users. Many people use the platform daily, even connecting it to third-party apps – a feature that may have exposed actually exposed private Gmail messages. Just yesterday, The Wall Street Journal reported that people who have connected third-party apps to their accounts may have unwittingly given external developers permission to read their messages.

But wait – how could hundreds of developers just access users’ private inboxes? As a matter of fact, Google allows these developers to scan the inboxes of millions of users per its official policy. This policy is outlined when people are asked if they wish to connect their Google account to third-party apps and services. When linking their account to a service, people are asked to grant certain permissions – which often include the ability to “read, send, delete and manage your email.”

Now, the developers who have access to users’ Gmail inboxes have been vetted by Google. And to them, this access is the norm. Thede Loder, the former CTO at eDataSource Inc., said that reading user emails has become “common practice” for companies that collect this type of data. “Some people might consider that to be a dirty secret… It’s kind of reality,” he notes.

Though this news may be unsurprising to people like Loder, it’s likely very surprising to others, proving there’s a gap in awareness and understanding of what Gmail users are signing themselves up for. Therefore, if you’re a Gmail user wishing to keep the information exchanged in your emails private, be sure to follow these tips:

  • Be selective. The best way to control where your information goes is by reducing the sources you share it with. That means not providing Gmail access to every app that asks for it. Be strict and diligent, and only provide an app access when it’s crucial to the service or experience it provides.
  • Read the terms and conditions. If you are going to share access to your Gmail or your information with an application or website, be sure you read the terms and conditions carefully. Though it may feel tedious, it’s important you know where your information is going and how it is being used.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

 And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Attention Gmail Users: App Developers Can Potentially Read Your Private Emails appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gmail-users-private-emails/feed/ 0
The Exactis Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/#respond Thu, 28 Jun 2018 18:01:34 +0000 https://securingtomorrow.mcafee.com/?p=90179 There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was […]

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "0314018a-527d-44cc-a71d-995cd761cd4a",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_1604537239013014.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_1604537239013014.jpg",
"pubDate": "Thurs 28 June 2018 12:35:48 +0000"
}
}

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/exactis-data-breach-2/feed/ 0
The Exactis Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/#comments Thu, 28 Jun 2018 17:12:33 +0000 https://securingtomorrow.mcafee.com/?p=90165 There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was […]

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/exactis-data-breach/feed/ 8
Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/#respond Thu, 28 Jun 2018 01:33:34 +0000 https://securingtomorrow.mcafee.com/?p=90124 Ever hear “Despacito” on the radio? Of course you did! It was the song of 2017 – taking over radios, dance clubs, and even ringtones on our cell phones. Take Android users for instance – many even downloaded the “Despacito for Ringtone” so they could enjoy the tune anytime they received a phone call. But […]

The post Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware appeared first on McAfee Blogs.

]]>
Ever hear “Despacito” on the radio? Of course you did! It was the song of 2017 – taking over radios, dance clubs, and even ringtones on our cell phones. Take Android users for instance – many even downloaded the “Despacito for Ringtone” so they could enjoy the tune anytime they received a phone call. But what they didn’t know is that they could be involved in a cyberattack, rather than just listening to their favorite song. As a matter of fact, our McAfee Mobile Research team has found a new malicious campaign, named Sonvpay, that’s impacted at least 15 apps published on Google Play – including that Despacito app.

How it works

You know how with some of your apps you can adjust the push notifications? Sometimes these notifications pop up on your screen, and other times you won’t receive any – depending on your settings. To enact its malicious scheme, Sonvpay listens for incoming push notifications that contain the data they need in order to perform mobile billing fraud – which is when extra charges get added to a user’s phone bill and can potentially line a cybercriminal’s pocket.

Once receiving the data, the crooks can perform this mobile billing fraud (either WAP and SMS fraud) by displaying a fake update notification to the user. This fake notification has only one red flag – if the user scrolls until the end, the phrase “Click Skip is to agree” appears, as seen below.

If the user clicks the only button (Skip), Sonvpay will complete its mission – and will fraudulently subscribe the user to a WAP or SMS billing service, depending on the victim’s country.

What it affects

So which Android applications contain Sonvpay? The McAfee Mobile Research team initially found that Qrcode Scanner, Cut Ringtones 2018, and Despacito Ringtone were carrying the Sonvpay, and Google promptly took them down once notified. But then more emerged, totaling up to 15 applications out there that contain Sonvpay, some of which have been installed over 50,000 times. These applications include:

Wifi-Hostpot

Cut Ringtones 2018

Reccoder-Call

Qrcode Scanner

QRCodeBar Scanner APK

Despacito Ringtone

Let me love you ringtone

Beauty camera-Photo editor

Flashlight-bright

Night light

Caculator-2018

Shape of you ringtone

Despacito for Ringtone

Iphone Ringtone

CaroGame2018

So now the next question is – what do I do if I was one of the Android users who downloaded an application with Sonvpay? How can I avoid becoming a victim of this scam? Start by following these tips:

  • Only give your apps permission to what they need. When downloading one of these applications, one user reported they noticed that the app asked for access to SMS messages. This should’ve been a red flag – why would a ringtone app need access to your texts? Whenever you download an app, always double check what it’s requesting access to, and only provide access to areas it absolutely needs in order to provide its service.
  • Always read the fine print. Before you update or download anything, always make sure you scroll through all the information provided and read through it line by line. This may feel tedious, but it could be the difference between being compromised and remaining secure.
  • Use a mobile security solution. As schemes like Sonvpay continue to impact mobile applications and users, make sure your devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Android Users Hit With Mobile Billing Fraud Due to Sonvpay Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-users-mobile-billing-fraud-due-to-sonvpay-malware/feed/ 0
Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/#respond Thu, 21 Jun 2018 22:14:56 +0000 https://securingtomorrow.mcafee.com/?p=90068 Does the name “Fortnite” ring any bells? It should, because it’s probably the most popular video game in the world right now, garnering the attention of millions of fans and even a few celebrities. Oh, and a handful of cybercriminals as well. Despite the fact that the game is not yet available for Android, crooks […]

The post Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos appeared first on McAfee Blogs.

]]>
Does the name “Fortnite” ring any bells? It should, because it’s probably the most popular video game in the world right now, garnering the attention of millions of fans and even a few celebrities. Oh, and a handful of cybercriminals as well. Despite the fact that the game is not yet available for Android, crooks are advertising “leaked” versions of Epic Games’ Fortnite — by releasing YouTube videos with fake links claiming to be Android versions of the game.

This scam begins with a user conducting a simple Google or YouTube search for “Download Fortnite for Android” or “How to install Fortnite on Android.” This search provides users with dozens of videos – some of which have millions of views – that claim they can show how to get the game on Android. From there, people are then directed to download one of the fake Fortnite apps.

These fake apps do a great job at seeming convincing, as many use the same images and loading screens found in the iOS app. They even play the game’s intro song and prompt users to log in – seems legitimate, right? But soon enough, the apps reveal their true colors.

The apps will ask a user to provide mobile verification, to which they’ll confirm and hit OK. Then, users get redirected to a site claiming to check if they’re a bot or not, which requires them to download another app and then click on a link that comes with the “unlock instructions” within that app. Once users hit “tap to install,” however, they’re only guided back to Google Play. Users can keep installing app after app and will never actually get to the actual Fortnite game.

Essentially, this means the cybercriminals are aiming to make money off of increased app downloads. This incident reminds us that online gaming has its risks, and Fortnite is no exception. Therefore, in order to stay protected from this scam and others like it, be sure to follow these tips:

  • Do your homework. Know your game – find out when and where it is available on different platforms. And if for some reason your research yields mixed results, check the game’s main page to confirm the answer.
  • Go straight to the source. It’s a good security rule of thumb for anything out there – do not download something unless you are getting it from the company’s home page. The most trusted source is the original one, so make sure you’re using the real deal. If you’re an Android user, it’s best to just wait for Epic Games’ version of Fortnite in order to avoid frauds.
  • Use comprehensive security. Whether you’re using the mobile iOS version of Fornite, or gaming on your computer, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Heads Up Gamers! Fake Fortnite Android Apps Are Being Spread via YouTube Videos appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fake-fortnite-android-apps-youtube/feed/ 0
Blockchain 101: What Consumers Need to Know About the Technology https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/#respond Tue, 19 Jun 2018 21:32:43 +0000 https://securingtomorrow.mcafee.com/?p=89989 From Bitcoin’s boom, to high stakes hacks – cryptocurrency, and how to secure it, has been the talk of the town. However, what most don’t realize is that a there is a sophisticated technology involved in each cryptocurrency transaction designed to secure digital currency: blockchain technology. Now, many of you may be asking – what […]

The post Blockchain 101: What Consumers Need to Know About the Technology appeared first on McAfee Blogs.

]]>
From Bitcoin’s boom, to high stakes hacks – cryptocurrency, and how to secure it, has been the talk of the town. However, what most don’t realize is that a there is a sophisticated technology involved in each cryptocurrency transaction designed to secure digital currency: blockchain technology. Now, many of you may be asking – what exactly is blockchain? Let’s take a look at how this technology actually works and what the security implications may be for consumers.

What is blockchain?

According to the recent McAfee Blockchain Threat Report, “a blockchain is a series of records or transactions, collected together in a block that defines a portion of a ledger. The ledger is distributed among peers, who use it as a trusted authority in which records are valid. Each block in the ledger is linked to its next block, creating a chain—hence the name.” With blockchain, anyone can look at the latest blocks and their “parent” blocks to determine the state of an address. It also assists with multiple issues that can occur when making digital transactions, such as double spending and currency reproduction.

Remaining cautious with blockchain

Blockchain is essentially the secret weapon behind cryptocurrency’s popularity, as it has been positioned as the technology that will help address digital currency’s security issues. While it has great potential, there are some possible risks that could hinder its growth. For instance, the many cryptocurrency hacks we’ve seen recently have proven blockchain is not exactly foolproof. The mechanism involved in blockchain has some vulnerability in itself – which is a friendly reminder that we still need to be cautious in how we view this technology as it relates to security. Remember that blockchain is created by people, who can make mistakes.

Therefore, it’s important we all remain cautious when it comes to treating this technology like the end all be all. So, if you’re considering using blockchain technology to secure your cryptocurrency, be sure to follow these tips:

  • Don’t put all your eggs in one basket. Diversity is king when it comes to cryptocurrency. Since blockchain isn’t a sure-fire way for securing cryptocurrency transactions, make sure you do your research on the various “coins” out there. Select a nice variety of currency types so that if one cryptocurrency is attacked, you’ll still have a few other types to rely on.
  • Always have a plan B. Make sure you have a paper equivalent of records so that all your transactions are not bound by something that is prone to human error. That way, if for some reason something does go wrong with blockchain, you still have your important transactions documented elsewhere.
  • Do your homework. With blockchain and any new and emerging technology really, make sure you always remain a bit skeptical. Do your homework before you embrace the technology – research your options and make sure there’s been no security issues. 

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Blockchain 101: What Consumers Need to Know About the Technology appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blockchain-technology/feed/ 0
New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/#respond Wed, 13 Jun 2018 07:56:17 +0000 https://securingtomorrow.mcafee.com/?p=89635 Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research […]

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) team, can be easily compromised, which is why the team has submitted a vulnerability to Microsoft which involves the default settings for Windows 10 and the Cortana voice assistant. The vulnerability can be used to do things such as retrieve information from Cortana, start an application from the Windows lock screen, and even log into a Windows 10 device without a user interacting with the computer.

To understand how someone can take advantage of this vulnerability, imagine you are sitting at your favorite coffee shop and need to use the restroom. As a security-minded individual, you lock your computer’s screen thinking that would keep bad people from accessing your information. With this vulnerability, all someone would have to do is say, “Hey Cortana,” then follow a few simple steps to gain access to the treasure trove of information, no reboot required.

By taking advantage of this vulnerability, McAfee researcher Cedric Cochin discovered that by simply typing while Cortana starts to listen to a request or question on a locked device, he could bring up a search menu. Cochin didn’t even have to say anything to Cortana, but simply clicked on the “tap and say” button and started typing in words. At that point, he could hover over search results, which included documents and other files, and see where they led to on that computer. What’s more – he was able to take it a step further and figured out a way to access certain confidential files and information.

Though there are limitations to what cybercriminals could do, there are ways they can get the right file results to show up, which have been outlined in our McAfee Labs blog post on this topic. By leveraging one of these techniques, cybercriminals could use this vulnerability to take malicious actions such as resetting passwords on a Windows 10 computer, even though the device is technically locked. In only a few seconds, an attacker has full access to a computer.

With the discovery of this vulnerability, the next question is – what can I do to not be a victim of this? Start by following these security tips:

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a Windows 10 computer with Cortana. Now that this vulnerability has been disclosed it’s important that you keep a close eye on your computer until you apply the update from Microsoft.
  • Apply updates immediately. The good news is – today is Patch Tuesday! And fortunately the update that Microsoft is rolling out today has a fix for this vulnerability to protect your Windows 10 computer. Be sure to update your computer immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/cortana-vulnerability-windows-10/feed/ 0
Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/#respond Wed, 13 Jun 2018 04:01:19 +0000 https://securingtomorrow.mcafee.com/?p=89026 Playing video games has become a popular pastime for children of all ages (even for some adults too), as the virtual challenges encourage these players to try their hand at beating the game again and again. In fact, recent McAfee research found that gaming helps prepare these kids for a potential career in cybersecurity. However, […]

The post Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming appeared first on McAfee Blogs.

]]>
Playing video games has become a popular pastime for children of all ages (even for some adults too), as the virtual challenges encourage these players to try their hand at beating the game again and again. In fact, recent McAfee research found that gaming helps prepare these kids for a potential career in cybersecurity. However, what many children and parents don’t realize is that these games can also pose a serious threat to their family’s online safety. To unpack what that threat looks like exactly, we conducted the McAfee which explores consumers’ attitudes towards the perceived risks that come with gaming. Let’s dive into the key findings.

Our survey discovered that 62% of children play games where they speak to other people while playing, and parents who responded to our survey are most worried that this unknown person may be a sexual predator (75% of parents), bully (61%), cybercriminal who could steal personal or financial info (60%), or a drug dealer (37%). Despite this worry, 44% of parents would still allow their child to play a game that they are technically too young for (i.e. they are younger than the recommended age determined by the rating).

What’s more – despite allowing their children up to four hours of gaming per day, 71% of parents at least somewhat agree that their child is at risk of being exposed to inappropriate content while gaming. 62% worry about cybercriminals disguising themselves as another player to steal sensitive information, 58% are concerned that their child could click on a link and download a virus, and 52% worry about cybercriminals hacking gaming accounts and accessing personal or financial information. And unfortunately, some of these concerns have become a reality, as we’ve recently seen cyberattacks involving both Minecraft and Nintendo Switch.

So, with parents worried about the security risks that come with online gaming – why aren’t they doing something to assuage their own concerns? Fortunately, we have a few pointers you can use to start securing your kid’s online safety today:

  • Browse with protection. A tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious.
  • Use comprehensive security. No matter what you do online, it’s best to use a security product like McAfee Total Protection that can help keep your connected devices safe from malware. Just like any PC application, be sure to keep your security software updated with the latest software version.
  • Use parental control software. Parental control will help you set time limits on your child’s device usage and help minimize exposure to potentially malicious or inappropriate websites.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

Survey Methodology: McAfee commissioned OnePoll to conduct a survey of 5,000 parents of children ages 6 to 16 who play online or console games in Australia, Germany, Singapore, the U.S. and the U.K.

The post Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gaming-risks/feed/ 0
New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/#respond Tue, 12 Jun 2018 18:46:12 +0000 https://securingtomorrow.mcafee.com/?p=89625 Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research […]

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
Digital assistants help us look up the weather, play our favorite music, and allow us to quickly access a lot of our personal information. And between Amazon Alexa, Google Home, and Microsoft Cortana – these services have become all the rage these days. However, the latter service, according to the McAfee Labs Advanced Threat Research (ATR) team, can be easily compromised, which is why the team has submitted a vulnerability to Microsoft which involves the default settings for Windows 10 and the Cortana voice assistant. The vulnerability can be used to do things such as retrieve information from Cortana, start an application from the Windows lock screen, and even log into a Windows 10 device without a user interacting with the computer.

To understand how someone can take advantage of this vulnerability, imagine you are sitting at your favorite coffee shop and need to use the restroom. As a security-minded individual, you lock your computer’s screen thinking that would keep bad people from accessing your information. With this vulnerability, all someone would have to do is say, “Hey Cortana,” then follow a few simple steps to gain access to the treasure trove of information, no reboot required.

By taking advantage of this vulnerability, McAfee researcher Cedric Cochin discovered that by simply typing while Cortana starts to listen to a request or question on a locked device, he could bring up a search menu. Cochin didn’t even have to say anything to Cortana, but simply clicked on the “tap and say” button and started typing in words. At that point, he could hover over search results, which included documents and other files, and see where they led to on that computer. What’s more – he was able to take it a step further and figured out a way to access certain confidential files and information.

Though there are limitations to what cybercriminals could do, there are ways they can get the right file results to show up, which have been outlined in our McAfee Labs blog post on this topic. By leveraging one of these techniques, cybercriminals could use this vulnerability to take malicious actions such as resetting passwords on a Windows 10 computer, even though the device is technically locked. In only a few seconds, an attacker has full access to a computer.

With the discovery of this vulnerability, the next question is – what can I do to not be a victim of this? Start by following these security tips:

  • Don’t leave your computer unattended. It’s important to note that this vulnerability is completely dependent on physical access to a Windows 10 computer with Cortana. Now that this vulnerability has been disclosed it’s important that you keep a close eye on your computer until you apply the update from Microsoft.
  • Apply updates immediately. The good news is – today is Patch Tuesday! And fortunately the update that Microsoft is rolling out today has a fix for this vulnerability to protect your Windows 10 computer. Be sure to update your computer immediately.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Cortana Vulnerability Could Allow Cybercriminals to Bypass Lock Screen On Windows 10 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cortana-vulnerability-windows-10-2/feed/ 0
Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/#respond Fri, 08 Jun 2018 23:26:20 +0000 https://securingtomorrow.mcafee.com/?p=89522 Facebook, Facebook, Facebook – between malware leveraging Facebook Messenger to send phishing messages, to apps on the platform mishandling customer data, the social media network has dealt with its fair share of cybersecurity woes these past few months. And just this week, yet another issue has emerged. It was discovered that a bug within Facebook […]

The post Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug appeared first on McAfee Blogs.

]]>
Facebook, Facebook, Facebook – between malware leveraging Facebook Messenger to send phishing messages, to apps on the platform mishandling customer data, the social media network has dealt with its fair share of cybersecurity woes these past few months. And just this week, yet another issue has emerged. It was discovered that a bug within Facebook may have accidentally changed settings for 14 million users, causing their posts to be shared publicly, even if they thought they were being shared only with friends.

When users share something on Facebook, they’re shown an audience selector, which provides a handful of options for who exactly gets to see a post. The user can select “Friends,” “Only me,” “Friends except,” or “Public,” with the choice supposedly defaulting to the one last used by the account owner. However, this bug made it so the default for all posts was set to public – meaning if the user was not paying attention, they unwittingly shipped their post out to a larger audience than they were anticipating.

Now, the good news is this bug was only affecting posts that went out from May 18th to May 27th, and no posts prior to that period were affected. Additionally, Facebook has confirmed that the bug has in fact been fixed.

However, this bug does act as a lesson about sharing out personal information on social media and reminds us to always be cautious of what we put out on the web. That being said, here are a few proactive security tips you can follow when sharing info on social media:

  • Always check in on your settings. This bug is a reminder that we should always check in on our current settings on social media platforms and apps. This bug swapped the settings without notifying users, but sometimes we may even too forget if we have the right settings on. Make it a priority a few times a month to go and see if you have the correct security settings in place on all your apps.
  • Be selective about what you share. The best way to control where your information goes is by cutting down what you share and how much you share it. That means reducing the amount of times you post on social media, and the type of information you do share. Anything private, personal, or that could help a cybercriminal learn more about you should remain off your social channels.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of Facebook Users May Have Unknowingly Shared Posts Publicly Because of New Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-public-posts-bug/feed/ 0
Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/#respond Tue, 05 Jun 2018 20:44:51 +0000 https://securingtomorrow.mcafee.com/?p=89336 When we find out our favorite artist is coming to town, we immediately head to the web to snatch up a ticket to their show. This where ticket distribution services, such as Ticketmaster and TicketFly, become handy, as they allow us to easily input our information to claim a spot for the show. But as […]

The post Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach appeared first on McAfee Blogs.

]]>
When we find out our favorite artist is coming to town, we immediately head to the web to snatch up a ticket to their show. This where ticket distribution services, such as Ticketmaster and TicketFly, become handy, as they allow us to easily input our information to claim a spot for the show. But as of this week, users of the latter company are unfortunately now dealing with that very information being compromised by a massive data breach. In fact, Troy Hunt, founder of “Have I Been Pwned,” discovered that a hacker posted several Ticketfly database files to a public server online.

This attack first began with an unnamed hacker informing Ticketfly of a security vulnerability and demanding a ransom of one bitcoin to reveal the flaw and help fix it. This threat was met with no response. Following which, the hacker then defaced the site, prompting the company to take it offline, and stole piles of Ticketfly customer data in the process.

In addition to a whopping 26 million email addresses, this stolen data includes users’ names, phone numbers, home and billing addresses. As of now, no financial information has been published publicly by the hacker, but he or she has threatened to post more data if they are not paid their ransom.

So, with this personal information out in the open and potentially more still to come, what can these Ticketfly customers do to ensure they protected their data? Start by following these tips:

  • Keep an eye out for sketchy emails. One way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Set up an alert. Though this hacker has not published financial data, that doesn’t mean he or she may not still have it on hand. Therefore, if you’re a Ticketfly user, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, Ticketfly users may be faced with the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/26-million-ticketfly-customers-data-compromised-in-massive-breach/feed/ 0
Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/#respond Thu, 31 May 2018 18:58:01 +0000 https://securingtomorrow.mcafee.com/?p=89237 Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to […]

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to call an insider threat. Just this past week, popular soft drink producer Coca-Cola announced that they were facing exactly that: an insider threat in the form of a former employee found carrying a personal hard drive of worker data.

So far, we know that this employee uploaded the data of their fellow coworkers onto an external hard drive, which they took with them when departing the company. According to a company representative, “the type of stolen and exposed data varies per employee.” And though there are no more known specifics around the data, we do know that this theft impacts 8,000 individual Coca-Cola employees.

As of now, Coca-Cola says it’s been working with law enforcement to dig into the details of this insider threat, but in the interim, these employees need to start taking proactive steps to protect their personal information. In order to do just that, follow these basic security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.`
  • Consider an identity theft protection solution. With their personal information floating around, these employees could be faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "85576554-caea-4ff0-b59a-9fa580469932",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_400X300.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/2018/06/img_400X300.jpg",
"pubDate": "Thur, 31 May 2018 12:35:48 +0000"
}
}

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/insider-threat-at-coca-cola-compromises-information-2/feed/ 0
Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/#comments Thu, 31 May 2018 18:42:14 +0000 https://securingtomorrow.mcafee.com/?p=89229 Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to […]

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to call an insider threat. Just this past week, popular soft drink producer Coca-Cola announced that they were facing exactly that: an insider threat in the form of a former employee found carrying a personal hard drive of worker data.

So far, we know that this employee uploaded the data of their fellow coworkers onto an external hard drive, which they took with them when departing the company. According to a company representative, “the type of stolen and exposed data varies per employee.” And though there are no more known specifics around the data, we do know that this theft impacts 8,000 individual Coca-Cola employees.

As of now, Coca-Cola says it’s been working with law enforcement to dig into the details of this insider threat, but in the interim, these employees need to start taking proactive steps to protect their personal information. In order to do just that, follow these basic security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.`
  • Consider an identity theft protection solution. With their personal information floating around, these employees could be faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/insider-threat-at-coca-cola-compromises-information/feed/ 1
New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/#respond Thu, 24 May 2018 00:20:32 +0000 https://securingtomorrow.mcafee.com/?p=89081 Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has […]

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has come to life, as it has been discovered that more than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware called VPNFilter.

Named after the directory the malware uses to hide on an infected device, VPNFilter first makes its way into a device through a reboot. Once it’s inside, it gains a foothold on the infected device and then deploys the malware.

VPNFilter has been designed with versatile capabilities, it attacks routers and other network-connected devices in order to steal credentials and other information exchanged across the network. It even contains a kill switch for routers, which means an attack could stop internet access for any devices tapping into that router.

So far, over 500,000 devices have been infected by the malware in over 54 countries. Therefore, with this attack spreading rapidly, it’s important to take security steps immediately in order to stay protected from VPNFilter. To do just that, follow these tips:

  • Update your router’s firmware. Router manufacturers are already working to make patches that will help protect users against this malware. Therefore, make sure you regularly update your router’s firmware, as these fixes are typically included within each update.
  • Be careful with what information you share. Since this malware can steal the data exchanged across your Wi-Fi network, it’s crucial you get selective with the information you do share for the time being. This means personal details, such as addresses, personally identifiable information, and financial data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.


{
"metadata": {
"id": "943447f2-28f6-4700-afc5-dbb09c73f1ac",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/",
"author": "Gary Davis",
"author-page": "https://securingtomorrow.mcafee.com/author/gary-davis/",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "https://securingtomorrow.mcafee.com/wp-content/uploads/img_1549136055998304.jpg",
"feedimageurl": "https://securingtomorrow.mcafee.com/wp-content/uploads/img_1549136055998304.jpg",
"pubDate": "Wed, 23 May 2018 12:35:48 +0000"
}
}

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/new-vpnfilter-malware-infects-routers-2/feed/ 0
New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/#comments Wed, 23 May 2018 23:10:25 +0000 https://securingtomorrow.mcafee.com/?p=89072 Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has […]

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
Routers are the driving force behind a lot of our modern-day internet use. They power our Wi-Fi, and therefore our internet-connected devices. We rely on them day in and out, entrusting them with some of our most personal information. So when they’re attacked, it can be cause for concern. Just today, that precise scenario has come to life, as it has been discovered that more than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware called VPNFilter.

Named after the directory the malware uses to hide on an infected device, VPNFilter first makes its way into a device through a reboot. Once it’s inside, it gains a foothold on the infected device and then deploys the malware.

VPNFilter has been designed with versatile capabilities, it attacks routers and other network-connected devices in order to steal credentials and other information exchanged across the network. It even contains a kill switch for routers, which means an attack could stop internet access for any devices tapping into that router.

So far, over 500,000 devices have been infected by the malware in over 54 countries. Therefore, with this attack spreading rapidly, it’s important to take security steps immediately in order to stay protected from VPNFilter. To do just that, follow these tips:

  • Update your router’s firmware. Router manufacturers are already working to make patches that will help protect users against this malware. Therefore, make sure you regularly update your router’s firmware, as these fixes are typically included within each update.
  • Be careful with what information you share. Since this malware can steal the data exchanged across your Wi-Fi network, it’s crucial you get selective with the information you do share for the time being. This means personal details, such as addresses, personally identifiable information, and financial data.
  • Use comprehensive security. Even though this attack largely goes after routers, it’s important you still lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New VPNFilter Malware Contains Kill Switch, Infects Over 500,000 Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-vpnfilter-malware-infects-routers/feed/ 7
Why You Need To Know About “Cryptojacking” https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/#respond Tue, 22 May 2018 16:00:52 +0000 https://securingtomorrow.mcafee.com/?p=88975 As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the […]

The post Why You Need To Know About “Cryptojacking” appeared first on McAfee Blogs.

]]>
As the value and quantity of digital currencies have rocketed, so too have the risks. In fact, crypto-related malware has spiked over the last year, breaking the top 10 most commonly found malware families. Some attacks are designed to steal the currency outright, by robbing digital wallets, but the majority of threats come in the form of “cryptojacking.” That’s why everyone should become aware of the risks.

Cryptojacking is when a cybercriminal uses someone else’s computing power to mine for cryptocurrencies without their consent. They do this because mining for digital currencies like Bitcoin, while still lucrative, is more expensive than it used to be. Miners now need multiple machines to crank through the complicated algorithms that lead them to digital gold.

So, instead of investing in costly hardware, some cybercrooks have designed malware to steal computing power from normal users’ devices. They do this by distributing risky mobile apps, taking advantage of flaws in existing software, or even by using drive-by downloads embedded in online ads. In fact, malware-infected ads, also know as “malvertising”, have become a popular channel for distributing these “miners.”

Earlier this year 60 million Android users were affected by an attack embedded in online ads. Users who encountered these ads while surfing online were redirected to a malicious website, which prompted them to enter a Captcha to prove they were human. All the while, the malware was utilizing the phone’s computing power to mine for the Monero digital currency. While the attack lasted just four minutes on average, if you left the webpage open it could eventually overtax your CPU, essentially destroying your device.

And the amount of risky apps designed to steal mobile computing power is startling. McAfee researchers identified over 600 malicious cryptocurrency apps across 20 app stores, including Google Play and the Apple store.

Of course, computers are a prime target for cryptojacking since they offer more computing power than smaller devices. Many attacks take advantage of vulnerabilities in outdated software. In fact, PC miners are so common it’s believed that tens of thousands of computers are already infected.

Unsurprisingly, social media offers another avenue of attack. Take, for instance, the Digmine malware, which spread via Facebook Messenger disguised as a video file. Not only did it infect the machine of anyone who opened the file, it also had the potential to automatically send the file to all the user’s Facebook contacts. The same is true of the recently discovered FacexWorm. This Messenger malware directed users to fake versions of popular websites like YouTube, and prompted them to download a browser extension to watch content. But in reality it was stealing passwords and mining for cryptocurrencies.

Now that you are aware of how prevalent crypto malware can be, here’s what you need to do to protect your devices, data, and money.

  1. Use Security Software—Install comprehensive security software than can protect all your computers and devices from the latest threats. And, don’t forget about your home internet-connected devices, such as IP cameras, and interactive speakers. They often come with weak security. Consider buying a router with protection built-in, or setting up a separate network for your IoT devices. This way, even if a connected device is infected, cybercriminals will be unable to access your data-rich devices on the other network.
  2. Choose Strong Passwords—These are still your first line of defense, so consider using a Password Manager to help you create and store complicated, unique passwords. If you reuse passwords, a breach of one account can quickly spread to other accounts and devices.
  3. Surf Safe—Try to stick to reputable websites and consider downloading a browser extension that can detect cryptomining malware such as Chrome’s No Coin, or Mozilla’s Crypto Mining Blocker.
  4. Avoid Risky Apps—Only download apps from official app stores, and read other users’ reviews first to see if they are safe.
  5. Keep all your software up-to-date—Many of the threats targeting PCs take advantage of vulnerabilities in existing software. Update your software regularly to make sure you have the latest patches and fixes.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Why You Need To Know About “Cryptojacking” appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/why-you-need-to-know-cryptojacking/feed/ 0
Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/#comments Mon, 21 May 2018 17:42:39 +0000 https://securingtomorrow.mcafee.com/?p=88967 Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, […]

The post Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers appeared first on McAfee Blogs.

]]>
Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, but also a security risk. This especially the case due to the emergence of Vega Stealer, a malware strain aiming to capitalize on that very short cut, and is designed to harvest saved financial data from Google Chrome and Firefox browsers.

Vega Stealer makes its way through the web through a common cybercriminal tactic – phishing emails. Once it spreads via these nasty notes, Vega swoops personal information that has been saved in Google Chrome, including passwords, saved credit cards, profiles, and cookies. Mind you, Firefox also has a target on its back, as the malware harvests specific files that store various passwords and keys when Firefox in use. But Vega Stealer doesn’t stop there, it also takes a screenshot of the infected machine and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf.

As of now, it has not been determined who exactly is behind these browser attacks (though the strain seems to be related to August Stealer malware), but we do know one thing for sure:  Vega is quite the thief. The good news is – there are many ways you can protect yourself from the nasty malware strain. Start by following these tips:

  • Change your passwords. With Vega Stealer eager for credentials, the first thing you should do is change up your existing login information to any accounts you access using Chrome or Firefox. And, of course, make sure your new passwords are strong and complex.
  • Be on the lookout for phishing scams.If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Stop Autofill on Chrome. This malware is counting on the fact that you store financial data within your browser. To stop it in its tracks, head to your Google Chrome account and go to settings. Scroll down to “Passwords and Forms,” go to “Autofill Settings,” and make sure you remove all personal and financial information from your Google Chrome Autofill. Though this means you’ll have to type out this information each time you want to make a purchase, your personal data will be better protected because of it.
  • Stay protected while you browse. With Vega Stealer attacking both Chrome and Firefox browsers, it’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vega-stealer-malware-chrome-and-firefox-browsers/feed/ 2
Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/#respond Thu, 17 May 2018 19:49:05 +0000 https://securingtomorrow.mcafee.com/?p=88878 From Facebook to Twitter and now back to Facebook – the past few months have seen some of the most popular social media platforms out there today struggling with securing consumer data. And just today, news broke that a new data breach has potentially exposed 3 million Facebook users’ data via an app called myPersonality. […]

The post Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App appeared first on McAfee Blogs.

]]>
From Facebook to Twitter and now back to Facebook – the past few months have seen some of the most popular social media platforms out there today struggling with securing consumer data. And just today, news broke that a new data breach has potentially exposed 3 million Facebook users’ data via an app called myPersonality. This is all because a username and password granting access to the data were insufficiently secured.

Any avid Facebook user knows that there are apps on the platform that act as fun little quizzes, games, or activities — myPersonality being one of them. myPersonality is a Facebook app/questionnaire that asks people about highly personal matters, as it is actually a psychometric test created by the University of Cambridge. But once users fill out the test, their information does not remain personal, as this data has been shared with almost 150 institutions and companies, including researchers at universities and firms like Facebook, Google, Microsoft, and Yahoo. What’s more, the login information used by these companies for accessing this data was posted publicly to Github, making it available to the public for the past four years.

Mind you, this data was scrubbed of users’ names before being given to the researchers, and these collaborators had to vow they wouldn’t de-anonymize the data before they obtained access to it. Regardless, Facebook has confirmed that it has temporarily suspended myPersonality and is investigating the app. “If myPersonality refuses to cooperate or fails our audit, we will ban it,” said Ime Archibong, Facebook’s Vice President of Product Partnerships. This is following Facebook’s statement earlier this week that it has suspended 200 apps and investigated thousands of others in case they misused people’s data.

So, while Facebook investigates myPersonality, what can users of the social media network do in the interim to ensure they’re secure? Start by following these tips:

  • Be selective about what you share. The best way to control where your information goes is by reducing the sources you share it with. That means not providing your personal information to every app that asks for it. Be strict and diligent, and only provide an app information when it’s crucial to the service or experience it provides.
  • Read the terms and conditions. If you are going to share your information out with an application or website, be sure you read the terms and conditions carefully. Though it may feel tedious, it’s important you know where your information is going and how it is being used.
  • Use comprehensive security. Even though this data was willingly given, it’s important you still lock down all your devices with an extra layer of security to help keep yourself safe. To do just that, use a comprehensive solution such as McAfee Total Protection, in addition to limiting the amount of personal data you post and share.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Sensitive Data on 3 Million Facebook Users Potentially Exposed by Suspended App appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-users-data-exposed-by-suspended-app/feed/ 0
Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/#respond Thu, 10 May 2018 01:02:17 +0000 https://securingtomorrow.mcafee.com/?p=88792 Facebook Messenger, a feature included within the popular social media network, has grown to become a widely-used platform for friends and loved ones to instantly communicate with one another. According to Kim Komando, over 1.2 billion people use Facebook Messenger today. And now cybercriminals are using it to communicate their latest phishing scheme to innocent […]

The post Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency appeared first on McAfee Blogs.

]]>
Facebook Messenger, a feature included within the popular social media network, has grown to become a widely-used platform for friends and loved ones to instantly communicate with one another. According to Kim Komando, over 1.2 billion people use Facebook Messenger today. And now cybercriminals are using it to communicate their latest phishing scheme to innocent users, as crooks are sending messages that are laced with FacexWorm malware via Facebook Messenger.

Aptly named, FacexWorm is a nasty strain that directs victims to fake versions of websites, such as YouTube, and then asks they download a Chrome extension in order to play a video’s content. No shocker here, but the extension is malicious, and actually installs FacexWorm instead, which can then steal account credentials from selected websites, including Google and cryptocurrency websites. What’s more, the malware variant can also hijack traffic from cryptocurrency trading platforms and steal funds, as well as crypto-jack a device by injecting malicious crypto-mining code on a webpage.

Unfortunately, the worm has found a way to wiggle from device to device as well, as it leverages a command-and-control server to access an infected user’s Facebook and multiply the amount of fake YouTube links. These links are then sent to the user’s contacts in order to further spread FacexWorm. If the link is sent to a user who isn’t using Google Chrome, the link instead redirects to a random advert.

With FacexWorm slithering its way through Facebook accounts, what can users of the popular platform do to fight back against the malware? For starters, you can follow these security pointers:

  • Be careful what you click on. Be sure to only click on links from a trusted source.  Even then, if the content coming from a friend seems strange or out of character, it’s best to remain wary and avoid interacting with the message entirely.
  • Change your account login info immediately. Since one of FacexWorm’s main goals is to steal credentials to crucial sites, it’s important you change up your login to your Google account, any cryptocurrency accounts, and others you think may be affected by this attack. Be sure to make your next password strong and complex, so it will be hard for cybercriminals to crack.
  • Stay protected while you browse. Sometimes it’s hard to identify if an email or social media message is coming from a cybercriminal. Add an extra layer of security to your browser and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messenger-malware-facexworm/feed/ 0
Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/#respond Thu, 03 May 2018 23:06:14 +0000 https://securingtomorrow.mcafee.com/?p=88709 Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts […]

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.

So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.

This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case. But, beyond changing their passwords, what other security steps can Twitter users take to ensure they stay protected from this bug? Start by following these tips:

  • Make your next password strong. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for every account. Was your Twitter password the same one used for other accounts? If that’s the case, you need to also change those passwords immediately. It’s a good security rule of thumb – always use different passwords for your online accounts so you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/bug-alert-all-330-million-twitter-users-change-passwords-2/feed/ 0
Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/#respond Thu, 03 May 2018 22:19:42 +0000 https://securingtomorrow.mcafee.com/?p=88702 Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts […]

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
Tweet, tweet! No, that’s not a bird you’re hearing outside your window, that’s Twitter kindly reminding you to change your password immediately. And that goes for every single user, as it was discovered just today, on World Password Day no less, that all 330 million Twitter users need to change their passwords to their accounts after a bug exposed them in plain text.

So, how did this exactly happen? According to Twitter, this vulnerability came about due to an issue within the hashing process that masks passwords. This process is supposed to mask these passwords by replacing them with a random string of characters that get stored on Twitter’s system. However, an error occurred during this process that caused these passwords to be saved in plain text to an internal log.

This news first came to light via a company blog, as Twitter confirmed that “we found this error ourselves, removed the passwords, and are implementing plans to prevent this bug from happening again.” So far, Twitter has not revealed how many users’ passwords may have been potentially compromised or how long the bug was exposing passwords before the issue was discovered – which is precisely why the company has advised every user to change their password just in case. But, beyond changing their passwords, what other security steps can Twitter users take to ensure they stay protected from this bug? Start by following these tips:

  • Make your next password strong. When changing your password, make sure the next one you create is a strong password that is hard for cybercriminals to crack. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for every account. Was your Twitter password the same one used for other accounts? If that’s the case, you need to also change those passwords immediately. It’s a good security rule of thumb – always use different passwords for your online accounts so you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Bug Alert! All 330 Million Twitter Users Need to Change Their Passwords Immediately appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bug-alert-all-330-million-twitter-users-change-passwords/feed/ 0
The Past, Present, and Future of Password Security https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/#respond Thu, 03 May 2018 04:32:21 +0000 https://securingtomorrow.mcafee.com/?p=88615 In simpler times, passwords broke down physical barriers – they allowed people into secret gatherings, opened safes, the list goes on. Enter the digital era, and passwords now act as the gatekeepers to our personal data, as they lock down everything from our social media accounts to our email inboxes. No matter the era, passwords […]

The post The Past, Present, and Future of Password Security appeared first on McAfee Blogs.

]]>
In simpler times, passwords broke down physical barriers – they allowed people into secret gatherings, opened safes, the list goes on. Enter the digital era, and passwords now act as the gatekeepers to our personal data, as they lock down everything from our social media accounts to our email inboxes. No matter the era, passwords have always accomplished one thing – they provide access to the previously inaccessible, which means managing these passwords in a safe way is crucial. To see how password management has changed over time, and in honor of World Password Day, let’s take a look at the past, present, and future of password security.

The past

Historically, passwords have been written down a piece of paper or kept in a notebook since it can be hard to keep track of so many passwords. And because of this struggle, users were also more inclined to use the same password for multiple accounts. In fact, according to last year’s World Password Survey, 34% of the respondents in the U.S. admitted to doing this on a regular basis. What’s more – users will make their passwords as simple as possible (think dog’s name or birth date) in order to able to remember these passwords.

The present

Unfortunately, not much has changed current day, as this year’s survey takeaways reminded us that password security still has ways to go. Consumers who responded to the survey have an average of 23 online accounts that require a password, but on average only use 13 unique passwords for those accounts. 31% only use two to three passwords for all their accounts so they can remember them more easily. And lists are far from dead, as the most common way to remember passwords is to keep a written or digital list of all passwords (52%).

Things tend to get worse when consumers actually do forget their password. 32% forget a password once a week, and when they do forget this password, 48% of respondents claim they abandon what they are doing online entirely. What’s more – 23% of respondents claim that forgetting a password is as painful as a papercut, and all respondents claimed they had to call tech support twice a year on average for help resetting a password.

The future

The good news is – the future is looking bright. There are state-of-the-art password solutions involving biometrics, multi-factor authentication, and other sophisticated technology already hitting the scene. And more coming down the pipeline, as a few web browsers are actually aiming to kill passwords entirely. Beyond that, there are proactive measures you can take individually in order to prepare for your future security as well. To ensure your passwords act as your first line of security, follow these tips:

  • Create strong passwords. Passwords are the keys to our digital lives, so make sure to create strong and unique passwords to keep unwanted people out. Include numbers, lowercase and uppercase letters, and symbols. The more complex your password is, the more difficult it will be to crack. Finally, avoid common and easy to crack passwords like “12345” or “password.”
  • Use unique passwords for each of your accounts. By using different passwords for your online accounts, you avoid having all of your accounts become vulnerable if you are hacked. It might seem difficult to keep so many passwords, but it will help you keep your online accounts secure.
  • Use a password manager. Take your security to another level with a password manager. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Past, Present, and Future of Password Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-world-password-day/feed/ 0
Securing Your Devices from Mobile Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/#respond Tue, 01 May 2018 18:21:27 +0000 https://securingtomorrow.mcafee.com/?p=88653 As the world has gone mobile, so too have the cybercriminals. With users now spending an average of four hours a day on multiple mobile devices that store mountains of sensitive information, it’s no wonder that mobile malware has become one of the most effective ways to capture our money and data. That’s probably why […]

The post Securing Your Devices from Mobile Malware appeared first on McAfee Blogs.

]]>
As the world has gone mobile, so too have the cybercriminals. With users now spending an average of four hours a day on multiple mobile devices that store mountains of sensitive information, it’s no wonder that mobile malware has become one of the most effective ways to capture our money and data.

That’s probably why mobile malware increased by 46% in the last year, with new mobile threats like ransomware and ad click malware making our digital lives even more complicated.

Of course, risky apps remain the persistent threat. These days, even official app stores aren’t completely safe. For instance, McAfee noted a 30% increase in threat families found in the Google Play Store over the last year alone. These included fake versions of legitimate apps designed to steal personal information, and apps that signed users up for premium services without their consent, leaving them with hefty bills.

But one of the biggest threats we saw was the rise of cryptocurrencies miners. They can hide in the background of seemingly harmless apps, and use your device’s computing power to mine for Bitcoin and other digital currencies. This type of mobile malware can even cause your phone to overheat and stop functioning all together.

In addition to risky apps, dangers lurk when you connect your mobile devices to public Wi-Fi networks, which are often unsecured. Public networks, like those in hotels and airports, have become hunting grounds for cybercriminals who can set up fake Wi-Fi hotspots and use them to deliver malware. They can also potentially eavesdrop on your private data, including passwords and credit card numbers, as they are sent from your device to the router.

Finally, the explosion of devices known as the Internet of Things (IoT), which include IP cameras, interactive speakers, and smart appliances, offer another avenue of attack for the cybercriminals. Since these devices usually come with few security features, they can easily be hacked and used to spread malware to other more data-rich devices connected on the same network.

Given these escalating risks, it’s essential for mobile users to learn how to secure their mobile devices, and all the valuable information that they hold.

Tips for avoiding mobile malware: 

  1. Use Mobile Security—Make sure all your devices are protected from malware and other emerging mobile threats by using security software that can warn you about risky apps and dangerous links, as well as help you locate and lock down a missing device.
  2. Avoid Risky Apps—Stick to downloading highly-rated apps from official app stores. You should also check the app’s permissions to see how much of your private information the app is trying to access. Limit access to only what the app needs to function properly. For instance, a calculator app shouldn’t need your location or contact details.
  3. Choose Strong Passwords—A complicated, hard-to-guess password is your first line of defense when it comes to protecting your online accounts and information. You may want to consider using a password manager that generates strong passwords and keeps them in a secure vault so you don’t have to remember them all. Look into comprehensive security software that includes a password manager.
  4. Keep your IoT devices separate—Since many IoT devices have very low security, you may want to consider keeping them on a separate network from your smartphones, tablets, and computers since these usually contain private information. Read your router’s user manual to learn how to setup a second “guest” network. Or, you can invest in a router with built-in security that protects all the devices on the network.
  5. Stay Informed—Given our reliance on mobile devices, mobile malware is unlikely to go away anytime soon. Make sure you stay up-to-date on emerging threats and the steps you need to take to protect yourself.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Securing Your Devices from Mobile Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mobile-malware/feed/ 0
Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/#respond Fri, 27 Apr 2018 19:10:54 +0000 https://securingtomorrow.mcafee.com/?p=88644 No one is a big fan of intruders, let alone being disturbed while you’re on vacation. This is a potential reality for some travelers, as it was just discovered this week that hotel guests could possibly have unwanted visitors to their room. This is all due to a design flaw in the software of electronic keys […]

The post Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack appeared first on McAfee Blogs.

]]>
No one is a big fan of intruders, let alone being disturbed while you’re on vacation. This is a potential reality for some travelers, as it was just discovered this week that hotel guests could possibly have unwanted visitors to their room. This is all due to a design flaw in the software of electronic keys produced by Assa Abloy, formerly VingCard, that has left millions of hotel rooms worldwide vulnerable to hackers. The vulnerability could allow criminals to create master keys and open any door in the affected hotels.

First discovered by security researchers, this “master key” hack only needs a single hotel room key in order to exploit the flaw. After obtaining a key, hackers can use an RFID reader to try several key combinations to decode the card. A handful of combinations later (around 20 or so), crooks can determine the code and create a master key for the hotel. From there, the hacker can access any room his or her heart so desires. Specifically, they could potentially access hotel rooms in 166 countries and 40,000 locations.

As of now, it is unknown if anyone has actually exploited the threat. But researchers are in collaborating with Assa Abloy to address the problem. So what can you do to help ensure you’re protected from these faulty electronic locks? Start by following these tips:

  • Be selective about where you stay. Until this fix is implemented, it’s important globe-trotters get selective with their lodging. That starts by doing some basic research online – read up on what hotels use Assa Abloy and if you can’t find the information, feel free to call the hotel and ask about their digital lock security.
  • Lock away valuables, especially your devices. Unfortunately, hotel room break-ins are nothing new, they’ve just only become digitized recently. Fortunately, many hotels provide safes for that very reason. So make use of them, and store away your valuables (especially any computers or mobile phones) in order to keep them out of the wrong hands.
  • Use comprehensive security. No matter the type of hack, it’s always important to safeguard the keys (both physical and digital) to your life. One key you can always carry: comprehensive digital security. From mobile phones to laptop computers – lock down all your devices with McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Open Sesame: Hotel Rooms at Risk of Serious Room Key Hack appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hotel-rooms-key-hack/feed/ 0
Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/#respond Wed, 25 Apr 2018 18:36:07 +0000 https://securingtomorrow.mcafee.com/?p=88617 Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, […]

The post Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff appeared first on McAfee Blogs.

]]>
Remember prank calls? We all used to make them as kids as a way to fake out friends and classmates. The age-old tradition isn’t just exclusive to teens, however, as cybercriminals still use the tactic modern day. Only their intentions are a bit more malicious than your average middle schooler. In fact, just this week, phone scammers pretending to be from a Chinese Consulate office are tricking people in the U.S. into giving them large amounts of money.

First reported to The Verge, the Federal Trade Commission announced that it believes scammers are targeting people who have recently immigrated from China to the U.S. and have been asking these people to pick up packages or provide personal data to the “consulate staff.” Conveniently enough, this data is largely financial information. Unfortunately, the scam has seen some success, as the New York Police Department has reported that 21 Chinese immigrants have been scammed out of $2.5 million since December 21st, 2017. The majority of these victims are seniors.

This isn’t the first we’ve heard of phone scammers taking advantage of innocent people – as many out there have fallen victim to easily believable social engineering schemes such as this. Therefore, in order to avoid tricky scams like this one, be sure to follow these tips: 

  • Don’t give up your financial data to anyone other than your bank. If you receive a phone call from either a person or a recording requesting this data, remain skeptical and hang up. Then, call your official bank directly and check with them if there’s an issue you need to discuss.
  • Keep up-to-date on the latest social engineering scams. It’s important you stay in the loop so you know what scams to look out for. This means reading up the latest security news and knowing what’s real and what’s fake when it comes to random emails, phone calls, and text messages.
  • Reduce your exposure. Register your mobile phone number, as well as your home phone, on the “do not call” registry to keep your number uninvolved in the latest social engineering scheme.
  • Use an identity theft protection solution. If for some reason a scammer does compromise your personal information, it’s important to get prepared about protecting yourself against identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Wrong Number: Phone Scammers Run Off With Millions by Impersonating Chinese Consulate Staff appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phone-scammers-impersonating-chinese-consulate-staff/feed/ 0
Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/#respond Fri, 20 Apr 2018 17:46:29 +0000 https://securingtomorrow.mcafee.com/?p=88595 Video games allow users to become a whole new persona, to experience imaginary worlds, and live out scenarios that are beyond their wildest dreams. One of the most popular video games out there, Minecraft, allows users to build worlds out of cubes and create customized virtual avatars to represent themselves within the game. Only now, […]

The post Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts appeared first on McAfee Blogs.

]]>
Video games allow users to become a whole new persona, to experience imaginary worlds, and live out scenarios that are beyond their wildest dreams. One of the most popular video games out there, Minecraft, allows users to build worlds out of cubes and create customized virtual avatars to represent themselves within the game. Only now, special add-ons that are used by players to personalize their avatar have become part of a cyber scheme, as over 50,000 Minecraft accounts have been infected with malware via character skins that were created and uploaded to the game’s official website by fellow users.

Though it is unclear who exactly created the malicious skins, it is believed that the malware does not come from any well-known cybercriminals but rather from inexperienced players looking to exploit others for their own amusement. This malware is not just simple competitive jab either, as its tactics are quite nasty. It has been reported that, once downloaded, the strain can reformat hard drives and delete backup data and system programs.

Now, knowing that fellow gamers are out there trying to sabotage others, what are next steps for Minecraft players? It’s important all users start doing all that they can now in order to avoid infection. You can start by following these proactive security tips:

  • Do your homework. Before you download any extra add-ons for games, make sure you read fellow user reviews. Conduct a quick Google scan and see what other users think – has it caused them issues or security strife? When in doubt, don’t download any add-ons (like character skins) that come from an untrustworthy source or seem remotely sketchy.
  • Back up your files on an external hard drive. Always make sure your files are backed up on an external hard drive. That way, if your data is deleted in this Minecraft malware attack or others like it, you can restore the data from the backup.
  • Use comprehensive security. Whether you’re using the mobile version of Minecraft, or gaming on your computer, it’s important you lock down all your devices with an extra layer of security. To do just that, use a comprehensive solution such as McAfee Total Protection.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Game Over! Malicious Minecraft Character Skins Infect Over 50,000 Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/minecraft-character-skins-malware/feed/ 0
Casino’s High-Roller Database Compromised by a Single IoT Thermometer https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/#respond Wed, 18 Apr 2018 01:38:53 +0000 https://securingtomorrow.mcafee.com/?p=88543 It’s no secret that IoT devices have caused some issues with security in the past. They’ve been used by cybercriminals to topple networks and hack into homes. Oh, and now breach casinos. You heard correctly – a vulnerable IoT thermometer, which was being used to monitor the water of an aquarium in a casino’s lobby, […]

The post Casino’s High-Roller Database Compromised by a Single IoT Thermometer appeared first on McAfee Blogs.

]]>
It’s no secret that IoT devices have caused some issues with security in the past. They’ve been used by cybercriminals to topple networks and hack into homes. Oh, and now breach casinos. You heard correctly – a vulnerable IoT thermometer, which was being used to monitor the water of an aquarium in a casino’s lobby, actually opened up the organization’s network to cyberattack.

So, how exactly did a singular IoT thermometer breach an entire organization? The vulnerable device created an opening into the casino’s network for cybercriminals to enter, resulting in the crooks obtaining information about the casino’s high-roller database. Unfortunately, it has yet to be determined what kind of information has been taken from this database.

This incident reminds us that IoT security continues to be a persistent problem that’s showing no signs of slowing. As discussed during our EMEA McAfee Labs Day event last week, new connected devices are coming online every day, so it’s important to think about how you protect your data now and in the future. That starts with manufacturers including security as part of their design of IoT devices and owners of connected gadgets doing their part in ensuring their devices don’t expose larger networks of any kind. You can start implementing proactive IoT security by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away.If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Secure your home’s internet at the source. Just like the thermometer must connect to the casino’s larger internet network, smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Casino’s High-Roller Database Compromised by a Single IoT Thermometer appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/casinos-high-roller-database-iot-thermometer/feed/ 0
Typosquatting: What You Need to Know Now https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/#respond Fri, 13 Apr 2018 16:00:25 +0000 https://securingtomorrow.mcafee.com/?p=88400 As it turns out, your high school English teacher was right—spelling does matter. This is especially true now, when mistyping a simple web address could potentially land you in hot water. Although “typosquatting” has been around for a long time, cybercriminals are becoming more systematic in how they use this technique, aiming to steal personal […]

The post Typosquatting: What You Need to Know Now appeared first on McAfee Blogs.

]]>
As it turns out, your high school English teacher was right—spelling does matter. This is especially true now, when mistyping a simple web address could potentially land you in hot water. Although “typosquatting” has been around for a long time, cybercriminals are becoming more systematic in how they use this technique, aiming to steal personal information, make money, or spread malware.

If you’ve ever typed in a web address and landed on a page that is nothing like the one you intended to go to, you may be familiar with this practice, also known as “URL hijacking.” This is when a webpage is put up at a similar web address to another well-known site, in the hopes of capturing some of the legitimate website’s traffic.

These sites often rely on the small typos we make when we type in web addresses, like accidentally omitting the “o” in “.com”. In fact, researchers recently found a whole host of addresses that were registered in the names of well-known sites, but terminating in  “.cm”, instead of “.com”. These copycat addresses included financial websites, such as Chase.cm and Citicards.cm, as well as social and streaming sites.

The .cm sites were used to advertise promotions and surveys used to collect users’ personal information. What’s more, over 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.

While early typosquatting efforts were often aimed at stealing traffic alone, we’re now seeing a move toward clever copycats. Some look like real banking websites, complete with stolen logos and familiar login screens, hoping to trick you into entering your passwords and others sensitive information.

Earlier this year, for instance, the Reserve Bank of India (RBI) warned customers that someone had bought the URL “www.indiareserveban.org”, and put up a fake site, asking for banking details and passwords, even though the real RBI is a central bank that holds no individual accounts.

But, cybercrooks don’t even need to put up fake websites to try to steal your information; they can also trick you into downloading malware. They may lead you to a site that delivers a pop-up screen telling you to update your Adobe Flash Player, for instance.

That’s exactly what happened not too long ago to Netflix users who accidentally typed in “Netflix.om”, instead of “.com”. The cybercrooks had smartly used the Netflix address ending in the top-level domain for Oman to try to redirect at least some of the streaming site’s over 118 million users to a malware-laden site instead. In fact, “.om” was used as part of a larger typosquatting campaign, targeting over 300 well-known organizations.

Given that typos are easy to do, and fake websites are becoming more convincing, here are the steps you should take to protect yourself from typosquatting:

  • Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
  • If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar, indicating that the site uses encryption to secure the data that you share.
  • Be suspicious of websites with low-quality graphics or misspellings, since these are telltale signs of fake websites.
  • Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
  • Don’t click on links in emails, text messages and popup messages unless you know and trust the sender.
  • Consider using a safe search tool such as McAfee WebAdvisor, which can alert you to risky websites right in your search results.
  • Always use comprehensive security software on both your computers and devices to protect you from malware and other online threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Typosquatting: What You Need to Know Now appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/typosquatting-need-know-now/feed/ 0
Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/#respond Wed, 11 Apr 2018 18:22:58 +0000 https://securingtomorrow.mcafee.com/?p=88340 A huge part of modern-day customer service is the chat functionality, which allows customers to converse easily with representatives of the organization in order to find a solution to their problem. This chat functionality is often a service offered by a third-party provider. And just last week, one of these service providers, [24]7.ai, reported that […]

The post Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy appeared first on McAfee Blogs.

]]>
A huge part of modern-day customer service is the chat functionality, which allows customers to converse easily with representatives of the organization in order to find a solution to their problem. This chat functionality is often a service offered by a third-party provider. And just last week, one of these service providers, [24]7.ai, reported that an unspecified cyberattack affected online payment data collected by a “small number of our client companies.” A few of these companies include Delta Airlines, Sears, Kmart, and Best Buy.

The breach was the result of an unspecified malware attack on the service’s chat tool, which occurred between Sept. 26 and Oct. 12, 2017. The malware permitted cybercriminals to obtain unauthorized access to customer data, including payment card numbers, CVV numbers, and expiration dates, in addition to customers’ names and addresses.

Delta Airlines, Sears, Kmart, and Best Buy all have not yet determined how many customers have been impacted so far. But it is believed to be totaling up to hundreds of thousands. So, for those who have been affected – what are the next steps? Start by following these security tips here:

  • Place a Fraud Alert. If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.
  • Freeze Your Credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Consider an identity theft protection solution. With these breaches, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Service Provider [24]7.ai Breached, Leaking Customer Data from Delta Airlines, Sears, Kmart, and Best Buy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/247-ai-breached-customer-data-delta-airlines-sears-kmart-best-buy/feed/ 0
MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/#respond Fri, 30 Mar 2018 22:10:04 +0000 https://securingtomorrow.mcafee.com/?p=88153 This blog has been updated as of 4/4. Practically everything has become digitized in 2018. We’ve developed thousands of health apps and gadgets to help monitor our fitness, implemented online ordering services for restaurants, the list goes on. And just this past week – two of these very innovations have been breached for customer data, […]

The post MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches appeared first on McAfee Blogs.

]]>
This blog has been updated as of 4/4.

Practically everything has become digitized in 2018. We’ve developed thousands of health apps and gadgets to help monitor our fitness, implemented online ordering services for restaurants, the list goes on. And just this past week – two of these very innovations have been breached for customer data, as well as two traditional brick-and-mortar sites. MyFitnessPal, Panera Bread, and Saks Fifth Avenue and Lord & Taylor have all been faced with data breaches, which have compromised millions of customers.

Let’s start with MyFitnessPal. Just last week, it was revealed that 150 million accounts for the health app and site were breached. As of now, few details have emerged about how the attack happened or what the intention was behind it. While the breach did not compromise financial data, large troves of other personal information were affected. The impacted information included usernames, email addresses, and hashed passwords.

MyFitnessPal, which is a subsidiary of Under Armour, has notified affected customers of the breach (see below), and Under Armour has released an official statement making the public aware of the attack as well.

Then there’s Panera Bread. The popular food chain actually leaked customer data on their website in plain text. This data includes names, email addresses, home addresses, birth dates and final four credit card digits. It’s not clear whether anyone malicious actually accessed any of this data yet, which was supplied by customers who had made online accounts for food delivery and other services. What’s more – a security researcher first flagged this error to Panera Bread eight months ago, which did not acknowledge it until just now. And though the initial number of impacted users was said to be fewer than 10,000 customers, security reporter Brian Krebs estimates that as many as 37 million Panera members may have been caught up in the breach.

Finally there’s Saks Fifth Avenue and Lord & Taylor. A group of cybercriminals has obtained more than five million credit and debit card numbers from customers of the two high-end clothing stores. It appears this data was stolen using software that was implanted into the cash register systems at brick-and-mortar stores and siphoned card numbers.

So, for the millions of affected MyFitnessPal, Panera Bread, and Saks and Lord & Taylor customers, the question is – what next? There are a few security steps these users should take immediately. Start by following these pointers below:

  • Change your password immediately. If you are a MyFitnessPal or Panera Bread customer, you should first and foremost change the password to your account. Then, you should also change your password for any other account on which you used the same or similar information used for your MyFitnessPal or Panera Bread account.
  • Stay vigilant. Another way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Consider an identity theft protection solution. With these breaches, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

 

The post MyFitnessPal, Panera Bread, Saks Fifth Avenue: What to Know About the Recent Data Breaches appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/myfitnesspal-accounts-data-breach/feed/ 0
Seven Android Apps Infected With Adware, Downloaded Over 500,000 Times https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-infected-with-adware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-infected-with-adware/#respond Thu, 29 Mar 2018 20:44:50 +0000 https://securingtomorrow.mcafee.com/?p=88121 The amount we use our apps and the amount of apps we use has shown no signs of slowing. And as the McAfee Labs Threats Report: March 2018 tells us, mobile malware has shown no signs of slowing either. Now, a tricky Android malware dubbbed Andr/HiddnAd-AJ is adding to the plethora of mobile strains out […]

The post Seven Android Apps Infected With Adware, Downloaded Over 500,000 Times appeared first on McAfee Blogs.

]]>
The amount we use our apps and the amount of apps we use has shown no signs of slowing. And as the McAfee Labs Threats Report: March 2018 tells us, mobile malware has shown no signs of slowing either. Now, a tricky Android malware dubbbed Andr/HiddnAd-AJ is adding to the plethora of mobile strains out there. The malware managed to sneak onto the Google Play Store disguised as seven different apps – which have collectively been downloaded over 500,000 times.

Slipping onto the Google Play store via six QR reader apps and one smart compass app, the malware manages to sneak past security checks through a combination of unique code and no initial malicious activity. Following installation, Andr/HiddnAd-AJ waits for six hours before it serves up adware. When it does, it floods a user’s screen with full-screen ads, opens ads on web pages, and sends various notifications containing ad-related links, all with the goal of generating click-based revenue for the attackers.

These apps have since been taken down by Google, however, it’s still crucial that Android users are on the lookout for Andr/HiddnAd-AJ malware and other adware schemes like it. Start by following these security tips:

  • Do your homework. Before you download an app, make sure you head to the reviews section of an app store first. Be sure to thoroughly sift through the reviews and read through the comments section; Andr/HiddnAd-AJ may have been avoided if a user read one of the comments and saw that the app was full of unnecessary advertisements. When in doubt, don’t download any app that is remotely questionable.
  • Limit the amount of apps. Only install apps you think you need and will use regularly. And if you no longer use an app, uninstall it. This will help you save memory and reduce your exposure to threats such as Andr/HiddnAd-AJ.
  • Don’t click. This may go without saying, but since this is a click-generated revenue scheme, do whatever you can to avoid clicking pop-ups and unwarranted advertisements. The less you click, the less cybercriminals will profit.
  • Use a mobile security solution. As malware and adware campaigns continue to infect mobile applications, make sure your mobile devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Seven Android Apps Infected With Adware, Downloaded Over 500,000 Times appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-infected-with-adware/feed/ 0
Travel Agency Orbitz Hit with Data Breach, 880,000 Payment Cards Affected https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/travel-agency-orbitz-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/travel-agency-orbitz-data-breach/#respond Thu, 22 Mar 2018 20:31:13 +0000 https://securingtomorrow.mcafee.com/?p=87624 We all love a good getaway, and as we look ahead to spring and summer, most of us are already planning our next vacation. To do that, we’ll tap one of the many online travel agencies out there to help us organize our plans. Only now, some travel-goers may have to stop trip planning so […]

The post Travel Agency Orbitz Hit with Data Breach, 880,000 Payment Cards Affected appeared first on McAfee Blogs.

]]>
We all love a good getaway, and as we look ahead to spring and summer, most of us are already planning our next vacation. To do that, we’ll tap one of the many online travel agencies out there to help us organize our plans. Only now, some travel-goers may have to stop trip planning so they can start planning for credit monitoring, as one of the most popular travel agencies, Orbitz.com, was hit with a data breach that may have exposed as many as 880,000 payment cards.

The online travel agency reported two separate data disclosures, as an attacker may have accessed customers’ personal information shared on Orbitz.com and a handful of associated websites between Jan. 1, 2016 between Dec. 22, 2016.

What’s more – in addition to the payment cards, hackers may have also stolen customers’ full name, date of birth, phone number, email address, physical and/or billing address and gender information. Now, with all this personal information potentially out in the open, it’s important affected customers start thinking about protecting their personal identities. To do just that, follow these tips:

  • Regularly review your online account info. Things like regularly reviewing transactions online and making sure account contact info hasn’t changed are good for keeping tabs on anyone trying to hijack your account.
  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Consider an identity theft protection solution. With this breach and others before it, consumers are faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Travel Agency Orbitz Hit with Data Breach, 880,000 Payment Cards Affected appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/travel-agency-orbitz-data-breach/feed/ 0
RottenSys Malware Reminds Users to Think Twice Before Buying a Bargain Phone https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rottensys-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rottensys-malware/#respond Wed, 21 Mar 2018 19:13:18 +0000 https://securingtomorrow.mcafee.com/?p=87431 China is a region that has been targeted with mobile malware for over a decade, as malware authors there are continually looking at different tactics to lure victims. One of the most innovative tactics that we have come across in the past several years is to get victims to buy discounted devices from sellers that […]

The post RottenSys Malware Reminds Users to Think Twice Before Buying a Bargain Phone appeared first on McAfee Blogs.

]]>
China is a region that has been targeted with mobile malware for over a decade, as malware authors there are continually looking at different tactics to lure victims. One of the most innovative tactics that we have come across in the past several years is to get victims to buy discounted devices from sellers that have compromised a smartphone. And now, one of these campaigns, Android.MobilePay (aka dubbed RottenSys) is making headlines, though McAfee has been aware of it for over two years. The tactic used by the author(s)/distributors is straightforward; they install fake apps on a device that pretend to provide a critical function, but often don’t get used.

RottenSys is stealthy. It doesn’t provide any secure Wi-Fi related service but is rather an advanced strain of malware that swoops almost all sensitive Android permissions to enable its malicious activities. In order to avoid detection, RottenSys doesn’t come with an initial malicious component and or immediately initiate malicious activity. The strain has rather been designed to communicate with its command-and-control servers to obtain the actual malicious code in order to execute it and following which installs the malicious code onto the device.

Given it installs any new malicious components from its C&C server, RottenSys can be used to weaponize or take full control over millions of infected devices. In fact, it already seems that the hackers behind RottenSys have already started turning infected devices into a massive botnet network.

This attack acts as an indication of change, as over the past two years the mechanism of fraud has adapted. In the past, scams such as this typically have used premium SMS scams to generate revenue, which reach out to a premium number and make small charges that go unnoticed over the course of an extensive period. As described in detail in our Mobile Threat Report: March 2018, we have seen traditional attack vectors, such as premium text messages and toll fraud replaced by botnet ad fraud, pay-per-download distribution scams, and crypto mining malware that can generate millions in revenue.

Long story short – it’s important to still take precautionary steps to avoid future infection from this type of malware scheme. The good news is, you can easily check if your device is being infected with RottenSys. Go to Android system settings→ App Manager, and then look for the following possible malware package names:

  • android.yellowcalendarz
  • changmi.launcher
  • android.services.securewifi
  • system.service.zdsgt

Beyond that, you can protect your device by following these tips:

  • Buy with security in mind. When looking to purchase your next mobile device, make sure to do a factory reset as soon as you turn it on for the first time.
  • Delete any unnecessary apps. Most mobile providers allow users to delete pre-installed apps. So, if there’s a pre-installed app you don’t use, or seems unknown to you, go ahead and remove it from your device entirely.
  • Always scan your device, even if it’s new. One of the first applications you should load onto a new device is an anti-malware scanner, like McAfee Mobile Security. It can detect and alert users to malicious behavior on their devices. In this case, if a malware variant is detected, new users can see if they can return their infected devices in exchange for a clean one.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post RottenSys Malware Reminds Users to Think Twice Before Buying a Bargain Phone appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/rottensys-malware/feed/ 0
What Is Machine Learning? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-machine-learning/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-machine-learning/#respond Tue, 20 Mar 2018 22:12:03 +0000 https://securingtomorrow.mcafee.com/?p=87186 What do self-driving cars and interactive speakers have in common? Both utilize something called “machine learning.” This is when we give systems access to data that enables them to identify patterns and improve their performance, or “learn”, without human programming. Machine learning is often confused with artificial intelligence (AI), where machines and applications mimic human […]

The post What Is Machine Learning? appeared first on McAfee Blogs.

]]>
What do self-driving cars and interactive speakers have in common? Both utilize something called “machine learning.” This is when we give systems access to data that enables them to identify patterns and improve their performance, or “learn”, without human programming.

Machine learning is often confused with artificial intelligence (AI), where machines and applications mimic human behavior. Although they often work together, machine learning takes human-like behavior one step further—it enables systems to get smarter as they gain more information. This is why your Alexa speaker, for example, can make recommendations based on what you’ve said in the past.

To do this, computer systems need access to enough digital information to analyze, classify, and store information, and then make predictions. This is where the internet comes in. Even though the term “machine learning” was coined in 1959 by British AI pioneer Arthur Samuel, it wasn’t really possible until the internet was mature enough to provide access to rich data.

But now, machine learning is allowing us to talk to devices like they are human, monitor our health, make personalized recommendations, and even improve our online security. Take, for instance, the fact that Google says it has been using machine learning to help reduce security issues in its Play store. The company said that in 2017 some 60.3% of potentially harmful apps were detected using machine learning incorporated into Google Play Protect.

What’s more, some security developers are using the technology, coupled with AI and game theory, to figure out potential vulnerabilities and patch them before hackers exploit them. And researchers are looking into adding machine learning and sensors to power grids to detect and analyze potential cyber attacks, as well as make the grids themselves more efficient.

But these smart technology advances could also go the other way. Security researchers believe that cybercriminals will soon be using the same techniques to search for new entry points and means of attack. This is concerning given that each day the world is becoming more connected, giving the bad guys a multitude of ways to access our devices and critical information.

While many believe that machine learning will make our lives more convenient, by allowing technology to do many of the tasks that only humans could previously do, it’s also important to be aware of the risks. After all, technology that mimics intelligent humans can also enable malicious ones.

Here are some tips for using smart technologies safely:

  • When investing in new internet-connected devices, choose products with built-in security features
  • Change the default password on new devices as soon as you can, since cybercriminals know many of these default passwords.
  • Don’t let a program or device access more information than it needs to function properly. Take a careful look at permissions to determine whether your personal information is at risk.
  • Keep your connected-home devices on a secure network, preferably separate from your main computer network. This way, if one device is infected with malware it can’t spread to other data-rich devices. Check your router’s user manual to learn how.
  • Always use comprehensive security software, and consider investing in a secure home network that makes it easier to protect all your computers and devices from emerging threats.
  • Keep up-to-date on the latest technologies and potential threats. This will help you be more proactive when it comes to keeping your digital life secure.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Is Machine Learning? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-machine-learning/feed/ 0
What’s New in the World of Ransomware? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whats-new-world-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whats-new-world-ransomware/#respond Fri, 16 Mar 2018 16:00:58 +0000 https://securingtomorrow.mcafee.com/?p=85398 Ransomware, the type of malware that can infect your computers and devices, lock you out of your own files, and demand a ransom to unlock them, is growing rapidly in both incidents and sophistication. In some cases, ransomware is even used as a cover to distract from more serious attacks, so it’s important for everyone […]

The post What’s New in the World of Ransomware? appeared first on McAfee Blogs.

]]>
Ransomware, the type of malware that can infect your computers and devices, lock you out of your own files, and demand a ransom to unlock them, is growing rapidly in both incidents and sophistication. In some cases, ransomware is even used as a cover to distract from more serious attacks, so it’s important for everyone to learn what’s new with this persistent threat.

First, it’s clear that these kind of attacks spell success for the malware authors, who have ramped up their distribution. McAfee saw a 59% increase in ransomware in 2017 over the previous year, and a 35% spike in the fourth quarter alone. This is despite the fact that only half of victims who chose to pay the ransom actually recover their files, according to a recent study.

Still, they are clearly profitable for the cybercriminals who usually demand payment in hard-to-trace cryptocurrencies, such as Bitcoin. The fact that cryptocurrencies spiked in value last year, with Bitcoin showing a 10-fold increase alone, is probably another factor. These attacks were estimated to cost victims up to $5 billion globally in 2017, including data loss, downtime and disruption.

What’s more, in order to make money today’s thieves don’t even have to be tech savvy. Ransomware marketplaces have sprouted up online, offering malware strains for any would-be cybercrook, and generating extra profit for the malware authors, who often ask for a cut in the ransom proceeds.

This favorable environment has led to malware innovation. Although computers have been the traditional targets, cybercriminals have recently set their sights on the huge mobile market. Take, for instance, the DoubleLocker malware strain aimed at Android devices. It not only encrypted users’ data, but also changed their PIN codes, locking them out of their devices all together. This malware spread as a phony Adobe Flash Player update.

We have also seen the rise of so-called “pseudo ransomware”, like NotPetya. This malware strain used ransomware as a cover to do even more damage to victims’ data, presumably to cause disruption. Even more concerning was the way it spread— originally planted in accounting software, it could infect other computers without tricking users into downloading it, and evading known ransomware detection. Although this malware displayed a message demanding ransom in Bitcoin, there was no identifying number to track payments and the data was so damaged that there is no way to actually restore files.

Given the growing threats that ransomware and its disruptive variants pose, you need to know what to look out for, and how to protect yourself.

Follow these important tips to steer clear of ransomware:

  • Backup your data—The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. This is important not only because it protects your data, but because you are not tempted to reward the malware authors by paying a ransom.Microsoft users, for instance, can opt to use Office 365’s OneDrive Business cloud backup service to recover files. Backups won’t prevent ransomware, but it can mitigate the risks.
  • Use security software—Make sure all your computers and devices are protected with comprehensive security software, and keep all of your software up-to-date to safeguard you from the latest ransomware threats.
  • Practice Safe Surfing—Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to try to get you to install dangerous files.
  • Only Use Secure Networks—Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the Internet no matter where you go. 
  • Stay informed—Keep current on the latest threats. This way you know what to look out for. Finally, in the case that you do get a ransomware infection and have not backed up all your files, know that some decryption tools are made available by tech companies to help victims.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What’s New in the World of Ransomware? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/whats-new-world-ransomware/feed/ 0
New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vestel-firmware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vestel-firmware/#respond Wed, 14 Mar 2018 19:43:27 +0000 https://securingtomorrow.mcafee.com/?p=85271 As recent events like CES and MWC have proved, the popularity of connected devices is showing no signs of slowing. Everything has been transformed into smart: lightbulbs, ovens, sprinkler systems – with one of the first trailblazers being the smart TV. And now, it’s been discovered that smart TVs may be vulnerable to cyberattacks, as […]

The post New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users appeared first on McAfee Blogs.

]]>
As recent events like CES and MWC have proved, the popularity of connected devices is showing no signs of slowing. Everything has been transformed into smart: lightbulbs, ovens, sprinkler systems – with one of the first trailblazers being the smart TV. And now, it’s been discovered that smart TVs may be vulnerable to cyberattacks, as the independent security software tester AV-Comparatives and sigma star gmbh informed the general public of several critical vulnerabilities in Vestel firmware, which is used in more than 30 popular TV brands, including Medion. These vulnerabilities could be leveraged to spy on smart TV users.

This discovery began back in March 2017 when news emerged that it may be possible to hack into smart TVs to spy on users. Hearing this news, AV-Comparatives decided to perform a quick security check on the Medion smart TV and discovered a handful of vulnerabilities. AV-Comparatives asked sigma star gmbh (which specializes in IoT) to analyze these issues, and the company confirmed their severity. And though the groups informed Vestel and Medion already about these flaws, not all have been addressed.

Now, Medion has requested to further investigate a few outstanding vulnerabilities, which means a firmware update is not on the way just yet. So, in the interim, be sure to follow these security tips to ensure you stay secure while utilizing smart TVs:

  • Buy smart TVs with security in mind. When purchasing a smart TV, it’s always important to do your homework and read up on any current vulnerabilities. That way, you can make an informed purchase.
  • Update regularly. It’s an important security rule of thumb: always update any software whenever an update is available, as security patches are usually included with each new version. And even though fixes for these particular flaws have not been issued yet, they should be soon on the way. 
  • Secure your home’s internet at the source. Smart TVs, like all connected devices, have to connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/vestel-firmware/feed/ 0
Understanding How Bitcoin Mining Poses Security Risks https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bitcoin-mining-security-risks/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bitcoin-mining-security-risks/#respond Mon, 12 Mar 2018 04:01:48 +0000 https://securingtomorrow.mcafee.com/?p=85046 From 2017 to 2018, the cost of one Bitcoin increased over one thousand percent. This rapid growth dominated headlines and ignited a cryptocurrency boom that left consumers everywhere wondering how to get a slice of the Bitcoin pie. For those that want to join the craze without trading traditional currencies like U.S. dollars, a process […]

The post Understanding How Bitcoin Mining Poses Security Risks appeared first on McAfee Blogs.

]]>
From 2017 to 2018, the cost of one Bitcoin increased over one thousand percent. This rapid growth dominated headlines and ignited a cryptocurrency boom that left consumers everywhere wondering how to get a slice of the Bitcoin pie. For those that want to join the craze without trading traditional currencies like U.S. dollars, a process called “Bitcoin mining” appears to be a great way to get involved. However, Bitcoin mining introduces a number of security risks.

What is Bitcoin mining?

Mining for Bitcoin is like mining for gold—you put in the work and you get your reward. But instead of back-breaking labor, you earn the currency with your time and computer processing power. “Miners”, as they are called, essentially upkeep and help secure Bitcoin’s decentralized accounting system.

Each time there’s a transaction it’s recorded in a digital ledger called the “blockchain.” Miners help to update the ledger by downloading a special piece of software that allows them to verify and collect new transactions to be added to the blockchain. Then, they must solve a mathematical puzzle to be able to add a block of transactions to the chain. In return, they earn Bitcoins, as well as transaction fees.

What are the security risks?

As the digital currency has matured, Bitcoin mining has become more challenging. In the beginning a user could mine on their home computer and earn a good amount of the digital currency, but these days the math problems have become so complicated that it requires a lot of expensive computing power.

This is where the risks come in. Since miners need an increasing amount of computer power to earn Bitcoin, some have started compromising public Wi-Fi networks so they can access users’ devices to mine for Bitcoin. This recently happened at a coffee shop in Buenos Aires, which was infected with malware that caused a 10-second delay when logging in to the cafe’s Wi-Fi network. The malware authors were using this time to access the users’ laptops for mining.

In addition to public Wi-Fi networks, millions of websites are being compromised to access users’ devices for mining. In fact, this has become such a widespread problem, that over 1 billion devices are believed to be slowed down by web-based mining. And slowing your device down is not even the worst thing that could happen. A device that is “cryptojacked” could have 100 percent of its resources used for mining, causing the device to overheat, essentially destroying it.

Now that you know a little about Bitcoin mining and the risks associated with it, here are some tips to keep your devices safe as you monitor the cryptocurrency market:

  • Avoid public Wi-Fi networks—These networks often aren’t secured, opening your device and information up to a number of threats.
  • Use a VPN— If you’re away from your secure home or work network, consider using a virtual private network (VPN). This is a piece of software that gives you a secure connection to the Internet, so that third parties cannot intercept or read your data. A product like McAfee Safe Connect can help safeguard your online privacy no matter where you go.
  • Secure Your Devices—New threats like Bitcoin malware are emerging all of the time. Protect your devices and information with comprehensive security software, and keep informed on the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Understanding How Bitcoin Mining Poses Security Risks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/bitcoin-mining-security-risks/feed/ 0
How to Protect Your Privacy in a Connected World https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-privacy-connected-world/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-privacy-connected-world/#respond Fri, 09 Mar 2018 20:32:47 +0000 https://securingtomorrow.mcafee.com/?p=85286 Not so long ago computers were our only connection to the internet, but these days we are almost constantly connected, through our phones, homes, autos, and even our children’s toys. In fact, research firm Gartner estimates that we now have over 8.4 billion connected “things” in use and that number will continue to grow rapidly. […]

The post How to Protect Your Privacy in a Connected World appeared first on McAfee Blogs.

]]>
Not so long ago computers were our only connection to the internet, but these days we are almost constantly connected, through our phones, homes, autos, and even our children’s toys. In fact, research firm Gartner estimates that we now have over 8.4 billion connected “things” in use and that number will continue to grow rapidly.

Being connected brings great convenience, of course, but it also opens us up to a much wider range of risks, including the loss of money, data, and property, not to mention privacy. So the question now is, how to protect ourselves as we move through the connected world. Let’s start by talking about one of the newer and less familiar avenues of attack: connected “things.”

IoT

The term “Internet of Things” (IoT) is used to describe connected devices such as IP cameras, smart TVs and appliances, and interactive speakers and toys. These things have a built-in connection to the internet, but often don’t come with sophisticated security features—many have password protection at the most. This makes them easy to hack, especially if the password isn’t changed from the factory default. You may remember the Mirai malware incident, in which tens of thousands of IoT devices were infected and used to launch attacks against popular websites. IoT malware has only grown more sophisticated since then, opening the door to dangers such as launching larger attacks, accessing computing power to mine for cryptocurrencies, or leapfrogging attacks to computers and smartphones that store critical information. The bottom line is that IoT devices give cybercriminals a lot of access points to play with, and we have yet to see all the risks that they could bring.

Computers & Smartphones

Just as attacks on devices have become more sophisticated, so too have threats aimed at computers and smartphones. Cybercrooks are no longer satisfied with distributing malware to cause disruption—now they are focused on making money. Cryptocurrency miners are just one example of this; the other is the huge growth we have seen in ransomware. Authors of this type of malware don’t only make money by locking down the data of normal computer users, businesses, and government agencies, and demanding money to release it. They have also created an entirely new industry by selling ransomware products to other would-be cybercriminals online.

Another large and growing threat to smartphone users is malicious apps. We’ve seen a large uptick in risky applications, designed to steal data, rack up premium charges without the user’s permission, or access the device for other malicious purposes. Again, money is a driver, since a large number of the new risky apps we’ve detected have been designed to manipulate mobile ads, generating money for the malware authors.

Networks

Our computers and devices aren’t the only things under attack—the networks we use continue to be a growing target. This is no doubt related to our desire to be connected no matter where we go. Public Wi-Fi networks offer bad guys an unprecedented opportunity to intercept multiple users’ data while in transit to and from the network. This data can include credit card numbers, passwords, and identity information, if the network is not secure. What’s more, some attackers are going even higher up in the chain to take advantage of vulnerabilities in network protocols, making secure infrastructure even more important.

With so many risks associated with the connected landscape, it’s up to all of us to take steps to protect our data, devices and privacy.

Here are some key tips to safely navigate the connected world:

  • Always use comprehensive security software on both your computers and mobile devices, and keep all of your software up-to-date. This will safeguard you from the latest threats.
  • When you bring home a new IoT device, make sure that you reset the default password.
  • Look into putting all of your connected home devices onto a separate network from your computers and smartphones, so if one device is infected the attacker cannot access your other data-rich devices. Check your router’s user manual to learn how.
  • To ensure that your home computers and devices stay safe, look for a more secure network solution that includes IoT protection.
  • Avoid connecting to public Wi-Fi networks, which may or may not be secure. Instead, consider using a VPN. This is a piece of software that will give you a secure connection to the internet no matter where you go.
  • Only download apps from official app stores and read other users’ reviews first to see if they are safe.
  • Keep up-to-date on the latest threats, since they are constantly evolving, and make sure to share these important security tips with friends and family.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How to Protect Your Privacy in a Connected World appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-privacy-connected-world/feed/ 0
MWC 2018: Takeaways on the Key Devices and Innovations https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-takeaways/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-takeaways/#respond Wed, 07 Mar 2018 01:53:41 +0000 https://securingtomorrow.mcafee.com/?p=84647 It’s hard to believe that MWC 2018 is already over! Though the event came and went in the blink of an eye, MWC 2018 managed to deliver, showcasing some of the most exciting mobile and connected device innovation out there today. While there was a variety of new tech at the event, a few showstoppers […]

The post MWC 2018: Takeaways on the Key Devices and Innovations appeared first on McAfee Blogs.

]]>
It’s hard to believe that MWC 2018 is already over! Though the event came and went in the blink of an eye, MWC 2018 managed to deliver, showcasing some of the most exciting mobile and connected device innovation out there today. While there was a variety of new tech at the event, a few showstoppers managed to catch everyone’s eye and some key trends emerged. Here are some of my takeaways from the event:

The mobile showstoppers

The Samsung Galaxy S9 was a clear winner at this year’s event. Between the low light photography, AR emojis, and super slow motion — the new flagship device had everyone at MWC talking. But that doesn’t mean nostalgia was totally lost on MWC goers, as the Nokia 8110 ensured what’s old is new. The device was a revamped the classic slider phone, just with a few social media apps added to the mix.

There was also the Vivo Apex, which took the all-screen phone to a new level. It features a fingerprint sensor underneath the OLED screen itself and instead of a speaker the whole phone vibrates to conduct sound during a call or media playback.

5G hype becomes reality

Ultra-fast 5G (the new generation of wireless technology) has been all the hype for a while now, but the technology was just that – hype. That is, until this MWC, where 77 companies (largely from North America and Asia) announced they are officially trialing 5G across 49 countries. In fact, MWC 2018 saw a quite a large number of Chinese mobile equipment makers, including Huawei to ZTE, working to get a piece of the 5G action. The action even went beyond just a few proofs of concept and also spread across a broad creative range of connected devices.

Securing the connected lifestyle

In fact, this plethora of connected devices – at both MWC and beyond – is a trend that inspired the McAfee key MWC innovations. First, there was the award-winning new McAfee Secure Home Platform skill for Amazon Alexa, which showed how we’re adapting our security solutions to protected today’s connected home. We also extended our security capabilities through strategic partnerships. These include: an expanded partnership with Samsung to safeguard all Galaxy S9 smartphones, the Galaxy Note8, along with Samsung smart TVs, PCs and notebooks, a partnership with Telefónica that will provide always on protection for every connected device in the home, a strategic partnership with Türk Telekom to deliver cross-device security protection, and one with NTT DOCOMO that will deliver Wi-Fi protection and security to NTT DOCOMO mobile users.

Overall, this year’s MWC was not only exciting but proved that providers everywhere, including McAfee, are working hard to adapt their solutions to the modern digital lifestyle and ensure users everywhere have a seamless and secure experience when using their favorite device.

To stay on top of McAfee’s MWC news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post MWC 2018: Takeaways on the Key Devices and Innovations appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-takeaways/feed/ 0
McAfee’s Podcast Hackable? is Back for Season Two https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafees-podcast-hackable-season-two/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafees-podcast-hackable-season-two/#respond Mon, 05 Mar 2018 17:00:48 +0000 https://securingtomorrow.mcafee.com/?p=84954 We live in a digital era, which means the more things are becoming internet-connected, the more opportunities hackers have to infiltrate our lives. McAfee created the podcast Hackable?, which has now been downloaded over 1 million times, to raise awareness about the extreme lengths hackers are willing to go in order to steal our personal information. […]

The post McAfee’s Podcast Hackable? is Back for Season Two appeared first on McAfee Blogs.

]]>
We live in a digital era, which means the more things are becoming internet-connected, the more opportunities hackers have to infiltrate our lives. McAfee created the podcast Hackable?, which has now been downloaded over 1 million times, to raise awareness about the extreme lengths hackers are willing to go in order to steal our personal information. This show takes hacks seen throughout pop culture and puts them to the test in the real world to separate fact from fiction. And now, Hackable? is back for season two and host Geoff Siskind, with the help of the crew of good-guy hackers, is back with even more excitement.

So – what’s in store for season two? In the premiere episode, “Keyless Entry,” host Geoff Siskind teams up with a white-hat hacker to see how easy it is to break into your car using a laptop. And the fun doesn’t stop there, as with season one, new episodes will be launching every two weeks.

Within these episodes, the crew finds themselves trapped in a smart car wash that’s been taken over by hackers, they learn just how simple it is to crack someone’s password and take over all of their accounts, and they put the security of traditional locks up against the new digital ones.

So, be sure to head over to Apple Podcasts to hear all the latest episodes as well as catch up on the excitement from season one. Don’t forget to subscribe, rate, and review. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post McAfee’s Podcast Hackable? is Back for Season Two appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafees-podcast-hackable-season-two/feed/ 0
How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-mcafee-announcements/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-mcafee-announcements/#respond Tue, 27 Feb 2018 04:08:57 +0000 https://securingtomorrow.mcafee.com/?p=84645 Mobile World Congress (MWC) 2018 is finally upon us, and mobile and security providers from around the world are in Barcelona presenting the latest and greatest insight and innovation. At this year’s MWC, McAfee is excited to present our own unique insights and innovations, some of which are supported by our partners. These include: McAfee […]

The post How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation appeared first on McAfee Blogs.

]]>
Mobile World Congress (MWC) 2018 is finally upon us, and mobile and security providers from around the world are in Barcelona presenting the latest and greatest insight and innovation. At this year’s MWC, McAfee is excited to present our own unique insights and innovations, some of which are supported by our partners. These include: McAfee Secure Home Platform Skill for Amazon Alexa, the 2018 McAfee Mobile Threat Report, and our industry partnerships with Samsung, Telefónica, Türk Telekom, NTT DOCOMO.

Adapting to Alexa

As we know, the growing type and number of connected devices has changed the way security operates – which is why our team created McAfee Secure Home Platform in the first place. But now, we’re excited to announce the planned launch of the new McAfee Secure Home Platform skill for Amazon Alexa, one of the most popular connected devices out there today. Customers with a McAfee Secure Home Platform enabled router can easily manage their connected home’s network security using their voice. And it’s already gaining traction with MWC attendees, as McAfee just won “Best of MWC 2018” from PC Mag for the Alexa skill!

Insight on the changing mobile landscape

Your phone is not just a phone. It is a rich computing environment that contains the keys to your connected life. And as the 2018 McAfee Mobile Threat Report reveals, cybercriminals know that, and are tailoring their strategy to our dependency on our mobile devices. The report aims to provide insight on the explosion of mobile malware and dramatic changes to the mobile landscape. The report also tells us that there have been over 16 million infestations detected in the third quarter of 2017 alone – nearly double the number from last year.

Partnerships that strengthen our customers’ security

The ever-changing mobile landscape is precisely why we’re working with our partners to find new ways to secure our customers’ mobile devices and digital lives. McAfee is today announcing key partnerships to ensure security is built-in across devices and networks. It’s more important than ever that the entire ecosystem works together to protect consumers around the world from these attacks and deliver them peace of mind. So, how exactly are we doing this? For starters, our partnership with Samsung has expanded to safeguard all Galaxy S9 smartphones, the Galaxy Note8, along with Samsung smart TVs, PCs and notebooks. We also announced a partnership with Telefónica, which will help protect Telefónica customers, and provide always on protection for every connected device in the home. We also announced a strategic partnership with Türk Telekom to deliver cross-device security protection. What’s more – NTT DOCOMO and McAfee now have an extended partnership in order to deliver Wi-Fi protection and security to NTT DOCOMO mobile users.

We’re excited to see what’s to come for the rest of MWC, and how these announcements will help improve our customers’ lives. With these new innovations, we hope our 400 million customers can live their digital lives with confidence and comfort.

To stay on top of McAfee’s MWC news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post How McAfee is Adapting to the Mobile Landscape with New Partnerships and Innovation appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-mcafee-announcements/feed/ 0
New McAfee Report Reveals Identity Theft is the Most Expensive Form of Property Crime https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-mcafee-report-identity-theft/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-mcafee-report-identity-theft/#respond Fri, 23 Feb 2018 20:17:10 +0000 https://securingtomorrow.mcafee.com/?p=84716 Between Uber, Equifax, and a handful of others, the U.S. has witnessed major data breaches in the past year that have compromised the personal information of millions, leaving them to deal with the possibility of identity theft. And the impact is not lost on consumers, as according to a recent McAfee survey, 61% of consumers […]

The post New McAfee Report Reveals Identity Theft is the Most Expensive Form of Property Crime appeared first on McAfee Blogs.

]]>
Between Uber, Equifax, and a handful of others, the U.S. has witnessed major data breaches in the past year that have compromised the personal information of millions, leaving them to deal with the possibility of identity theft. And the impact is not lost on consumers, as according to a recent McAfee survey, 61% of consumers say their concern about online security has increased over the past five years. So, to track the effects and financial impact of these attacks, the Center for Strategic and International Studies (CSIS) and McAfee released a new report, The Economic Impact of Cybercrime, which found that identity theft is the most expensive kind of property crime in the U.S.

So, just how much money have these breaches cost everyday consumers? Identity theft specifically has cost people $10 billion more than the loses attributed to all other property crime. You heard correctly: billion. The report also tells us that since 2014, nearly three billion internet credentials and other personally identifiable information (PII) have been stolen by hackers, and two-thirds of people online (more than two billion individuals) have had their personal information stolen or compromised. In fact, cybercrime ranks third in dollar value among illegal activities globally, just behind government corruption and narcotics trafficking. 

Now the next question is – what’s being done to protect against this? Usually, those compromised by these attacks scan their bank statements, sign up for monitoring, and chop up their credit cards. But beyond that – not much. Even though consumers are concerned about their personal security, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution, meaning there is still more that can be done. Therefore, to ensure your personal identity stays protected, follow these tips: 

  • Be careful about what you share. Signing up for new services usually requires you to provide personal information. But before giving that information away, it’s critical to consider the cost of doing so and determine if the service received is worth the cost sharing that data.
  • Check your privacy settings. This is an easy one. You should adjust your settings to only share data when required, or only with people you know and trust.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help protect personally identifiable information from identity theft and fraud.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

 

The post New McAfee Report Reveals Identity Theft is the Most Expensive Form of Property Crime appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-mcafee-report-identity-theft/feed/ 0
MWC Preview: Tailoring Security to the Modern Connected Lifestyle https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-preview/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-preview/#respond Wed, 21 Feb 2018 02:25:43 +0000 https://securingtomorrow.mcafee.com/?p=84609 In 2018, we’re officially living in the “future” imagined by popular 80s movies. No, we still don’t have flying cars, but what we do have is many unique internet-connected devices. These devices can do it all – track our fitness, turn our lights on and off, allow us to live in a virtual reality – […]

The post MWC Preview: Tailoring Security to the Modern Connected Lifestyle appeared first on McAfee Blogs.

]]>
In 2018, we’re officially living in the “future” imagined by popular 80s movies. No, we still don’t have flying cars, but what we do have is many unique internet-connected devices. These devices can do it all – track our fitness, turn our lights on and off, allow us to live in a virtual reality – the list goes on. Even our mobile devices have become multi-purpose, giving us the ability to stay in touch with loved ones in a multitude of ways. So, as we’re about to enter the biggest collection of mobile innovation, Mobile World Congress (MWC), let’s take a look at the current state of the connected lifestyle, and the important role security plays in it.

The modern connected lifestyle

Looking back at the takeaways from last year’s MWC, it’s clear providers are tailoring mobile devices to our modern needs. Specifically, they designed new and improved features in order to meet those needs, including: high-quality photography, waterproof hardware, and improved charging capabilities and battery. The same goes for IoT devices – manufacturers are creating more personalized and advanced products in order to keep pace with how we live our lives in 2018. And the trend has seen traction amongst consumers, as users are practically glued to their devices now more than ever and live a completely connected lifestyle these days. What’s more – entire ecosystems will be connected as well with 5G just around the corner, making it clear this trend shows no signs of slowly down.

Protecting what matters

So, as we embrace our digital future, it’s important that we ensure our online activity and personal data stay secure. We’ve seen the threats coming after our devices adapt and become more advanced – some transform hundreds of apps into Trojanized versions of themselves, others infect our devices only to enslave them into a botnet army. That’s why at this year’s MWC, McAfee is excited to display how we plan on protecting the ”connected everything” world we live in.

McAfee and our partners aim to keep our 400M+ customers safe in this modern age by recognizing that security is more than just anti-virus. Whether you’re at home, work, or on the go, your personal information will be safeguarded by solutions that will help keep you safe online and allow you to enjoy your ‘digital life’ to the max. Mind you, we can’t do it alone – as our partners, such as Samsung and Telefónica, share our belief that security needs to be built in from the start​, and support us in our mission to secure the entire digital lifestyle.

To discuss how we’re achieving this even further, McAfee CEO Chris Young will be a keynote speaker at this year’s MWC. He will be exploring how the digital economy is catalyzed by the rapid proliferation of mobile technologies in the hands of billions of people, and how this growth will continue to transform how we do business.

So, whether you’re headed to MWC or just watching from afar, be sure to stay tuned to learn more about McAfee’s mission to secure the digital future. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, listening to our podcast Hackable? and ‘Like’ us on Facebook.

The post MWC Preview: Tailoring Security to the Modern Connected Lifestyle appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-preview/feed/ 0
What Are Serverless Apps? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-are-serverless-apps/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-are-serverless-apps/#respond Tue, 20 Feb 2018 17:16:34 +0000 https://securingtomorrow.mcafee.com/?p=84581 The smartphone market has exploded in recent years, leading to the development of over 4 million mobile apps. For mobile developers, this is both a blessing and a challenge, since there are a lot of things to think about when it comes to bringing an application to market. But with the advent of cloud computing, […]

The post What Are Serverless Apps? appeared first on McAfee Blogs.

]]>
The smartphone market has exploded in recent years, leading to the development of over 4 million mobile apps. For mobile developers, this is both a blessing and a challenge, since there are a lot of things to think about when it comes to bringing an application to market. But with the advent of cloud computing, programmers no longer have to worry about owning or even renting space on a server to run their applications. Using a new architecture, they can just pay for the computing power they actually use and have a “serverless app.”

Of course, saying an app is “serverless” is a bit of a misnomer since applications still require servers to run. The difference here is that cloud providers now run and manage the servers, allowing developers to concentrate on front-end usability. This is convenient for developers, but unfortunately it does open the door to new risks.

Because many backend functions are outsourced to third-party services, serverlesss apps have more components than traditionally built apps. This increases the potential attack surface. To put it simply, cyber thieves have a lot more windows to break into if they want to steal customer data, access accounts, steal passwords, or launch attacks.

This is a real drawback, but this new architecture style is still very popular because it has a lot of benefits for developers. They can produce apps quickly and scale them more easily, using smaller development teams, at a lower cost. This is important given the lucrative growth of the smartphone market, which surpassed PC users back in 2014. Serverless apps help developers meet users’ growing demand for new and useful applications.

This development style can also benefit the millions of smartphone users, who get more app options, and a faster release of both new features and bug fixes.

With so many upsides, there is now a wide range of cloud service providers fighting for market share by offering more and more outsourced app functions, such as troubleshooting, statistics, coding, and content delivery.

But while the convenience and cost savings of serverless apps has meant that they have grown exponentially, there is not as much information yet on how secure the new architecture. That means that as an app user, it’s up to you to take as many precautions as you can to keep your data and devices safe. And the truth is downloading any kind of app can bring some degree of risk, whether they are “serverless” or not.

Follow theses important safety tips to protect yourself from a variety of app risks:

  • Use Mobile Security. Consider this your frontline of defense against risky apps and any other mobile threats. Comprehensive security software can protect you against mobile malware, scan for dangerous apps, and ensure that your private information stays safe.
  • Consider Using a VPN. A virtual private network (VPN) is a piece of software that allows you to safely connect to the Internet over a public network. It encrypts, or scrambles, any data that you send over the network so it cannot be intercepted by cybercriminals. This is important since many public Wi-Fi networks are unsecured, and have become a growing target for cybercriminals. Using a personal VPN is especially important if you like to connect to the internet on the go, or are frequently away from your secure home network.
  • Keep Up-to-Date. Stay informed on the latest threats so you know what to look out for. The security landscape changes quickly, especially in the mobile world, so you want to make sure that you have the best tools and practices to protect both your data and your devices.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Are Serverless Apps? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-are-serverless-apps/feed/ 0
How You Can Protect Against W-2 Theft This Tax Season https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-w-2-theft-tax-season/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-w-2-theft-tax-season/#respond Fri, 16 Feb 2018 00:09:35 +0000 https://securingtomorrow.mcafee.com/?p=84546 Benjamin Franklin once said only two things are certain in life: death and taxes. And practically everyone can agree – taxes are certain. So, it’s only natural that cybercriminals are trying to take advantage of the certainty of taxes by finding ways to steal all the crucial personal data floating around during tax season. From […]

The post How You Can Protect Against W-2 Theft This Tax Season appeared first on McAfee Blogs.

]]>
Benjamin Franklin once said only two things are certain in life: death and taxes. And practically everyone can agree – taxes are certain. So, it’s only natural that cybercriminals are trying to take advantage of the certainty of taxes by finding ways to steal all the crucial personal data floating around during tax season. From deceptive phishing scams, to physical theft  – we’ve seen the exploitation of W-2s becoming a major trend as tax season is underway.

We saw W-2 phishing scams run rampant last year, and unfortunately this year is no different.

Just this past week, we saw a deceptive phishing attack compromise the personal information of 100 Waldo County employees in Maine. It began with a cybercriminal impersonating a county official and requesting confidential employee information, including W-2 forms and social security numbers. Easily deceived, an employee sent over the data and just like that, Waldo County employees were faced with potential identity theft. And this isn’t the first case we’ve seen in 2018, as earlier in February the City of Pittsburg was hit by a phishing scheme in which an employee was tricked into giving up the W-2 information of both current and former employees.

W-2 theft isn’t just digital either, as there’s a chance that thieves may head to physical mailboxes and open them in the hopes of discovering envelopes containing W-2 forms. In fact, authorities in Minnesota are expecting such thing to occur and have been warning residents to be extra vigilant with their mail.

So, whether the thievery is digital or physical, it’s important we all start taking action to protect against W-2 theft and secure our personal identities this tax season. To do just that, follow these tips:

  • File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
  • Obtain a copy of your credit report. FYI – you’re entitled to a free copy of your credit report from each of the major bureaus once a year. So, make it a habit to request a copy of your file every three to four months, each time from a different credit bureau. That way, you can keep better track of and monitor any suspicious activity and act early if something appears fishy.
  • Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Remember: the IRS only contacts people by snail mail, so if you get an email from someone claiming to be from the IRS, stay away.
  • Consider an identity theft protection solution.  If for some reason your personal data does become compromised, be sure to you an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post How You Can Protect Against W-2 Theft This Tax Season appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protect-w-2-theft-tax-season/feed/ 0
What Is a Botnet? https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-botnet/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-botnet/#respond Wed, 14 Feb 2018 17:00:43 +0000 https://securingtomorrow.mcafee.com/?p=84461 Robot armies on attack may sound like science fiction, but this is a security reality we’ve been facing for some time. You may have heard of recent threats where popular websites were knocked completely offline, or servers were forced to mine for cryptocurrencies by giant “botnets”. But you might not have known exactly what a […]

The post What Is a Botnet? appeared first on McAfee Blogs.

]]>
Robot armies on attack may sound like science fiction, but this is a security reality we’ve been facing for some time. You may have heard of recent threats where popular websites were knocked completely offline, or servers were forced to mine for cryptocurrencies by giant “botnets”. But you might not have known exactly what a botnet is, and how the devices in your home could easily become part of one.

A botnet is a collection of connected devices, or “bots” (short for robots), that are infected and controlled by malware. These devices could include your PC, webcam, or any number of connected appliances in your home. The cybercriminals who distribute malware to create botnets are generally looking to use the combined computing power of all the infected devices to launch much larger attacks.

Take, for example, the Mirai botnet, which infected millions of consumer devices such as IP cameras and home routers to launch a distributed denial of service attack that was able to cripple major websites such as Netflix, Twitter, and Reddit. Mirai took advantage of the low-level of security on most home connected devices. All the malware had to do was guess a password—many of which are known factory defaults—to seize control.

Botnets have been around for a long time, with the first instances recorded in the early 2000s as a way to send massive amounts of spam emails. But these days cybercriminals are eyeing the huge computing potential of millions of IoT devices to create botnets that can launch targeted attacks, or make money.

Some large botnets have become money-making enterprises unto themselves, with cybercrooks reselling their resources to users who want to launch their own attacks, say against online gaming rivals.

But, no matter what a botnet is used for there are a number of reasons why you don’t want your computers and devices to wind up as part of a nefarious network. Botnet malware can significantly slow down your computer or device, and keep it from functioning properly. In the case of computers, this slowdown can potentially keep you from downloading critical security updates, leaving you at an even greater risk for data theft. The malware can also be used to spam your friends and contacts in your name, and launch attacks against other networks, all without your knowledge.

Follow these important tips to keep your devices from joining the botnet army: 

  • Change Device Passwords—The first thing you want to do when you get a new IoT device is to change its default password, making it much harder for a potential attacker to gain access. Check your user’s manual for security settings. If the device has little or no built-in security, consider investing in more secure devices.
  • Keep your software up-to-date—This goes for both computer software and device firmware. Manufacturers regularly release software updates that can protect you from known vulnerabilities, so you want to make sure that you are always running the latest versions.
  • Always Use a Firewall—Firewalls monitor traffic between your Internet connection and your devices to detect unusual behavior. Even if one of your devices is infected, a firewall can keep a potential attacker from accessing all the other devices on the same network. Firewalls are often included in comprehensive security software, ensuring that all your computers and devices have protection.
  • Setup a Separate IoT Network—Instead of putting all your IoT devices on your regular home network, consider setting up a guest network that doesn’t share access to your other devices and data. Check your router manufacturer’s website to learn how. Or, consider getting a router with built-in security features, making it easier to protect all the devices in your home from one access point.
  • Practice Safe Surfing—So called “drive by” malware, which can infect your device simply by visiting a compromised website, or clicking on a dangerous ad, is being increasingly used to create botnets. In fact, millions of websites are now thought to be infected with crypto-mining malware. That’s why it’s important to be careful where you click. Make sure that you are using antivirus software, and that you enable ad blocking.And to prevent your computer from being infected with crypto mining software specifically, you may also consider installing a browser extension such as Chrome’s No Coin, or Opera for Android. Both actively block coin miners.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What Is a Botnet? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-is-botnet/feed/ 0
Are We Dating Our Devices? How Our Online Interactions Impact Our Personal Security https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/dating-devices-personal-security/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/dating-devices-personal-security/#respond Mon, 12 Feb 2018 14:00:47 +0000 https://securingtomorrow.mcafee.com/?p=84421 L is for the way you look at your technology, O is for you’re not the only one looking at it. We L-O-V-E our connected devices, our apps, and all the online social interaction that comes with them. But unfortunately, we’re not the only ones who love them, as cybercriminals are attempting to capitalize on […]

The post Are We Dating Our Devices? How Our Online Interactions Impact Our Personal Security appeared first on McAfee Blogs.

]]>
L is for the way you look at your technology, O is for you’re not the only one looking at it. We L-O-V-E our connected devices, our apps, and all the online social interaction that comes with them. But unfortunately, we’re not the only ones who love them, as cybercriminals are attempting to capitalize on our connected lifestyles in order to swoop valuable personal information. Let’s explore why this is happening, how our increased device use impacts our lives, and what we can do to show our personal security some love.

Sharing data during modern dating

We love our devices largely for the connectedness and information they provide us with. For example, modern romance has shifted towards dating apps largely because these apps connect us with world quickly and easily. On these dating apps, you share information about yourself with strangers. But could you be sharing that info with strangers that aren’t even on the app? Just a few weeks ago, security researchers discovered that popular dating app Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder’s iOS or Android app, potential hackers could see any photo the user did, or even inject their own images into his or her photo stream. These crooks could even watch a user swipe left or right. By trying to stay connected online, these dating app users could be helping cybercriminals connect to their personal data instead.

The effects of our device devotion

Ironically enough, our efforts to engage socially online don’t exactly help us strengthen real-life relationships. In fact, we know from last year’s Connected Relationships survey that as we use our connected devices more and more each day, our relationships are negatively impacted by that use.

The Connected Relationships survey respondents said that they spend an equal amount of time at home online (38%) as they do interacting with others face-to-face. And 40% felt their significant other paid more attention to their own device when they were together one-on-one. You could even say that, for many, these devices have become the “other (wo)man” in the relationship.

Though devices have managed to cause some minor riffs between couples, that doesn’t stop couples from sharing even when they shouldn’t. Out of those surveyed, nearly 30% of couples share passwords to social media accounts, 28% share passwords to personal email accounts, and most shockingly, more than 20% share their work-specific devices and accounts with their significant other.

Spread the love to your personal security

So, whether you’re sharing your private data with a dating app, or your account info with a loved one, it’s important you show your personal security some love too. To do just that, follow these tips:

  • Limit how personal you get. Whether its Tinder, another dating app, or just any regular app, only provide the program with information that is absolutely necessary — this especially goes for financial data. Additionally, take the time to remove unnecessary personal information from your devices in general that could compromise your security. The less personal data you have on a device, the safer your information will be.
  • Make passwords a priority. Ensure your passwords are secure and strong by including numbers, lowercase and uppercase letters, as well as symbols. If you’re someone who knows the struggle with generating and remembering multiple unique passwords, use a password manager, like the True Key app. A password manager can help you create strong and secure passwords and log you into your favorite websites automatically using multi-factor authentication.
  • Focus on what really matters. We love our devices, but it’s important to disconnect every now and then to spend time with the important people in our lives, like friends and family. Don’t worry: your social networks will be right there waiting for you when you get back.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Are We Dating Our Devices? How Our Online Interactions Impact Our Personal Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/dating-devices-personal-security/feed/ 0
Meltdown and Spectre Aren’t Done Just Yet – New Malware Uses Exploits to Potentially Attack Browsers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-spectre-potentially-attack-browsers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-spectre-potentially-attack-browsers/#comments Wed, 07 Feb 2018 22:38:04 +0000 https://securingtomorrow.mcafee.com/?p=84308 We kicked off 2018 with two powerful new exploits: Meltdown and Spectre. And since the discovery of Meltdown and Spectre on January 3rd, vendors have been hard at work issuing patches to remedy their nasty side effects – with the majority supplying fixes within the first week. But, unfortunately, some malware makers have still found […]

The post Meltdown and Spectre Aren’t Done Just Yet – New Malware Uses Exploits to Potentially Attack Browsers appeared first on McAfee Blogs.

]]>
We kicked off 2018 with two powerful new exploits: Meltdown and Spectre. And since the discovery of Meltdown and Spectre on January 3rd, vendors have been hard at work issuing patches to remedy their nasty side effects – with the majority supplying fixes within the first week. But, unfortunately, some malware makers have still found ways to leverage a handful of these exploits. In fact, according to the AV-Test Institute, there are currently 139 malware samples out in the wild that appear to be related to the recently reported CPU exploits and have been designed to attack web browsers running JavaScript.

So, why is this still happening? Though operating system vendors, chip makers, and browser makers have released patches to mitigate the attacks, that doesn’t exactly mean all systems everywhere have been locked down, especially as new malware strains continue to emerge. In fact, the CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754 exploits are still being abused by cybercriminals, who are leveraging them to potentially attack browsers that support JavaScript and WebAssembly.

What’s more – if they successfully infiltrate these browsers, cybercriminals can steal passwords and other personal data. So, it’s crucial users are vigilant and take the necessary precautions to secure their personal info while surfing the web. To do just that, follow these tips:

  • Exit out of your browser window. If you’re not actively using your browser window, close it. This should decrease your chances for attack and also conserve energy in the process.
  • Update everything regularly. Along with updating every type of device impacted by Meltdown and Spectre, be sure to update your browser as soon as an update becomes available. That way, you can apply any additional patches that are created to combat these new malware attacks.
  • Surf the web safely. As I noted in my last post about Meltdown and Spectre, McAfee products are not affected by this exploit. Therefore, after you’ve updated your devices with the latest security software, it’s time to take the next step in personal security by locking down your browser as well. You can do that by installing McAfee WebAdvisor, which acts your own personal safety advisor for your online activity.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Meltdown and Spectre Aren’t Done Just Yet – New Malware Uses Exploits to Potentially Attack Browsers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-spectre-potentially-attack-browsers/feed/ 2
The GDPR Basics: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gdpr-basics/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gdpr-basics/#respond Fri, 02 Feb 2018 19:33:18 +0000 https://securingtomorrow.mcafee.com/?p=79316 To ensure all companies are being held responsible for the way they handle consumer data, the European Union took action and created something called the General Data Protection Regulation (GDPR). Passed in April of 2016, GDPR was created to protect the personal data handled by companies – but what exactly does GDPR entail for consumers? Let’s take a look. 

The post The GDPR Basics: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
What companies do with consumer data has always been a hot topic – and becomes hotter after every security breach, when consumers learn more about what can go wrong with their data and worry about the implications of their personal information in the wrong peoples’ hands. In the United States, most states and several cities now have laws about data breaches and many have laws regarding some form of consumer data protection. Europe has had a data protection law covering its residents for more than twenty years.

But the past twenty years have seen lots of changes in technology and in the way data can help consumers, so the European Union has refreshed the former law – the Data Protection Directive – with a more robust law, the General Data Protection Regulation (GDPR). But what exactly does GDPR entail for consumers? Let’s take a look. 

What is GDPR?

The General Data Protection Regulation (GDPR) updates EU law to consider the internet, e-commerce, online advertising, and the increase in data driven marketing.  Many of the provisions of the prior law are restated in the GDPR, but now companies face tougher fines for non-compliance.  The new Regulation also requires companies to report breaches to their regulators and often to consumers, and allows people to ask what companies they work for and they do business with do with their data. Replacing the Data Protection Directive, GDPR is more of an evolution of existing rules rather than a revolution, but it brings in important changes and reduces the number of country-specific laws that will be allowed. These changes have been introduced due to the changing nature of the world we live, the volume and prevalence of data, and the value of personal data in an increasingly connected world.

Who Does It Affect?

With enforcement of the Regulation starting on May 25th, 2018, it’s important to know what this legislation specifically impacts. The scope of “personal data” is broad, ranging from online identifiers such as IP addresses to social identities in addition to the usual names and contact information (both personal and work in the EU), but basically GDPR will cover anything that can be traced back to you as a specific individual, aiming to better enforce the protection of personal data as a basic human right. It protects the data of EU residents– in fact, it is irrelevant where a company collecting data is based in the world as long as they have EU customers. GDPR places a requirement on companies to “implement appropriate technical and organizational” measures to ensure the security of the personal data.

The Regulation requires companies to look at how they collect and store consumer data, keep records of certain kinds of consent, and be transparent about how they use personal data.  The Regulation allows EU residents to ask companies questions about how their data was obtained, to opt out of marketing, and – in some cases – to ask that their data be deleted.

How to Prepare for It

With GDPR enforcement fast approaching, the most important thing both companies and European Union consumers can do is be educated and prepared. Companies have to review their practices and make sure they are complying with the Regulation. Consumers need to know their rights and how GDPR will enable them to ask questions about what happens to their personal data. They’ll likely see more “consent” requests attached to any data collection – and notices about data breaches.   But like any new law, the true meaning of the GDPR regarding consumer data may take years of court cases to truly unravel.

Stay on top of the latest consumer and security news by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post The GDPR Basics: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gdpr-basics/feed/ 0
McAfee Internet Security Takes Home Perfect AV-TEST Scores https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-internet-security-perfect-av-test-scores/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-internet-security-perfect-av-test-scores/#respond Wed, 31 Jan 2018 02:11:25 +0000 https://securingtomorrow.mcafee.com/?p=84117 McAfee Internet Security offers comprehensive online security with accelerated performance, and helps keep you and your family safe from cyberthreats. With McAfee Internet Security, all the personal data held on your devices is safeguarded with an extra layer of defense. In the cybersecurity space, personal devices– including mobile devices, computers, tablets – are also defined as […]

The post McAfee Internet Security Takes Home Perfect AV-TEST Scores appeared first on McAfee Blogs.

]]>
McAfee Internet Security offers comprehensive online security with accelerated performance, and helps keep you and your family safe from cyberthreats. With McAfee Internet Security, all the personal data held on your devices is safeguarded with an extra layer of defense.

In the cybersecurity space, personal devices– including mobile devices, computers, tablets – are also defined as endpoint devices. When they connect to a network, they create a potential entry point for security threats. McAfee Internet Security acts as a safeguard for these endpoint devices, as does McAfee Endpoint Security one of McAfee’s solutions for businesses. And now, we’re pleased to announce that both have been recognized for their advanced protection.

The AV-TEST Institute, a leading international and independent service provider in the fields of IT security and anti-virus research, has given McAfee Internet Security perfect scores across the board for protection, performance, and usability, resulting in 18 out of 18. What’s more the AV-TEST Institute has given McAfee Endpoint Security a Top Product Award in their latest corporate windows7 test and scored the most recent version of the product a 17.5 out of 18.

These scores are not only exciting, but truly significant as both our corporate and consumer nodes work together to deliver one of the largest real-world sensor grids available, with over 350 million clients deployed globally. These awards also remind us that these offerings will continue to be crucial as we work to fuel company growth and strengthen our customers’ security in 2018 and beyond.

Be sure to stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post McAfee Internet Security Takes Home Perfect AV-TEST Scores appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-internet-security-perfect-av-test-scores/feed/ 0
Key Considerations for Consumers Around Data Privacy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy/#respond Wed, 24 Jan 2018 01:47:04 +0000 https://securingtomorrow.mcafee.com/?p=83891 It’s 2018 – and though we’re not living in the age of flying cars, we are living in an age defined by the digital lifestyle. In today’s new age of technology, consumers are sharing more online than ever before. But, are people thinking about the privacy they sacrifice when they overshare online? This is especially […]

The post Key Considerations for Consumers Around Data Privacy appeared first on McAfee Blogs.

]]>
It’s 2018 – and though we’re not living in the age of flying cars, we are living in an age defined by the digital lifestyle. In today’s new age of technology, consumers are sharing more online than ever before. But, are people thinking about the privacy they sacrifice when they overshare online? This is especially top of mind as Data Privacy Day is upon us, which is an international effort held annually on January 28th to create awareness about the importance of respecting privacy, safeguarding data, and enabling trust. Data Privacy Day acts as an important reminder for consumers to step back and consider the digital footprint they are leaving, and the potential sensitive data they are exposing to cybercriminals. Let’s take a look at the way data is shared in the modern era, and how much of a priority data privacy really is.

The impact of the Internet of Things

One of the biggest changes to the modern digital age is the introduction of the Internet of Things, or, IoT devices. We sometimes refer to the growing amount of IoT devices as the “Internet of Me,” because these connected devices run on our personal info more often than not. The information or action provided by IoT devices is typically based on your data. Take a fitness tracker as an example, it might need some personal details in order to customize a health plan and calculate your progress towards your health goals. This is just one example of the amount of data shared with IoT devices, but reminds us that we all must remember that IoT devices put our personal information in more places in ever before, and potentially in more hands too.

Privacy as a priority

So, when it comes to keeping all of this data private – just how concerned are consumers? Well, per our recent survey, 43% of those surveyed feel like they lack control over their personal information. And another 33% are unsure to what degree they can control how companies collect their personal information.

What’s more — even though consumers are concerned about personal information and identity, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution. Plus, despite the recent increase in breaches, 39% of respondents claim their concern about online security has remained the same or has decreased over the past five years.

How to protect your personal information

Now, the question is – what next? How can you channel the important takeaways from Data Privacy Day into your everyday life? Start by following these tips:

  • Think carefully about what you are posting/sharing. Are you broadcasting that you are out of town on social media? Are you giving that app or IoT device more information than it really needs? It’s important to be conscious about how and when you share your personal information online or with an app/service. It’s also a good security practice to only share personal data when it’s truly necessary.
  • Check your privacy settings. This is an easy one. If you are inclined to overshare personal information, make sure you adjust your settings so that you only share data when required, or only with people you know and trust.
  • Utilize an identity theft solution. With all this personal data floating around online, it’s important to stay aware of any attempts to steal your identity. Use an identity theft solution, such as McAfee Identity Theft Protection, that can help you protect you personally identifiable information from identity theft and fraud.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Considerations for Consumers Around Data Privacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy/feed/ 0
Key Innovations and Takeaways from CES 2018 https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2018/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2018/#respond Wed, 17 Jan 2018 17:40:42 +0000 https://securingtomorrow.mcafee.com/?p=83756 Every year, practically everyone in the consumer electronics industry catches a flight and heads to Las Vegas for The International Consumer Electronics Show (CES). Though 2018’s show was colored by some power outages and even some flooding, it still delivered upon its typical expectations and showcased the best innovation that the industry brings to the […]

The post Key Innovations and Takeaways from CES 2018 appeared first on McAfee Blogs.

]]>
Every year, practically everyone in the consumer electronics industry catches a flight and heads to Las Vegas for The International Consumer Electronics Show (CES). Though 2018’s show was colored by some power outages and even some flooding, it still delivered upon its typical expectations and showcased the best innovation that the industry brings to the table. And out of all of these technological marvels, a few key themes emerged. Here are some of my takeaways from the event:

AR is the new reality

Given its prolific presence at CES, (augmented reality) AR tech is likely to become everyone’s shiny new toy this year. Just think about it, with AR technology, consumers have immersive experiences available right at their fingertips. A popular AR contender was the Vuzix Blade, which is a pair of Android-powered sunglasses that deliver notifications and even Alexa functionality right to your eyes via a color display. Other notable mentions include the Lenovo Mirage Solo and Arsenz Thermoglass with FLIR.

Smart homes are the new norm

At CES last year, connected household devices were popular, but now they’re so prevalent that they’ll soon redefine the modern home entirely. There were smart doorbells that allow users to answer their door even if they’re not at home, a connected thermostat that learns the behavior of homeowners, and even a voice-lighted mirror with Amazon Alexa embedded into it. In fact, Samsung said it will increase its own smart home offerings, pledging that all of its devices from TVs to washing machines will be “smart” by 2020.

Security goes beyond standard devices

 At McAfee, we understand that IoT devices continue to permeate the modern home. That’s why we’ve created McAfee Secure Home Platform as the answer to the IoT boom. At this year’s CES, we even took over the Public House Restaurant in the Venetian and simulated a smart home experience to showcase how exactly McAfee Secure Home Platform works. We also continued our mission of protecting the connected home by working with D-Link on the new AC2600 Wi-Fi Router Powered by McAfee.

We continued the theme of extending protection beyond the PC or mobile phone by partnering with Samsung on Samsung Secure Wi-Fi, with back-end technology from McAfee to encrypts personal information during sensitive transaction and online activities.

And last but not least, we moved into a new space with the launch of McAfee Identity Theft Protection, designed to provide exactly that. This solution allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secure.

All in all, CES 2018 proved that innovation isn’t slowing down, and that also goes for connected devices and the technology that protects them. Both IoT devices and cybersecurity landscape are adapting to the needs of everyday consumers to make sure everyone can enjoy their digital life in a safe way.

To stay on top of McAfee’s CES news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Innovations and Takeaways from CES 2018 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ces-2018/feed/ 0
McAfee Focused on Protecting Customers’ Identity, Connected Homes and Wi-Fi Connections https://securingtomorrow.mcafee.com/consumer/mcafee-ces-solutions-partnerships/ https://securingtomorrow.mcafee.com/consumer/mcafee-ces-solutions-partnerships/#comments Mon, 08 Jan 2018 13:00:03 +0000 https://securingtomorrow.mcafee.com/?p=83514 As we kick off the new year, McAfee is optimistic about what the future holds. We protect more than 375 million customers worldwide, and we’re continuing to innovate to bring the best protection possible to people worldwide. Specifically, we’re bringing new solutions and partnerships to the table, which both fuel company growth and strengthen consumer […]

The post McAfee Focused on Protecting Customers’ Identity, Connected Homes and Wi-Fi Connections appeared first on McAfee Blogs.

]]>
As we kick off the new year, McAfee is optimistic about what the future holds. We protect more than 375 million customers worldwide, and we’re continuing to innovate to bring the best protection possible to people worldwide. Specifically, we’re bringing new solutions and partnerships to the table, which both fuel company growth and strengthen consumer security. Let’s dive in to what those look like.

Solutions for the Modern Threat Landscape

 First and foremost, McAfee is continuing to extend security into all facets of consumers’ digital lives with solutions such as McAfee Secure Home Platform, McAfee Safe Family and McAfee Safe Connect. All these offerings can help consumers have peace of mind in an ever-changing digital world fueled by volume, speed and complexity.

Beyond that, we’re also implementing new offerings that help consumers adapt to modern threats.  In the wake of recent massive data breaches, McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured. With this new solution, we’re aiming to make the digital world a safer place to live, work and play.

New Partnerships Help Consumers Stay Safe

Collaboration is vital in continuing our mission to protect the connected home. To drive connected home device security forward, we worked with D-Link on the new AC2600 Wi-Fi Router Powered by McAfee. The router, which utilizes Intel’s connected home technology, will automatically protect users’ connected home devices. It features parental controls, protection for IoT devices, and real-time monitoring for safer browsing.

More and more, consumers are using their mobile phones to connect to public Wi-Fi, which opens them up to having their personal information accessed by cybercriminals. McAfee’s partners understand this risk and share the collective vision of building security into devices from the start. Samsung Secure Wi-Fi, featuring back-end technology from McAfee, which encrypts personal information during sensitive transaction and online activities, is now also available on the Samsung Galaxy Note8 in the U.K., Germany and France.

Beyond our new collaborations with D-Link and Samsung, McAfee continues to work with industry partners including HP, Dell, Lenovo, LG, Verizon and Telefonica to help secure devices from the start. Given the complexity of the cybersecurity space, we can’t do it alone –  and by working with leading companies who share our vision to help protect their customers, we don’t have to. These key partnerships underscore our commitment to industry collaboration and play a vital role in McAfee’s role as an industry leader.

To stay on top of McAfee’s CES news, and, of course, the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post McAfee Focused on Protecting Customers’ Identity, Connected Homes and Wi-Fi Connections appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mcafee-ces-solutions-partnerships/feed/ 1
Meltdown and Spectre 101: What to Know About the New Exploits https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-and-spectre/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-and-spectre/#comments Fri, 05 Jan 2018 19:37:26 +0000 https://securingtomorrow.mcafee.com/?p=83535 Between the Blueborne vulnerabilities and the High Sierra Mac flaw – we saw some nasty bugs in 2017. Now, 2018 has already introduced us to some powerful new exploits: Meltdown and Spectre. These are cyber-attack techniques that seek to exploit operating system technologies that normally function safely, as designed, but researchers have cleverly identified a […]

The post Meltdown and Spectre 101: What to Know About the New Exploits appeared first on McAfee Blogs.

]]>
Between the Blueborne vulnerabilities and the High Sierra Mac flaw – we saw some nasty bugs in 2017. Now, 2018 has already introduced us to some powerful new exploits: Meltdown and Spectre. These are cyber-attack techniques that seek to exploit operating system technologies that normally function safely, as designed, but researchers have cleverly identified a way to use these benign technologies for malicious purposes. They basically manipulate the protections that separate applications from operating systems, as well as applications from other applications running on the same computer. They also affect a wide range of devices that we use in our daily lives, including both PCs and phones.

So, how exactly could Meltdown and Spectre have such an impact? First, let’s back up and explore the role they play in operating systems. Most modern operating systems perform speculative execution, and even execute instructions before it is certain that those instructions need to be executed. This makes it possible for one process to infer that some data belongs to another process.

As McAfee CTO Steve Grobman views it, we should think of these vulnerabilities in the sense of modern banking — we rely on banks to perform operations on our behalf, and when we request that a payment is made, our banks will move things around behind the scenes to ensure successful transactions we couldn’t execute as individuals. Just like with banking, we rely on these operating systems to perform services on our behalf, which often involves important data.

Now, what’s dangerous about Meltdown and Spectre is that these attacks can “melt” the barriers between unprivileged applications and the privileged operating system. Essentially, this means pulling back the curtains on all the behind-the-scenes data involved in these services. This allows attackers that leverage Meltdown and Spectre to potentially steal passwords, financial data or information from other applications. What’s more – cybercriminals are attempting to leverage these exploits in other ways too, as a fake patch is currently being circulated that is actually a front for a malware called Smoke Loader.

So, the next question is – how do you ensure your devices and data are protected from these exploits? You can start by following these tips:

  • Turn on auto-update. Make sure Windows auto-update is turned on as a best practice, and that you’re connected to the internet so that McAfee auto-update can work too. If Windows auto-update is turned on, there’s nothing else you need to do. But if you manually update Windows, it will succeed no later than Tuesday once McAfee’s auto-update occurs.
  • Update everything immediately. Beyond applying any updates received from Windows, it’s crucial you update everything else too. That way, you can apply any patch you receive from all PC, phone, and mobile app providers that have been affected.
  • Go straight to the source. The phony patch carrying Smoke Loader comes from a fake website claiming to be part of the German Federal Office for Information Security. So, in order to avoid this fake patch and others like it, always be sure to only go straight to source – meaning, go directly to the site of your provider.
  • Lock down your devices with comprehensive security. McAfee products are not affected by this vulnerability nor the Windows changes that address it. Therefore, after you’ve updated your devices with the latest software, be sure to install comprehensive security. A solution like McAfee LiveSafe can ensure your devices are protected from cybercriminals wishing to leverage this vulnerability in order to steal your personal data.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Meltdown and Spectre 101: What to Know About the New Exploits appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/meltdown-and-spectre/feed/ 6
Key Findings from our Survey on Identity Theft, Family Safety and Home Network Security https://securingtomorrow.mcafee.com/consumer/key-findings-from-our-survey-on-identity-theft-family-safety-and-home-network-security/ https://securingtomorrow.mcafee.com/consumer/key-findings-from-our-survey-on-identity-theft-family-safety-and-home-network-security/#respond Wed, 03 Jan 2018 05:01:06 +0000 https://securingtomorrow.mcafee.com/?p=83393 The world is connecting to the internet now more than ever before. As a result, the popularity of connected devices has changed the way we live our lives – in particular, the way we handle our personal information. To get a sense of consumers’ habits and attitudes around the digital landscape, McAfee surveyed 6,400 people […]

The post Key Findings from our Survey on Identity Theft, Family Safety and Home Network Security appeared first on McAfee Blogs.

]]>
The world is connecting to the internet now more than ever before. As a result, the popularity of connected devices has changed the way we live our lives – in particular, the way we handle our personal information. To get a sense of consumers’ habits and attitudes around the digital landscape, McAfee surveyed 6,400 people globally for its study, New Security Priorities in An Increasingly Connected World. The survey reveals what consumers’ security focuses and concerns are as we move into 2018.

Data breach concerns are high, but action is minimal

It’s no secret that the plethora of recent data breaches and malware attacks have put the personal information and identities of millions of Americans at risk. Many are feeling that they have a lack of control over their personal information (43% of those surveyed, in fact). And another 33% rank protecting their identity as their number one cybersecurity priority ahead of protecting privacy, connected devices, data, and connected home devices.

However, even though consumers are concerned about their personal information and identity, only 37% of individuals use an identity theft protection solution, and 28% have no plans to sign up for an ID theft protection solution. This is all in spite of the fact that 61% of respondents are more concerned about cybersecurity than they were 5 years ago.

So, out of those surveyed – how many are proactive about protecting their identity, and how do they do it? The most common way respondents aim to prevent identity theft is to check online bank accounts for unauthorized charges or withdrawals (67%). 43% of those surveyed check social media for fraudulent activities like posts on social media that were not created by them , and 37% use credit monitoring services. Shockingly, 15% claimed to take no specific action at all.

Keeping your family safe online

The concerns around personal data apply to kids too, as today’s children are practically glued to their phones and tablets, and often don’t inform their parents about who they are talking to, where they are going online and what they are posting.

In fact, almost one third of parents do not monitor their child’s connected device usage, and only 44% keep devices in their possession and let their child use the device when they can be monitored. But the reality is, 40% of parent respondents discovered that their children have accessed a website that they do not approve of, while only 26% of said parents use software to monitor their child.

Protecting your home

Though survey respondents are most concerned about their personal data, and that of their children’s, their focus also extends to the very homes they live in. With the boom of Internet of Things (IoT) devices, the home network is being asked to handle more devices than ever before.

And it’s becoming harder to manage for the owners of those devices. 52% of respondents were either unsure or had no idea how to check to see if their connected devices and apps are secured. The biggest worry among respondents about having their wireless home network hacked is that cybercriminals could steal personal information and make them a victim of identity theft (63%). A total of 17% of those surveyed say they have never considered the implications of their network being hacked.

How to stay protected

So, if you have a few of these concerns on your mind, fear not – there’s steps you can take to stay protected. Start by following these :

  • Review your account info. Regularly reviewing online bank/credit account transactions can help you spot suspicious activities or purchases. If you do stumble upon something fishy, be sure to report it to your bank or credit institution immediately.
  • Start the conversation early and get access. For parents, it’s imperative to start talking to children about online safety at an early age. You can start with simple rules like “stay away from people you don’t know in “real life” or “don’t open emails from strangers.”
  • Consider using identity theft protection. An identity theft protection service can monitor your accounts, alert you of potential problems, insure you against ID theft, and help you regain your money and credit if you are a victim of fraud.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

 

The post Key Findings from our Survey on Identity Theft, Family Safety and Home Network Security appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/key-findings-from-our-survey-on-identity-theft-family-safety-and-home-network-security/feed/ 0
Starbucks Bitcoin Mining Incident Reminds Us of the Risks of Public Wi-Fi https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/starbucks-bitcoin-mining/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/starbucks-bitcoin-mining/#respond Thu, 14 Dec 2017 23:56:52 +0000 https://securingtomorrow.mcafee.com/?p=83253 Most of us order our coffee with half and half, or a pastry on the side. But what Buenos Aires Starbucks goers didn’t realize is that they were ordering their cup of joe with a side of Bitcoin mining. Just this this week, a coffee lover and Stensul’s CEO Noah Dinkin noticed that while logging […]

The post Starbucks Bitcoin Mining Incident Reminds Us of the Risks of Public Wi-Fi appeared first on McAfee Blogs.

]]>
Most of us order our coffee with half and half, or a pastry on the side. But what Buenos Aires Starbucks goers didn’t realize is that they were ordering their cup of joe with a side of Bitcoin mining. Just this this week, a coffee lover and Stensul’s CEO Noah Dinkin noticed that while logging into Wi-Fi provided by one of the coffee chain’s Buenos Aires outlets, his device was being used to mine for cryptocurrency.

First off – what exactly is Bitcoin mining? As defined by Investopedia, Bitcoin mining is the process by which transactions are verified and added to the public ledger, known as the block chain, and also the means through which new bitcoin are released. Anyone with access to the internet and suitable hardware can participate in mining.

So, you can only imagine Dinkin’s surprise when he discovered the café’s Wi-Fi doing exactly that. “Hi Starbucks, did you know that your in-store Wi-Fi provider in Buenos Aires forces a 10 second delay when you first connect to the Wi-Fi so it can mine Bitcoin using a customer’s laptop?” he asked on Twitter. Although Dinkin initially believed the code was forcing his laptop to try to mine for Bitcoins, other Twitter users noted that it had in fact been designed to mine another digital currency – Monero.

It seems this was a surprise to Starbucks too, which later made it publically aware that their Wi-Fi provider was hit with malware. “As soon as we were alerted of the situation in this specific store last week, we took swift action to ensure our internet provider resolved the issue and made the changes needed in order to ensure our customers could use Wi-Fi in our store safely,” the official Starbucks account tweeted to Dinkin.

This entire incident was a bit surprising, as victims’ computers are normally targeted for Bitcoin mining via infected websites. Regardless, this issue does highlight one thing: the risk of using public Wi-Fi.

Therefore, to protect yourself from this Bitcoin mining attack and others that leverage public Wi-Fi, be sure to follow these tips:

  • Be selective with what Wi-Fi you access and what you share with it. The convenience of public Wi-Fi doesn’t always outweigh its drawbacks. Only connect to a public Wi-Fi network if you absolutely need to. And when you do, be sure to be careful with what data you share while accessing that network.
  • Consider a VPN. A Virtual Private Network (VPN) extends a private network across a public network, and can help to secure and encrypt your data on public Wi-Fi networks. Therefore, find yourself a solid VPN, such as such as McAfee Safe Connect, to implement on your device.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Starbucks Bitcoin Mining Incident Reminds Us of the Risks of Public Wi-Fi appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/starbucks-bitcoin-mining/feed/ 0
Tech Support Scammers Try to Use Spotify Forums to Trick Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-scammers-spotify-forums/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-scammers-spotify-forums/#respond Wed, 13 Dec 2017 00:27:52 +0000 https://securingtomorrow.mcafee.com/?p=83167 We’ve seen scammers imitate Amazon, PayPal and other major companies this holiday season. And it seems that the scams just keep coming, as a collection of big name companies are now being mimicked on the forums of a legitimate one: Spotify. It’s been discovered that tech support scammers have been using Spotify forums to inject […]

The post Tech Support Scammers Try to Use Spotify Forums to Trick Users appeared first on McAfee Blogs.

]]>
We’ve seen scammers imitate Amazon, PayPal and other major companies this holiday season. And it seems that the scams just keep coming, as a collection of big name companies are now being mimicked on the forums of a legitimate one: Spotify. It’s been discovered that tech support scammers have been using Spotify forums to inject their phone numbers into the first page of the Google & Bing search results in order to offer fake services.

Not only do these offers make it harder for those who have valid questions to use Spotify’s forums, they also allow tech support scammers to rank extremely well within internet searches. What’s more – they can trick unknowing callers into purchasing unnecessary or even malicious services and software.

The tech support scams being posted to Spotify feign to be from organizations such as McAfee, Apple, Microsoft, Norton, Tinder, Linksys, AOL, Turbotax, Coinbase, Amazon, and more. The sheer volume of scammers can be largely attributed to a lapse in proper verification, as Spotify does not require email verification before allowing a user to post. That means any fake email address can still post on these forums. However, the good news is — while the number of scammers out there is concerning, Spotify has acknowledged the problem and has said they’re in the process of working on a fix.

So now the next question is – what can you as a user do to ensure you avoid the influx of scams hitting the internet this holiday season? You can start by following these security tips:

  • Go directly to the source. It’s a good security rule of thumb: when you need to contact support services, always go directly to a company’s website to be sure you’re working with the real deal.
  • Do your homework. Before engaging with any service or software, always look into its legitimacy. Google the number provided and read online reviews — if something comes up that seems remotely fishy, avoid interacting with the company entirely.
  • Stay secure while you browse. Sometimes it’s hard to identify whether a website or a post is full of malicious activity or is being operated by a cybercriminal. So, add an extra layer of security to your browser, and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Tech Support Scammers Try to Use Spotify Forums to Trick Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tech-support-scammers-spotify-forums/feed/ 0
Top Online Scams & How To Avoid Them https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-online-scams-avoid/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-online-scams-avoid/#comments Wed, 06 Dec 2017 19:54:48 +0000 https://securingtomorrow.mcafee.com/?p=82974 If you’re like most people, going online is a natural part of your day and you don’t focus on the dangers that may lurk there. But the unfortunate truth is that crooks and scammers around the globe have become very good at tricking us out of our information and money. They do this by taking […]

The post Top Online Scams & How To Avoid Them appeared first on McAfee Blogs.

]]>
If you’re like most people, going online is a natural part of your day and you don’t focus on the dangers that may lurk there. But the unfortunate truth is that crooks and scammers around the globe have become very good at tricking us out of our information and money. They do this by taking advantage of both the open nature of the internet, and our own willingness to share.

One of the main techniques they use is called “social engineering.” This is when scammers use deception or misinformation to get us to reveal personal information, make a security mistake, or even send money. Let’s take a look at some recent online scams to learn how these methods work, and how to avoid them.

Phishing Attacks—The spelling may be a little different, but the concept of online “phishing” is the same as fishing in water. Phishers throw out bait, such as phony offers, sensational headlines, and free products, in the hopes of hooking us.

For instance, one recent scam uses fake emails that appear to come from the popular streaming service Netflix, asking users to update their billing information. It hooks users in two ways: it uses familiar Netflix branding, and frightens diehard fans by telling them that their account is suspended unless they provide credit card details to renew their subscription.

Another popular scam involves fake messages from the IRS, saying the recipient has a tax refund waiting and just needs to supply some personal information, or download an email attachment to receive the money. Sadly, victims often have their data stolen, their computer or device infected with malware, or both.

Social Media Scams—Social media networks are designed for sharing, but we often share too much. This can include private and identity information, as well as our exact location. Scammers love to take advantage of this openness to try to get us to share even more, including our money.

One recent Facebook scam appears as a post from Delta Airlines, offering two free tickets to everyone who fills at a survey and shares the post, so it can potentially hook their friends too. The survey asks for their personal information, and no free tickets are ever given.

Even taking what looks to be fun and harmless quizzes, with no freebies attached, can be risky. For instance, a recent quiz widely circulated on Facebook called “10 Concerts I’ve Been To” turned out to be a scam designed to tease out answers to users’ login security questions.

Fake Virus Alerts & Tech Support Scams—Having computer or device problems is a real headache, and scammers know that we’ll do almost anything to avoid the loss of data and downtime. That’s why their tech-related scams are so effective.

Fake virus warnings, saying that your computer or device is infected, and you need to call a support hotline to fix the problem, are the latest version of this scam. Once the user calls the number they are asked for their credit card information, and sometimes they request remote access to the computer to fix the problem. Once they get access, they can potentially steal private information or infect the machine with malware.

Some bogus virus warnings even include a pop-up dialog box saying, “We’re here to help,” with a call button. If you press the button using your smartphone it dials the scam line.

Given the prevalence of tech support scams, if you have an issue it’s always best to contact your security provider’s support department through official channels, either listed on their website or included in product packaging.

Order & Delivery Scams—It used to be that package and delivery scams were the most prevalent over the holidays, when many people order gifts online, but thanks to the popularity of Amazon.com these scams are appearing year-round.

Traditional package scams usually involve fake messages claiming you have a package arriving and need to provide personal information, or click on what turns out to be a dangerous link. Modern scammers are even mimicking official Amazon notices, with a spoofed Amazon email address. But the latest scam goes one further, tripping up Amazon’s own package tracking service.

When some Amazon users order items from third-party sellers the dodgy sellers ship an empty box to an address near the person who ordered the product, and the delivery is signed for. To Amazon, it appears as though the package was legitimately ordered and received, so they send an email delivery notification to the buyer. The buyer, of course, has not received the product they paid for. Meanwhile, the dodgy third-party seller keeps the money. To respond to these growing scams, Amazon is now supplying users with helpful information on how to spot and report spoofed emails.

Since online scams are evolving and becoming more sophisticated all the time, here are a few tips to help keep you safe:

  • Be careful about what you post online, and never respond to a request for personal information sent via email, text, or social media message unless you personally know and trust the contact.
  • Avoid “free” offers since they are usually a scam.
  • If you receive a message that appears to be from your bank, credit card company, or the government saying there is a problem with an account, call them directly to confirm the issue.
  • Before buying something online, check the seller’s reviews first, and stick to reputable websites and app stores.
  • Always use comprehensive security software and keep it up-to-date.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Top Online Scams & How To Avoid Them appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-online-scams-avoid/feed/ 1
PayPal Users: Here’s What You Need to Know About the New Phishing Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/paypal-phishing-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/paypal-phishing-scam/#comments Wed, 06 Dec 2017 01:04:51 +0000 https://securingtomorrow.mcafee.com/?p=82925 It’s the season of giving, which means internet scams are practically everywhere, as cybercriminals are trying to trick eager holiday shoppers. So, it’s unsurprising that yet another scam has emerged, this time targeting millions of PayPal users with manipulative phishing emails. The emails, which are intended to look like they’re from customer support, are trying to […]

The post PayPal Users: Here’s What You Need to Know About the New Phishing Scam appeared first on McAfee Blogs.

]]>
It’s the season of giving, which means internet scams are practically everywhere, as cybercriminals are trying to trick eager holiday shoppers. So, it’s unsurprising that yet another scam has emerged, this time targeting millions of PayPal users with manipulative phishing emails. The emails, which are intended to look like they’re from customer support, are trying to convince users to validate fake transactions.

How it works

This phishing scam does a pretty good job at seeming believable. The email leverages the PayPal logo and the sender’s address appears to be service@paypal.com. Additionally, an order number is referenced and the message claims that the user needs to click a link in order to verify the transaction. The order number is entirely fake, and the link actually leads users to epauypal.com.

From there, victims are lead through an authentication process that asks for name, date of birth, address, mother’s maiden name, and a credit card number. What’s more — the site has a valid SSL certificate, which is the green lock icon in the corner of your browser that indicates that you are connected to the address shown in the address bar.

How to stay protected

Fortunately, there are a few key indicators that reveal the scam’s true colors. First off, the header bar on epauypal.com is missing a “help” link. There’s also no alarm bell for notifications or a gear icon that you can use to update your settings. Plus, normal verification procedures don’t typically involve an additional form like the one from epauypal.com. So be sure to keep an eye out for all these red flags.

However, beyond staying aware of these indicators, there’s a few other things users can do to stay protected from this malicious phishing scam:

  • Go directly to the source. This scam could be easily avoided if users simply go directly to the PayPal website. It’s a good security rule of thumb: when an email comes through requesting personal info, always go directly to the company’s website to be sure you’re working with the real deal.
  • Be careful what you click on. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Place a fraud alert. If you know your data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.
  • Stay secure while you browse. Sometimes it’s hard to identify whether a website, such as epauypal.com, is full of malicious activity or is being operated by a cybercriminal. So, add an extra layer of security to your browser, and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post PayPal Users: Here’s What You Need to Know About the New Phishing Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/paypal-phishing-scam/feed/ 2
Protecting Your Personal Identity During Holidays https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protecting-personal-identity-holidays/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protecting-personal-identity-holidays/#respond Mon, 04 Dec 2017 17:00:08 +0000 https://securingtomorrow.mcafee.com/?p=82903 December is finally upon us, which means the holidays are coming. While we’ll all be thinking about others during this time, it’s not selfish to be thinking about yourself when it comes to protecting your identity. The plethora of massive data breaches — and the millions of consumers they impact — remind us just how […]

The post Protecting Your Personal Identity During Holidays appeared first on McAfee Blogs.

]]>
December is finally upon us, which means the holidays are coming. While we’ll all be thinking about others during this time, it’s not selfish to be thinking about yourself when it comes to protecting your identity. The plethora of massive data breaches — and the millions of consumers they impact — remind us just how important this is. And with the holidays, the risk for identity fraud is only going to increase, since digitally connected consumers, who are likely to do their holiday shopping online, are 30% more likely to be a fraud victims, according to Javelin research.

So, how exactly do you ensure your identity stays yours during the holiday season? While EMV or ‘chipped’ cards have been helping to reduce fraud at brick-and-mortar retail, undeterred fraudsters have focused their efforts online. In fact, they’ve increased “card-not-present” fraud (which is when the customer does not physically present the card to the merchant during the fraudulent transaction) by 40% in 2016, according to Javelin research.

Worse yet, Account Takeover fraud, which is when a fraudster uses a victim’s account information (e.g., a credit card number) to obtain products and services using that person’s existing accounts, spiked by 61%. This just goes to show that fraudsters are the worst kind of innovators. And this also means that, with ever-increasing holiday gifts being purchased online, equipping yourself with identity theft protection tools is more important than ever.

Therefore, as a savvy consumer, it’s important to take a proactive approach to protecting your identity and it all starts with following these best practices:

  • Be selective with your stores. It’s important you only shop from retailers you know and trust. When surfing the web for gifts, be sure to look for icons such as a padlock or unbroken key at the top or bottom of your browser as a sign that encryption is used.
  • Create strong passwords. It’s important you safeguard the accounts containing personal information with a strong and unique password. The more complex your password is, the more difficult it will be to crack. An online account containing your sensitive data should not be locked with passwords like “12345” or “password.”
  • Be wary of holiday scams. Crooks are hoping to trick eager and giving consumers into giving up their personal info with fake holiday scams. So, be careful about how much personal information you share online and never respond to emails or text messages requesting sensitive data unless you know and trust the source. Remember, if it sounds too good to be true, it usually is.
  • Regularly review your online account info. Things like regularly reviewing transactions online and making sure account contact info hasn’t changed are also good for keeping tabs on anyone trying to hijack your account.
  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Protecting Your Personal Identity During Holidays appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/protecting-personal-identity-holidays/feed/ 0
How to Keep Your Data & Devices Safe While Traveling https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/keep-data-devices-safe-traveling/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/keep-data-devices-safe-traveling/#respond Fri, 01 Dec 2017 21:05:08 +0000 https://securingtomorrow.mcafee.com/?p=82897 Whether you are traveling for the holidays, summer break, or for business, there are steps you can take to make sure that your devices are travel-ready. Whether you realize it or not, you can face new dangers while you’re on the road and away from your secure home network. Not only are devices more likely […]

The post How to Keep Your Data & Devices Safe While Traveling appeared first on McAfee Blogs.

]]>
Whether you are traveling for the holidays, summer break, or for business, there are steps you can take to make sure that your devices are travel-ready. Whether you realize it or not, you can face new dangers while you’re on the road and away from your secure home network. Not only are devices more likely to be lost or stolen, you also run a greater risk of connecting to an unsecured network, or leaking your location and private information to potential crooks or scammers. That’s why it’s important to take the following precautions before you travel with your technology.

Know Your Networks—If you plan to stay connected while you’re away, be very careful about which networks you use, and avoid free Wi-Fi, like those offered in many airports, cafes and hotels, which may or may not be secure. It’s very easy for a hacker to access the private information stored on your device over an unsecured network. They simply use a piece of software to scan the network and look for any services you may have left open. Or, they can setup their own free Wi-Fi network in a public place, giving them access to any device that connects with it. That’s why you should make sure that you only use password-protected networks, at the least.

If you are on your mobile device consider turning off Wi-Fi all together and connecting through your network provider. They use encryption to scramble your data so third parties cannot read it.

Consider investing in a virtual private network (VPN), which is a piece of software that allows you to connect to a secure network over the Internet.

Turn Off Location Information—Many apps and online services track your location in order to map or tag you to certain spots, but unless you need navigation help while on the road you should turn this option off.

Sharing your location while you’re away can be dangerous since it alerts potential thieves when your home is empty. You should also avoid posting social media updates and photos while on vacation, for the same reason. Wait until you return home to tell people about your trip.

It’s also a smart idea to check to see if services you use access your location even though they don’t need this information to work properly. If so, turn off the location sharing option if you can, or consider deleting nosy apps to protect your privacy.

Use Mobile Security—Locking your devices with a PIN code so strangers cannot access your data is a great first step, but you should also consider comprehensive mobile security. This can help safeguard you from malware, risky links sent in email or via text, and even provide anti-theft protection. For instance, McAfee Mobile Security allows you to track a lost or stolen device, and even sound an alarm and take a picture of the culprit. It also allows you to lock down your sensitive apps, for banking or shopping, for instance, so they cannot be accessed even if your device falls into the wrong hands.

Don’t Leave Your Devices Unattended—Considering that we now carry our whole lives on our devices, including identity information, contacts, banking logins, and more, it’s essential that you do not leave your devices unattended in public. Make sure to keep them tucked away, with both screen locks and mobile security activated. Also, avoid loaning your devices to strangers to make a phone call or look something up, for instance, since this could be a scam.

Travel Data Light—Consider using a pared down phone while on the road that only has the apps you need, such as mapping, and allows you to make calls. That way, you’re not putting all of your critical data at risk if your device is lost or stolen. If you are traveling abroad, picking up a cheap phone to use while out of the country also gives you the advantage of being able to call and text at local rates.

Backup All Your Data—Do this before you go, just in case you lose your device. This way you still have all your data, no matter what happens.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How to Keep Your Data & Devices Safe While Traveling appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/keep-data-devices-safe-traveling/feed/ 0
Massive Security Flaw for High Sierra Macs Emerges https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-flaw-high-sierra-macs/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-flaw-high-sierra-macs/#respond Thu, 30 Nov 2017 19:10:28 +0000 https://securingtomorrow.mcafee.com/?p=82877 When it comes to cybersecurity, we’ve seen our fair share of device flaws. Sometimes, hackers leverage these vulnerabilities to execute complicated attacks that compromise your data. And sometimes, there are flaws that hardly require cybercriminals to lift a finger. Just yesterday, a massive flaw emerged that embodies the latter. This vulnerability is found in High […]

The post Massive Security Flaw for High Sierra Macs Emerges appeared first on McAfee Blogs.

]]>
When it comes to cybersecurity, we’ve seen our fair share of device flaws. Sometimes, hackers leverage these vulnerabilities to execute complicated attacks that compromise your data. And sometimes, there are flaws that hardly require cybercriminals to lift a finger. Just yesterday, a massive flaw emerged that embodies the latter. This vulnerability is found in High Sierra Macs, and allows anyone to log into a device just by typing “root” in the user name field.

How it works

Anyone can access this flaw by first going to “System Preferences” on the home page of a Mac computer and then entering one of the panels that has a lock in the lower left-hand corner. This is usually where you would go to enter in your name and password, which is required when installing an application or changing settings. From there, simply type “root” as a username, leave the password field blank, click “unlock” twice, and you’ll immediately gain full access to the device.

This essentially means that anyone that gets their hands on your computer could gain the deepest level of access to your device, otherwise known as “root” privileges. They could add administrators, change critical settings, even lock out the current owner. What’s more – this flaw could allow malware to install itself deep within your computer, especially since no password is required for access.

Fortunately, Apple has stated that a fix is on the way and workaround is available in the interim. They explained, “in the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

How to stay protected

So, the next question is – what can you do to ensure your Mac stays secure? Start by following these tips:

  • Do not leave your Mac unattended until this is resolved. With this vulnerability, the main way someone can access your files is by first and foremost accessing your physical device. So be sure to never leave your computer unattended, or hand it over to someone you don’t know that well.
  • Update regularly. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. And even though a fix for this particular flaw has not been issued yet, it’s certainly on the way.
  • Install comprehensive security. After you’ve updated your devices with the latest software, be sure to install comprehensive security. A solution like McAfee LiveSafe can ensure your devices are protected from cybercriminals wishing to leverage this vulnerability in order to steal your personal data.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Massive Security Flaw for High Sierra Macs Emerges appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/security-flaw-high-sierra-macs/feed/ 0
Key Takeaways for Consumers From Our 2018 Threats Predictions Report https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/2018-threats-predictions-report/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/2018-threats-predictions-report/#respond Wed, 29 Nov 2017 18:17:16 +0000 https://securingtomorrow.mcafee.com/?p=82844 As 2017 winds down, we all start looking ahead and anticipate what’s to come for 2018. For us at McAfee, that means examining what the cybersecurity landscape will look like in the new year, and what threats we think will be on the rise. The Report examines what the state of cybersecurity is going to […]

The post Key Takeaways for Consumers From Our 2018 Threats Predictions Report appeared first on McAfee Blogs.

]]>
As 2017 winds down, we all start looking ahead and anticipate what’s to come for 2018. For us at McAfee, that means examining what the cybersecurity landscape will look like in the new year, and what threats we think will be on the rise. The Report examines what the state of cybersecurity is going to look like with new devices, new risks, and new threats appearing every day. I found two main predictions that consumers need starting thinking about now.

Top 2018 threats predictions for consumers

Homes will become the ultimate storefront

Most of us view our home as a safe and private space. But as IoT devices fill households everywhere, companies will have powerful incentives to observe what you are doing in your home, and probably learn more than you want to share. The McAfee Labs team predicts corporations will get creative with IoT devices and explore new ways to capture the data shared with them. They’ll find ways to adjust to data privacy fines, and change the terms and conditions on your product or service to cover their lapses. Simply put, it’s going to be more challenging to secure your personal privacy when using IoT devices. What’s more – this means the next year will probably see a significant increase in data breaches.

Securing your child’s digital future

Children are introduced to the digital landscape earlier than ever before. And although they face an exciting future of gadgets, services, and experiences, they also face bigger risks to their privacy. Our Labs team believes that in 2018 organizations will begin to collect and leverage the digital content generated by children to achieve user app “stickiness,” which means its important parents begin teaching them how to make the most of this bright future while using apps and devices in a secure way. The way we share online makes our lives very public, so the consequences of a thoughtless post or online interaction can unfortunately do some serious damage.

How to stay protected

It’s important you get proactive in order to prevent these predictions from impacting your personal security in 2018. You can protect both you and your family from these incoming threats by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product and manufacturer will often do the trick.
  • Talk to your kids. The best way to ensure your child is staying safe online is to talk to them. Ask them about what they do online and encourage safe behavior like avoiding interacting with individuals they don’t know in real life and being selective with the data they give to apps and services.
  • Fight IoT attacks with streamlined security. Instead of managing the security of each individual IoT device in your home, use a more streamlined security technique, like protecting the network that all of these apps connect to with McAfee Secure Home Platform.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Key Takeaways for Consumers From Our 2018 Threats Predictions Report appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/2018-threats-predictions-report/feed/ 0
The Uber Data Breach: What Consumers Need to Know https://securingtomorrow.mcafee.com/consumer/uber-data-breach-consumers-need-know/ https://securingtomorrow.mcafee.com/consumer/uber-data-breach-consumers-need-know/#comments Wed, 22 Nov 2017 01:31:10 +0000 https://securingtomorrow.mcafee.com/?p=82651 Ride-sharing apps are one of the most successful innovations of the modern digital age. Practically everyone who has a smart phone uses them. When it was discovered today that Uber, the leader in the ride-sharing space, was hit with a massive data breach back in 2016, all of our ears perked up. Let’s look at […]

The post The Uber Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
Ride-sharing apps are one of the most successful innovations of the modern digital age. Practically everyone who has a smart phone uses them. When it was discovered today that Uber, the leader in the ride-sharing space, was hit with a massive data breach back in 2016, all of our ears perked up. Let’s look at what happened, and what consumers need to know.

So far, the precise details on the hack are still unclear—however, according to Bloomberg, (who broke the story earlier today) two cybercriminals were able to access a private area of Github, an online resource for developers. From there, they seem to have found Uber’s log-in credentials to Amazon Web Services (Amazon’s cloud computing service). Then, these hackers were able to steal 57 million names, email addresses, and mobile phone numbers. Uber said within that number, 600,000 drivers had their names and license details exposed. A resource page for those affected has been set up and drivers have been offered free credit monitoring protection. But as of now, affected customers will not be given the same resources.

This cyberattack is a testament to the growing trend to target companies whose rapid growth is stifled by their ability to safeguard sensitive data. So now the question is, what do the impacted customers and drivers do next?

  • Change your password. Stealing millions of emails could mean multiple things. Cyber criminals could use those stolen emails to try and guess your Uber login, or gain access to other accounts. So, do your due diligence and change up your password to all accounts attached to that email you use to login with Uber.
  • Stay vigilant. Another way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email.
  • Monitor your credit card statement. If cybercriminals are able to leverage the data to gain access to accounts, there’s potential they gain access to financial data, too. And as we know, it’s better to be safe than sorry. Be sure to consistently scan your credit card statement for any suspicious or irregular activity. If you see anything odd, flag to your bank immediately.
  • Lock down your mobile device. If for some reason the Uber app is impacted by this attack, or in the future, it’s best you ensure the data stored on your mobile device is secure. To do just that, use a mobile security solution such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post The Uber Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/uber-data-breach-consumers-need-know/feed/ 1
How Cybercriminals Are Shopping for Personal Data This Black Friday https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cybercriminals-black-friday/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cybercriminals-black-friday/#respond Tue, 21 Nov 2017 22:15:38 +0000 https://securingtomorrow.mcafee.com/?p=82602 Thanksgiving is here, which means it’s time to stuff our bellies and prep our bank accounts for lots of bargain shopping. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from stuffing and turkey toward holiday shopping. They also get quite a bit attention from cybercriminals, […]

The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blogs.

]]>
Thanksgiving is here, which means it’s time to stuff our bellies and prep our bank accounts for lots of bargain shopping. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from stuffing and turkey toward holiday shopping. They also get quite a bit attention from cybercriminals, so it’s unsurprising that a new Black Friday scam has emerged this holiday season, which includes more than 32,000 malicious Black Friday-themed apps spoofing the branding of top U.S. online retailers.

According to a recent report, one in 25 Black Friday apps are fake, with at least 15 malicious Black Friday apps for each of the top five U.S. e-commerce brands. These apps are said to scam users in a multitude of ways, either tricking shoppers into entering credit card information, giving up Facebook and Gmail log-in details, or even downloading malware and ransomware. Plus, they’re available on legitimate app stores such as the Apple App Store or Google Play.

But the threats don’t just stop there. As our Most Hackable Gifts survey highlighted, both online holiday shopping and the gifts being bought make personal data more vulnerable than ever. Laptops, smartphones, tablets, IoT toys, digital assistants – the gifts that fill our wish lists are make cybercriminals feel like kids on Christmas morning. Beyond these vulnerable gifts, there’s also the potential for scammers to create fake retailer microsites, invent targeted phishing scams for fake deals, create malvertisements, or execute new malware to swoop all the financial data from physical point-of-sale systems. Therefore, it’s important consumers understand securing their information now more than ever. To do just that, follow these tips:

  • Go to the source. One easy way to avoid counterfeit Black Friday apps is to go to the retailer’s website on your mobile browser and look for a link to the app from their website. With Safari on iOS, if a website already has an app, you will get a box at the top asking if you want to open the page in the app or download the app if it isn’t already installed.
  • Avoid “too good to be true” deals. With Black Friday and Cyber Monday, we’re all trying to save as much money as we can. But here’s the reality: if a deal seems too good to be true, it often is. These deals are usually a cybercriminal attempting to lure you in via phishing so that you cough up your personal data. Trust deals that are advertised directly from the vendor, and if you’re unsure about their legitimacy, scan their site or call their support line for reassurance.
  • Pay with a credit card. Credit cards overall offer better protection against financial fraud than debit cards. You won’t be liable for fraudulent purchases and the thieves won’t be able to drain your bank account if they get ahold of your account number. Any abnormal use of your credit card number will be automatically flagged or not approved by your bank.
  • Use a mobile security solution. As fake or malicious Black Friday apps work to infect mobile devices, be sure to cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cybercriminals-black-friday/feed/ 0
Top Tips For Securing Your Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-tips-securing-devices/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-tips-securing-devices/#respond Fri, 17 Nov 2017 18:04:59 +0000 https://securingtomorrow.mcafee.com/?p=82487 By now most of us know how important it is to protect our computers and smartphones from malware and other threats, but what about the connected devices we have in our homes?  You might not have thought about it before, but devices like your router, security cameras, baby monitor, and smart appliances can also be […]

The post Top Tips For Securing Your Devices appeared first on McAfee Blogs.

]]>
By now most of us know how important it is to protect our computers and smartphones from malware and other threats, but what about the connected devices we have in our homes?  You might not have thought about it before, but devices like your router, security cameras, baby monitor, and smart appliances can also be hacked if you don’t take steps to protect them.

You may remember last year when major websites such as Twitter, Amazon and GitHub were all knocked offline in a high-profile attack that used thousands of infected webcams to overload the sites with traffic. The cybercriminals behind the attack took advantage of the lax security in consumer webcams, accessing them without the owners’ knowledge.

Given how easy it is for hackers to reach unprotected network devices, it’s worth taking a few minutes to learn how to safeguard them. This way your devices cannot be accessed as part of a larger attack, or used to invade your privacy, or even steal your data.

Tips for Protecting Your Devices:

Know your devices—Before you invest in a new device, know what it does and does not do. For instance, a smart fridge or speaker may sound cool, but what if you knew it could be tampered with to eavesdrop on you? Make sure that any features you’re not comfortable with can be turned off.

Reset & apply any updates—Out of precaution, reset new devices to ensure they work as intended, and haven’t been altered in the supply chain to do something nefarious, such as leak data. Refer to your manual to see if there is a reset button.

Once you’ve done that, check to see if there are any firmware updates or security fixes that have become available since you purchased it. This is often the case with routers, and you can check for updates by following the manufacturer’s online instructions.

Change the default password—Many connected devices are protected with a default password. You’ll want to change the manufacturer’s default password as soon as possible. This is because default passwords are widely known by hackers, allowing them to easily access your device. Change the default password to something random and difficult to guess, and don’t re-use passwords.

Use encryption & a firewall—When setting up your home Wi-Fi make sure to turn on the Wi-Fi Protected Access (WPA2) encryption protocol, which scrambles the data sent over the network so that third parties cannot read it. You’ll also want to use a firewall to prevent unauthorized users from accessing the network.

Consider a private network—Most home routers have the option of creating a VLAN, or virtual local area network, which allows you to create a private network just for your devices. This network could be separate from your computer network, making it impossible for cybercriminals to reach your devices through your home computers.

Alternatively, investing in a product such as Secure Home Platform will provide security to all of your connected devices, from computers and smartphones, to IoT devices.

Use comprehensive security—Services like McAfee Total Protection™ also offer cross-device support, as well as secure cloud backup to make sure that your private information is protected.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Top Tips For Securing Your Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/top-tips-securing-devices/feed/ 0
Grabos Malware Discovered On 144 Trojanized Android Apps https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/#respond Wed, 15 Nov 2017 17:48:24 +0000 https://securingtomorrow.mcafee.com/?p=82380 This blog was updated March 2018. Cybercriminals have been practically relentless in their attacks against the Android OS, and McAfee’s own Mobile Research team has discovered yet another attempt at infecting Android devices. Named Grabos, the malware was first discovered by the team in the Android application “Aristotle Music audio player 2017,” which claimed to […]

The post Grabos Malware Discovered On 144 Trojanized Android Apps appeared first on McAfee Blogs.

]]>
This blog was updated March 2018.

Cybercriminals have been practically relentless in their attacks against the Android OS, and McAfee’s own Mobile Research team has discovered yet another attempt at infecting Android devices. Named Grabos, the malware was first discovered by the team in the Android application “Aristotle Music audio player 2017,” which claimed to be a free audio player on Google Play. However, we’ve since found the threat present in 144 trojanized applications on Google Play.

What is it and how does it work?

Let’s start with Aristotle. The music app puts on a good face – it has a good rating on Google Play, and has even been installed between one and five million times. However, one user comment mentioned that the application was indeed detected as malware. Once our Mobile Research team identified Grabos on the application, they flagged it to Google, who removed it from Google Play.

But then the team discovered a lot more Grabos on Google Play. In fact, they found another 143 applications that were infected with the Android malware. Out of these 143 applications, they were able to examine 34 and found that they had an average rating of 4.4, and between 4.2 million and 17.5 million users had downloaded these apps. Fortunately,those apps have since been removed from Google Play.

So, how exactly was Grabos able to maneuver its way onto so many applications? The malware was likely able to move past Google Play security measures because its code is protected with a commercial obfuscator, which essentially makes it difficult to analyze the app without launching it first.

Grabos also developed a few unique capabilities, one being the ability to distinguish and inject code accordingly into “fake” vs “real” apps, which our other blog outlines. Additionally, it can communicate with a command and control server about the devices it infects with these trojanized apps. This device information includes: Android version, build model, device location, device configuration, specific apps installed, the list goes on.

Mind you, after collecting information on already installed apps, the C&C server creates fake custom notifications to trick users into installing additional applications. This may in fact reveal the malware’s true intentions — to make money by promoting the installation of apps.

How do I protect myself?

Now, as the McAfee Labs Threats Report: March 2018 tells us, new mobile malware has in fact decreased by 35% from Q3. But in 2017 total mobile malware experienced a 55% increase, so it’s important users are still thinking about how to secure their devices. To ensure you keep your Android devices safe, be sure to follow these tips:

  • Do your homework. Before you download an app, make sure you head to the reviews section of an app store first. Grabos could’ve been avoided if a user read one of the comments, so be sure to thoroughly sift through the reviews, and read through the comments section. It helps to research the developer too. When in doubt, don’t download any app that is remotely questionable.
  • Limit the amount of apps. Only install apps you think you need and will use regularly. If you still a promotion for an app you did not seek out, avoid clicking on it entirely. And if you no longer use an app, uninstall it to keep it from accessing your information unnecessarily. This will help you save memory and reduce your exposure to threats such as Grabos.
  • Use a mobile security solution. As malware campaigns continue to infect mobile devices, be sure to cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Grabos Malware Discovered On 144 Trojanized Android Apps appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/grabos-malware/feed/ 0
A Cybersecurity Carol: Key Takeaways From This Year’s Most Hackable Holiday Gifts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-hackable-gifts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-hackable-gifts/#respond Tue, 14 Nov 2017 05:01:52 +0000 https://securingtomorrow.mcafee.com/?p=81985 Now, in its third year, the McAfee Most Hackable Holiday Gifts survey is here again to examine how consumers approach device security around the holidays, and what they need to stay secure while staying in the yuletide sprit. Let’s take a look at what we can learn from McAfee’s Most Hackable Holiday Gifts past, present, and future.

The post A Cybersecurity Carol: Key Takeaways From This Year’s Most Hackable Holiday Gifts appeared first on McAfee Blogs.

]]>
A classic holiday story is A Christmas Carol by Charles Dickens, which tells the tale of how a grumpy man learns from his mistakes, as guided by the Ghosts of Christmas Past, Present and Future. Funny enough, our most Hackable Gifts Campaign resembles this tale, as there are lessons we’ve learned around holiday shopping in year’s past, important takeaways from this year’s findings, and, of course, things we need to start thinking ahead to. Now, in its third year, the McAfee Most Hackable Holiday Gifts survey is here again to examine how consumers approach device security around the holidays, and what they need to stay secure while staying in the yuletide sprit. Let’s take a look at what we can learn from McAfee’s Most Hackable Holiday Gifts past, present, and future.

The Past

Just like last year, consumers realize the importance of protecting their online identity and internet-connected devices, but are unsure if they are taking the right security measures or don’t care to make security a giant priority. Out of the 1,206 adults surveyed this year, 20% of consumers are not worried about internet security and would still buy a must-have connected device if they knew it was susceptible to security breaches. For 40%, security is not a top priority, but considered after purchase.

This is troubling because, just like last year, the top spot for the Most Hackable Gifts is internet-connected devices. Specifically– laptops, smartphones, and tablets, which are common gifts as they tend to be released around the holidays.

Also like last year, both drones and smart home appliances make our Most Hackable Gift list. However, it’s important to keep in mind that drones can be hacked in flight and smart home devices can be used as pawns in a distributed denial of service attack (DDoS). So, it’s crucial to be wary when eyeing both as potential gifts for loved ones.

The Present

Fast forward to Most Hackable Gifts 2017, and a few things have changed with the present. For instance, media players and streaming sticks took one of the top spots on our gift guide last year, but were replaced by connected toys. Since manufacturers are rushing to connect almost everything to the internet, it only makes sense that the toys that children play with are no different. Many toys come equipped with GPS chips, microphones and even cameras. But manufacturers may not be putting these devices’ security as a top priority, which could leave these toys vulnerable to leaking personal information or even allow hackers to hijack the camera or microphone. Another new device on our list: digital assistants. They are the new hot item of 2017, and make great gifts for just about anyone, but like any connected device, digital assistants can be the target of cybercriminals.

And since connected devices are more popular than ever in present day, it only makes sense that consumers have now started trading them in for an upgrade. In fact, 50% of respondents plan to give away or sell an old connected device after receiving a new one for the holidays, but 20% claim they do not know how to permanently delete their personal information before selling or giving away old devices.

The Future

Now, the holiday season is practically here. But that doesn’t mean it’s too late to start preparing for your future security. To ensure your future is merry and bright (and not full of cyberattacks) follow these tips:

  • Change default passwords, and do an update right away. If you receive a connected gift, change the default password first and foremost. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Research before you buy. It’s important you do your homework to make sure that the toy you are purchasing has not had any reported security issues. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Secure your home’s internet at the source. You can do this by using a solution like McAfee Secure Home Platform to ensure that you know what is connecting to your network and the devices on it. Additionally, be sure to read the privacy policies provided by manufacturers so you know exactly what information your device is collecting.

To learn more about hackable toys and see the misadventures of Ted and Ned check out our website. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post A Cybersecurity Carol: Key Takeaways From This Year’s Most Hackable Holiday Gifts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-hackable-gifts/feed/ 0
Why Social Engineering is a Scammer’s Secret Weapon https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-engineering-scammers/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-engineering-scammers/#respond Fri, 10 Nov 2017 17:00:04 +0000 https://securingtomorrow.mcafee.com/?p=82158 Criminals and scammers love to trick, deceive and manipulate their victims into handing over sensitive information, and money. This kind of exploitation is often referred to as social engineering, and it’s worth knowing about because although the scams change, the methods remain the same. Social engineering can happen online, over the phone, or even in […]

The post Why Social Engineering is a Scammer’s Secret Weapon appeared first on McAfee Blogs.

]]>
Criminals and scammers love to trick, deceive and manipulate their victims into handing over sensitive information, and money. This kind of exploitation is often referred to as social engineering, and it’s worth knowing about because although the scams change, the methods remain the same.

Social engineering can happen online, over the phone, or even in person. Scammers often try to win your trust by pretending to be legitimate businesses or person, offering you a great deal, or playing on your sympathies. Just think of the now-famous Nigerian prince scam, in which fraudsters would ask for help accessing a large sum of money, and request the victim’s banking details to complete a money transfer in exchange for a payout. Not only did these scams play on victims’ sympathies, but also their desire for easy money. Modern-day scams work much the same way.

Let’s take a look at some of the most popular scams now, and how social engineering plays a part.

Ransomware—This online threat has grabbed headlines for a reason: it’s frightening, and it works. Ransomware, which has grown exponentially over the last three years, usually starts with the victim downloading what looks like an innocuous file, or even clicking on a dangerous webpage. Scammers use social engineering to get users to click by offering something free (like a gaming app), or enticing, like an email prize notification, or shocking headline.

Once the victim downloads the infected file, it locks up their computer or device and demands money before the victim can regain access to their files. These could include personal photos or sensitive tax and identity information, which is what makes this scam so scary. The trick is, even if you pay the ransom you may never get access to your files. That’s why it’s crucial to back up your files on an external hard drive or through a cloud storage service.

The CEO Scam—This scam is usually done via email, and takes advantage of our assumption that anything that comes from a known email address can be trusted. The cybercriminals will spoof, or fake, an email address of a top executive in a company and then use that spoofed address to send messages requesting sensitive or private information from other members of the organization, like wage details, Social Security numbers, and financial records.

This data can then be used to file a fraudulent tax return and receive a refund, or apply for credit in a victim’s name, for example. Because the email address appears to come from within the organization, and recipients are accustomed to complying with work requests, it’s a very easy scam to fall for.

The Free Vacation Scam—Always a classic, the phone scam still hooks a ton of victims each year. Once again, the social engineering scammers are taking advantage of our desire for things that are free, or a great deal. They usually start by telling the victims that they have won a vacation to Las Vegas or another sought-after locale, and all they need to do is provide their credit card number to pay for a tax or other fees.

Now that you know how social engineering works in common scams, here are some tips to help you steer clear of any new versions of these old tricks:

  • Always be suspicious of any free offers, including free mobile apps.
  • Never respond to a request for sensitive or private information, even if it appears to come from a trusted source. If you have doubts, message or email the person directly from your saved contact details, or better yet, talk to them in person to confirm their request.
  • Register both your home and mobile numbers on the “do not call” list to avoid phone scams.
  • Don’t accept friend requests from people you don’t know in real life, and never respond to texts from strangers.
  • Be careful when opening email attachments. Make sure you know the sender and have requested the attached information first.
  • Use comprehensive security software to help protect you from malware, ransomware, and other online threats.
  • Keep up-to-date on the latest scams so you know what to look out for.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Why Social Engineering is a Scammer’s Secret Weapon appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/social-engineering-scammers/feed/ 0
Marcher Malware Uses Both Credential and Credit Card Phishing to Steal Financial Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/marcher-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/marcher-malware/#respond Tue, 07 Nov 2017 23:43:24 +0000 https://securingtomorrow.mcafee.com/?p=82053 Actors turned models turned singers — pretty much the definition of a “triple threat” in the entertainment industry. However, the definition changes a bit for the cybersecurity space, as Android users are faced with a different type of “triple threat.” In fact, it’s a new attack campaign involving three malicious tactics: credential phishing, credit card […]

The post Marcher Malware Uses Both Credential and Credit Card Phishing to Steal Financial Data appeared first on McAfee Blogs.

]]>
Actors turned models turned singers — pretty much the definition of a “triple threat” in the entertainment industry. However, the definition changes a bit for the cybersecurity space, as Android users are faced with a different type of “triple threat.” In fact, it’s a new attack campaign involving three malicious tactics: credential phishing, credit card data theft, and the Marcher banking trojan.

What is it and how does it work?

The newest form of Marcher pairs credential and credit card phishing with banking trojans into one multi-step scheme. The attack starts with a phishing email containing a bit.ly link to a fake version of the Bank Austria login page, which was registered to a variety of domains containing “bankaustria” in the title in order to give the appearance of legitimacy. Upon opening the page, users will be asked to supply their customer details, email, and phone number– which gives the attackers what they need for the next stage of the attack.

Leveraging the customer data that was provided by the unknowing user, the attack intimidates the victim into downloading the “new Bank Austria” app, aka a fake app. The user is then directed to a link for app download. Once installed, the app asks permission to a plethora of personal data and device settings, and places a legitimate looking icon on the phone’s home screen. Mind you, the app and everything involved in the campaign uses stolen branding from Bank Austria. So, it’s easy to believe that this scam is the real thing.

Finally, Marcher moves onto data collection. But it’s important to remember — this version of Marcher isn’t just a banking trojan, it also enables the direct theft of credit card details. Plus, beyond stealing credit card info and banking details, the threat also goes after date of birth, address, and password data.

How do I protect myself?

So far, it’s been reported that this campaign has tricked almost 20,000 people into divulging their personal information. Plus, new campaigns targeting Raffeisen and Sparkasse banks are already underway. Therefore, the next step is to start thinking about protection. To ensure your personal and financial information stays secure, follow these tips:

  • Be careful what you click on. This malware, like many others before it, was distributed via phishing emails. Be sure to only click on emails that you are sure came from a trusted source. If you don’t know the sender, or the email’s content doesn’t seem familiar, remain wary and avoid interacting with the message.
  • Always use legitimate app stores. This malware campaign depends on victims downloading a fake app outside of a legitimate app store. It’s crucial users only download applications by heading directly to official stores, like Google Play or the Apple App store, to ensure they don’t become part of larger malware schemes like Marcher.
  • Place a fraud alert. If you know your data has been compromised by this attack, be sure to place a fraud alert on your credit so that any new or recent requests undergo scrutiny. It’s important to note that this also entitles you to extra copies of your credit report so you can check for anything sketchy. And if you find an account you did not open, make sure you report it to the police or Federal Trade Commission, as well as the creditor involved so you can put an end to the fraudulent account.
  • Use a mobile security solution. As malware campaigns continue to infect mobile devices, be sure to cover these devices with a mobile security solution, such as McAfee Mobile Security, which is prepared to protect your data from Marcher malware and others like it.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Marcher Malware Uses Both Credential and Credit Card Phishing to Steal Financial Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/marcher-malware/feed/ 0
Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/malaysian-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/malaysian-data-breach/#respond Fri, 03 Nov 2017 16:54:03 +0000 https://securingtomorrow.mcafee.com/?p=81979 There are data breaches that impact an entire customer group, or even a certain state. And then there are data breaches that impact practically everyone in a nation. This actually happened this week, as practically every citizen of Malaysia, a country that boasts a population of some 31.2 million, was impacted by a cyberattack. A […]

The post Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers appeared first on McAfee Blogs.

]]>
There are data breaches that impact an entire customer group, or even a certain state. And then there are data breaches that impact practically everyone in a nation. This actually happened this week, as practically every citizen of Malaysia, a country that boasts a population of some 31.2 million, was impacted by a cyberattack. A complex data breach compromised over 46.2 million mobile numbers, which could mean multiple numbers for one person, as well as exposed details such as home addresses and SIM card information.

This attack actually first came to light last month, when Lowyat.net, a local technology news website, reported receiving a tip-off that someone was attempting to sell huge databases of personal data. From there, the Malaysian Communications and Multimedia Commission (MCMC) began looking into the matter with the police.

The police have since claimed to have identified multiple potential sources of the leak, but have yet to name them. However, one researcher speculated at the strategy behind these attacks, telling ZDNet that “’low and slow’ attacks could lay stealthily in networks for years without anyone noticing.” Basically, this attack may have been tediously conducted over the course of a few years.

So, what’s the damage? This breach impacted both postpaid and prepaid numbers, as well as all subscribers from major mobile carriers in the country, including Maxis, Altel, Digi, and Celcom. What’s more – in addition to customer data from local telecommunications providers, data was also leaked from various websites containing sensitive information such as Jobstreet.com, Malaysian Medical Association, and Malaysian Housing Loan Applications. Leaked data from Jobstreet.com, for instance, contained the candidate’s login name, nationality, and hashed password.

This means that the impact of this breach goes beyond simply having phone numbers out in the open — this entire set of data is comprehensive enough for cybercriminals to create fraudulent identities to make online purchases.

So, with this massive breach putting private data as well as personal identities at risk, it’s important all those impacted act now to protect themselves. They can start by following these security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. By freezing your credit, you seal your credit reports so that no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.
  • Make passwords a priority. First off, immediately change your password to any of the sites that have been impacted by this breach. Then, be sure to always keep your passwords complex in the case crooks try to guess new ones you’ve set up for your account. You can do this by leveraging a password manager, such as the True Key app. The True Key app can help you create strong passwords, remove the hassle of remembering numerous passwords and log you into your favorite websites automatically using multi-factor authentication.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/malaysian-data-breach/feed/ 0
Secret Selfies: iPhone Apps Can Take Pictures and Videos of You Without Your Knowledge https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/secret-selfies-iphone-apps/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/secret-selfies-iphone-apps/#respond Tue, 31 Oct 2017 21:48:10 +0000 https://securingtomorrow.mcafee.com/?p=81895 “Let’s take a selfie” has become quite the popular request in 2017. Most everyone captures the occasional self-portrait using the reverse camera setting on the iPhone. But what happens if there are selfies occurring without your knowledge? And no, we’re not talking about paparazzi photos or some reality show. We’re talking about your iPhone, which […]

The post Secret Selfies: iPhone Apps Can Take Pictures and Videos of You Without Your Knowledge appeared first on McAfee Blogs.

]]>
“Let’s take a selfie” has become quite the popular request in 2017. Most everyone captures the occasional self-portrait using the reverse camera setting on the iPhone. But what happens if there are selfies occurring without your knowledge? And no, we’re not talking about paparazzi photos or some reality show. We’re talking about your iPhone, which has been discovered to include a feature allowing any app that has permission to access the phone’s camera to secretly take pictures and videos of you as long as it is running in the foreground.

So, how did this discovery first come to light? A developer from Google detailed a proof-of-concept project in his blog, and showed iPhone users that even if you don’t see the camera “open” in the form of an on-screen viewfinder, an app can still take photos and videos of you pretty much at any time. Also, it’s important to note that this discovery is not a bug, but likely intended behavior.

So, what exactly can this feature do? Once you grant an app access to your camera, it can:

  • Record you at any time the app is in the foreground
  • Take pictures and videos without telling you
  • Upload the pictures/videos it takes immediately
  • Run real-time face recognition to detect facial features or expressions

Clearly, the feature has some potential. Especially since most of us only think the camera is only being used if we see camera content or a LED is blinking, and the iPhone has no mechanism to indicate to a user that the camera is on.

So beyond staying aware of this feature, it’s important you take precautionary steps to safeguard your personal privacy. To do just that, follow these tips:

  • Use camera covers. Though this trick might seem a little old school, it’s still just as effective, as it allows you to be selective when you want your face to be seen. There’s a variety of camera covers you can purchase online, or you can even use a sticky note.
  • Get picky with what apps get camera access. When you first download an app, you’ll get a notification requesting camera access. Unless it requires it, or you truly want the app to have it, don’t provide the app with access. Mind you, you can also revoke camera access for all apps. Also, when possible, always use the built-in camera app and use the image picker of each app to select the photo.
  • Use a mobile security solution. Even though this feature was not a bug, it is important to always secure the personal data stored on your phone in case this trick gets into the wrong hands. Add an extra layer of security onto your phone with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Secret Selfies: iPhone Apps Can Take Pictures and Videos of You Without Your Knowledge appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/secret-selfies-iphone-apps/feed/ 0
Meet IoT_reaper: The New Malware Building a Massive Botnet Army https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iot_reaper/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iot_reaper/#respond Tue, 24 Oct 2017 17:43:09 +0000 https://securingtomorrow.mcafee.com/?p=81522 WannaCry, Petya, the Dyn distributed denial-of-service (DDoS) attack – all now infamous cyberattacks that have defined the modern threat landscape. The latter, which was orchestrated by Mirai malware and took the entire East Coast offline, occurred exactly a year ago, so naturally a successor has emerged. Named IoT_reaper, the new malware doesn’t necessarily depend on […]

The post Meet IoT_reaper: The New Malware Building a Massive Botnet Army appeared first on McAfee Blogs.

]]>
WannaCry, Petya, the Dyn distributed denial-of-service (DDoS) attack – all now infamous cyberattacks that have defined the modern threat landscape. The latter, which was orchestrated by Mirai malware and took the entire East Coast offline, occurred exactly a year ago, so naturally a successor has emerged. Named IoT_reaper, the new malware doesn’t necessarily depend on cracking weak passwords like Mirai did, but rather exploits vulnerabilities in various Internet of Things (IoT) devices and enslaves them into a botnet army.

IoT_reaper leverages a total of nine vulnerabilities, to be exact. These vulnerabilities were previously disclosed in a plethora of routers and cameras that come from popular manufacturers that produce millions of devices each year. Which means there’s potential for a DDoS attack of massive proportions. In fact, researchers believe IoT_reaper is already halfway there, and has infected nearly two million devices so far. Plus, the army is growing at a mind-boggling rate of 10,000 new devices per day. For reference, it took only 100,000 infected devices for Mirai to flood the internet with traffic and take down DNS provider Dyn last year.

Clearly, it’s crucial users start thinking now about how they can prevent their IoT devices from becoming enslaved into IoT_reaper’s botnet army. To do just that, follow these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Update your router’s firmware. Fortunately, many of the devices listed have patches available, so it’s important to immediately update your firmware if you haven’t already, as fixes are typically included within each update.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Meet IoT_reaper: The New Malware Building a Massive Botnet Army appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/iot_reaper/feed/ 0
What To Do If Your Data Is Stolen https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-to-do-if-your-data-is-stolen/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-to-do-if-your-data-is-stolen/#respond Mon, 23 Oct 2017 19:59:53 +0000 https://securingtomorrow.mcafee.com/?p=81443 If you’re like most people, you share your personal information with a number of companies and service providers, from banks to social media sites. And even if you’re careful, what happens if there is a weak link and your personal data is either stolen or leaked? That’s when you need to know how to minimize […]

The post What To Do If Your Data Is Stolen appeared first on McAfee Blogs.

]]>
If you’re like most people, you share your personal information with a number of companies and service providers, from banks to social media sites. And even if you’re careful, what happens if there is a weak link and your personal data is either stolen or leaked? That’s when you need to know how to minimize the damage.

The recent high-profile breach of credit reporting agency Equifax, in which data on over 145 million customers was potentially revealed, served as a wakeup call to many people who suddenly had to scramble to keep their data safe. After all, much of their sensitive information, such as Social Security numbers, birth dates and addresses were potentially exposed to scammers and identity thieves.

If you get caught in a situation like this, simply lose your wallet, or just want to take preventative measures, here is what to do next:

1) Place a Fraud Alert—If you know your data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account. Then, make sure you correct your credit report by filing a dispute with each of the three credit bureaus.

2) Freeze Your Credit—This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.

For this to be truly effective, however, you need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion & Experian). They usually charge a small fee both to freeze and unfreeze your credit.

3) Setup Alerts & Stay Vigilante—Many banks and credit card companies have begun offering free alerts to notify you via text message or email when new purchases are made, when there is an unusual charge, or when your account balance drops to a certain level, for example. Make sure you take advantage of these services to keep a close eye on your accounts. You’ll also want to review your statements regularly for any suspicious activity. 

4) Consider Identity Theft Protection—An identity theft protection service can monitor your accounts, alert you of potential problems, insure you against ID theft, and even help you regain your money and credit if something goes wrong.

5) Lock Down Your Information—While there’s not a lot you can do to prevent data leaks that may occur with companies that have access to your information, you can take steps to ensure you are doing everything you can to keep your information safe.

Make sure the privacy settings on your social media accounts and mobile apps are as strong as possible and commit to multi-factor authentication on your critical accounts, such as online banking. This means you have to take multiple steps to verify your identity before logging into an account, such as entering a passcode and then responding to a text message sent to your phone.

Pick strong, unique passwords for each of your sensitive accounts so even if a password is leaked not all of your accounts are vulnerable. Or, employ a password manager to help you.

Be careful about how much personal information you share online and never respond to emails or text messages requesting sensitive data, unless you know and trust the source.

Always use comprehensive security software, and keep all your software up-to-date to help protect you from the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post What To Do If Your Data Is Stolen appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/what-to-do-if-your-data-is-stolen/feed/ 0
Infected Minecraft Apps Could Potentially Turn Over 2 Million Android Devices Into a Botnet Army https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/infected-minecraft-apps/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/infected-minecraft-apps/#respond Fri, 20 Oct 2017 18:47:33 +0000 https://securingtomorrow.mcafee.com/?p=81334 We all love a good game, especially those that allow us to create and innovate with the touch of our fingertips. That’s why the video game Minecraft, which allows players to build constructions out of textured cubes, has grown in popularity. It’s become so popular, in fact, that there’s even mobile app versions of the […]

The post Infected Minecraft Apps Could Potentially Turn Over 2 Million Android Devices Into a Botnet Army appeared first on McAfee Blogs.

]]>
We all love a good game, especially those that allow us to create and innovate with the touch of our fingertips. That’s why the video game Minecraft, which allows players to build constructions out of textured cubes, has grown in popularity. It’s become so popular, in fact, that there’s even mobile app versions of the game.

And now malicious versions of these apps exist too. Just this week, cybersecurity researchers discovered Minecraft Android apps in the Google Play store that have been infected with Sockbot malware. These eight apps have been designed to enslave the devices that download them into a botnet army, and have impacted almost 2.6 million devices already.

These apps managed to sneak their way onto Google Play through the art of deception. Basically, the infected apps posed as add-on functionality for the popular Minecraft: Pocket Edition (PE) game. They are not official Minecraft apps but instead offer “skins” which can be used to modify the appearance of in-game characters.

Once downloaded, however, the apps’ true intentions come out. At first, it was thought that the apps were originally aimed at generating illegitimate ad revenue. Some apps were found connected to a command-and-control server (C&C) that supplied the apps with a list of ads and metadata to launch ad requests. But instead of generating revenue, Sockbot created a SOCKS proxy, which is basically a gateway between a local network (e.g., all the devices in one building) and a larger-scale network, in order to enslave devices into a botnet army. And so far, its recruited quite a few soldiers, as its been reported that 2.6 million devices have been hit already.

Fortunately, these apps have been flagged to Google, who quickly removed them from their official app store. However, with millions of devices already impacted, it’s important Android users keep these tips in mind:

  • Only download apps from the original developer. As fun as it is to enhance your game, you should only download add-ons and alternative apps that have been created by the original developer. In the case of Sockbot malware, Android users could’ve avoided infection if they only downloaded applications from the makers of Minecraft themselves.
  • Do your homework.Before you download an app, make sure you head to the reviews section of an app store first. Take the time to sift through the reviews, and keep an eye out for ones that mention that the app has had issues with security or might be a bit sketchy. It helps to research the developer too. When in doubt, don’t download any app that is remotely questionable.
  • Use a mobile security solution. As malware campaigns continue to infect mobile applications, make sure your mobile devices are prepared for any threat coming their way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Infected Minecraft Apps Could Potentially Turn Over 2 Million Android Devices Into a Botnet Army appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/infected-minecraft-apps/feed/ 0
KRACK Hack Threatens Wi-Fi Security – What it Means for You https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/krack-threatens-wi-fi/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/krack-threatens-wi-fi/#comments Tue, 17 Oct 2017 19:08:54 +0000 https://securingtomorrow.mcafee.com/?p=80784 If you grew up before, or even during the 90s, you were familiar with a world of cords. A cord for the telephone, a cord for the CD player and a cord — of course — for the internet. But around the late 80s and early 90s, things started to change. Cashier systems gained a […]

The post KRACK Hack Threatens Wi-Fi Security – What it Means for You appeared first on McAfee Blogs.

]]>
If you grew up before, or even during the 90s, you were familiar with a world of cords. A cord for the telephone, a cord for the CD player and a cord — of course — for the internet. But around the late 80s and early 90s, things started to change. Cashier systems gained a new feature called WaveLAN. By 1999, the Wi-Fi Alliance was formed and the standard for the vast majority of our communications today was firmly established.

Wi-Fi is easily the defining feature of our modern society. Wi-Fi is advertised in cafés, and friends share login passwords far too often. One of the reasons why Wi-Fi has grown so much in use — other than its massive convenience — is that it can be relatively secure thanks to two common features called “Wi-Fi Protected Access” and “Wi-Fi Protected Access II.” In a nutshell, it established the standard use of security protocols that massively increased the security around data packets and their transmission over wireless networks. The end result are secure Wi-Fi networks relatively free of eavesdroppers.

That is, until today. Cybersecurity researchers have developed a proof-of-concept attack — named KRACK — enabling theoretical baddies to intercept and decipher data, including passwords and messages, that should not be decipherable. It gets worse. According to Ars Technica, which broke the story late on Sunday, these theoretical baddies could also “inject ransomware or other malicious content into a website.” Meaning, a trusted website could appear to be offering a link or advertisement, which actually leads to malware or other malicious content.

Because this vulnerability deals with Wi-Fi standards, almost every device is vulnerable. But, given the proof-of-concept attack can only succeed under particular conditions, some caveats are in order.  (As a note, “proof-of-concept attack” is an industry term signifying this particular vulnerability was first discovered and tested in academic and-or industrial research environments and that no cybercriminal has used it to anyone’s knowledge thus far.)

First, we need to understand this attack affects the WPA2 Wi-Fi network standard, which is the more advanced version of WPA. Second, we also need to understand it exploits vulnerabilities in a “four-way handshake.” It’s complicated concept, but, in a nutshell, it ensures every device is what it says, through the use of specific keys that are shared through handshakes. It’s as if you were trying to get into a secret society but had to know four different secret handshakes in order to get through the door.

The problem with KRACK is that it essentially tricks its victims — in this case, computers, not users — into reinstalling a new, but already-in-use, key. It appears to send a signal to reset seemingly random figures to those that the attacker knows. By doing so, the attacker can infiltrate the club (in this analogy, your network).

Now, for those caveats I mentioned. In order for this attack to succeed, it has to be in range of a targeted Wi-Fi network. Meaning a cybercriminal would have to park outside your house for a while to successfully attack your network. While possible, it’s also very unlikely.

This attack also affects some operating systems (the software used to make your computer run, like Windows, Mac OS, Android) more than others. The most vulnerable operating systems are Linux and Android. Additionally, a targeted network must remain in place long enough for the attack to transpire (which can be as little as a few seconds). This means that large Wi-Fi networks can be attacked. It also means that connected devices are vulnerable as well.

So, what can you do to protect yourself? Well, it largely depends on how quickly manufacturers and software developers can release patches to fix these vulnerabilities. Still, there are steps you can take to protect yourself:

  • Update your device’s software. There will be a number of updates issued over the coming weeks and months, for phones and other devices, in order to address the vulnerabilities KRACK has exposed. Implement these updates as soon as you can.
  • Update your router’s firmware. Your router is going to the be the most critical device in securing your wireless network. Again, you’re largely at the mercy of how fast device manufacturers and software developers generate a patch. Check your respective device manufacturer’s website for the details and status of the KRACK patch.
  • Consider a VPN. If your employer has given you a device to work from, they’ve likely given you a VPN to use as well. A Virtual Private Network, such as McAfee Safe Connect, can help to secure and encrypt your data on public Wi-Fi networks. It can also help secure your data while patches are generated for this vulnerability. Be aware, however: router-driven security features, like those found in McAfee Secure Home Platform will not protect your wireless and IoT devices, as KRACK targets the data exchanged between routers and devices — only an update to router will fix this issue.

For more details on the KRACK vulnerability, check our these blogs by our McAfee Labs team. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post KRACK Hack Threatens Wi-Fi Security – What it Means for You appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/krack-threatens-wi-fi/feed/ 18
5 Tips for Avoiding Android Malware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-avoiding-android-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-avoiding-android-malware/#comments Thu, 12 Oct 2017 16:00:23 +0000 https://securingtomorrow.mcafee.com/?p=79968 The ubiquity of mobile phones has created a unique opportunity for cybercriminals. They now have a way of accessing both our money and personal information without us realizing it by distributing risky apps that we often willingly download. Many of the most dangerous apps target Android devices, and there are a few good reasons why. […]

The post 5 Tips for Avoiding Android Malware appeared first on McAfee Blogs.

]]>
The ubiquity of mobile phones has created a unique opportunity for cybercriminals. They now have a way of accessing both our money and personal information without us realizing it by distributing risky apps that we often willingly download.

Many of the most dangerous apps target Android devices, and there are a few good reasons why. Let’s look at why Android malware is so prevalent, and what you can do to keep your device and information safe.

One reason why Android devices are a goldmine for cybercrooks is that they offer hundreds of millions of potential targets. Android is the most popular mobile operating system in the world, accounting for more than 80% of new smartphones sold in the last quarter of 2016[1].

That’s why just a handful of malicious apps can do serious damage. Take the “ExpensiveWall” malware attack earlier this year, which spread to as many as 21 million victims. By sneaking malicious apps into the Google Play store, cybercriminals were able to charge users serious money for phony services and premium text messages they didn’t agree to receive.

The users thought they were downloading harmless apps offering wallpaper options and camera tools, not realizing that they were designed to rack up charges in the background. And since the apps were distributed through Google’s official app store, users presumably thought they were safe.

That leads us to another reason why Android malware is so popular with the bad guys. It is easier to get an app into the Google Play store, after a short manual review, compared to Apple’s vetting process. This wide distribution is great for Android users who want a large number of app choices that they can run on different devices without restrictions, but not so great when it comes to making sure that each app is above board and secure.

For approval of an iOS app, or even an app update, developers have to submit to a rigorous review that can take as long as 10 days before the app is made available to the public. What’s more, iOS apps are only distributed through Apple’s official App Store, unlike Android apps, which are available through a number of channels. However, it’s important to note that iOS devices can be affected by the same tactics used against Android devices. For instance, both are occasionally subject to scareware attacks, which typically come in the form of deceptive pop-ups.

So, if you are an Android user it’s worth your while to take a few key steps to avoid malware attacks aimed at accessing your device, money, and information.

Here are 5 tips to stay safe:

1) Do your own safety checks—Before installing a new app, read other users’ reviews to see if the app is safe and does what it claims to do. Be extra wary of “free apps” distributed through little known sites, or via links sent by email or text message.

2) Read the permissions first—We know—wading through all the legalese that comes with app permissions can be tiresome, but it is well worth your while. Make sure that the app won’t invade your privacy by accessing information it doesn’t need, like your contacts, camera, or keystrokes. Pay special attention to any mention of paid services, like premium text messages, so you know what you are agreeing to.

3) Limit your install options—Stick to using the official Google Play store or a reputable store like the Amazon App Store. (Although using the Play or Amazon stores is no guarantee that all the apps there are safe, they tend to have more users and more reviews to base your decisions on.)

One quick and easy way to avoid unsafe apps is to make sure that the “install from unknown sources” setting remains in the off position. This prevents you from installing applications from anywhere other than the Play store.

4) Limit your app use—Only install apps you need and use regularly. If you no longer use an app, uninstall it to keep it from accessing your information unnecessarily. This will help you save memory, and reduce your exposure to potential risks. For apps that you do use, limit their access to personal information so that they only access what they need to function properly. For example, a weather app doesn’t need access to your photos.

5) Use mobile security—Comprehensive protection, like McAfee Mobile Security, can help guard against viruses, malware, device theft and other threats. It can also help you understand how your apps are using your personal information.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

 

 

 

 

 

[1] https://www.theverge.com/2017/2/16/14634656/android-ios-market-share-blackberry-2016

The post 5 Tips for Avoiding Android Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-avoiding-android-malware/feed/ 3
No Password, No Problem: How This PledgeMusic Bug Let Anyone Log in Without a Password https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pledgemusic-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pledgemusic-bug/#respond Wed, 11 Oct 2017 22:23:10 +0000 https://securingtomorrow.mcafee.com/?p=79959 Some music sites allow fans to stream any song they want for a monthly fee, others create suggestions or radio stations based on taste, and some even create direct communication between musicians and their fan base. In fact, PledgeMusic facilitates the latter, as it’s become a popular platform for artists and fans looking to connect. […]

The post No Password, No Problem: How This PledgeMusic Bug Let Anyone Log in Without a Password appeared first on McAfee Blogs.

]]>
Some music sites allow fans to stream any song they want for a monthly fee, others create suggestions or radio stations based on taste, and some even create direct communication between musicians and their fan base. In fact, PledgeMusic facilitates the latter, as it’s become a popular platform for artists and fans looking to connect. And unfortunately, a recently discovered security bug in PledgeMusic allowed practically anyone to connect with their platform– more specifically, log in to an account without needing a password.

The bug, which was accidentally discovered by a PledgeMusic user, allowed anyone to log in to an account with just an email address and did not require a password. So, if a cybercriminal knew—or guessed—your email correctly, they could log in to your account easily. The site itself contains limited personal data, but it does store credit card info, which means a cybercriminal could have made unauthorized payments and pledges to artists without a user’s consent. Not to mention, they could’ve simply snooped around your account and learned more about you that way.

Fortunately, the company said the issue has now been fixed. However, with their online account security recently shaky, it’s important PledgeMusic users still take precautionary measures for securing their account and their personal info. Here are a few pointers for doing just that:

  • Change up your login info immediately. If there’s any potential risk that a cybercriminal may have been snooping around an account of yours, it’s always good practice to change up the login info immediately. That means using a different email, and creating a new and unique password. That way, if they do happen to have their hands on the original login info, they won’t be allowed back inside your account. 
  • Check your bank account. In the chance that a cybercriminal was able to access your PledgeMusic account, they could potentially have gotten their hands on your financial info stored on the site. Therefore, it’s important to scan your bank account for any abnormal activity, that way you can flag it to your bank and cancel cards if need be.
  • Get educated. It can be challenging to secure against a vulnerability until a company patches the bug. So, when it comes to exploits, the best protection is education. By staying up-to-date on newly discovered bugs and vulnerabilities, you can know to change up your log in info or avoid interacting with these vulnerable sites altogether.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, ‘Like’ us on Facebook, and listen to our new podcast “Hackable?

The post No Password, No Problem: How This PledgeMusic Bug Let Anyone Log in Without a Password appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/pledgemusic-bug/feed/ 0
What Is Script-Based Malware? How to Stay Protected from This Sneaky Cyberthreat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/script-based-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/script-based-malware/#respond Tue, 26 Sep 2017 13:00:35 +0000 https://securingtomorrow.mcafee.com/?p=79154 When you hear the word “script,” you probably think of either a movie script, or JavaScript. Though most of us don’t get to see movie scripts, JavaScript is a little more readily available, since it’s one of the many scripting languages that are commonly used by programmers to enhance features of websites. Their popularity, unfortunately, […]

The post What Is Script-Based Malware? How to Stay Protected from This Sneaky Cyberthreat appeared first on McAfee Blogs.

]]>
When you hear the word “script,” you probably think of either a movie script, or JavaScript. Though most of us don’t get to see movie scripts, JavaScript is a little more readily available, since it’s one of the many scripting languages that are commonly used by programmers to enhance features of websites. Their popularity, unfortunately, is now be leveraged by the bad guys too, as scripting techniques are being used by cybercriminals to enhance the strength of their cyberattacks. In fact, now more than ever, hackers are creating script-based malware, as our researchers have stated in the McAfee Labs September 2017 Quarterly Threats Report. Let’s take a look as to why script based malware has dramatically increased over the past two years.

Evasion is probably the key reason behind the popularity of this attack tactic, since scripts are easy to obfuscate and therefore difficult to detect. Plus, scripting languages are generally easier to learn and faster to code in than other languages, making them an easy sell for eager hackers.

Specifically, the scripting languages these crooks are using include: JavaScript, VBScript, PHP, PowerShell, and others. Our McAfee labs team has seen Bartallex, Kovter, Nemucod, and W97/Downloader, along with many other malwares, using these scripts to deliver malicious payloads to victims’ devices. For instance, in 2016, Locky was spread by using multiple obfuscated layers of JavaScript. We have also seen the execution of fileless malware with the help of a PowerShell script.

Now, the next question is – what does this mean for you? And what can you do to protect your devices from script-based malware? The best way to protect your personal devices from script-based malware infections is to stop them before they happen. So, be sure to remain wary of downloading and installing applications that you don’t understand or trust, and always apply security updates and patches for applications and operating systems. Additionally, block cyberattacks before they happen with a comprehensive security solution such as McAfee LiveSafe, which is now new and improved.

Learn more about other topics explored in the McAfee Labs Quarterly Threats Report by checking out our blog on Faceliker malware. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post What Is Script-Based Malware? How to Stay Protected from This Sneaky Cyberthreat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/script-based-malware/feed/ 0
Why Software Updates Are So Important https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/software-updates-important/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/software-updates-important/#respond Tue, 19 Sep 2017 17:13:20 +0000 https://securingtomorrow.mcafee.com/?p=78761 You’re hard at work on your computer or device and a message suddenly pops up saying, “a software update is available”. You’re busy, so you click “cancel” instead of “install”, thinking you’ll get to it later, but you never do. Sound familiar? The truth is it’s easy to skip software updates because they can take […]

The post Why Software Updates Are So Important appeared first on McAfee Blogs.

]]>
You’re hard at work on your computer or device and a message suddenly pops up saying, “a software update is available”. You’re busy, so you click “cancel” instead of “install”, thinking you’ll get to it later, but you never do. Sound familiar?

The truth is it’s easy to skip software updates because they can take up a few minutes of our time, and may not seem that important. But this is a mistake that keeps the door open for hackers to access your private information, putting you at risk for identity theft, loss of money, credit, and more.

You may have heard of the recent Equifax data breach, in which 143 million Americans were potentially affected, with Social Security numbers, birth dates, and home addresses exposed. The hackers were able to access the credit reporting agency’s data through a known vulnerability in a web application. A fix for this security hole was actually available two months before the breach, but the company failed to update its software. This was a tough lesson, but one that we can all learn from. Software updates are important because they often include critical patches to security holes.

In fact, many of the more harmful malware attacks we see take advantage of software vulnerabilities in common applications, like operating systems and browsers. These are big programs that require regular updates to keep safe and stable. So instead of procrastinating about software updates, see those updates as one of the most essential steps you can take when it comes to protecting your information.

In addition to security fixes, software updates can also include new or enhanced features, or better compatibility with different devices or applications. They can also improve the stability of your software, and remove outdated features.

All of these updates are aimed at making the user experience better. And while repeated update reminders can be annoying, especially if you have a lot of different applications, they can improve your experience in the long run and ensure that you get the most from your technology.

While some computer software requires you to manually approve and install updates, updating software on your mobile devices can be a lot easier. You can select auto-update, ensuring that your mobile apps stay current. Considering that the average smartphone owner uses 30 apps a month, and have at least twice that many installed, this could save you a lot of time and effort.

Now that you know how important software updates can be, here are a few more tips to keep you safe:

  • Know that keeping your security software up-to-date is critical. This will protect you from the latest threats.
  • Select auto-update for software on both your mobile devices and computers, when possible. For software that doesn’t update automatically, make it a habit to regularly check for and apply available updates.
  • Before downloading any software, read others’ reviews first to make sure it’s safe to install in the first place. Cybercriminals like to distribute phony applications designed to steal your information.
  • Keep on top of the latest threats so you know how to protect yourself from known vulnerabilities.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post Why Software Updates Are So Important appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/software-updates-important/feed/ 0
Web Searches Get Complicated! Avril Lavigne Tops the 2017 Most Dangerous Celebrities List https://securingtomorrow.mcafee.com/consumer/most-dangerous-celebrities-2017/ https://securingtomorrow.mcafee.com/consumer/most-dangerous-celebrities-2017/#respond Tue, 19 Sep 2017 04:30:55 +0000 https://securingtomorrow.mcafee.com/?p=78695 To see how cybercriminals take advantage of consumers’ obsession with pop culture, we conducted the 11th annual McAfee Most Dangerous Celebrities study, which reveals which celebrities generate the most “dangerous” search results, and create the biggest risk for users browsing the web.

The post Web Searches Get Complicated! Avril Lavigne Tops the 2017 Most Dangerous Celebrities List appeared first on McAfee Blogs.

]]>
We surf the internet to find the latest celebrity gossip, discover a new song, and even interact with our favorite stars. And cybercriminals know that. In fact, they’re capitalizing on that by weaving in sneaky cyberthreats within celebrity sites. To see how cybercriminals take advantage of consumers’ obsession with pop culture, we conducted the 11th annual McAfee Most Dangerous Celebrities study, which reveals which celebrities generate the most “dangerous” search results, and create the biggest risk for users browsing the web.

First, you must be wondering– how’d we do it? McAfee conducted this study by using McAfee WebAdvisor site ratings to determine the number of risky websites generated by searches on Google, Bing and Yahoo!, that included a celebrity name and search terms likely to yield potentially malicious websites in the results. So, which celebs gives us the most cause for concern? Here’s our top 10 list:

There’s two key factors as to why A-lister Avril Lavigne takes the top spot. Oddly, she’s the target of an internet conspiracy theory that suspected the real Avril died and was replaced by an imposter. And it’s far from surprising that an internet conspiracy lead to unreliable sources and sketchy sites. The second reason is that in late 2016 Lavigne announced that she was working on a new album that will be released before the end of 2017. And unfortunately, content searches for new music lead many into uncertain areas of the internet.

For example — “Avril Lavigne + free mp3” was by far the riskiest way to search for Avril Lavigne content and resulted in a risk percentage of nearly 22%. In fact, musicians dominated this year’s list because of the dangers of searching for “free mp3,” which accounted for approximately 40% of the risky websites. Free torrent accounted for 36% of risky websites and free mp4 accounted for 24% of risky websites.

So, where do cybercriminals come in to all of this? Hackers know that consumers are looking for the latest album and movie releases from their favorite celebrities, and can use this against consumers to steal personal information. They love to leverage downloadable content like music or video files to entice consumers to visit potentially malicious websites designed to install malware.

So, since music could lead to malware, the next question is, how do you ensure your favorite artist doesn’t cost you your personal data? For starters, follow these tips:

  • Be careful what you click. Are you looking for a sneak-peak at Avril Lavigne’s rumored 2017 album? It’s best to wait for the official release than to visit a third-party website that could contain malware.
  • Searching for free MP3s? Be careful! Searching for “free MP3” returned the highest number of risky websites, so it’s important for consumers to be vigilant and ensure they are searching safely. If a website comes up that doesn’t seem 100% trustworthy, avoid paying it a visit.
  • Always browse with security protection. Whether you’re eager to learn more about your favorite artist’s background, or just discover new music, it’s important that you search the web safely. A tool such as McAfee WebAdvisor can help keep you safe by identifying malicious websites and warning the user before they click.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Web Searches Get Complicated! Avril Lavigne Tops the 2017 Most Dangerous Celebrities List appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/most-dangerous-celebrities-2017/feed/ 0
BlueBorne Vulnerabilities Endanger Over 5 Billion Bluetooth-Enabled Devices https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blueborne-vulnerabilities/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blueborne-vulnerabilities/#respond Wed, 13 Sep 2017 17:39:04 +0000 https://securingtomorrow.mcafee.com/?p=78038 From headsets, to speakers – Bluetooth technology has become an integral part our devices, and our everyday lives. Since it allows users to exchange data wirelessly, Bluetooth technology is widely popular, and has been implemented into billions of devices. Therefore, the discovery of BlueBorne, a vulnerability found in some Bluetooth technology, which cybercriminals can use […]

The post BlueBorne Vulnerabilities Endanger Over 5 Billion Bluetooth-Enabled Devices appeared first on McAfee Blogs.

]]>
From headsets, to speakers – Bluetooth technology has become an integral part our devices, and our everyday lives. Since it allows users to exchange data wirelessly, Bluetooth technology is widely popular, and has been implemented into billions of devices. Therefore, the discovery of BlueBorne, a vulnerability found in some Bluetooth technology, which cybercriminals can use to infect these popular devices, is not exactly music to our ears.

In fact, there are four zero-day BlueBorne vulnerabilities that have been found in the Bluetooth implementations used by over 5.3 billion devices. These vulnerabilities endanger major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The BlueBorne name itself is indication of how the attack works, as it spread through the air (airborne) and attacks devices via Bluetooth.

So what exactly do these vulnerabilities permit cybercriminals to do? Specifically, they allow attackers to take over devices and execute malicious code, or run man-in-the-middle attacks and potentially intercept data shared via Bluetooth communications. What’s more — the vulnerabilities can be made into a self-spreading Bluetooth worm.

Therefore, it’s important users everywhere start thinking about protection. First and foremost, you should check and see if your personal devices will be impacted by these vulnerabilities. And if your devices are included in those listed, be sure to follow these additional security tips:

  • Turn Bluetooth off unless you have to use it. Affected software providers have been notified of these vulnerabilities and are working on fixing them as we speak. But in the meantime, it’s crucial you turn off your Bluetooth unless you absolutely must use it. To do this on iOS devices, simply go to your “Settings”, select “Bluetooth” and toggle it from on to off. On Android devices, open the “Settings” app and the app will display a “Bluetooth” toggle button under the “Wireless and networks” subheading that you can use to enable and disable the feature.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Regarding the BlueBorne vulnerabilities specifically — all iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected, but the issue was patched in iOS 10. Microsoft has also stated they patched the vulnerabilities back in July. However, if you’re not an iOS or Windows user, fear not – security patches for additional providers are on their way.
  • Install comprehensive security. After you’ve updated your devices with the latest software, be sure to install comprehensive security. A solution like McAfee LiveSafe can ensure your devices are protected from cybercriminals wishing to leverage the BlueBorne vulnerabilities in order to steal your personal data.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post BlueBorne Vulnerabilities Endanger Over 5 Billion Bluetooth-Enabled Devices appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/blueborne-vulnerabilities/feed/ 0
What You Need to Know About the Equifax Data Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/need-know-equifax-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/need-know-equifax-data-breach/#comments Fri, 08 Sep 2017 18:52:39 +0000 https://securingtomorrow.mcafee.com/?p=77569 Equifax, one of the three major credit bureaus in the country, said on Thursday it suffered a major breach in late July. The breach enabled cybercriminals to access sensitive data on roughly 143 million consumers in the United States. This potentially exposed data includes names, addresses, birthdates, driver’s license data and Social Security Numbers, making […]

The post What You Need to Know About the Equifax Data Breach appeared first on McAfee Blogs.

]]>
Equifax, one of the three major credit bureaus in the country, said on Thursday it suffered a major breach in late July. The breach enabled cybercriminals to access sensitive data on roughly 143 million consumers in the United States. This potentially exposed data includes names, addresses, birthdates, driver’s license data and Social Security Numbers, making this breach one of the most significant and damaging in recent history.

Equifax has taken action and launched a program to alert potentially affected consumers that their data may have been exposed. You can check on your data’s status at www.equifaxsecurity2017.com and clicking on the “potential impact” button on the bottom of the page. Equifax is also offering a free year subscription to its credit monitoring service, TrustID.

Consumers are strongly encouraged to sign up for this credit protection service or to obtain a free copy of their credit report from one of the three major credit bureaus (Equifax, Experian and TransUnion) to identify potentially fraudulent activity. Consumers can also ask each bureau to freeze their credit reports, which essentially prevents anyone — including legitimate consumers — from opening a new line of credit. If you suspect you’re the victim of identity fraud, immediately file a report with each credit agency.

The biggest takeaway here? This breach exposes one of the biggest risks in using single unique identifiers, like Social Security Numbers, as means of identification. If it can be memorized, it can be stolen — and that puts people like you and me at risk. There is a very strong need for a better national ID standard, but what form that’ll take is anyone’s guess.

Now more than ever, it is critical to stay in the know. Keep up to date on the latest consumer security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post What You Need to Know About the Equifax Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/need-know-equifax-data-breach/feed/ 2
How to Spot Phishing Lures https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spot-phishing-lures/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spot-phishing-lures/#respond Fri, 08 Sep 2017 17:39:15 +0000 https://securingtomorrow.mcafee.com/?p=77546 Phishing attacks, in which scammers try to trick you out of your private information or money, are one of the most prevalent threats we see today. Part of the problem is that the cybercriminals have numerous ways in which to hook you, either online, over the phone, or even in person. In today’s busy world […]

The post How to Spot Phishing Lures appeared first on McAfee Blogs.

]]>
Phishing attacks, in which scammers try to trick you out of your private information or money, are one of the most prevalent threats we see today. Part of the problem is that the cybercriminals have numerous ways in which to hook you, either online, over the phone, or even in person.

In today’s busy world we are often bombarded with information and it can be hard to tell who to trust, and when to be wary. But given that online phishing attacks alone grew to over 1.2 million in 2016, costing consumers and businesses billions of dollars, it’s worth learning more about common phishing lures and how to avoid them.

The first thing you should know about phishing is that it almost always involves a form of “social engineering”, in which the scammer tries to manipulate you into trusting them for fraudulent purposes, often by pretending to be a legitimate person or business.

You can get a better idea of how this works by learning about some of the most popular scams circulating today:

  • The CEO Scam—This scam appears as an email from a leader in your organization, asking for highly sensitive information like company accounts, employee salaries and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing—the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive information, and ask the apparent sender directly whether the request is real, before responding.
  • The Urgent Email Attachment—Phishing emails that try to trick you into downloading a dangerous attachment that can potentially infect your computer and steal your private information have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary or prize. They might urge you to “respond immediately!” The lure here is offering you something you want, and invoking a sense of urgency to get you to click.
  • The “Lucky” Phone Call—How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity information. The lure here is something free or exciting at what appears to be little or no cost to you.
  • The Romance Scam—This one can happen completely online, over the phone, or in person once contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online, or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple—love and acceptance.
  • The Mobile Phish—Our heavy use of mobile devices have given scammers yet another avenue of attack. They may distribute fake mobile apps that secretly gather your personal information in the background, or they could send phony text messages, inviting you to click on a dangerous link. Either way, you may be misled by a false sense of trust in who has access to your mobile device. In this case, you may be lured by the convenience of an app, or expediency of a message.

Here are some more smart ways not to get hooked:

  • Be wary of anyone who asks for more information than they need, even if you are talking to a company or bank you do business with.
  • When responding to a message, first check to see if you recognize the sender’s name and email address.
  • Before clicking on a link, hover over it to see if the URL address looks legitimate.
  • Before logging into an online account, make sure the web address is correct. Phishers often forge legitimate websites, like online storage accounts, hoping to trick you into entering your login details.
  • Avoid “free” offers, or deals that sound too good to be true. They probably are.
  • Always use comprehensive security software to protect your devices and information from malware and other threats that might result from a phishing scam.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How to Spot Phishing Lures appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/spot-phishing-lures/feed/ 0
New App Allows Cybercriminals to Create Customized Ransomware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-app-customized-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-app-customized-ransomware/#respond Tue, 29 Aug 2017 20:59:20 +0000 https://securingtomorrow.mcafee.com/?p=77287 From clothes to food – we practically buy everything on the internet these days. That includes ransomware as well. And now available for purchase on hacking forums everywhere: an easily downloadable ransomware app. You heard correctly, all a cybercriminal has to do is download the Trojan Development Kit (TDK) app on an Android phone, fill […]

The post New App Allows Cybercriminals to Create Customized Ransomware appeared first on McAfee Blogs.

]]>
From clothes to food – we practically buy everything on the internet these days. That includes ransomware as well. And now available for purchase on hacking forums everywhere: an easily downloadable ransomware app. You heard correctly, all a cybercriminal has to do is download the Trojan Development Kit (TDK) app on an Android phone, fill out a few forms, and they have their own customized ransomware.

Since this ransomware development kit that doesn’t require any coding skills, almost anyone can keep this attack in their back pocket. Not to mention, the app, which is easily downloadable from hacking discussion boards, allows for the creation of malware by following simple instructions, with a variety of customization options available to the cybercriminal.

These customizable options include the message that’s displayed on the infected device’s lock screen, the key used to unlock the device, the icon used by the malware, the mathematical operations to randomize the code, and the type of animation to be displayed on the infected device. Once the crooks are done with creation, all they have to do is pay a small fee to the app’s creator and then they’re free to distribute the ransomware as they please and make as many variants as they like in future.

This ransomware-as-a-service (RaaS) app joins a slew of recent offerings from cybercriminals aiming to make the threat widespread. Therefore, it’s important users are prepared for a potential ransomware attack. Do to just that, ensure your software is always up-to-date, keep your files backed up on an external hard drive, be careful where you click, and no matter what you do – don’t pay the ransom.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post New App Allows Cybercriminals to Create Customized Ransomware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-app-customized-ransomware/feed/ 0
OurMine Claims to Have Breached Sony’s PlayStation Network and Stolen Information https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ourmine-claims-breached-sonys-playstation-network/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ourmine-claims-breached-sonys-playstation-network/#respond Wed, 23 Aug 2017 16:16:50 +0000 https://securingtomorrow.mcafee.com/?p=77026 Most security companies advertise their services online, hoping to attract customers with an honest promise of their abilities. OurMine, on the other hand, hacks a company, and then they talk. We’ve seen the notorious Saudi hacking group do this before, and now we are witnessing it again, as this past weekend OurMine breached social media […]

The post OurMine Claims to Have Breached Sony’s PlayStation Network and Stolen Information appeared first on McAfee Blogs.

]]>
Most security companies advertise their services online, hoping to attract customers with an honest promise of their abilities. OurMine, on the other hand, hacks a company, and then they talk. We’ve seen the notorious Saudi hacking group do this before, and now we are witnessing it again, as this past weekend OurMine breached social media accounts for the PlayStation Network. But that’s not all– the hackers are claiming to have also compromised PSN and stolen database information.

First off, what is the PlayStation Network (PSN)? It’s the online service that powers Sony’s digital storefront, all online gaming on the PS4, and much more. Basically – if you’re using a PlayStation 4 online in any capacity, you’re using PSN. That means, if OurMine breached this network and did in fact steal database information, millions of users would be impacted.

Well, according to the hackers themselves, their attempts were successful. The group confirmed their success when they overtook Sony’s official PlayStation-branded Twitter accounts to announce the alleged hack, teasing, “PlayStation, contact us we got PlayStation Network database leaked!” They even asked for support in their mission, encouraging users on both Twitter and Facebook to share about the breach, stating “Let’s make #PlaystationLeaks Trending!” What’s more – when contacted by Business Insider, the group released a statement confirming that they got their hands on registration info, which means usernames, names, emails, etc.

And though OurMine, a self-identified security group, claims “we will only send it [data] to Sony to prove it,” it’s important PlayStation users still take necessary precautions if they want to ensure their personal data is secure. Therefore, to just that, follow these tips:

  • Consistently change up your password. It’s good practice to change your password to an account every 6 months or so. That way, in instances like this, hackers won’t be able to access your account, as that password is already outdated. Be sure not to reuse old passwords from other accounts.
  • Don’t give away too much personal info. The best way to keep your personal information safe is by keeping it to yourself. Unless a website absolutely requires, try to limit the amount of sensitive information you share online. If you do give out your personal info, research the company you’re giving it to first to see if they have security top of mind.
  • Use a comprehensive security solution. Whether you’re concerned about securing personal data on your phone, or about what you share on the web, make sure all your devices are protected. Use a comprehensive security solution, like McAfee LiveSafe, to keep your personal data out of the hands of cybercriminals.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post OurMine Claims to Have Breached Sony’s PlayStation Network and Stolen Information appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ourmine-claims-breached-sonys-playstation-network/feed/ 0
5 Tips to Defend Yourself Against Ransomware https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-defend-ransomware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-defend-ransomware/#respond Wed, 16 Aug 2017 21:15:52 +0000 https://securingtomorrow.mcafee.com/?p=76945 The prospect of a “ransomware” attack, where your device is infected with malware that locks you out of your personal data and files and demands money to potentially unlock them, is a frightening thought to most people. And, these attacks have been on the rise, with nearly 9 million incidents detected by McAfee by the […]

The post 5 Tips to Defend Yourself Against Ransomware appeared first on McAfee Blogs.

]]>
The prospect of a “ransomware” attack, where your device is infected with malware that locks you out of your personal data and files and demands money to potentially unlock them, is a frightening thought to most people. And, these attacks have been on the rise, with nearly 9 million incidents detected by McAfee by the end of 2016 alone.

For instance, you probably heard about the “WannaCry” worm that wreaked havoc earlier this year. Major enterprises such as FedEx, Deutsche Bank, and the U.K.’s National Health Service were all crippled when their Windows computers were infected and payment was demanded in Bitcoin to unlock their data.

Making the matter worse, paying the ransom to regain access to files (and figuring out how to pay in Bitcoin, a hard to trace digital currency) is no guarantee that you will get your information back. The attackers could continue to ask for more money, or never unlock your files under any circumstances. Given the prevalence of ransomware and how difficult it can be to deal with, the smart move is to try to avoid it altogether.

Here are 5 important tips to keep your devices and information safe from ransomware:

1) Backup Your Data—Since paying a ransom to get your data back is often ineffective (and just encourages the attackers) the best preventative measure you can take is to backup your data on a regular basis, just in case you need to wipe your device clean after an attack. Use a backup drive, or backup to the cloud. This way you can easily retrieve all of your important information without paying a ransom.

2) Use strong security­—Antivirus software can now block some ransomware attacks by detecting variants of known viruses. Make sure to run regular scans to prevent ransomware and other common threats. And, in the case that you do fall victim, security software can be especially important in making sure your system is clean after the attack, and before you reinstall your data from backup.

3) Keep your software updated—You may remember that WannaCry only targeted outdated Windows software that wasn’t patched with the latest security fixes. This is why it’s imperative that you keep all your software, including mobile apps, up-to-date. This way, attackers have a harder time taking advantage of known vulnerabilities.

4) Be careful where you click—Sometimes it doesn’t matter how many technical tools you have at your disposal; whether attackers are successful or not can depend on your own online behavior. Ransomware attacks can be distributed in phony online ads, email links, social media messages and even via text message. Be skeptical. Don’t respond to messages from strangers or click on links in spam emails.

5) Stay Aware—Cybercrooks are always looking for new ways to trick us out of money and information. Stay informed about the latest ransomware attacks and how to avoid them. Know that businesses are also commonly targeted and that the precautions you take at home should also be applied to your work devices and data.

Although ransomware is a concerning trend, the good news is we can do a lot to counteract these sort of attacks. In fact, over the last year the No More Ransom project, which McAfee is part of, has helped thousands of people recover files that have been encrypted, or locked, by cybercrooks. Of course, your best shot at beating the cybercriminals is to avoid an attack in the first place by following the tips above.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips to Defend Yourself Against Ransomware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/5-tips-defend-ransomware/feed/ 0
SonicSpy Malware Snoops on Google Play Users via Messaging Apps https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/sonicspy-malware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/sonicspy-malware/#respond Wed, 16 Aug 2017 00:22:00 +0000 https://securingtomorrow.mcafee.com/?p=76934 Whether it’s a British spy sneaking around a casino, or a cybercriminal looking around your device, all spies snoop to find out information. In fact, a specific type of malware exists solely to spy on and collect innocent users’ data. It’s called spyware, and it’s done some serious damage in the past. Now, a new […]

The post SonicSpy Malware Snoops on Google Play Users via Messaging Apps appeared first on McAfee Blogs.

]]>
Whether it’s a British spy sneaking around a casino, or a cybercriminal looking around your device, all spies snoop to find out information. In fact, a specific type of malware exists solely to spy on and collect innocent users’ data. It’s called spyware, and it’s done some serious damage in the past. Now, a new spyware with surveillance capabilities named SonicSpy is here, and it has been weaved into thousands of malicious messaging apps– three of which have made their way onto Google Play.

These three apps, named Hulk Messenger, Troy Chat, and Soniac all contain malicious features that make them the perfect vector for cybercriminals wishing to snoop. Soniac’s capabilities in particular provide an attacker with significant control over a target device.

So, what does this control look like exactly? Once a user has downloaded a Soniac messaging app, SonicSpy malware can record audio, make outbound calls, send text messages to attacker-specified numbers, and retrieve information such as call logs, contacts, and Wi-Fi access point details.

The good news is these three apps have since been removed from Google Play. However, the remaining apps—which since February number slightly more than 4,000—are being distributed through third-party app stores. Plus, these malicious apps are also being distributed through direct phishing texts with download links. So, its important users still remain cautious.

Therefore, to ensure you don’t get snooped on by SonicSpy, follow these tips:

  • Only shop on legitimate app stores. Many of the infected applications exist outside of Google Play and are floating around on unaffiliated third-party stores. It’s crucial users only download applications from official stores, like Google Play or the Apple App store, to ensure they don’t get spied on by SonicSpy.
  • Check app reviews. Before you even download an app, make sure you head to the reviews section of an app store first. Take the time to sift through the reviews, and keep an eye out for ones that mention that the app has had issues with security or might be a bit sketchy. When in doubt, don’t download any app that is remotely questionable.
  • Don’t click. If you’re ever sent an email or a text message from an unknown source, remain wary and don’t click on any links that may be included in the message’s content. These links can carry malware, or redirect you to a malicious app in this instance.
  • Use a mobile security solution. As spyware campaigns continue to hit mobile devices, make sure your phone is prepared for any threat coming its way. To do just that, cover these devices with a mobile security solution, such as McAfee Mobile Security.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post SonicSpy Malware Snoops on Google Play Users via Messaging Apps appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/sonicspy-malware/feed/ 0
3 Reasons You Need a Personal VPN https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/3-reasons-need-personal-vpn/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/3-reasons-need-personal-vpn/#respond Thu, 10 Aug 2017 00:58:36 +0000 https://securingtomorrow.mcafee.com/?p=76811 It used to be the case that only businesses used virtual private networks (VPNs) to connect securely to the internet and keep their private data safe. But these days, with the rapid growth of online threats and privacy concerns, even the casual internet user should seriously consider using a VPN. If you are not familiar […]

The post 3 Reasons You Need a Personal VPN appeared first on McAfee Blogs.

]]>
It used to be the case that only businesses used virtual private networks (VPNs) to connect securely to the internet and keep their private data safe. But these days, with the rapid growth of online threats and privacy concerns, even the casual internet user should seriously consider using a VPN.

If you are not familiar with this technology, a VPN essentially allows you to send and receive data across a public network as if it were a private network that encrypts, or scrambles, your information so others cannot read it. Let’s take a look at the top 3 reasons why this technology could come in handy for you.

  1. You work remotely—If you like to take your laptop or mobile device to the library or cafe, you probably connect through public Wi-Fi. The problem is that many free, public Wi-Fi networks are not secured. This means that a hacker could easily intercept the information you send over the public network, including your passwords and banking information. But, if you use a personal VPN you can connect securely any time you are away from home.
  2. You want full access to the internet when travelling—Another advantage of a VPN is that it allows you to connect the sites you normally use, even while travelling. Some websites, such as video streaming sites, are not available in foreign locations. But, by using a VPN you can still access content by connecting through proxy servers. These are servers in other locations that can make requests on your behalf.So, even if you are out of the country, you can connect to a proxy server in the U.S., for example, and it will look as though the request is coming from a local server, allowing you to access the service.
  3. You take your privacy seriously— Although you may feel like what you do on the internet is private, by now we know that this is just not the case. Internet service providers (ISPs) often track and store information about what we do online, as do the websites we visit. This is how they serve up targeted ads and make money when we click on them. (They track us by identifying the unique number assigned to your device, called an Internet Protocol address.) But, when you use a VPN your traffic is routed through different Internet Protocol addresses, making you anonymous.In addition to online marketers and ISPs, hackers can also eavesdrop on your online activities if you are not on a secure network. That’s why it’s important to use a VPN when connecting through public Wi-Fi.

What to look for in a VPN:

Now that you know why having a personal VPN is so useful, here are a few tips to help you choose the right product for you:

  • Ease of use—You want secure technology, without having to be a tech whiz to use it. That’s why you should look for a product that is easy to implement, like the McAfee Safe Connect VPN app, which allows you to easily and securely connect, ensuring that your passwords and data stay private when using public networks.
  • Robust security—Look for a VPN with bank-grade encryption. This way no one can read or access the private information you send over the network.
  • Access to virtual locations—With this feature you can gain full access to the Internet, and browse anonymously.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 3 Reasons You Need a Personal VPN appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/3-reasons-need-personal-vpn/feed/ 0
Recent Phishing Attacks Target Google Chrome Extensions, Spread Adware to 1 Million Users https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phishing-attacks-target-google-chrome-extensions-spread-adware/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phishing-attacks-target-google-chrome-extensions-spread-adware/#respond Wed, 09 Aug 2017 21:25:14 +0000 https://securingtomorrow.mcafee.com/?p=76816 Browser extensions help us out with our grammar, they allow us to video chat online, they even permit us to play games. Their intent is to extend the functionality of a web browser. Unfortunately, they’re also being leveraged by cybercriminals to extend the functionality of their own malicious campaigns. In fact, this past week we’ve seen […]

The post Recent Phishing Attacks Target Google Chrome Extensions, Spread Adware to 1 Million Users appeared first on McAfee Blogs.

]]>
Browser extensions help us out with our grammar, they allow us to video chat online, they even permit us to play games. Their intent is to extend the functionality of a web browser. Unfortunately, they’re also being leveraged by cybercriminals to extend the functionality of their own malicious campaigns. In fact, this past week we’ve seen a wave of phishing attacks aimed at the developers of popular browser extensions for Google Chrome. Cybercriminals are conducting these attacks in order to hijack these extensions and use them to spread adware to innocent users.

So, what do these attacks look like exactly? One campaign saw cybercriminals compromising the Chrome Web Store account of a German developer team in order to hijack the “Copyfish” extension, which is a browser extension that performs optical character recognition. After gaining control of the extension, the crooks then modified “Copyfish” with ad-injection capabilities to distribute spam correspondence to users.

The second attack we’ve seen features the popular Chrome extension “Web Developer,” which adds a toolbar button to a browser that includes various web developer tools. Once they got inside the creator’s account, cybercriminals used the popular plug-in to their advantage, directly injecting adware into the web browser of its 1 million users.

Though adware is largely just an annoyance for innocent users, the larger issue with this attack is that cybercriminals can now potentially access users’ web account info. Since these plugins have access to pretty much everything that’s happening on a user’s browser and can do anything from reading all website content to intercepting traffic, it’s important users start thinking about protection. Therefore, to stay secure from these types of attacks, follow these tips:

  • Keep an eye out for phishing. Even though developers were the ones phished in this case, this attack is another crucial reminder for all of us to be wary and keep on the lookout for a phishing scam. Make sure to be cautious when an unknown source is requesting access to your accounts, and if a suspicious or unknown email comes through, don’t click on it.
  • Update all extensions. Remember that all bugs and potential threats are typically addressed with each update. Therefore, developers have most likely fixed whatever code has been compromised in these attacks and included those fixes in the latest version of their extension. So always double check that you’re running the most up-to-date version of any extension you use.
  • Change your passwords to your web accounts. If these cybercriminals have snooped on your browser, there’s risk that they might’ve discovered your login info to web accounts. So, change your password immediately to prevent cybercriminals from having any future access.
  • Stay secure while you browse. Sometimes it’s hard to identify whether a website is full of malicious activity, or is being snooped on by a cybercriminal. So, add an extra layer of security to your browser, and surf the web safely by utilizing McAfee WebAdvisor.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Recent Phishing Attacks Target Google Chrome Extensions, Spread Adware to 1 Million Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/phishing-attacks-target-google-chrome-extensions-spread-adware/feed/ 0
New Details on HBO Attack Emerge, “Game of Thrones” Actors’ Personal Data Leaked https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-details-hbo-attack-emerge/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-details-hbo-attack-emerge/#respond Tue, 08 Aug 2017 21:43:23 +0000 https://securingtomorrow.mcafee.com/?p=76800 Cybercriminals continue to send their regards to HBO, as their threats have turned into a stark reality. First, they teased stolen scripts and episodes from HBO shows via email, then on their own site named WinterLeak. And now, they’re taking action and making demands, unleashing full “Game of Thrones” scripts and leaking the personal info […]

The post New Details on HBO Attack Emerge, “Game of Thrones” Actors’ Personal Data Leaked appeared first on McAfee Blogs.

]]>
Cybercriminals continue to send their regards to HBO, as their threats have turned into a stark reality. First, they teased stolen scripts and episodes from HBO shows via email, then on their own site named WinterLeak. And now, they’re taking action and making demands, unleashing full “Game of Thrones” scripts and leaking the personal info of the show’s stars. The cherry on top? These crooks still hold more data, and are demanding around $7.5 million in ransom from HBO execs.

These demands came in the form of a five-minute video addressed to the network’s CEO. Set the theme music of “Game of Thrones,” the video claimed that it took the crooks six months to penetrate HBO’s network. Therefore, they’re demanding their “6-month salary” in bitcoin and claimed they usually make $12 million to $15 million a year from blackmail such as this, implying a ransom demand of between $6 million and $7.5 million.

Along with this video, these hackers released 3.4GB of files. The dump contained technical data detailing HBO’s internal network and administrator passwords, draft scripts from five “Game of Thrones” episodes, including this week’s installment, and a month’s worth of emails from HBO’s vice president for film programming, Leslie Cohen. One document that was released appears to contain the confidential cast list for Game of Thrones, listing personal telephone numbers and email addresses for actors such as Peter Dinklage, Lena Headey, and Emilia Clarke.

The cybercriminals gave HBO three days to pay the ransom, and if payment isn’t received, there’s potential for the crooks to release more data. Therefore, with this is mind, it’s important HBO employees start changing passwords and account info, as well as securing all personal data they can with security solutions.

Stay on top of the latest consumer security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post New Details on HBO Attack Emerge, “Game of Thrones” Actors’ Personal Data Leaked appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/new-details-hbo-attack-emerge/feed/ 0
Connected Cars: How One Vulnerability Can Turn Cybercriminals into Backseat Drivers https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/connected-cars/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/connected-cars/#respond Fri, 04 Aug 2017 16:11:54 +0000 https://securingtomorrow.mcafee.com/?p=76731 Whether it’s turning the music up a little, or turning down the AC – when you’re in your own car, you’re the driver in all senses of the word. Well, usually. Now, with the recent boom in connected cars, cybercriminals may soon be a backseat driver, only they’re not executing commands from the back row. […]

The post Connected Cars: How One Vulnerability Can Turn Cybercriminals into Backseat Drivers appeared first on McAfee Blogs.

]]>
Whether it’s turning the music up a little, or turning down the AC – when you’re in your own car, you’re the driver in all senses of the word. Well, usually. Now, with the recent boom in connected cars, cybercriminals may soon be a backseat driver, only they’re not executing commands from the back row. They have the capability to remotely track you as you drive, or even take control of the settings all due to this recent explosion of connected cars — and vulnerabilities within those cars that have yet to be addressed.

Our Advanced Threat Research (ATR) team addressed these vulnerabilities in preparation for this year’s DEFCON, a cybersecurity conference held annually in Las Vegas, that brings together the best and the brightest to poke and prod new technologies and discover and document vulnerabilities. Vulnerabilities in connected cars are a particularly severe issue, especially as internet-connected and semi-autonomous vehicles begin to become commonplace.

The first vulnerability explored, which our team disclosed before DEFCON, allowed a test ransomware attack. The simulated ransomware attack didn’t disable the car, it made being around the car a chore by playing a popular 80’s song at full volume until the target paid the ransom.

Another newly-discovered (and fixed) vulnerability found by our research team allowed them to make their way within into the car’s navigation system. There, they were able to find the web address the car used to check in with its manufacturer for navigation. As it so happens, the manufacturer no longer owned the domain — enabling our team to set up a honeypot site for any car that wanted to check into the manufacturer’s site. Our ATR team was surprised to see a number of cars check in. Not only that, but a number of vehicles gave their geographic location, their current navigation destinations, the GPS coordinates of waypoints and even the name of those waypoints.

That’s not all. Our team was also able to execute code through the S-Gold 2 (PMB 8876) cellular baseband chipset — a device used in a car to communicate with either the internet or a manufacturer’s intranet (an intranet being, essentially, a private internet). Obviously, our ATR team notified the relevant manufacturers of these issues, and a fix has been issued.

All of these vulnerabilities may sound concerning, but their public disclosure is actually good. Since we’ve notified Nissan and BMW of the S Gold 2 vulnerability, we have been told that a free fix has been issued to their dealers, which is available now to all affected customers in U.S. and Canada. It’s important both manufacturers and their drivers become aware of these issues, and take the necessary steps to keep their vehicles secure. To help keep your vehicle safe as a driver, follow these security tips:

  • Do your research before you buy. Conduct a quick scan online to see if any security issues have been reported with a car and its technology. That way, when looking to purchase your next car, you’ll be educated on the issues and buy with security in mind.
  • Check online notices. When made aware of vulnerabilities, manufacturers will notify the public, as well as make them aware of incoming fixes. Therefore, scan technical service bulletins or notices on a company site so that if a vulnerability does pop up with your existing car, you can learn what to do to help your vehicle stay secure.

And, of course, stay on top of the latest consumer security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Connected Cars: How One Vulnerability Can Turn Cybercriminals into Backseat Drivers appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/connected-cars/feed/ 0
Is It Hackable? Our New Podcast Intends to Find Out https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-our-new-podcast/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-our-new-podcast/#comments Tue, 01 Aug 2017 16:00:16 +0000 https://securingtomorrow.mcafee.com/?p=76436 Cyberattacks are becoming more and more prevalent. It seems like every day there’s another story about a cybercriminal attacking something new – an IoT teddy bear, support call logs, the list goes on. So, in light of these cybercrimes, McAfee has created a new podcast called Hackable? to explore what exactly makes these attacks successful. This […]

The post Is It Hackable? Our New Podcast Intends to Find Out appeared first on McAfee Blogs.

]]>
Cyberattacks are becoming more and more prevalent. It seems like every day there’s another story about a cybercriminal attacking something new – an IoT teddy bear, support call logs, the list goes on. So, in light of these cybercrimes, McAfee has created a new podcast called Hackable? to explore what exactly makes these attacks successful. This 25-minute-long podcast takes hacks heard about in the news or seen on TV, and puts them to the test. Taking over the Wi-Fi at a bustling cafe, tapping into the computer of a moving vehicle, infiltrating someone’s webcam – these are just a few of the cyberattacks carried out by the crew of Hackable?.

In the first episode of Hackable?, Geoff Siskind, with the help of cybersecurity experts, tries to uncover the truth about how risky it is to use free Wi-Fi. In this episode, Geoff and team provide some key insights and details on the history of public Wi-Fi attacks. Then, with permission of the store owner, they head to a local coffee shop to conduct a real-world experiment and replicate a Wi-Fi hack that was featured in the show Mr. Robot.

In this Dallas café, the team sets up an Evil Twin access point and makes a malicious network appear to be from a national cellular carrier in the effort of hopefully attracting its customers. If these users connect to the malicious network, cybercriminals will gain access to their device.

And, as it turns out, about 22 people fell for the ploy, which permitted the McAfee team to see quite literally anything they wanted to on those devices. At this point, cybercriminals could inject malicious code into a webpage if they want to. So, if a victim opens their browser, they could actually be downloading malware.

To stay protected from this kind of attack, Geoff and the team recommends using a VPN (virtual private network), as well as staying cautious when joining unofficial public Wi-Fi networks.

So, if you’re eager to learn more about what makes cybercriminals tick or just need a little entertainment for your morning commute, make sure you listen to “Hackable?”, which is now available for download on any of the sites below:

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

The post Is It Hackable? Our New Podcast Intends to Find Out appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/hackable-our-new-podcast/feed/ 3
Cybersecurity 101: Top Takeaways from Our Back to School Study https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/back-to-school-study/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/back-to-school-study/#respond Tue, 01 Aug 2017 04:01:16 +0000 https://securingtomorrow.mcafee.com/?p=76527 The end of summer is almost here, which means both parents and their kids are starting to gear up for the new school year. Of course, the first homework assignment and first day outfits are top of mind, however, these teens will be thinking about their devices too — what devices they can bring to […]

The post Cybersecurity 101: Top Takeaways from Our Back to School Study appeared first on McAfee Blogs.

]]>
The end of summer is almost here, which means both parents and their kids are starting to gear up for the new school year. Of course, the first homework assignment and first day outfits are top of mind, however, these teens will be thinking about their devices too — what devices they can bring to class, what they’ll post about school events, etc. But will they be thinking about what they need to do to keep these devices secure? To see how students approach device use and security in the classroom, we conducted a survey, Cybersecurity 101: Teens in the Classroom, of more than 3,900 high school students (9th-12th grade) around the world. Here are a few of our key takeaways: 

Students Are Devoted to Their Devices

Between social media and smart devices, kids are staying connected now more than ever before. And it looks like the use of these connected devices in the classroom is here to stay. 86% of students spend at least one hour per day using an internet-connected device during school hours for school-specific work. Technology has just become an everyday part of the classroom experience for students, as more than half (57%) of students spend three or more hours per day using a connected device during school hours for school-specific work.

But, it’s important to note, this connected work isn’t always done with pure intentions, as almost half of students (47%) claim to have seen or heard of another student using a connected device in the classroom to cheat on an exam, quiz, project or other assignment – with only 21% admitting to doing it themselves. Students are also defying the rules when it comes to cybersecurity restrictions as well. When it comes to getting around cyber restrictions put in place by schools, 24% of the students have successfully accessed banned content. Beyond that, almost half (45%) of the students were able to access any (21%), or some (24%) social media sites on school-owned connected devices.

Education Goes Beyond Normal Curriculum

So, what exactly is being done to address this defiance? Fortunately, both administration and teachers are actively trying to employ policy as well as educate these kids on why cybersecurity is so important. 80% of students surveyed think that their school takes the necessary steps to ensure at least the school-owned devices they use are protected from cyberthreats. And most students (86%) feel up-to-date and informed about cybersecurity education/guidelines from their school before accessing school-owned connected devices.

Why Is Security Still Struggling?

So, given schools are providing this education, the question is – why do security gaps still exist? The study discovered that, as teens age, cybersecurity education becomes less of a priority for parents. 50% of parents of children 14 to 15-years old regularly talk about staying safe online, but this percentage dropped to 30% for older teenagers 16 to 18-years old. Shockingly, 14% of 16 to 18-year olds have never talked with their parents about how to stay safe online.

Therefore, as a parent, it’s crucial you begin making cybersecurity a priority for your teens. To do just that, follow these tips:

-Talk to your teens. The best way to ensure your teen is staying safe online is to talk to them. Ask them about what they do online and encourage safe behavior like avoiding interacting with individuals they don’t know in real life.

-Use the social networks that your kids are using. Not only will you gain a better understanding about what your kids do online, but you will also become a more tru