McAfee Blogs https://securingtomorrow.mcafee.com Securing Tomorrow. Today. Wed, 24 Apr 2019 23:37:46 +0000 en-US hourly 1 https://securingtomorrow.mcafee.com/wp-content/uploads/2018/11/cropped-favicon-32x32.png McAfee Blogs https://securingtomorrow.mcafee.com 32 32 Effective Endpoint Security Strategy 101 https://securingtomorrow.mcafee.com/business/endpoint-security/effective-endpoint-security-strategy-101/ https://securingtomorrow.mcafee.com/business/endpoint-security/effective-endpoint-security-strategy-101/#respond Wed, 24 Apr 2019 15:00:13 +0000 https://securingtomorrow.mcafee.com/?p=94990

Every organization wants to expedite processes, reduce costs, and bolster their staff. And in today’s modern digital world, these objectives are largely attainable, but can occasionally come with some unwarranted side effects. With all the devices an organization uses to achieve its business’ goals, things can occasionally get lost in the shuffle, and cybersecurity issues […]

The post Effective Endpoint Security Strategy 101 appeared first on McAfee Blogs.

]]>

Every organization wants to expedite processes, reduce costs, and bolster their staff. And in today’s modern digital world, these objectives are largely attainable, but can occasionally come with some unwarranted side effects. With all the devices an organization uses to achieve its business’ goals, things can occasionally get lost in the shuffle, and cybersecurity issues can emerge as a result. Balancing your business’ objectives while ensuring your organization’s data is secure can be a challenge for many. But that challenge can be assuaged by addressing cyberthreats at the start – the endpoint. Adopting an effective endpoint protection strategy is crucial for a modern-day organization and defines a strong security posture. In fact, the importance of endpoint security has even caught the eye of venture capitalist firms, who are investing billions a year in the cybersecurity sector. But what exactly are the components of a successful endpoint security strategy? Let’s break it down.

Ensure the Basics Are in Place

If there’s one thing my previous experience with consumer security has taught me, it’s that the proliferation of connected devices is showing no signs of slowing. The same goes for the connected devices leveraged by businesses day in and day out. Organizations often give multiple devices to their workers that will be used to communicate and contain crucial business-specific information. These devices are used by employees that go just about anywhere and do just about everything, so it’s important businesses equip their people with the tools they need to protect these devices and the data they safehouse.

The first important tool – VPNs, or Virtual Private Networks. The modern workforce is a mobile one, and professionals everywhere are carrying their devices with them as they travel and connect to public Wi-Fi networks. Public Wi-Fi networks are not typically the most secure, and VPNs can help ensure those mobile devices connect securely to avoid potentially exposing data.

These devices should always have strong authentication as well, which acts as the first line of defense for any security issues that arise. Remind everyone that their devices should be locked with a strong and complex password that acts as the gatekeeper for their device. That way, the company will be protected if that individual endpoint device becomes lost or stolen.

Empower Your Employees to Do Their Part

One of the most important tools to equip your employees with is proper security training. In order to keep endpoint devices safe and networks secure, employees should undergo regular security training sessions. This training should keep everyone up-to-date on the latest threats, the necessary precautions they need to take when browsing the web, and how their individual devices can impact an organization’s network.

One main point to hit upon during employee security training – the importance of updates. Updating your device software can feel like a menial task, but the gravitas behind the ask cannot be understated. Outdated software was the cause of the WannaCry global cyberattack and will be a differentiator moving forward for when attacks do come after individual endpoint devices.

Make Predictive Technology an Essential

Now, in order to anticipate major cyberattacks like WannaCry, adopting predictive technology for your endpoint security strategy is of the utmost importance, as these innovations can be used to guide your incident response strategy. Take it from hundreds of IT professionals, who in a recent SANS survey expressed that predictive technologies – such as machine learning (ML) and artificial intelligence (AI) – are required in order to go from already knowing bad elements to focusing on identification of abnormal behavior.

ML and AI technology are also particularly crucial for visibility. This technology can empower security teams to gain insight into their endpoint detection and response systems, which automatically reduces the time required to address threats. Therefore, businesses need to have this predictive technology in place to anticipate and quickly gain insight into all threats affecting their organization’s network.

Adopt Innovative Technology

For those unsure where to start when it comes to AI and ML, there’s good news – there are actually endpoint security solutions out there that have predictive technology included in their build. Solutions such as McAfee MVISION Mobile and McAfee MVISION Endpoint have machine learning algorithms and analysis built into their architecture to help identify malicious behavior and attack patterns affecting endpoint devices.

Innovative solutions such as these will act as the cherry on top of your endpoint security strategy. So, it is crucial to take the time to invest in the right technology, irrespective of the nature of your enterprise. By creating the right combination of process and product, your organization’s network will be secure, and you won’t have to pick between business growth and a healthy security posture.

To learn more about effective endpoint security strategy, be sure to follow us @McAfee and @McAfee_Business, and read more in our latest paper: Five Ways to Rethink Your Endpoint Protection Strategy.

The post Effective Endpoint Security Strategy 101 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/effective-endpoint-security-strategy-101/feed/ 0
ST04: Ransomware Trends with Raj Samani and John Fokker https://securingtomorrow.mcafee.com/other-blogs/podcast/st04-ransomware-trends-with-raj-samani-and-john-fokker/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st04-ransomware-trends-with-raj-samani-and-john-fokker/#respond Tue, 23 Apr 2019 22:54:20 +0000 https://securingtomorrow.mcafee.com/?p=94993

Raj Samani, Chief Scientist and McAfee Fellow, and John Fokker, Head of Cyber Investigations for McAfee Advanced Threat Research, discuss various ransomware attacks and how it’s evolving.

The post ST04: Ransomware Trends with Raj Samani and John Fokker appeared first on McAfee Blogs.

]]>

Raj Samani, Chief Scientist and McAfee Fellow, and John Fokker, Head of Cyber Investigations for McAfee Advanced Threat Research, discuss various ransomware attacks and how it’s evolving.

The post ST04: Ransomware Trends with Raj Samani and John Fokker appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st04-ransomware-trends-with-raj-samani-and-john-fokker/feed/ 0
Here’s a Codicil to Add to Your Will – Disposal of Your Digital Assets https://securingtomorrow.mcafee.com/consumer/heres-a-codicil-to-add-to-your-will-disposal-of-your-digital-assets/ https://securingtomorrow.mcafee.com/consumer/heres-a-codicil-to-add-to-your-will-disposal-of-your-digital-assets/#respond Tue, 23 Apr 2019 09:49:12 +0000 https://securingtomorrow.mcafee.com/?p=94986 Codicil to Add to your Will – Disposal of Your Digital Assets We were still in shock over the sudden demise of a dear family friend. But the bereaved family had no time for grieving. The gentleman had not left any will and no one had any clear idea about his financial and physical assets. […]

The post Here’s a Codicil to Add to Your Will – Disposal of Your Digital Assets appeared first on McAfee Blogs.

]]>
Codicil to Add to your Will – Disposal of Your Digital Assets

We were still in shock over the sudden demise of a dear family friend. But the bereaved family had no time for grieving. The gentleman had not left any will and no one had any clear idea about his financial and physical assets. The family was running from pillar to post, trying to sort out the mess.

Tomorrow, you and I will go meet our lawyer and find out how to draw up our will. I want us to leave everything in order, with specific instructions, so that there are no complications for the kids later,” announced my spouse one fine morning.

I readily agreed; however, I had a question.

OK, but what about our digital assets?”

The spouse looked confused and so I continued, “Shouldn’t we also make arrangements for how we want our digital assets to be handled post our decease?”

Most of us in the age group of 40-60 years are active in the digital world in a big way, with multiple online accounts- from social media, banking, travel booking, trading, e-mail, e-transaction to blogs, e-wallets and home service. We share personal photos and videos online. We also deal with virtual currency, the records of which are stored online. The sum of all this digital data is loosely termed as our digital asset.

You may wonder what’s the big deal about a will for digital assets as some may not even have any monetary value. Well, it will help in identifying your legal successor who can take decisions about your online accounts. Otherwise, your beneficiaries will have to run around searching for passwords, filling up forms, submitting requests at various places and so on. Secondly, your families need to know about any outstanding bills you may have received via email or credit card program, or financial payments due to you.
A will outlining usernames and passwords for all accounts and detailing what you want to be done with your digital asset will make it easier for your beneficiaries to take the right actions. Also, it will allow your family to continue receiving the payments from your online investments, or even payment from your blog site!

Prepare ahead

You can take any of these three steps:

a- Explain to your family about all your online accounts and passwords

b- Write down all details in a diary and keep it where it can be easily found

c- Create a will outlining your wishes and specifications regarding your digital assets

The first two options call for sharing passwords beforehand, something that you may not be comfortable with. So, the  third option is the best available. Go for it and your dear ones will bless you for your foresight.

Be proactive about your online presence

  • There may be content on your accounts you would not want others to see- We may create or download content that we would like to keep private. The best thing to do is to regularly sanitize accounts and delete what you don’t want others to see.
  • Inactive accounts and profiles are much in demand– cyber criminals want access to inactive accounts to create false IDs and fake profiles. They can also create problems for friends and families of the users.

While most of our generation limits themselves to a handful of social media accounts, below are a few handy guidelines to securing key social media accounts –

Facebook

The social media giant allows you to appoint a legal heir who can either opt to memorialize the account or delete it permanently. They will not offer login information to the family though.

Instagram

Just like Facebook, Instagram too offers the option of either getting an account deleted or memorialized, after they receive a valid request. They also pledge to take measures to protect the privacy of the deceased person by securing the account.

YouTube

YouTube does not yet offer any facility for preserving or deleting content created by users. In fact, it regularly deletes inactive or dead accounts, which is quite understandable, given the huge volumes of uploads per minute.

Twitter

It allows legal successors to place request for deactivation of the account. They will guide you through the process, which is similar to that of Facebook and Instagram.

LinkedIn

The legal successors/family members need to approach them with certain information and fill out a form shared on their site. They will then close the account and remove the profile.

Google

Sign into Google -> My Account -> Personal Info & Privacy -> Inactive Account Manager -> setup. Then add up to 10 trusted people who will be notified if you have been inactive for a specified period. You can leave them a last message and they can also download the data that you have chosen to share with them – like emails, passwords saved by Google, photos in Drive etc.

Or else, you can ask Google to delete your entire account after a certain amount of inactivity.

Microsoft including Outlook

Similarly, legal successors can inform Microsoft to close down the account and download any information you may have chosen to share with them.

In conclusion

So, you see if you leave everything written and registered in your will, your dear ones will have less to bother about. Also, it’s our duty as well, for this is the digital world and we are the digital natives. It is about time we start doing things right in cyberspace too so as to not leave behind a legacy of clutter, confusion and possible cybercrime.

Always keep your devices secured with advanced security tools like McAfee Total Protection so that cyber criminals don’t get to your data before your heirs do.

The post Here’s a Codicil to Add to Your Will – Disposal of Your Digital Assets appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/heres-a-codicil-to-add-to-your-will-disposal-of-your-digital-assets/feed/ 0
McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/#respond Mon, 22 Apr 2019 18:15:43 +0000 https://securingtomorrow.mcafee.com/?p=91083 *This blog is originally from August 2018 and was updated April 2019* From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family. However, users can be prone to putting basic security hygiene […]

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>
*This blog is originally from August 2018 and was updated April 2019*

From connected baby monitors to smart speakers — IoT devices are becoming commonplace in modern homes. Their convenience and ease of use make them seem like the perfect gadgets for the whole family. However, users can be prone to putting basic security hygiene on the backburner when they get a shiny new IoT toy, such as applying security updates, using complex passwords for home networks and devices, and isolating critical devices or networks from IoT. Additionally, IoT devices’ poor security standards make them conveniently flawed for someone else: cybercriminals, as hackers are constantly tracking flaws which they can weaponize. When a new IoT device is put on the market, these criminals have a new opportunity to expose the device’s weaknesses and access user networks. As a matter of fact, our McAfee Labs Advanced Threat Research team uncovered a flaw in one of these IoT devices: the Wemo Insight Smart Plug, which is a Wi-Fi–connected electric outlet.

Once our research team figured out how exactly the device was vulnerable, they leveraged the flaw to test out a few types of cyberattacks. The team soon discovered an attacker could leverage this vulnerability to turn off or overload the switch, which could overheat circuits or turn a home’s power off. What’s more – this smart plug, like many vulnerable IoT devices, creates a gateway for potential hackers to compromise an entire home Wi-Fi network. In fact, using the Wemo as a sort of “middleman,” our team leveraged this open hole in the network to power a smart TV on and off, which was just one of the many things that could’ve been possibly done.

And as of April 2019, the potential of a threat born from this vulnerability seems as possible as ever. Our ATR team even has reason to believe that cybercriminals already have or are currently working on incorporating the unpatched Wemo Insight vulnerability into IoT malware. IoT malware is enticing for cybercriminals, as these devices are often lacking in their security features. With companies competing to get their versions of the latest IoT device on the market, important cybersecurity features tend to fall by the wayside. This leaves cybercriminals with plenty of opportunities to expose device flaws right off the bat, creating more sophisticated cyberattacks that evolve with the latest IoT trends.

Now, our researchers have reported this vulnerability to Belkin, and, almost a year after initial disclosure, are awaiting a follow-up. However, regardless if you’re a Wemo user or not, it’s still important you take proactive security steps to safeguard all your IoT devices. Start by following these tips:

  • Keep security top of mind when buying an IoT device. When you’re thinking of making your next IoT purchase, make sure to do your research first. Start by looking up the device in question’s security standards. A simple Google search on the product, as well as the manufacturer, will often do the trick.
  • Change default passwords and do an update right away. If you purchase a connected device, be sure to first and foremost change the default password. Default manufacturer passwords are rather easy for criminals to crack. Also, your device’s software will need to be updated at some point. In a lot of cases, devices will have updates waiting from them as soon as they’re taken out of the box. The first time you power up your device, you should check to see if there are any updates or patches from the manufacturer.
  • Keep your firmware up-to-date. Manufacturers often release software updates to protect against these potential vulnerabilities. Set your device to auto-update, if you can, so you always have the latest software. Otherwise, just remember to consistently update your firmware whenever an update is available.
  • Secure your home’s internet at the source. These smart home devices must connect to a home Wi-Fi network in order to run. If they’re vulnerable, they could expose your network as a result. Since it can be challenging to lock down all the IoT devices in a home, utilize a solution like McAfee Secure Home Platform to provide protection at the router-level.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post McAfee ATR Team Discovers New IoT Vulnerability in Wemo Insight Smart Plugs appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/wemo-vulnerability/feed/ 0
The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-nasty-list/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-nasty-list/#respond Mon, 22 Apr 2019 17:51:25 +0000 https://securingtomorrow.mcafee.com/?p=94968

How often do you check your social media accounts? According to a recent study, internet users spend an average of 2 hours and 22 minutes per day on social networking platforms. Since users are pretty reliant on social media, cybercriminals use it as an avenue to target victims with various cyberattacks. The latest social media […]

The post The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login appeared first on McAfee Blogs.

]]>

How often do you check your social media accounts? According to a recent study, internet users spend an average of 2 hours and 22 minutes per day on social networking platforms. Since users are pretty reliant on social media, cybercriminals use it as an avenue to target victims with various cyberattacks. The latest social media scheme called “The Nasty List” scams users into giving up their Instagram credentials and uses their accounts to further promote the phishing scam.

So, how exactly do hackers trick innocent users into handing over their login information? Cybercriminals spread this scam by sending messages through hacked accounts to the user’s followers, stating that they were spotted on a “Nasty List.” These messages will read something like “OMG your actually on here, @TheNastyList_34, your number is 15! its really messed up.” If the recipient visits the profile listed in the message, they will see a link in the profile description. An example of one URL that has been listed in these scam profiles is nastylist-instatop50[.]me. The user is tricked into believing that this link will supposedly allow them to see why they are on this list. This link brings up what appears to be a legitimate Instagram login page. When the victim enters their credentials on the fake login page, the cybercriminals behind this scheme will be able to take over the account and use it to further promote the scam.

Images courtesy of Bleeping Computer.
Images courtesy of Bleeping Computer.

Fortunately, there are a number of steps Instagram users can take to ensure that they don’t fall victim to this trap. Check out the following tips:

  • Be skeptical of messages from unknown users. If you receive a message from someone you don’t know, it’s best to ignore the message altogether or block the user. Additionally, if you think a friend’s social media account has been compromised, look out for spelling mistakes and grammatical errors in their message, which are common in these scams.
  • Exercise caution when inspecting links sent to your messages. Always inspect a URL before you click on it. In the case of this scam, the URL that appears with the fake login page is clearly incorrect, as it ends in a [.]me.
  • Reset your password. If your account was hacked by ‘The Nasty List’ but you still have access to your account, reset your password to regain control of your account.

And, as usual, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post The “Nasty List” Phishing Scam Is out to Steal Your Instagram Login appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/instagram-nasty-list/feed/ 0
Our PaaS App Sprung a Leak https://securingtomorrow.mcafee.com/business/cloud-security/our-paas-app-sprung-a-leak/ https://securingtomorrow.mcafee.com/business/cloud-security/our-paas-app-sprung-a-leak/#respond Mon, 22 Apr 2019 16:00:20 +0000 https://securingtomorrow.mcafee.com/?p=94954

Many breaches start with an “own goal,” an easily preventable misconfiguration or oversight that scores a goal for the opponents rather than for your team. In platform-as-a-service (PaaS) applications, the risk profile of the application can lure organizations into a false sense of security. While overall risk to the organization can be lowered, and new capabilities otherwise […]

The post Our PaaS App Sprung a Leak appeared first on McAfee Blogs.

]]>

Many breaches start with an “own goal,” an easily preventable misconfiguration or oversight that scores a goal for the opponents rather than for your team. In platform-as-a-service (PaaS) applications, the risk profile of the application can lure organizations into a false sense of security. While overall risk to the organization can be lowered, and new capabilities otherwise unavailable can be unlocked, developing a PaaS application requires careful consideration to avoid leaking your data and making the task of your opponent easier.

PaaS integrated applications are nearly always multistep service architectures, leaving behind the simplicity of yesterday’s three-tier presentation/business/data logic applications and basic model-view-controller architectures. While many of these functional patterns are carried forward into modern applications—like separating presentation functions from the modeled representation of a data object—the PaaS application is nearly always a combination of linear and non-linear chains of data, transformation, and handoffs.

As a simple example, consider a user request to generate a snapshot of some kind of data, like a website. They make the request through a simple portal. The request would start a serverless application, which applies basic logic, completes information validation, and builds the request. The work goes into a queue—another PaaS component. A serverless application figures out the full list of work that needs to be completed and puts those actions in a list. Each of these gets picked up and completed to build the data package, which is finally captured by another serverless application to an output file, with another handoff to the publishing location(s), like a storage bucket.

Planning data interactions and the exposure at each step in the passing process is critical to the application’s integrity. The complexity of PaaS is that the team must consider threats both for each script/step at a basic level individually as well as holistically for the data stores in the application. What if I could find an exploit in one of the steps to arbitrarily start dumping data? What if I found a way to simply output more data unexpectedly than it was designed to do? What if I found a way to inject data instead, corrupting and harming rather than stealing?

The familiar threats of web applications are present, and yet our defensive posture is shaped by which elements of the applications we can see and which we cannot. Traditional edge and infrastructure indicators are replaced by a focus on how we constructed the application and how to use cloud service provider (CSP) logging together with our instrumentation to gain a more holistic picture.

In development of the overall application, the process architecture is as important as the integrity of individual technical components. The team leadership of the application development should consider insider, CSP, and external threats, and consider questions like:

  • Who can modify the configuration?
  • How is it audited? Logged? Who monitors?
  • How do you discover rogue elements?
  • How are we separating development and production?
  • Do we have a strategy to manage exposure for updates through blue/green deployment?
  • Have we considered the larger CSP environment configuration to eliminate public management endpoints?
  • Should I use third-party tools to protect access to the cloud development and production environment’s management plane, such as a cloud access broker, together with cloud environmental tools to enumerate accounts and scan for common errors?

In the PaaS application construction, the integrity of basic code quality is magnified. The APIs and/or the initiation processes of serverless steps are the gateway to the data and other functions in the code. Development operations (DevOps) security should use available sources and tools to help protect the environment as new code is developed and deployed. These are a few ways to get your DevOps team started:

  • Use the OWASP REST Security Cheat Sheet for APIs and code making calls to other services directly.
  • Consider deploying tools from your CSP, such as the AWS Well-Architected Tool on a regular basis.
  • Use wrappers and tie-ins to the CSP’s PaaS application, such as AWS Lambda Layers to identify critical operational steps and use them to implement key security checks.
  • Use integrated automated fuzzing/static test tools to discover common missteps in code configuration early and address them as part of code updates.
  • Consider accountability expectations for your development team. How are team members encouraged to remain owners of code quality? What checks are necessary to reduce your risk before considering a user story or a specific implementation complete?

The data retained, managed, and created by PaaS applications has a critical value—without it, few PaaS applications would exist. Development teams need to work with larger security functions to consider the privacy requirements and security implications and to make decisions on things like data classification and potential threats. These threats can be managed, but the specific countermeasures often require a coordinated implementation between the code to access data stores, the data store configuration itself, and the dedicated development of separate data integrity functions, as well as a disaster recovery strategy.

Based on the identified risks, your team may want to consider:

  • Using data management steps to reduce the threat of data leakage (such as limiting the amount of data or records which can be returned in a given application request).
  • Looking at counters, code instrumentation, and account-based controls to detect and limit abuse.
  • Associating requests to specific accounts/application users in your logging mechanisms to create a trail for troubleshooting and investigation.
  • Recording data access logging to a hardened data store, and if the sensitivity/risk of the data store requires, transition logs to an isolated account or repository.
  • Asking your development team what the business impact of corrupting the value of your analysis, or the integrity of the data set itself might be, for example, by an otherwise authorized user injecting trash?

PaaS applications offer compelling value, economies of scale, new capabilities, and access to advanced processing otherwise out of reach for many organizations in traditional infrastructure. These services require careful planning, coordination of security operations and development teams, and a commitment to architecture in both technical development and managing risk through organizational process. Failing to consider and invest in these areas while rushing headlong into new PaaS tools might lead your team to discover that your app has sprung a leak!

The post Our PaaS App Sprung a Leak appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/our-paas-app-sprung-a-leak/feed/ 0
From Internet to Internet of Things https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/internet-to-iot/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/internet-to-iot/#respond Mon, 22 Apr 2019 13:00:23 +0000 https://securingtomorrow.mcafee.com/?p=94965

Thirty years ago, Tim Berners-Lee set out to accomplish an ambitious idea – the World Wide Web. While most of us take this invention for granted, we have the internet to thank for the technological advances that make up today’s smart home. From smart plugs to voice assistants – these connected devices have changed the […]

The post From Internet to Internet of Things appeared first on McAfee Blogs.

]]>

Thirty years ago, Tim Berners-Lee set out to accomplish an ambitious idea – the World Wide Web. While most of us take this invention for granted, we have the internet to thank for the technological advances that make up today’s smart home. From smart plugs to voice assistants – these connected devices have changed the modern consumer digital lifestyle dramatically. In 2019, the Internet of Things dominates the technological realm we have grown accustomed to – which makes us wonder, where do we go from here? Below, we take a closer look at where IoT began and where it is headed.

A Connected Evolution

Our connected world started to blossom with our first form of digital communication in the late 1800s –– Morse code. From there, technological advancements like the telephone, radio, and satellites made the world a smaller place. By the time the 1970s came about, email became possible through the creation of the internet. Soon enough the internet spread like wildfire, and in the 1990s we got the invention of the World Wide Web, which revolutionized the way people lived around the world. Little did Berners-Lee know that his invention would be used decades, probably even centuries, later to enable the devices that contribute to our connected lives.

Just ten years ago, there were less than one billion IoT devices in use around the world. In the year 2019, that number has been projected to skyrocket to over eight billion throughout the course of this year. In fact, it is predicted that by 2025, there will be almost twenty-two billion IoT devices in use throughout the world. Locks, doorbells, thermostats and other everyday items are becoming “smart,” while security for these devices is lacking quite significantly. With these devices creating more access points throughout our smart homes, it is comparable to leaving a backdoor unlocked for intruders. Without proper security in place, these devices, and by extension our smart homes, are vulnerable to cyberattacks.

Moving Forward with Security Top of Mind

If we’ve learned one thing from this technological evolution, it’s that we aren’t moving backward anytime soon. Society will continue to push the boundaries of what is possible – like taking the first a picture of a black hole. However, in conjunction with these advancements, to steer in the right direction, we have to prioritize security, as well as ease of use. For these reasons, it’s vital to have a security partner that you can trust, that will continue to grow to not only fit evolving needs, but evolving technologies, too. At McAfee, we make IoT device security a priority. We believe that when security is built in from the start, user data is more secure. Therefore, we call on manufacturers, users, and organizations to all equally do their part to safeguard connected devices and protect precious data. From there, we can all enjoy these technological advancements in a secure and stress-free way.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post From Internet to Internet of Things appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/internet-to-iot/feed/ 0
The Mute Button: How to Use Your Most Underrated Social Superpower https://securingtomorrow.mcafee.com/consumer/family-safety/the-mute-button-how-to-use-your-most-underrated-social-superpower/ https://securingtomorrow.mcafee.com/consumer/family-safety/the-mute-button-how-to-use-your-most-underrated-social-superpower/#respond Sat, 20 Apr 2019 14:05:52 +0000 https://securingtomorrow.mcafee.com/?p=94957

For a Monday, the school day was turning out to be surprisingly awesome. Mackenzie sat with friends at lunch, chatted with her favorite teacher, and aced her English test. Then came the shift. It happened between 5th and 6th period when Mackenzie checked her Instagram account. One glance showed several posts from the popular girls (yet […]

The post The Mute Button: How to Use Your Most Underrated Social Superpower appeared first on McAfee Blogs.

]]>

For a Monday, the school day was turning out to be surprisingly awesome. Mackenzie sat with friends at lunch, chatted with her favorite teacher, and aced her English test.

Then came the shift.

It happened between 5th and 6th period when Mackenzie checked her Instagram account. One glance showed several posts from the popular girls (yet another party I wasn’t invited to, she thought). She saw her friend Emma’s Spring Break photos (how can someone look that good in a bikini, she wondered) followed by several whos-dating-who posts from blissful looking couples (when is someone going to love me, she mused). In less than 60 seconds, the images and comments Mackenzie saw had the power to subtly alter her heart and mind.

FOMO

Mackenzie isn’t alone. Studies have repeatedly linked Social networks with high levels of anxiety, depression, bullying and an emotional phenomenon called FOMO (fear of missing out) among teens and — if we’re honest — among plenty of adults.

We can’t control the perpetual stream of photos, comments, and videos that flood our social feeds. Social is here to stay, and to some extent, most of us are required to be online. However, we can control the amount and the quality of the content that comes at us. And, we can teach our kids to do the same.

It’s called the mute button, and it could be your family’s most underrated superpower when it comes to enjoying life online. Many people either don’t know about their mute button or forget they have it.

The mute button allows you to turn off someone’s feed (yes—make it vanish) without the awkwardness of unfollowing or unfriending them. The cool part: No one knows you’ve muted them, so there are no hurt feelings. You can still view a muted person’s profile, and they can see yours. You can send or receive direct messages as if everything were copacetic.

How to mute

Thankfully, you can mute people easily on most social networks.

To mute someone on Instagram, go to the person’s page, find to the three little dots in the top upper right of the page, click and choose mute (you can choose to mute their feed and their stories). You can mute someone on Facebook by going to the person’s main page and clicking the “friends” button under their photo. You will have the option to “unfollow,” which will mute the person’s content but allow you to stay friends. On Twitter, you can stop seeing a person’s tweets by going to the three dots in the top upper right corner and choosing “mute.”

This simple, powerful click will allow you to curate what you see in your feed every day and instantly block the content that is annoying or negative. The result? Fewer emotional darts are flying at you randomly throughout the day and, hopefully, a more enjoyable, positive experience online.

When to mute

What’ s considered annoying or offensive to one person may be entirely acceptable and even enjoyable to someone else. So, the reasons for muting someone can vary greatly.

A few reasons to mute might be: 

  • Inappropriate or offensive content
  • Mean, bullying, or reckless content
  • Posting too frequently
  • Excessive bragging, boasting, or self-promotion
  • Content that negatively impacts your mental health
  • Non-stop political posts or rants
  • Too many selfies
  • Graphic or disturbing images or videos
  • Constant negative or critical posts
  • Useless, uninteresting, or tedious information
  • Monopolizing conversations
  • Perpetual personal drama
  • Too much content on one topic

Talking points for families

Editing your social circle is okay. The voices that surround you have influence, so choose the voices you surround yourself with carefully. Also, being “friends” with 1,000 or even 300 people isn’t realistic or reflective of real life. Remind kids: That tug (or compulsion) you feel to like, comment, post, or chime in online should not rule your time or your mind. You (and your family) may be surprised how good it feels to whittle down the number of voices you allow into your day.

Pay attention to emotional triggers. In many ways, you are what you consume online. Ask yourself: Is this person’s account positive or negative? Does it make me feel included and worthy or excluded and less-than? Do I feel jealous, annoyed, or negative when I see this person’s updates, photos, or tweets? Edit boldly. You can mute negative accounts temporarily or permanently without guilt.

Less noise, less clutter. If you want things to be different, you have to do things differently, and this applies online. Forming your thoughts and opinions is much more difficult when you are constantly absorbing other people’s ideas. The less digital clutter, the more room for quiet contemplation and self-awareness, which is always a good idea for young and older mind minds alike.

Be brave, be you. Kids pay far more attention to friend and follower counts than adults do. They consider it intentional rejection when someone unfollows or unfriends them online. For that reason, you may need to reiterate the importance of putting mental health before popularity or people pleasing. Remind them: It’s okay to mute, unfollow, or unfriend any person who is not a positive influence on your heart and mind.

No one is everyone’s favorite. It’s impossible to like everyone or be liked by everyone — impossible. There will always be individuals who will get under your skin. And, at times, people may feel the same about you. This is a normal part of human relationships. This reality makes striving to be liked by everyone online an impossible, exhausting task.

The digital world is packed with ever-changing social complexities. Seemingly casual clicks can trigger an avalanche of positive or negative emotions that can take their toll (whether we realize it or not). Helping your child think proactively about content and take responsibility for the content comes across his or her screen, is more important than ever in raising wise, healthy digital kids.

The post The Mute Button: How to Use Your Most Underrated Social Superpower appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/the-mute-button-how-to-use-your-most-underrated-social-superpower/feed/ 0
IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/iot-zero-days-is-belkin-wemo-smart-plug-the-next-malware-target/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/iot-zero-days-is-belkin-wemo-smart-plug-the-next-malware-target/#respond Thu, 18 Apr 2019 20:14:20 +0000 https://securingtomorrow.mcafee.com/?p=94932

Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing […]

The post IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? appeared first on McAfee Blogs.

]]>

Effective malware is typically developed with intention, targeting specific victims using either known or unknown vulnerabilities to achieve its primary functions. In this blog, we will explore a vulnerability submitted by McAfee Advanced Threat Research (ATR) and investigate a piece of malware that recently incorporated similar vulnerabilities. The takeaway from this blog is the increasing movement towards IoT-specific malware and the likelihood of this unique vulnerability being incorporated into future malware.

We are rapidly approaching the one-year mark for the date McAfee ATR disclosed to Belkin (a consumer electronics company) a critical, remote code execution vulnerability in the Belkin WeMo Insight smart plug.  The date was May 21st, 2018, and the disclosure included extensive details on the vulnerability (a buffer overflow), proof-of-concept, exploit code and even a video demo showing the impact, dropping into a root shell opened on the target device. We further blogged about how this device, once compromised, can be used to pivot to other devices inside the network, including smart TVs, surveillance cameras, and even fully patched non-IoT devices such as PCs. Initially, the vendor assured us they had a patch ready to go and would be rolling it out prior to our planned public disclosure. In January of 2019, Belkin patched a vulnerability in the Mr. Coffee Coffee Maker w/ WeMo, which McAfee ATR reported to Belkin on November 16th, 2018, and released publicly at Mobile World Congress in late February. We commend Belkin for an effective patch within the disclosure window, though we were somewhat surprised that this was the prioritized patch given the Mr. Coffee product with WeMo no longer appears to be produced or sold.

The Insight smart plug firmware update never materialized and, after attempts to try to communicate further, three months later, in accordance with our vulnerability disclosure policy, McAfee ATR disclosed the issue publicly on August 21st. Our hope is that vulnerability disclosures will encourage vendors to patch vulnerabilities, educate the security community on a vulnerable product to drive development of defenses and, ultimately, encourage developers to recognize the impact that insecure code development can have.

Fast forward nearly a year and, to the best of our knowledge this vulnerability, classified as CVE-2018-6692, is still a zero-day vulnerability.  As of April 10th, 2019, we have heard of plans for a patch towards the end of the month and are standing by to confirm. We intentionally did not release exploit code to the public, as we believe it tips the balance in favor of cyber criminals, but exploitation of this vulnerability, while challenging in some regards, is certainly straightforward for a determined attacker.

IoT-Specific Malware

Let’s focus now on why this vulnerability is enticing for malicious actors.  Recently, Trend Micro released a blog observing occasional in-the-wild detections for a malware known as Bashlite. This specific malware was recently updated to include IoT devices in its arsenal, specifically using a Metasploit module for a known vulnerability in the WeMo UPnP protocol. The vulnerability appears to be tied to a 2015 bug which was patched by Belkin and was used to fingerprint and exploit WeMo devices using the “SetSmartDevInfo” action and corresponding “SmartDevURL” argument.

We can say for certain that this Metasploit module is not targeting the same vulnerability submitted by McAfee ATR, which resides in the <EnergyPerUnitCostVersion> XML field, within the libUPnPHndlr.so library.

Analysis of Bashlite and IOT Device Targets

After briefly analyzing a few samples of the malware (file hashes from the aforementioned blog), the device appears to check for default credentials and known vulnerabilities in multiple IoT devices. For example, I came across a tweet after finding reference to a password in the binary of “oelinux123”.

This IoT device is an Alcatel Mobile Wifi, which has a number of known/default passwords. Notice the top username/password combination of “root:oelinux123.” When we analyze the actual malware, we can observe the steps used to enumerate and scan for vulnerable devices.

Here is a reference from the popular binary disassembly tool IDA Pro showing the password “OELINUX123” used to access a mobile WiFi device.

The next image is a large “jump table” used to scan through and identify a range of devices or targets using known passwords or vulnerabilities.

Next is some output from the “Echobot” scanner employed by the malware used to report possible vulnerabilities in target devices from the above jump table.

The final screenshot shows a list of some of the hardcoded credentials used by the malware.

The “huigu309” password appears to be associated with Zhone and Alcatel Lucent routers. Both routers have had several known vulnerabilities, backdoors and hardcoded passwords built into the firmware.

There is no need to continue the analysis further as the point of this is not to analyze the Bashlite malware in depth, but I did think it was worth expanding on some of the capabilities briefly, to show this malware is programmed to target multiple IoT devices.

Now to the point! The simple fact that generic WeMo Metasploit modules were added to this indicates that Belkin WeMo makes an interesting enough target that an unpatched vulnerability would be compelling to add to the malware’s capabilities. Hence, we believe it is possible, perhaps even likely, that malware authors already have or are currently working on incorporating the unpatched WeMo Insight vulnerability into IoT malware. We will be closely following threats related to this zero-day and will update or add to this blog if malware embedding this vulnerability surfaces. If the vendor does produce an effective patch, it will be a step in the right direction to reduce the overall threat and likelihood of weaponizing the vulnerability in malware.

How to Protect Your Devices

As this vulnerability requires network access to exploit the device, we highly recommend users of IoT devices such as the WeMo Insight implement strong WIFI passwords, and further isolate IoT devices from critical devices using VLANs or network segmentation. McAfee Secure Home Platform users can enable whitelisting or blacklisting features for protection from malicious botnets attempting to exploit this vulnerability.

Call to Action for Vendors, Consumers and Enterprise

It should be plain to see there is some low-hanging fruit in the industry of securing IoT devices. While some of the obvious simple issues such as hardcoded credentials are unexplainable, we understand that true software vulnerabilities cannot always be avoided. However, we issue a call-to action for IoT vendors; these issues must be fixed, and quickly too. Threat actors are constantly tracking flaws which they can weaponize, and we see a prime example of this in the Bashlite malware, updated for IoT devices including Belkin WeMo. By listening to consumer’s asks for security, partnering with researchers closely to identify flaws, and having a fast and flexible response model, vendors have a unique opportunity to close the holes in the products the world is increasingly relying on. Consumers can take away the importance of basic security hygiene; applying security updates when available, practicing complex password policy for home networks and devices, and isolating critical devices or networks from IoT.  Enterprise readers should be aware that just because this is an IoT consumer device typically, does not mean corporate assets cannot be compromised.  Once a home network has been infiltrated, all devices on that same network should be considered at risk, including corporate laptops.  This is a common method for cyber criminals to cross the boundary between home and enterprise.

The post IoT Zero-Days – Is Belkin WeMo Smart Plug the Next Malware Target? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/iot-zero-days-is-belkin-wemo-smart-plug-the-next-malware-target/feed/ 0
Why McAfee is Supporting the University of Guelph’s New Cyber Security and Threat Intelligence Degree Program https://securingtomorrow.mcafee.com/business/why-mcafee-is-supporting-the-university-of-guelphs-new-cyber-security-and-threat-intelligence-degree-program/ https://securingtomorrow.mcafee.com/business/why-mcafee-is-supporting-the-university-of-guelphs-new-cyber-security-and-threat-intelligence-degree-program/#respond Thu, 18 Apr 2019 16:30:04 +0000 https://securingtomorrow.mcafee.com/?p=94923

McAfee has a rich history in helping to shape the industry’s response to the ever-changing threat landscape.  We started as a pioneer in cybersecurity over three decades ago. Today, we are the device to cloud cybersecurity market leader, supporting consumers to small and large enterprises to governments. But we don’t do this on our own. […]

The post Why McAfee is Supporting the University of Guelph’s New Cyber Security and Threat Intelligence Degree Program appeared first on McAfee Blogs.

]]>

McAfee has a rich history in helping to shape the industry’s response to the ever-changing threat landscape.  We started as a pioneer in cybersecurity over three decades ago. Today, we are the device to cloud cybersecurity market leader, supporting consumers to small and large enterprises to governments.

But we don’t do this on our own. And in order for us to be successful in our mission to make the digital world more secure, we need to have the right people in place.

One of the largest challenges facing the cybersecurity industry today is the lack of skilled personnel and the global talent shortage. Current research indicates that our industry will face more than 1.5 million unfilled cybersecurity positions by 2025.

This talent shortage, coupled with the increasing volume of threats and the changing cybercriminal landscape, presents a problem which is only getting worse. And not just for us, but the whole industry. Therefore, we must, as a group, collectively improve upon this talent shortage.

So how will we do this?

One step that McAfee is investing heavily in is education. We are already doing a lot of work to support students and inspire them to take on careers in cybersecurity, for example our work in the UK with high school programs run at the home of the World War II code breakers Bletchley Park.

Now we’re delighted to be expanding this work even further as a founding partner of the new Master of Cybersecurity and Threat Intelligence at the University of Guelph which will launch in September this year. This graduate degree will train the next generation on how to stop cyberattacks before they happen, and give students expertise in threat intelligence, threat hunting, digital forensics, intrusion prevention, privacy, crypt analysis and more.

During the course, students will work with state-of-the-art cybersecurity tools where they can run real-world attacks within an isolated lab, engaging directly with active adversaries and learn their tactics, techniques and procedures to build state of art cyber defense and detection systems. They will learn the intricacies of how attacks are conducted and methods for preventing further intrusions. McAfee has already been involved with the development of the Lab, ensuring it replicates our real-world labs to give students the right experience from the very beginning.

But we’re not just supporting the lab. Alongside partners including Cisco and BlackBerry, we’re also going to be showing up throughout the course and inviting students to work closely with us inside McAfee to build the skills they need for a future career in cybersecurity.

As a Canadian, I am particularly proud that a Canadian institution is showing this level of innovation which will enhance not only our local talent pool but will also help solve the global talent shortage.

To learn more, and apply to be one of the founding class, visit the University of Guelph here.

The post Why McAfee is Supporting the University of Guelph’s New Cyber Security and Threat Intelligence Degree Program appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/why-mcafee-is-supporting-the-university-of-guelphs-new-cyber-security-and-threat-intelligence-degree-program/feed/ 0
Employees Share Stories Working in Award–Winning Cork Office https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/employees-share-stories-working-in-award-winning-cork-office/ https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/employees-share-stories-working-in-award-winning-cork-office/#respond Thu, 18 Apr 2019 14:49:10 +0000 https://securingtomorrow.mcafee.com/?p=94919

“The culture at McAfee is easy going, fun, dynamic and everyone is friendly.”—Deirdre, Project Manager The McAfee office in Cork was once again named among companies recognized in Ireland’s Great Place to Work awards. Our Cork location has much to offer—from a supportive working environment to career growth opportunities, the opportunities are abundant. Hear from […]

The post Employees Share Stories Working in Award–Winning Cork Office appeared first on McAfee Blogs.

]]>

“The culture at McAfee is easy going, fun, dynamic and everyone is friendly.”—Deirdre, Project Manager

The McAfee office in Cork was once again named among companies recognized in Ireland’s Great Place to Work awards. Our Cork location has much to offer—from a supportive working environment to career growth opportunities, the opportunities are abundant.

Hear from three McAfee employees, Deirdre, Ranjit and Oliver, as they share their personal stories of working in the Cork, Ireland office.

Want to join in on the fun? We’re hiring in Cork! Apply now.

For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about.

The post Employees Share Stories Working in Award–Winning Cork Office appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/employees-share-stories-working-in-award-winning-cork-office/feed/ 0
Federal, State Cyber Resiliency Requires Action https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/federal-state-cyber-resiliency-requires-action/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/federal-state-cyber-resiliency-requires-action/#respond Tue, 16 Apr 2019 15:00:42 +0000 https://securingtomorrow.mcafee.com/?p=94907

It is no shock that our state and local infrastructures are some of the most sought-after targets for foreign and malicious cyber attackers, but the real surprise lies in the lack of preventive measures that are able to curb them. Major attention has been drawn to the critical gaps that exist as a result of […]

The post Federal, State Cyber Resiliency Requires Action appeared first on McAfee Blogs.

]]>

It is no shock that our state and local infrastructures are some of the most sought-after targets for foreign and malicious cyber attackers, but the real surprise lies in the lack of preventive measures that are able to curb them. Major attention has been drawn to the critical gaps that exist as a result of an ever-expanding attack surface, making old system architectures an increasing liability.

Recently, the city of Albany, New York became a victim of a ruthless ransomware attack, which created a series of municipal service interruptions. Residents weren’t able to use the city’s services to obtain birth certificates, death certificates or marriage licenses, and the police department’s networks were rendered inoperable for an entire day. This resulted in an enormous disruption of the city’s functionality and made clear that the threat to infrastructure is more real than ever. Bolstering state and local digital defenses should be of the utmost priority, especially as we near the 2020 presidential elections when further attacks on election infrastructure are expected. We must take the necessary precautions to mitigate cyberattack risk.

The reintroduction of the State Cyber Resiliency Act by Senators Mark Warner (D-VA) and Cory Gardner (R-CO), and Representatives Derek Kilmer (D-WA) and Michael McCaul (R-TX), does just that. The legislation demonstrates a critical bipartisan effort to ensure that state, local and tribal governments have a robust capacity to strengthen their defenses against cybersecurity threats and vulnerabilities through the Department of Homeland Security (DHS). States have made clear that they suffer from inadequate resources to deal with increasingly sophisticated attacks, but also the most basic attacks, which require proper safeguards and baseline protection. This bill works to strategically address the challenges posed by a lack of resources to deal with emerging threats.

The possibility of cyber warfare must not be taken lightly and has long gone ignored. This bill shows that the status quo of kicking the can further down the road will no longer stand as a “strategy” in today’s political and cybersecurity landscape. Action is necessary to better secure our national security and the systems upon which every sector of our economy relies, from utilities to banking to emergency first responders to hospital networks to election infrastructure. It is our responsibility to create and support the safeguards against bad actors looking for gaps in our infrastructure.

The bill makes states eligible for grants to implement comprehensive, flexible cybersecurity plans that address continuous vulnerability monitoring, protection for critical infrastructure systems and a resilient cybersecurity workforce. States would also be able to repurpose funds to various local and tribal governments. In addition, the bill would implement a 15-person committee to review the proposed plans and track the spending of state and local governments. This committee would help states and localities formulate and deliver annual reports to Congress that detail the program’s progress. The specific funding was not disclosed, but this effort showcases the timeliness of the issue and why it is such an imperative step at this stage in time.

We must take basic steps to ensure the security of our state and local systems, and enable systems to be patched, maintained and protected from outside threats. This bill is a welcomed and needed effort by lawmakers to address the existing challenges states and local governments and infrastructures are dealing with every day.  As adversaries become increasingly sophisticated and targeted in their attack strategies, we have a responsibility to best equip states and localities with the necessary tools to close gaps and mitigate gaps.

We at McAfee are committed to partnering with federal, state and local governments to equip them with the best strategies to create a better and more secure cybersecurity future.

The post Federal, State Cyber Resiliency Requires Action appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/federal-state-cyber-resiliency-requires-action/feed/ 0
Social Underground: Kids Using Google Docs as New Digital Hangout https://securingtomorrow.mcafee.com/consumer/family-safety/social-underground-kids-using-google-docs-as-new-digital-hangout/ https://securingtomorrow.mcafee.com/consumer/family-safety/social-underground-kids-using-google-docs-as-new-digital-hangout/#comments Sat, 13 Apr 2019 14:00:22 +0000 https://securingtomorrow.mcafee.com/?p=94896

Over the years kids have succeeded in staying one step ahead of parents on the digital front. Remember the golden days of social? Teens owned Facebook until every parent, auntie, and grandparent on the planet showed up. So, teens migrated to Instagram, Twitter, and Snapchat hoping to carve out a private patch of land for […]

The post Social Underground: Kids Using Google Docs as New Digital Hangout appeared first on McAfee Blogs.

]]>

Over the years kids have succeeded in staying one step ahead of parents on the digital front. Remember the golden days of social? Teens owned Facebook until every parent, auntie, and grandparent on the planet showed up. So, teens migrated to Instagram, Twitter, and Snapchat hoping to carve out a private patch of land for their tribe. And, according to a report in The Atlantic, the latest app these digital nomads have claimed as a covert hangout surprisingly is Google Docs.

Yes — Google Docs — that boring looking online tool many of us parents use at work to collaborate on projects. Google Docs is perfect when you think about it. The app can be accessed on a tablet, laptop, or as a phone app. It allows multiple users to edit a document at the same time — kind of like an online party or the ultimate private group chat.

To interact, kids can use the chat function or even highlight words or phrases and use a comment bubble to chat. Because teachers use the application in the classroom, kids are using Google Docs to chat during class without getting busted or dupe parents at home into thinking they are doing their homework.

Another big perk: Schools have firewalls that block social networking sites during school hours, but Google Docs is officially cleared for school use.

The Risks

As with any app, what begins as a covert, harmlessly chat channel between friends, can get malicious quickly as more and more people are invited into a shared document to talk.

Kids can easily share videos, memes, and hurtful, joking, or inappropriate content within a Google Doc. They can gang up on other kids and bully others just as they do on any other social network. Similar to the way images disappear on Snapchat in 24 hours or on Instagram stories, the “resolve” button on Google Docs chat function, allows kids to instantly delete a chat thread if a teacher or parent heads their way or hovers too closely.

Because Google Docs live on the cloud, there’s no need to download or install a piece of software to use or access it. Any device connected to the Internet can access a Google Doc, which means kids can also use it as a digital diary without a digital trail and hide potentially harmful behaviors from parents.

10 Ways to Coach Your Kids Around Digital Safety 

  1. Know where they go. Just as you’d ask where your child where he or she is going offline, be aware of their digital destinations online. Check on them during homework hours to be sure they aren’t chatting away their learning time.
  2. Check for other apps. If you’ve grounded your child from his or her smartphone for any reason, and they claim they have online homework to do, check their laptops and tablets for chat apps like Kik, WhatsApp, hidden vault apps, and of course, as we now know, Google Docs (see right for the icon).
  3. Remember, it’s forever. Even if an image or video is “resolved” on Google Docs, deleted on Instagram or Twitter, or “vanishes” on Snapchat, the great equalizer is the screenshot. Anyone can take one, and anyone can use it to bully, extort, or shame another person anytime they decide. Remind kids of the responsibility they have with any content they share anywhere online — privacy does not exist.
  4. Sharing is caring. If your child is on Google Docs and you have a hunch, they aren’t doing homework, ask them to share their document with you so you can monitor their work. Just hit the big blue “share” button and insert your email address and you will have immediate access to the homework document.
  5. Keep in touch with teachers. If your child’s grades begin to slip, he or she could be distracted at school. Ask about what apps are used in the classroom and alert the teacher if you think your child might be distracted be it with technology or anything else.
  6. Parental controls. Hey, we’re busy because we’re parents. Enlist some help in monitoring your child’s online activity with parental control software. This will help you block risky sites, limit excessive app use, and give you a report of where your kids spend most of their time online.
  7. Look for red flags. Everyone needs and desires privacy even your teen. The tough part is discerning when a teen is being private or trying to hide risky behavior. A few red flags to look for include defensiveness when asked about an app or chat activity, turning off a device screen when you come around, and getting angry when you ask to see their screen. Another sign of unhealthy app use is an increase in data use and fatigue at school from lack of sleep.
  8. Connect with other parents. Here’s the snag in the whole plan: The rules that apply to homework and devices at your house, may not apply at other people’s homes where kids often study. Bullying or inappropriate online behaviors often take place under other people’s roofs. So get intentional. Keep in touch with other parents. Find common ground on digital values before letting kids go offsite for homework time.
  9. Talk, talk, talk. Your best defense in keeping your kids safe online — be it using apps or other sites — is a strong offense. Talk with your kids often about what they like to do online, what their friends do, and address digital issues immediately.
  10. Be flexible. Parental monitoring is going to look different in every family. Every child is different in maturity, and every parent-child relationship varies greatly. Find a monitoring solution that works for your family. Coming down too hard on your kids could drive them into deeper secrecy while taking a hands-off approach could put them in danger. Try different methods until you find one that fits your family.

Remember: You won’t be able to keep your finger on everything your child is up to online, but you can still have a considerable influence by staying in the know on digital trends and best online safety practices.

The post Social Underground: Kids Using Google Docs as New Digital Hangout appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/social-underground-kids-using-google-docs-as-new-digital-hangout/feed/ 1
5 Most Common Types of Threats You Need to Know About https://securingtomorrow.mcafee.com/business/5-most-common-types-of-threats-you-need-to-know-about/ https://securingtomorrow.mcafee.com/business/5-most-common-types-of-threats-you-need-to-know-about/#respond Wed, 10 Apr 2019 15:00:44 +0000 https://securingtomorrow.mcafee.com/?p=94846

Cyber threats sometimes feel unrelenting and are becoming more dangerous every day. While the internet presents users with lots of information and services, it also includes several risks. Cyberattacks are increasing in sophistication and volume, with many cybercriminals using a combination of different types of attacks to accomplish a single goal. Though the list of […]

The post 5 Most Common Types of Threats You Need to Know About appeared first on McAfee Blogs.

]]>

Cyber threats sometimes feel unrelenting and are becoming more dangerous every day. While the internet presents users with lots of information and services, it also includes several risks. Cyberattacks are increasing in sophistication and volume, with many cybercriminals using a combination of different types of attacks to accomplish a single goal. Though the list of potential threats is extensive, below you’ll see the most common security threats you should look out for.

1.  Malware

Short for “malicious software,” malware comes in several forms and can cause serious damage to a computer or corporate network. There are various forms of malware ranging from viruses and worms to Trojans and beyond. Malware is often seen as a catch-all term that refers to any software designed to cause damage to a computer, server, or network.

Antivirus software is the most known product to protect your personal devices against malware and is a great start to prevent potential threats. While for enterprises, protecting your endpoint is essential to quickly detect, prevent, and correct advanced threats to your business.

2. Computer Worm:

The distinctive trait of a worm is that it can self-replicate and doesn’t require human interaction to create copies and spread quickly and in great volume. Most worms are spread though tricking internet users and are designed to exploit known security holes in software. Since many employees use their phones for work-related tasks when they are not within the perimeter of their corporate firewall, businesses are at a high risk for potential worms. If a machine is infected, the worm can: corrupt files, steal sensitive data, install a backdoor giving cybercriminals access to your computer, or modify system settings to make your machine more vulnerable.

3. Spam:

Spam refers to unsolicited messages in your email inbox. From the sender’s perspective, spam is a great way to get their message across in an efficient and cost-effective way. While spam is usually considered harmless, some can include links that will install malicious software on your computer if the recipient clicks on it.

How do you recognize malicious spam? First off, if you don’t recognize the sender’s address, don’t open it. Also, if the email addresses you in a generic way, i.e. “Dear customer”, “Hi there” etc., don’t engage. Be aware of the embedded links and check if they have odd URL’s by hovering over them to see where it wants to direct you and if the destination URL matches the destination site you expect.

4. Phishing

Created by cybercriminals attempting to solicit private or sensitive information, phishing schemes tend to be the starting point of nearly all successful cyberattacks. Phishing schemes can disguise itself in many forms, whether its posing as your bank or a common web service, with the sole purpose to lure you in by clicking links and asking you to verify account details, personal information, or passwords. Many people still associate phishing threats with emails, but the threat has evolved beyond your inbox. Hackers are now employing text messages, phone calls, phony apps, and social media quizzes to trick an unwitting victim.

5. Botnet:

Botnet malware is a network of computers that have been hijacked or compromised, giving hackers the ability to control infected computers or mobile devices remotely. When the malware is launched on your computer or mobile device, it recruits your infected device into a botnet, and the hacker is now able to control your device and access all your data in the background without your knowledge.

A botnet can consist of as few as ten computers or hundreds of thousands, and when bots come together, they are a force to be reckoned with. If a botnet hits your corporate website, it can make millions of requests at once ultimately overloading the servers knocking the website offline, slow web traffic, or affect performance. As many businesses are aware, a website that is offline or has a long lag time can be very costly, resulting in a loss of customers or a damaged reputation.

 

For more information check out our Security Awareness Resources and Reports.

The post 5 Most Common Types of Threats You Need to Know About appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/5-most-common-types-of-threats-you-need-to-know-about/feed/ 0
On World Health Day, Give Your Children the Key to Good Digital Health https://securingtomorrow.mcafee.com/consumer/on-world-health-day-give-your-children-the-key-to-good-digital-health/ https://securingtomorrow.mcafee.com/consumer/on-world-health-day-give-your-children-the-key-to-good-digital-health/#respond Wed, 10 Apr 2019 08:42:57 +0000 https://securingtomorrow.mcafee.com/?p=94886 My morning walk route takes me past a school that usually has its assembly at 7:00 am. I catch glimpses of students praying, reading out the news, teachers giving talks and often stop to watch them do their morning drill. It’s an arresting sight – 500 kids in bright uniforms moving in a synchronized manner […]

The post On World Health Day, Give Your Children the Key to Good Digital Health appeared first on McAfee Blogs.

]]>
My morning walk route takes me past a school that usually has its assembly at 7:00 am. I catch glimpses of students praying, reading out the news, teachers giving talks and often stop to watch them do their morning drill. It’s an arresting sight – 500 kids in bright uniforms moving in a synchronized manner to drumbeats. The school is doing it right; light exercises before the start of the academic day helps to enhance positivity, concentration power, alertness and readiness to learn. After all it’s an age-old saying, ‘A healthy mind resides in a healthy body.’

Perhaps you are wondering why McAfee Cybermum is discussing health. Well, 7th April was World Health Day and what better time than this to have a heart-to-heart on good health, especially, good digital health?

Let’s accept it- we are parents, first and foremost, and our focus is always (even when we are sleeping or partying or just chilling) on our kids. All we want is to raise happy, well-adjusted kids who will be able to think rationally and act for themselves and know how to stay safe- both in the real and in the digital world.

When we were kids, outdoors was the place to be! Life centered around our gardens, parks and roads outside our houses; where we spent hours playing, chatting or just hanging around. Today’s digital kids also play and socialize a lot, but the bulk of it happens online. They have their favourite hanging out zones, gaming sites, digital libraries, social media etc. We all are quite tech-savvy and so, we are well aware how addictive digital activities can be as well as how the long hours spent online can have adverse effects on health and mind. This is why we worry when our kids prefer digital lives to the real one; we take measures like setting device-use rules and see red if the rules are breached.

But losing our cool isn’t the solution- we need to promote a balanced digital life, right from the day the little tykes mark their initiation into the digital world and educate them and act as their digital role models.

Here’s how you can ensure a healthy digital life for your kids:

Health is wealth

Play games, swim, run, exercise, go for treks! It’s also a good opportunity to show them that devices can be put to other uses besides gaming and socializing, viz; tracking activity and monitoring health statistics. When they are using devices, teach them the right postures so that they don’t strain their back or eyes.

Balance is the keyword

Often, we forget to practice what we preach- which, in this case, is to have some device-free hours. Keep your device away (a) when with family, (b) when there’s company, and (c) during bedtime. Children will protest and perhaps bawl, but will also learn a valuable lesson, rather two lessons – There are other sources of entertainment besides devices, and a NO means NO. While the first lesson is important to lead a balanced digital life, the second one is important for them in the real world too.

Fix up an activity schedule that includes household chores

Not only will this help to maintain digital balance, it will also give the child the first lesson in responsibility. Whether it is making their own beds, cleaning out their wardrobes or helping to wash the car or set the table, these are values you are teaching kids non-verbally. Even little tykes can do small tasks and trust me, it will make them feel proud. Just take care that the daily timetable doesn’t start resembling an army cadet’s training schedule.

Set clear-cut rules

This helps kids learn discipline. Stress on how excessive use is akin to misuse. Their daily schedule should specify timings for device use. If they breach the timings, bring it up immediately. Repeated breaches need to be tackled firmly. Maybe the privilege of using the device needs to be surrendered for a few days. This, you as a parent need to decide.

Let them know you will be remotely monitoring their activities

It’s recommended that you mentor kids in the digital world till they are mature enough to handle matters responsibly themselves. Use parental controls that come with comprehensive security tools like McAfee Total Protection or McAfee LiveSafe and keep the admin password a secret. BUT LET YOUR KIDS KNOW you would be supervising them online. Explain it’s similar to how you keep an eye on them at public places. Remember to set internet timings and filters.

Have purposeful family activity time

Use that evening hour before or after dinner to chat, play board games, tell stories or discuss the news. Share, play, connect- the perfect ingredients for a close-knit family! And of course, all devices, including the digital assistant, is off-limit during this time.

Teach kids to be upstanders

Online abuse can lead to emotional disturbances in vulnerable kids. Even adults are negatively affected by cyberbullying and trolling and so you can understand the impact of such behavior on kids. Give your kids the security of your love and trust so that they grow up to be strong and confident and can stand up against bullies.

Discuss cybersafety often and with due seriousness

Living in the connected age, where we all use the same router for our devices along with other smart devices like CCTV, digital assistants etc., it is important to reinforce how the carelessness of one can affect the safety and privacy of all other family members. A safe and secure net connection is needed for mental wellness.

So, what are you waiting for? Start working on your family’s digital health today!

The post On World Health Day, Give Your Children the Key to Good Digital Health appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/on-world-health-day-give-your-children-the-key-to-good-digital-health/feed/ 0
What’s in Your IoT Cybersecurity Kit? https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/iot-cybersecurity-kit/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/iot-cybersecurity-kit/#respond Tue, 09 Apr 2019 13:00:08 +0000 https://securingtomorrow.mcafee.com/?p=94879

Did you know the average internet-enabled household contains more than ten connected devices? With IoT devices proliferating almost every aspect of our everyday lives, it’s no wonder IoT-based attacks are becoming smarter and more widespread than ever before. From DDoS to home network exposures, it appears cybercriminals have set their sights on the digital dependence […]

The post What’s in Your IoT Cybersecurity Kit? appeared first on McAfee Blogs.

]]>

Did you know the average internet-enabled household contains more than ten connected devices? With IoT devices proliferating almost every aspect of our everyday lives, it’s no wonder IoT-based attacks are becoming smarter and more widespread than ever before. From DDoS to home network exposures, it appears cybercriminals have set their sights on the digital dependence inside the smart home — and users must be prepared.

A smart home in today’s world is no longer a wave of the future, but rather just a sign of the times we live in. You would be hard pressed to find a home that didn’t contain some form of smart device. From digital assistants to smart plugs, with more endpoints comes more avenues bad actors can use to access home networks. As recently as 2018, users saw virtual assistants, smart TVs, and even smart plugs appear secure, but under the surface have security flaws that could facilitate home network exposures by bad actors in the future. Whereas some IoT devices were actually used to conduct botnet attacks, like an IoT thermometer and home Wi-Fi routers.

While federal agencies, like the FBI, and IoT device manufacturers are stepping up to do their part to combat IoT-based cyberattacks, there are still precautions users should take to ensure their smart home and family remain secure. Consider this your IoT cybersecurity kit to keep unwelcome visitors out of your home network.

  • When purchasing an IoT device, make security priority #1. Before your next purchase, conduct due diligence. Prioritize devices that have been on the market for an extended period of time, have a trusted name brand, and/or have a lot of online reviews. By following this vetting protocol, the chances are that the device’s security standards will be higher.
  • Keep your software up-to-date on all devices. To protect against potential vulnerabilities, manufacturers release software updates often. Set your device to auto-update, if possible, so you always have the latest software. This includes the apps you use to control the device.
  • Change factory settings immediately. Once you bring a new device into your home, change the default password to something difficult to guess. Cybercriminals often can find the default settings online and can use them to access your devices. If the device has advanced capabilities, use them.
  • Secure your home network. It’s important to think about security as integrated, not disconnected. Not all IoT devices stay in the home. Many are mobile but reconnect to home networks once they are back in the vicinity of the router. Protect your network of connected devices no matter where they go. Consider investing in advanced internet router that has built-in protection that can secure and monitor any device that connects to your home network.
  • Use comprehensive security software. Vulnerabilities and threats emerge and evolve every day. Protect your network of connected devices no matter where you are with a tool like McAfee Total Protection.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post What’s in Your IoT Cybersecurity Kit? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/iot-cybersecurity-kit/feed/ 0
Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-game-of-thrones-celebrity/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-game-of-thrones-celebrity/#respond Mon, 08 Apr 2019 12:00:58 +0000 https://securingtomorrow.mcafee.com/?p=94862

The net is dark and full of terrors, especially for fans of HBO’s popular show Game of Thrones®. As followers of the series gear up for the premiere of the eighth and final season on April 14th, fans may have more than just White Walkers to worry about. According to McAfee’s study on the Most […]

The post Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity appeared first on McAfee Blogs.

]]>

The net is dark and full of terrors, especially for fans of HBO’s popular show Game of Thrones®. As followers of the series gear up for the premiere of the eighth and final season on April 14th, fans may have more than just White Walkers to worry about. According to McAfee’s study on the Most Dangerous Celebrities, it turns out that search results for Emilia Clarke are among those most likely to be infected with malware.

In fact, the actress who portrays Daenerys Targaryen in the TV drama came in at #17 of our 2018 Most Dangerous Celebrities study. Cybercriminals use the allure of celebrities – such as Clarke – to trick unsuspecting users into visiting malicious websites. These sites can be used to install malware on a victim’s device or steal their personal information or passwords. With the premiere of the new season right around the corner, it’s likely that cybercrooks will take advantage of the hype around the show to lure supporters into their trap.

Thankfully, there are plenty of ways fans can keep up with the show and characters without putting their online safety at risk. Follow these tips to pledge your allegiance to your cybersafety:

  • Refrain from using illegal streaming sites. When it comes to dangerous online behavior, using illegal streaming sites is the equivalent of spreading the Mad King’s wildfire to your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source.
  • Be careful what you click. Don’t bend the knee to hackers who tempt users to click on their malicious sites. Users looking for information on the new season should be careful and trust only reliable sources. The safest option is to wait for the official release instead of visiting a potentially malware-ridden third-party website.
  • Keep your device software updated. Install new system and application updates on your devices as soon as they’re available. These updates often include security fixes that can help protect your laptop or computer from an army of undead software bugs.
  • Protect your online realm with a cybersecurity solution. Send your regards to malicious actors with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor, which helps alert users of malicious websites.

We wish you good fortune in the browsing to come. To stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Copyright ©2019 McAfee, LLC

The post Emilia Clarke Is the Most Dangerous Game of Thrones® Celebrity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/most-dangerous-game-of-thrones-celebrity/feed/ 0
Teen Texting Slang (and Emojis) Parents Should Know https://securingtomorrow.mcafee.com/consumer/teen-texting-slang-and-emojis-parents-should-know/ https://securingtomorrow.mcafee.com/consumer/teen-texting-slang-and-emojis-parents-should-know/#respond Sat, 06 Apr 2019 15:26:23 +0000 https://securingtomorrow.mcafee.com/?p=94866

What adults call texting, kids call talking. They “talk” on their phones via chat, social comments, snaps, posts, tweets, and direct messages. And they are talking most of the time — tap, tap, tap — much like background music. In all this “talking” a language, or code, emerges just as it has for every generation only today that […]

The post Teen Texting Slang (and Emojis) Parents Should Know appeared first on McAfee Blogs.

]]>

What adults call texting, kids call talking. They “talk” on their phones via chat, social comments, snaps, posts, tweets, and direct messages. And they are talking most of the time — tap, tap, tap — much like background music. In all this “talking” a language, or code, emerges just as it has for every generation only today that language is in acronyms, hashtags, and emojis. And while the slang is perfectly understood peer-to-peer, it has parents googling like crazy to decipher it.

And this language changes all the time. It expands, contracts and specific acronyms and symbols (emojis) can change in meaning entirely over time, which is why we update this list every periodically.

This time we’ve added emojis (scroll to bottom) since those powerful little graphic symbols have singlehandedly transformed human communication, as we know it.

Harmless Banter

We publish this list with an important reminder: Teen texting slang isn’t inherently bad or created with an intent to deceive or harm. Most of the terms and symbols have emerged as a kind of clever shorthand for fast moving fingers and have no dangerous or risky meaning attached. So, if you are monitoring your kids’ phones or come across references you don’t understand, assume the best in them (then, of course, do your homework).

For example, there are dozens of harmless words such as finna (fixing to do something), yeet (a way to express excitement), skeet (let’s go), Gucci (great, awesome, or overpriced), AMIRITE (am I right?) QQ4U (quick question for you), SMH (shaking my head), bread (money), IDRK (I don’t really know), OOTD (outfit of the day), LYAAF (love you as a friend), MCE (my crush everyday), HMU (hit me up, call me), W/E (whatever), AFK (away from keyboard), RTWT (read the whole thread), CWYL (chat with you later), Ship (relationship), CYT (see you tomorrow) or SO (significant other).

The Red Flags 

Here are some terms and emojis that may not be so innocent. Any of these terms can also appear as hashtags if you put a # symbol in front of them.

Potential bullying slang

Ghost = to ignore someone on purpose

Boujee = rich or acting rich

Sip tea = mind your own business

The tea is so hot = juicy gossip

AYFKM? = are you f***ing kidding me?

Thirsty = adjective describing a desperate-acting, needy person

Basic = annoying person, interested in shallow things

Extra = over the top, excessive, dramatic person

TBH = to be honest (sometimes followed by negative comments)

Zerg = to gang up on someone (a gaming term that has morphed into a bullying term)

KYS = kill yourself

SWYP = so what’s your problem?

182 = I hate you
Curve = to reject someone

Shade = throwing shade, to put someone down.

POS = piece of sh**

WTF = what the f***

Derp = stupid

Lsr = loser

Butters = ugly

Jelly = jealous

Subtweet = talking about someone but not using their @name

Bizzle = another word for b***h

THOT or thotties = a promiscuous girl/s

YAG = you are gay

Cyber pretty = saying someone only looks good online with filters

Beyouch = another word for b***h

RAB = rude a** b***h

IMHO = in my honest opinion

IMNSHO = in my not so honest opinion

NISM = need I say more?

Potential risky behavior slang  

Broken = hung over

Pasted = high or drunk

Belfie = self-portrait (selfie) featuring the buttocks

OC = open crib, party at my house

PIR = parents in the room

9, CD9, Code 9 = parents here

99 = parents gone

Smash = to have casual sex

Slide into my DM = connecting through a direct message on a social network with sexual intentions

A3: Anytime, anywhere, anyplace

WTTP = want to trade pictures?

S2R = send to receive (pictures)
sugarpic = Refers to a suggestive or erotic photograph

TDTM = talk dirty to me

KMS = kill myself

AITR = adults in the room

KPC = keeping parents clueless

1174 = invite to a wild party usually followed by an address

53X = sex

Chirped = got caught

Cu46 = See you for sexTDTM = talk dirty to meLMIRL = let’s meet in real life

GNRN = get naked right now

Pron = porn

Frape = Facebook rape; posting to someone else’s profile when they leave it logged in.

NSFW = not safe for work (post will include nudity, etc)

Livingdangerously = taking selfies while driving or some other unsafe behavior

Kik = let’s talk on kik instant message instead

Sue = suicide

Dep = depression

Svv = self- harming behavior

SN = send nudes

Nend sudes = another way to say SN/send nudes

PNP = party and play (drugs + sex)

 

Potential drug-related slang

420, bud, tree = marijuana

Blow, mayo, white lady, rock, snow, yay, yale, yeyo, yank, yahoo = Cocaine

Special K = ketamine, liquid tranquilizer

Pearls = a nicely rolled blunt

Dabbing = concentrated doses of marijuana (began as a dance craze)

DOC = drug of choice

Turnt up / turnt = high or drunk

Geeked up = being high

Bar = Xanax pill

Bar out = to take a Xanax pill

Baseball = crack cocaine

Skrill = Money

Bread = money

CID = acid

E, XTC  = ecstasy

Hazel = heroin

Blue Boogers = snorting Adderall or Ritalin

Pharming = getting into medicine cabinets to find drugs to get high

Oxy, perks, vikes = opioids

Robo-tripping = consuming cough syrup to get high

Tweaking = high on amphetamines

Wings = cocaine; heroin

Speed, crank, uppers, Crystal or Tina = meth

 

Red flag emojis

Frog = an ugly person

Frog + tea (coffee) cup = that’s the tea (gossip)

Any kind of green plant/leaves = marijuana

Maple leaf = marijuana

Broccoli = marijuana

Smoke puff or gasoline = get high

Snowflake = cocaine

Person skiing = cocaine

Pill = ecstasy or MDMA for sale

Face with steam from nose = MDMA drug

Rocket = high potency drug for sale

Syringe = heroin

Diamond = crystal meth, crack cocaine for sale

Skull = die

Knife + screaming face = calling someone a psycho

Bowling ball + person running = I’m gonna hit you, coming for you

Flowers = drugs

Dollar sign = it’s for sale

Syringe = heroine (also tattoo)

Cat with heart eyes = sex

Purple face with horns = sex

Gas pump = sex

Tongue, eggplant, water drops, banana, peach, taco, cherries, drooling face, rocket = sex

Rose, rosette, cherry, pink cherry blossom, growing heart, airplane, crown = emojis that refer to sex trafficking

When it comes to figuring out what your kids are up to online, using your own instincts and paying attention will be your best resources. If something doesn’t sound or look right on your child’s phone trust that feeling and look deeper. You don’t have to know every term or symbol — the more important thing is to stay aware and stay involved.

The post Teen Texting Slang (and Emojis) Parents Should Know appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/teen-texting-slang-and-emojis-parents-should-know/feed/ 0
Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/#respond Wed, 03 Apr 2019 16:12:11 +0000 https://securingtomorrow.mcafee.com/?p=94830

Most people don’t think about their credit card information being stolen and sold over the dark web while they’re enjoying a night out at an Italian restaurant. However, many people are experiencing this harsh reality. Earl Enterprises, the parent company of Buca di Beppo, Planet Hollywood, Earl of Sandwich, and Mixology 101 in LA, confirmed […]

The post Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach appeared first on McAfee Blogs.

]]>

Most people don’t think about their credit card information being stolen and sold over the dark web while they’re enjoying a night out at an Italian restaurant. However, many people are experiencing this harsh reality. Earl Enterprises, the parent company of Buca di Beppo, Planet Hollywood, Earl of Sandwich, and Mixology 101 in LA, confirmed that the company was involved in a massive data breach, which exposed the credit card information of 2.15 million customers.

The original discovery was made by cybersecurity researcher Brian Krebs, who found the underground hacking forum where the credit card information had been posted for sale. He determined that the data first surfaced on Joker’s Stash, an underground shop that sells large batches of freshly-stolen credit and debit cards on a regular basis. In late February, Joker’s Stash moved a batch of 2.15 million stolen cards onto their system. This breach involved malware remotely installed on the company’s point-of-sale systems, which allowed cybercrooks to steal card details from customers between May 23, 2018, and March 18, 2019. This malicious software was able to capture payment card details including card numbers, expiration dates, and, in some cases, cardholder names. With this information, thieves are able to clone cards and use them as counterfeits to purchase expensive merchandise such as high-value electronics.

It appears that all 67 Buca di Beppo locations in the U.S., a handful of the 31 Earl of Sandwich locations, and the Planet Hollywood locations in Las Vegas, New York, and Orlando were impacted during this breach. Additionally, Tequila Taqueria in Las Vegas, Chicken Guy! in Disney Springs, and Mixology 101 in Los Angeles were also affected by this breach. Earl Enterprises states that online orders were not affected.

While large company data breaches such as this are difficult to avoid, there are a few steps users can take to better protect their personal data from malicious thieves. Check out the following tips:

  • Keep an eye on your bank account. One of the simplest ways to determine whether someone is fraudulently using your credit card information is to monitor your bank statements. If you see any charges that you did not make, report it to the authorities immediately.
  • Check to see if you’ve been affected. If you know you’ve made purchases at an Earl Enterprises establishment in the last ten months, use this tool to check if you could have been potentially affected.
  • Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
  • Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
  • Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.

And, of course, to stay updated on all of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Cybercriminals Feast on Earl Enterprises Customer Data Exposed in Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/earl-enterprises-breach/feed/ 0
Why Traditional EDR Doesn’t Solve Today’s Modern Threats https://securingtomorrow.mcafee.com/business/endpoint-security/why-traditional-edr-doesnt-solve-todays-modern-threats/ https://securingtomorrow.mcafee.com/business/endpoint-security/why-traditional-edr-doesnt-solve-todays-modern-threats/#respond Wed, 03 Apr 2019 15:00:47 +0000 https://securingtomorrow.mcafee.com/?p=94825

Today’s cyberattacks are more advanced and complex than ever before. It’s no surprise that enterprises can no longer rely on traditional endpoint detection and response (EDR) solutions to protect against the evolving threat landscape. With the amount of data rapidly expanding in conjunction with an increasing number of endpoints, enterprise IT departments are facing new […]

The post Why Traditional EDR Doesn’t Solve Today’s Modern Threats appeared first on McAfee Blogs.

]]>

Today’s cyberattacks are more advanced and complex than ever before. It’s no surprise that enterprises can no longer rely on traditional endpoint detection and response (EDR) solutions to protect against the evolving threat landscape. With the amount of data rapidly expanding in conjunction with an increasing number of endpoints, enterprise IT departments are facing new management and security challenges. EDR can provide businesses with another layer of threat detection in a multilayered security approach.

Cyberthreats Have Evolved, So Should Your Security

The impact of a cyberattack is no longer siloed to one employee’s device. It has the ability, speed, and scope to impact your entire business in mere seconds. And it’s hard not to think of cybersecurity as being the never-ending game of cat-and-mouse, with cybercriminals constantly developing new skills, updating code, and deploying new tactics to get inside your endpoints. But instead of your organization trying to play catch up, get ahead of malicious actors by developing a comprehensive security strategy to prevent attacks before they happen.

Many cyberthreats use multiple attack mechanisms, which means just one form of security is no longer enough to keep your entire enterprise secure from malicious actors. And although some anti-virus software can’t keep up with new malware or variants of known malware, it still plays an important role in a multilayered approach for a robust cybersecurity strategy. Endpoint detection and response is also essential when developing a comprehensive security approach. It offers a threat detection capability, allowing your next-generation solution to track down potential threats if they break through the first layer of your digital perimeter.

The Importance of EDR

The SANS Endpoint Protection and Response Survey reports that 44% of IT teams manage between 5,000 and 500,000 endpoints across its network. Each of these endpoints become an open door for a potential cyberattack. Given the increasing number of endpoints, organizations are beginning to understand that they’re more susceptible to breaches and are willing to adopt a multilayered security approach to prevent as many attacks as possible.

With endpoint detection and response, organizations have granular control and visibility into their endpoints to detect suspicious activity. There are new features and services for EDR, expanding its ability to detect and investigate threats. An EDR solution can discover and block threats in the pre-execution stage, investigate threats through analytics, and help provide an incident response plan. Additionally, some EDR solutions can leverage AI and machine learning to automate the steps in an investigative process. These new capabilities can learn an organization’s baseline behaviors and use this information, along with a variety of other threat intelligence sources, to interpret findings.

Incorporating EDR Into Your Security Strategy

The adoption of EDR is projected to increase significantly over the next few years. According to Stratistics MRC’s Endpoint Detection and Response – Global Market Outlook (2017-2026), sales of EDR solutions—both on-premises and cloud-based—are expected to reach $7.27 million by 2026, with an annual growth rate of nearly 26%.

When adopting EDR into your security portfolio, the application should have three basic components: endpoint data collection agents, automated response, and analysis and forensics. McAfee MVISION Endpoint Detection and Response (EDR) helps you get ahead of modern threats with AI-guided investigations that surface relevant risks and automate and remove the manual labor of gathering and analyzing evidence.

For more information on endpoint detection and response, check out our Security Awareness page and the McAfee Endpoint Security portfolio of products.

The post Why Traditional EDR Doesn’t Solve Today’s Modern Threats appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/why-traditional-edr-doesnt-solve-todays-modern-threats/feed/ 0
ST03: Cloud Technology Trends with Wayne Anderson and Dan Flaherty https://securingtomorrow.mcafee.com/other-blogs/podcast/st03-cloud-technology-trends-with-wayne-anderson-and-dan-flaherty/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st03-cloud-technology-trends-with-wayne-anderson-and-dan-flaherty/#respond Tue, 02 Apr 2019 20:38:15 +0000 https://securingtomorrow.mcafee.com/?p=94827

In this episode, we’ll hear from Wayne Anderson, Enterprise Security Architect at McAfee and Dan Flaherty from the cloud security product team speak on a wide range of topics from upcoming technology trends in the market, to adversarial machine learning, cloud models for security, and a look back at the RSA conference.

The post ST03: Cloud Technology Trends with Wayne Anderson and Dan Flaherty appeared first on McAfee Blogs.

]]>

In this episode, we’ll hear from Wayne Anderson, Enterprise Security Architect at McAfee and Dan Flaherty from the cloud security product team speak on a wide range of topics from upcoming technology trends in the market, to adversarial machine learning, cloud models for security, and a look back at the RSA conference.

The post ST03: Cloud Technology Trends with Wayne Anderson and Dan Flaherty appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st03-cloud-technology-trends-with-wayne-anderson-and-dan-flaherty/feed/ 0
The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gps-rollover-phishing-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gps-rollover-phishing-scams/#respond Mon, 01 Apr 2019 21:02:58 +0000 https://securingtomorrow.mcafee.com/?p=94822

Today, users are extremely reliant on our GPS devices. In fact, we’re so reliant on these devices that map features are programmed into almost every IoT device we use as well as inside of our vehicles. However, the Department of Homeland Security has issued an alert to make users aware of a GPS receiver issue […]

The post The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams appeared first on McAfee Blogs.

]]>

Today, users are extremely reliant on our GPS devices. In fact, we’re so reliant on these devices that map features are programmed into almost every IoT device we use as well as inside of our vehicles. However, the Department of Homeland Security has issued an alert to make users aware of a GPS receiver issue called the GPS Week Number Rollover that is expected to occur on or around April 6, 2019. While this bug is only expected to affect a small number of older GPS devices, users who are impacted could face troubling results.

You may be wondering, what will cause this rollover issue? GPS systems count weeks using a ten-bit parameter, meaning that they start counting at week zero and then reset when they hit week 1,024, or 19.5 years. Because the last reset took place on August 21, 1999, it appears that the next reset will occur on April 6, 2019. This could result in devices resetting their dates and potentially corrupting navigation data, which would throw off location estimates. That means your GPS device could misrepresent your location drastically, as each nanosecond the clock is out translates into a foot of location error.

So, how does this rollover issue translate into a potential cyberthreat? It turns out that the main fix for this problem is to ensure that your GPS device’s software is up-to-date. However, due to the media attention that this bug is receiving, it’s not far-fetched to speculate that cybercriminals will leverage the issue to target users with phishing attacks. These attacks could come in the form of email notifications referencing the rollover notice and suggesting that users install a fraudulent software patch to fix the issue. The emails could contain a malicious payload that leaves the victim with a nasty malware on their device.

While it’s difficult to speculate how exactly cybercriminals will use various events to prey on innocent users, it’s important to be aware of potential threats to help protect your data and safeguard your devices. Check out the following tips to help you spot potential phishing attacks:

  • Validate the email address is from a recognized sender. Always check the validity of signature lines, including the information on the sender’s name, address, and telephone number. If you receive an email from an address that you don’t recognize, it’s best to just delete the email entirely.
  • Hover over links to see and verify the URL. If someone sends you a link to “update your software,” hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the email altogether.
  • Be cautious of emails asking you to take action. If you receive a message asking you to update your software, don’t click on anything within the message. Instead, go straight to your software provider’s website. This will prevent you from downloading malicious content from phishing links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The GPS Rollover Bug: 3 Tips to Help You Avoid Phishing Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/gps-rollover-phishing-scams/feed/ 0
10 Ways to Help Your Family Break Bad Tech Habits https://securingtomorrow.mcafee.com/consumer/family-safety/10-ways-to-help-your-family-break-bad-tech-habits/ https://securingtomorrow.mcafee.com/consumer/family-safety/10-ways-to-help-your-family-break-bad-tech-habits/#respond Sat, 30 Mar 2019 14:10:14 +0000 https://securingtomorrow.mcafee.com/?p=94804

A new study from Pew Research confirms our collective hunch that 95% of teens now report they have a smartphone and that 45% of teens now say they are always online. No shock there. The finding that is far more worrisome? That despite this dramatic digital shift over the past decade, parents are divided on […]

The post 10 Ways to Help Your Family Break Bad Tech Habits appeared first on McAfee Blogs.

]]>

A new study from Pew Research confirms our collective hunch that 95% of teens now report they have a smartphone and that 45% of teens now say they are always online. No shock there. The finding that is far more worrisome? That despite this dramatic digital shift over the past decade, parents are divided on whether today’s teens face a set of issues completely different than the issues of their youth.

When asked to compare the experiences of today’s teens to their own experiences when they were a teen, 48% of parents surveyed said today’s teens have to deal with a completely different set of issues. Likewise, 51% said that despite some differences, the issues young people deal with today is not that different from when they were teenagers.

This number is alarming from both a parenting perspective and a digital safety perspective. It means that while we’ve made incredible progress in our digital awareness and how to raise kids in this unique culture, a lot of parents are still woefully behind in their thinking. (Seriously: Could our experience as teens — minus the internet and smartphones — be any more different than the experience of today’s digital natives?)

Distracted Parents, Distracted Kids

In trying to understand this reality gap, the survey offered up another morsel of insight: That parents themselves are as distracted as kids when it comes to reliance on devices. Yep! As worried as parents say they are about the amount of time their teen spends online, parents’ digital behavior isn’t exactly praiseworthy. The survey found that 59% of parents say they at least sometimes feel obligated to respond to cell phone messages immediately, while 39% admit they regularly lose focus at work because they’re checking their mobile device and 36% say they spend too much time on their cell phone.

Reality Check

If half of us genuinely believe that our kids are growing up with issues similar to ours as teens (only with strange devices in their hands), and if we are telling our kids to lead balanced digital lives but our digital habits are off the rails, then — if we’re honest — we’ve got some serious work to do as parents.

How do we begin to shift these numbers in favor of our family’s digital health? How do we move from technology leading our family to the other way around?

Like any significant change, we begin at home — with the truth — and move forward from there. We’ve got this!

10 Ways to Improve Your Family Tech Habits

  1. Own your stuff. Let’s get real. Change begins with acknowledging our personal responsibility in what isn’t working. If your own screen time is out of control and you are trying to set healthy digital habits for your family — that contradiction is going to undermine your success. Take a look at your screen time habits, admit to the bad habits, and establish fresh tech goals moving forward.
  2. No shame zone. We know about establishing device-free zones in the home such as the dinner table, movie time, and the bedroom at night. Consider a no shame zone — the understanding that no one is made to feel shame for his or her not-so-great tech habits. It’s hard to move forward toward new goals if we beat ourselves up for the past, compare ourselves to others, or are made to feel like the bad guy for falling short. Acknowledge bad habits, discuss them openly, and help one another do better in the future. Your chances of success double when you have a team supporting you.
  3. Stick to a device curfew. Try a device curfew — say 8 p.m. to 8 a.m. — when devices are turned off and put into a drawer (yes, you have to get this intentional). A curfew increases face-to-face family interaction and creates space for non-device activities. It specifically reduces the temptation to habitually check your phone, get lost scrolling on Instagram, and getting sucked back into work emails. More importantly, it models for your kids that you don’t have to check your phone constantly, which has countless emotional and physical benefits.
  4. Be realistic with changes. The goal is to reduce your tech and strike a balance that complements — rather than conflicts with — your family’s lifestyle and wellbeing. We know that technology is now an ever-present part of family life so cutting it out completely is neither beneficial nor realistic. Achieving a healthy tech balance is an on-going process. Some days you will fare than others. The goal is to make progress (not perfection) toward a healthier, more balanced relationship with your technology. Going haywire with rules and consequences won’t get you there faster. Discuss as a family what changes need to be made and brainstorm ways to get there. Set some realistic goals that everyone can achieve and maintain not just in the short-term but also as a lifestyle.
  5. Turn off notifications. This is a small, powerful act that can transform your digital life. Getting pop up notifications for apps, emails, texts, calendar events, social media actions — you name it — might be your normal for you but far from beneficial. So, turn them all off. I dare you.
  6. Filter content. Tech balance isn’t just about less tech; it’s also about monitoring the content that flows into your home from the other side of the screen. You can turn off your family’s devices for 23 hours a day and if the content you allow into your home for that remaining one hour isn’t age-appropriate or conflicts with your family’s values and tech goals, then that one hour has tremendous influence. Take the time to explore filtering options that allow you to set time limits on your child’s (and your) technology, block dangerous websites and apps, and helps you strike a healthy tech balance that reflects your family’s lifestyle and needs. Roll up your sleeves: Co-view movies, go through apps and video games and discuss the issues that arise around the media your kids consume.
  7. Be the parent. Kids crave consistency and leadership from parents. No matter what age your child may be, as a parent, you are the most influential person in your child’s life. You pay the bills. You can shut devices and routers off — regardless of the tantrum level. Your opinion matters on video games, media, apps, friend groups, and content. Don’t let your child’s emotional protests keep you from parenting well and establishing and enforcing good tech habits. If you think your child has a technology addiction issue trust that instinct and take action.
  8. Get a plan, work it. We all nod when we read this but who has done it? You can’t get where you are going without a map. Put a family tech plan in place (with group input) and stick to it. Ideas to consider: Phone free zones, device curfew, chores and responsibilities, physical activity vs. screen time, social media behavior, tech security rules, TV viewing time, video game time limits, content guidelines, and expectations. If you discover that your tech plan isn’t working, zero in and make adjustments.
  9. Rediscover real life — together. Maybe you’ve gotten in some bad habits over the years. Don’t beat yourself up. Just decide to change things up moving forward. It’s never too late to change your family vibe. Explore new things together — nature, art classes, concerts, camping — anything that helps you disconnect from technology and reconnect to each other and real life.
  10. Keep. On. Talking. Sure you’ve said it before, so what? Make the conversation about digital issues a priority in your home. Ask your kids what’s going on with their friend groups and online. Talk about tech issues in the news. Talk about the health and emotional issues connected to excessive tech use. According to your child’s age, talk about the stuff that’s tough to talk about talking about like cyberbullying, suicide, self-harm, body image, and sexting. A good rapport with your child is the most powerful tool you have as a parent today.

Remember, technology is a tool not a way of life. Healthy screen habits begin parents who are grounded in reality and who model healthy screen habits themselves. Times have changed, there are challenges to be sure but stay the course parent: You’ve got the tools and the tenacity you need to get in front of those challenges and equip our kids to live wise, balanced digital lives.

The post 10 Ways to Help Your Family Break Bad Tech Habits appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/10-ways-to-help-your-family-break-bad-tech-habits/feed/ 0
iOS Users: Update Your Software to Avoid Security Vulnerabilities https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ios-security-updates/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ios-security-updates/#respond Wed, 27 Mar 2019 20:00:31 +0000 https://securingtomorrow.mcafee.com/?p=94796

On Monday, Apple made some bold announcements at their keynote event, including new subscription offerings for news, television, video games, and a credit card service. But while these exciting announcements were being made, the release of iOS 12.2 seemed to slip under the radar. This update contains 51 different security fixes and impacts devices ranging from […]

The post iOS Users: Update Your Software to Avoid Security Vulnerabilities appeared first on McAfee Blogs.

]]>

On Monday, Apple made some bold announcements at their keynote event, including new subscription offerings for news, television, video games, and a credit card service. But while these exciting announcements were being made, the release of iOS 12.2 seemed to slip under the radar. This update contains 51 different security fixes and impacts devices ranging from the iPhone 5s and later, the iPad Air, and even products running tvOS. These software patches cover a variety of bugs that cybercriminals could use to obtain effects like denial-of-service, overwrite arbitrary files, or execute malicious code.

The iOS 12.2 update includes patches for vulnerabilities in core apps like Contacts, FaceTime, Mail, Messages, and more. According to security professional Alex Stamos, most of the vulnerabilities were found in Webkit, the browser engine Apple uses in many of its products including Safari, Mail, and App Store. Among these vulnerabilities were memory corruption bugs, which could lead to arbitrary code execution. This type of attack allows malicious actors to run any command on the target system, potentially taking over the victim’s files or allowing them to take over the victim’s system remotely. To prevent arbitrary code execution attacks, Apple improved device memory handling, state, and management. These processes control and coordinate device computer memory in order to optimize overall system performance. Another issue patched by this update is the ability for a cybercriminal to bypass sandbox restrictions, which protect a device’s critical infrastructure from suspicious code. To combat this, Apple issued an improvement to validation checks.

While it can be easy to click the “Remind Me Later” option when you receive a software update notification, the security updates included in iOS 12.2 should not be overlooked. To help keep your iOS devices protected and running smoothly, check out the following tips:

  • Update your software. To update your device to iOS 12.2, go to your Settings, then to General, and then click Software Update. From there, you will be able to download and install the update and patch over 50 security holes.
  • Turn on automatic updates. Turning on automatic updates helps shield you from exposure to threats brought on by software bugs and vulnerabilities. You can enable automatic updates in your Settings as well.
  • Use a security solution. To add an extra layer of protection to all your devices, install a security solution like McAfee Total Protection. This will allow you to have an extra security weapon and help defend your devices from cyberthreats.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post iOS Users: Update Your Software to Avoid Security Vulnerabilities appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/ios-security-updates/feed/ 0
From Mobile and ISP to Endpoint Engineering: Undergoing a Role Transition in the Security Industry https://securingtomorrow.mcafee.com/business/endpoint-security/from-mobile-and-isp-to-endpoint-engineering-undergoing-a-role-transition-in-the-security-industry/ https://securingtomorrow.mcafee.com/business/endpoint-security/from-mobile-and-isp-to-endpoint-engineering-undergoing-a-role-transition-in-the-security-industry/#respond Tue, 26 Mar 2019 15:00:36 +0000 https://securingtomorrow.mcafee.com/?p=94784

The technology around us is constantly changing, and cybersecurity practices are evolving to match these new innovations. As the cybersecurity landscape shifts to meet the needs presented by new technology, opportunities arise for cybersecurity professionals to step into new roles – an experience I recently underwent myself. I’ve recently shifted from McAfee’s Mobile and ISP […]

The post From Mobile and ISP to Endpoint Engineering: Undergoing a Role Transition in the Security Industry appeared first on McAfee Blogs.

]]>

The technology around us is constantly changing, and cybersecurity practices are evolving to match these new innovations. As the cybersecurity landscape shifts to meet the needs presented by new technology, opportunities arise for cybersecurity professionals to step into new roles – an experience I recently underwent myself. I’ve recently shifted from McAfee’s Mobile and ISP Business Unit to our Enterprise Endpoint Engineering team, a transition that has given me the opportunity to leverage what I’ve learned in the industry and step forward as a leading woman in tech.

Through this process, I’ve seen first-hand how growth opportunities within the cybersecurity field are beneficial for both individuals and the future of the security industry as well. For example, my transition allows me to apply my past experience and knowledge to a new area of security. Previously, I specialized in engineering solutions that protected mobile, IoT, and smart home devices. However, with my transition into this new role, I am still protecting individual endpoint devices, but rather in a new type of environment — an organization’s network.

Just like the ever-growing number of IoT devices connecting to users’ home networks, endpoint devices are popping up everywhere in corporate networks these days. As we add more endpoint devices to corporate networks, there is a growing need to ensure their security.  Endpoint security, or endpoint protection, are systems that protect computers and other devices on a network or in the cloud from security threats. End-user devices such as smartphones, laptops, tablets, and desktop PCs are all classified as endpoints, and these devices are all now rapidly connecting to an organization’s network with every employee, partner, and client that enters the building. That’s why it’s imperative companies prioritize a robust and agile endpoint security strategy so that all of their network users can connect with confidence. Similar to securing all the personal devices on a home network, it’s a sizable challenge to secure all corporate endpoints. And my new team, the McAfee Enterprise Endpoint Engineering group, is here to help with exactly that.

Leading consumer engineering taught me how to make security simple for a home user’s consumption. How to protect what matters to a user without them being experts on the threat landscape or security vulnerabilities, security breaches and campaigns around device, data, cloud and network. This is something I plan to bring to the new role. Leading a business unit focused on delivering security through mobile carriers and ISPs taught me the strength of bringing together an ecosystem both on technology and the channel to solve end users’ security needs in a holistic way. That ecosystem view is another that I bring to this role, besides leading engineering from the lens of growing the business.

This transition is not only exciting from a personal perspective but also because it is a testament to the progress that is being seen across the cybersecurity industry as a whole. There’s a lot to be said about the vast opportunities that the cybersecurity field has to offer, especially for women looking to build a career in the field. Cybercriminals and threat actors often come from diverse backgrounds. The wider the variety of people we have defending our networks, the better our chances of mitigating cyberthreats. From there, we’ll put ourselves in the best position possible to create change – not only within the industry but within the threat landscape as a whole.

The post From Mobile and ISP to Endpoint Engineering: Undergoing a Role Transition in the Security Industry appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/from-mobile-and-isp-to-endpoint-engineering-undergoing-a-role-transition-in-the-security-industry/feed/ 0
Social Media: Where Cybercrime Lurks in the Shadows https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/social-media-where-cybercrime-lurks-in-the-shadows/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/social-media-where-cybercrime-lurks-in-the-shadows/#respond Tue, 26 Mar 2019 13:00:30 +0000 https://securingtomorrow.mcafee.com/?p=94780

When you think of cybercrime, the first thing that comes to mind is most likely cybercriminals operating on the dark web. Last year, however, cybercriminals made the jump over to social media and cashed in big – $3 billion worth, as a matter of fact. With approximately 2.77 billion people using one social media account […]

The post Social Media: Where Cybercrime Lurks in the Shadows appeared first on McAfee Blogs.

]]>

When you think of cybercrime, the first thing that comes to mind is most likely cybercriminals operating on the dark web. Last year, however, cybercriminals made the jump over to social media and cashed in big – $3 billion worth, as a matter of fact. With approximately 2.77 billion people using one social media account or more, it’s no wonder these bad actors have followed the masses. While the average user distrusts the dark web, they do trust their chosen social media platforms. Whether it’s sharing birthdates or a current location, or accepting a follow or message request from strangers, users in front of a screen feel secure. Although, as the line between social platforms and the dark web quickly blurs, the events behind the screen are the real issue.

Since 2017, cryptomining malware has exploded on a global scale, with over half of the identified strains found on social media sites. Utilizing apps, advertisements, and malicious links, cybercriminals were able to deliver these attacks and earn $250 million per year. Not only are social media platforms being used to distribute cryptomining malware, but they are also used as a major source for spreading other types of malware – malvertisments, faulty plug-ins, and apps – that draw users in by offering “too good to be true” deals. Once clicked on, the malware attacks. From there, cybercriminals can obtain data, establish keyloggers, dispense ransomware, and lurk in the shadows of social media accounts in wait for the next opportunity.

That next opportunity could also be on a completely different social media platform. As these sites unknowingly make it easier for malware to spread from one site to another. Many social media accounts interconnect with one another across platforms, which enables “chain exploitation,” or where malware can jump from one account to the next.

In short, social media is a cash cow for cybercriminals, and they are showing no sign of slowing down. What it really comes down to is social platforms, like Instagram and Facebook, attract a significant number of users and are going to draw in a criminal component too. However, if you take the proper security precautions ahead of time, you can fight off bad actors and continuously scroll with confidence. Here are some tips to help you get started:

  • Limit the amount of personal information shared in the first place. Avoid posting home addresses, full birth dates, and employer information, as well as exact location details of where you are.
  • Be wary of messages and follow requests from strangers. Avoid clicking on links sent by someone you don’t know personally.
  • Report any spam posts or messages you encounter to the social media platform. Then they can stop the threat from spreading to other accounts.
  • Always use comprehensive security software. To help protect you from viruses, spyware, and other digital threats that may emerge from social media sites, consider McAfee Total Protection or McAfee Mobile Security.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Social Media: Where Cybercrime Lurks in the Shadows appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/social-media-where-cybercrime-lurks-in-the-shadows/feed/ 0
The Ultimate CyberParenting Hack – Managing Your Family’s Cybersafety with the help of your Wi-Fi Router! https://securingtomorrow.mcafee.com/consumer/family-safety/the-ultimate-cyberparenting-hack-managing-your-familys-cybersafety-with-the-help-of-your-wi-fi-router/ https://securingtomorrow.mcafee.com/consumer/family-safety/the-ultimate-cyberparenting-hack-managing-your-familys-cybersafety-with-the-help-of-your-wi-fi-router/#respond Tue, 26 Mar 2019 06:14:28 +0000 https://securingtomorrow.mcafee.com/?p=94788

Managing your family’s cybersafety can often feel overwhelming. But one thing I have learnt in my 22 years of parenting is that there are no silver bullets for any parenting issues. Whether it’s toilet training or driver training, it takes time and often a combination of strategies. Teaching your kids about online safety is no […]

The post The Ultimate CyberParenting Hack – Managing Your Family’s Cybersafety with the help of your Wi-Fi Router! appeared first on McAfee Blogs.

]]>

Managing your family’s cybersafety can often feel overwhelming. But one thing I have learnt in my 22 years of parenting is that there are no silver bullets for any parenting issues. Whether it’s toilet training or driver training, it takes time and often a combination of strategies. Teaching your kids about online safety is no different. Yes, you need to put in the hard work and continue to have the conversations. BUT if it was possible to supplement the talking with some strategic parental controls and an automatic layer of cybersecurity, then I would consider that to be a parenting no brainer!

Well, this parenting no-brainer exists. Let me introduce you D-Link’s latest D-Fend Router which not only includes McAfee’s Secure Home Platform which automatically protects all your Wi-Fi connected devices but some pretty impressive parental controls too. And all this happens while users are delivered fast wireless connectivity with increased range and reliability. Awesome!

Being a First-Generation Digital Parent Is A Tough Gig

As a generation of parents, I believe we are the busiest yet. Not only are we juggling our brood of kids and their lives but many of us are also managing ageing parents, plus our own careers, relationships and social lives. And just to complicate things a little further, we are also the first generation of digital parents. Managing our kids and their fleet of devices comes with no guidebook or tried and tested generational wisdom, which makes our job even more complex. How easy did my parents have it – all they had to do was buy the Atari console in the 80’s!

But the job of a digital parent is only set to become more complex with Gartner estimating that by 2020 there will be 20.4 billion IoT devices operating in our world.

Many Parents Don’t Know Where To Start With Cyber Safety At Home

When I speak with parents about how they manage their kids and devices, there is a recurring theme – many parents know they need to be doing something to protect their kids from online risks, but they often don’t know where to start. As a result, nothing often happens. Research from McAfee confirms this too with almost a third of Aussies taking no steps at all to install security protection on either their own or their kids’ internet connected devices.

But there is no doubt that many parents are concerned about the risks. Research by Life Education in partnership with Hyundai Help for Kids shows that an overwhelming 95% of Aussie parents rated online safety as a very important issue which is very encouraging.

What Online Risks Concern Aussie Parents the Most?

Aussie parents have many concerns about the risks posed by the online world. I believe however, the following are the ones that increase parents’ blood pressure the most!

Screen time – The time our kids spend glued to screens is a huge concern for many Aussie parents. Whether you are concerned about ‘tech neck’, the growing rates of childhood obesity or simply, the lack of conversation at home – you would not be alone! Research by The Australian Institute of Family Studies shows that 12-13 year old Aussie kids are spending a whopping 3 hours a day in front of screens during the week and then 4 hours on the weekends. No wonder many parents are concerned.

Gaming – Recent research conducted by McAfee shows that some Aussie teens are spending up to 4 hours a day gaming. And while parents naturally worry about the opportunity cost associated with the time, their greater concern is around the risk of online grooming and of exposure to inappropriate and violent material.

Cyberbullying – This is the big one for many parents and rightly so. Cyberbullying can be absolutely devastating for victims. A quick google provides just far too many examples of young adults who have suffered significant psychological trauma or even lost their lives as a result of unchecked cyberbullying. Last year, our e-Safety Commissioner reported a 35% increase in cases of reported cyberbullying as compared to the previous year.

But Why Aren’t Parents Taking Action?

As a group of parents, there is no doubt we are concerned about screen time, gaming addiction, online grooming, and cyberbullying but many of us aren’t taking the necessary action to intervene and protect our kids. So, McAfee probed a little deeper in recent research and discovered that almost half of Aussie parents believe that their children can manage their own cyber safety from the age of just 10. Now, when my boys when 10, they were barely able to manage their own lunchboxes! So, this belief truly stuns me.

So, we have some parents who just don’t know where to start and others who believe it isn’t their responsibility. Regardless, there is clearly a need to take some decisive action to protect our kids from both online risks and problematic anti-social behaviours.

What Steps Can Parents Take Now to Protect Their Kids Digital Lives?

The good news is there are a few simple things parents can do to protect their kids and their growing fleet of internet connected devices. Here are my top tips:

  • Check a Device’s Security Track Record

Before buying any connected device, always research the brand and read reviews on a product’s security (or lack of). A quick web search will give you some pretty fast insight into the potential device’s security standards. Going with a notable brand that has a proven security track record is often the best option.

  • Always Change Default Settings, Use Strong Passwords & Enable Two-Factor Authentication

Default and weak passwords are the biggest threat to the security of internet connected devices. Hackers are very familiar with both default and obvious passwords which makes it super easy to access the data on your devices. Know these passwords and use them to access the data on your devices. If the thought of remembering several passphrases daunts you, go for a password manager. While a strong and unique password is a great place to start, enabling two-factor authentication on your devices and accounts will mean you’ll need to verify your identity with something that you (and only you) have access to. This is most commonly a mobile device, which ensures a higher-level of security.

  • Keep Your Devices Up To Date

Device software updates are often always designed to protect your device from recently discovered security bugs, vulnerabilities and threats. If you’re in the common habit of ignoring update notifications, turning on auto-update will ensure you apply these patches in real time and have maximum protection.

  • Invest in a Router that Protects Your Devices & Offers Parental Controls!

Investing in a Wi-Fi router with built-in protection like McAfee’s Secure Home Platform is one of the easiest ways of both managing and protecting your family’s fleet of devices. Not only does it automatically protect any device that connects to the Wi-Fi but it comes with some very strategic parental controls. So not only can you take back control and proactively manage your kids’ screen time but you can set up customised profiles to ensure they are visiting only suitable sites.

As a mum of 4, I believe that managing the risk in our kids’ cyber lives needs to be a genuine priority for us all. So, yes, let’s keep talking to our kids about online risks and the need to self-regulate our online behaviour. But, if we could also add in a later of automatic protection for our kids’ devices from McAfee’s Secure Home Platform and some savvy parental controls to ensure our kids are on track then I think that’s a pretty compelling parenting hack for us first generation digital parents!

Take Care

Alex xx

 

The post The Ultimate CyberParenting Hack – Managing Your Family’s Cybersafety with the help of your Wi-Fi Router! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/the-ultimate-cyberparenting-hack-managing-your-familys-cybersafety-with-the-help-of-your-wi-fi-router/feed/ 0
Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home https://securingtomorrow.mcafee.com/consumer/family-safety/hidden-fake-apps-how-hackers-could-be-targeting-your-connected-home/ https://securingtomorrow.mcafee.com/consumer/family-safety/hidden-fake-apps-how-hackers-could-be-targeting-your-connected-home/#respond Sat, 23 Mar 2019 14:00:09 +0000 https://securingtomorrow.mcafee.com/?p=94741

Like most parents, before you go to sleep each night, you take extra care to lock doors and windows to keep your family safe from any outside threats. The only thing you may have overlooked is the smartphone illuminated on your nightstand. And if you were to add up the smartphones humming all over your […]

The post Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home appeared first on McAfee Blogs.

]]>

Like most parents, before you go to sleep each night, you take extra care to lock doors and windows to keep your family safe from any outside threats. The only thing you may have overlooked is the smartphone illuminated on your nightstand. And if you were to add up the smartphones humming all over your house, suddenly you’d have a number of unlocked doors that a determined criminal could enter through. Maybe not tonight — but eventually.

Digital Ecosystem

Over time you’ve purchased and plugged in devices throughout your home. You might have a voice assistant, a baby monitor, a thermostat, a treadmill, a gaming system, a fitness watch, smart TVs, a refrigerator, and many other fun, useful gadgets. Each purchase likely connects to your smartphone. Take stock: You now have a digital ecosystem growing all around you. And while you rarely stop to take notice of this invisible power grid around you, hackers can’t stop thinking about it.

This digital framework that pulsates within your home gives cybercriminals potential new entryways into your life and your data. Depending on your devices, by accessing your smartphone, outsiders may be able to unlock your literal doors while you are away (via your home security system), eavesdrop on your family conversations and collect important information (via your voice assistant), access financial information (via your gaming system, tablet, or laptop).

What you can do:

  • Change factory security settings. Before you fire up that smart TV, drone, or sound system, be sure to change each product’s factory settings and replace it with a bulletproof password to put a layer of protection between you and would-be hackers.
  • Protect your home network. We are connected people living in connected homes. So, part of the wired lifestyle is taking the lead on doing all we can to protect it. One way to do that is at the router level with built-in network security, which can help secure your connected devices.
  • Stay on top of software updates. Cybercrooks rely on consumers to ignore software updates; it makes their job so much easier. So be sure to install updates to your devices, security software, and IoT products when alerted to do so.

Smartphone = Front Gate

The most common entry point to all of these connected things is your smartphone. While you’ve done a lot of things to protect your phone — a lock screen, secure passwords on accounts, and system updates — there are hacking tactics you likely know nothing about. According to McAfee’s recent  Mobile Threat Report, you don’t know because the scope and complexity of mobile hacks are increasing at alarming rates.

Hidden Apps

The latest statistics report that the average person has between 60-90 apps installed on their phones. Multiply that between all the users in your home, and you are looking at anywhere from 200-500 apps living under your digital roof. Hackers gravitate toward digital trends. They go where the most people congregate because that’s where they can grab the most money. Many of us control everything in our homes from our apps, so app downloads are off the charts, which is why crooks have engineered some of their most sophisticated schemes specifically around app users.

Hidden apps are a way that crooks trick users into letting them inside their phones. Typically, hidden apps (such as TimpDoor) get to users via Google Play when they download games or customized tools. TimpDoor will then directly communicate with users via a text with a link to a voice message that gives detailed instructions to enable apps from unknown sources. That link downloads malware which will run in the background after the app closes. Users often forget they’ve downloaded this and go on with life while the malware runs in the background and can access other internal networks on the smartphone.

What you can do:

  • Stay alert. Don’t fall for the traps or click links to other apps sent via text message.
  • Stay legit. Only download apps hosted by the original trusted stores and verified partner sites.
  • Avoid spam. Don’t click on any email links, pop-ups, or direct messages that include suspicious links, password prompts, or fake attachments. Delete and block spam emails and texts.
  • Disable and delete. If you are not using an app, disable it. And, as a safety habit, remove apps from your phone, tablet, or laptop you no longer use.

Fake Apps

Again, crooks go where the most people congregate, and this year it is the 60 million+ downloaded game Fortnite. The Fortnite craze has lead hackers to design fake Fortnite apps masquerading as the real thing. The fraudulent app designers go to great lengths to make the download look legitimate. They offer enticing downloads and promise users a ton of free perks and add ons. Once users download the fake app, crooks can collect money through ads, send text messages with more bad app links, crypto jack users, or install malware or spyware.

What you can do:

  • Don’t install apps from unknown sources. Not all gaming companies distribute via Google Play or the App Store. This makes it even harder for users to know that the app they are downloading is legit. Do all you can to verify the legitimacy of the site you are downloading from.
  • Delete suspicious acting apps. If you download an app and it begins to request access to anything outside of its service, delete it immediately from your device.
  • Update devices regularly. Keep new bugs and threats at bay by updating your devices automatically.
  • Monitor bank statements. Check statements regularly to monitor the activity of the card linked to your Fortnite account. If you notice repeat or multiple transactions from your account or see charges that you don’t recognize, alert your bank immediately.
  • Be a savvy app user. Verify an app’s legitimacy. Read other user reviews and be discerning before you download anything. This practice also applies to partner sites that sell game hacks, credits, patches, or virtual assets players use to gain rank within a game. Beware of “free” downloads and avoid illegal file-sharing sites. Free downloads can be hotbeds for malware. Stick with the safer, paid options from a reputable source.

The post Hidden & Fake Apps: How Hackers Could Be Targeting Your Connected Home appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/hidden-fake-apps-how-hackers-could-be-targeting-your-connected-home/feed/ 0
Facebook Users: Here are Proactive Tips to Keep Your Data Safe https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/#respond Fri, 22 Mar 2019 23:40:42 +0000 https://securingtomorrow.mcafee.com/?p=94766

Social media has become extremely popular over the years, providing users with an easy way to communicate with their friends and family. As social media users, we put a lot of faith and trust in these platforms to maintain the security of our private information. But what happens when our private information is mishandled? The […]

The post Facebook Users: Here are Proactive Tips to Keep Your Data Safe appeared first on McAfee Blogs.

]]>

Social media has become extremely popular over the years, providing users with an easy way to communicate with their friends and family. As social media users, we put a lot of faith and trust in these platforms to maintain the security of our private information. But what happens when our private information is mishandled? The reality is that these incidents happen and users need to be prepared. Yesterday, Facebook announced that it did not properly mask the passwords of hundreds of millions of its users, primarily those associated with Facebook Lite.

You might be wondering how exactly this happened. It appears that many user passwords for Facebook, Facebook Lite, and Instagram were stored in plaintext in an internal company database. This means that thousands of Facebook employees had access to the database and could have potentially searched through these user passwords. Thankfully, no cases of data misuse were reported in the investigation, and these passwords were never visible to anyone outside of the company. According to Facebook software engineer Scott Renfro, Facebook is in the process of investigating long-term infrastructure changes to prevent these security issues going forward.

According to Facebook’s vice president of engineering, security, and privacy, the company has corrected the password logging bug and plans to notify the users whose passwords may have been exposed. But what can users do to better protect their data when an incident like this occurs? Check out the following tips:

  • Change your password. As a precautionary step, update your Facebook and Instagram passwords by going into the platforms’ security and privacy settings. Make sure your passwords are unique and complex.
  • Use multi-factor authentication. While this shouldn’t be your be-all and end-all security solution, it can help protect your credentials in the case of data exposure.
  • Set up a password manager. Using a password manager is one of the easiest ways to keep track of and manage your passwords so you can easily change them after these types of incidents occur.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Facebook Users: Here are Proactive Tips to Keep Your Data Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-password-exposure/feed/ 0
McAfee Web Security offers a more flexible approach to Data Privacy https://securingtomorrow.mcafee.com/business/cloud-security/mcafee-web-security-offers-a-more-flexible-approach-to-data-privacy/ https://securingtomorrow.mcafee.com/business/cloud-security/mcafee-web-security-offers-a-more-flexible-approach-to-data-privacy/#respond Fri, 22 Mar 2019 15:00:35 +0000 https://securingtomorrow.mcafee.com/?p=94743

Post GDPR, there is still a lot of complexity in data privacy and data residency requirements. Depending on where they are located, what industry they are in, and how diverse their customer base is, companies are requiring a high degree of flexibility in the tools they use for web security. While most web security products […]

The post McAfee Web Security offers a more flexible approach to Data Privacy appeared first on McAfee Blogs.

]]>

Post GDPR, there is still a lot of complexity in data privacy and data residency requirements. Depending on where they are located, what industry they are in, and how diverse their customer base is, companies are requiring a high degree of flexibility in the tools they use for web security. While most web security products in the market today simply document their data handling practices as a part of GDPR compliance, McAfee strives to give customers more flexibility to implement the level of data privacy appropriate for their business.  Most of our McAfee Web Protection customers use our technologies to manage employee web traffic, which requires careful handling when it comes to processing Personal Data.

Our latest update to the McAfee Web Gateway Cloud Service introduced two key features for customers to implement their data privacy policies:

  • Concealment of Personal Data in internal reporting: We enable you to conceal or pseudonymize certain fields in our access logs. You can still report on the data but Personal Data is obfuscated. As an example, you can report on how much your Top Web Users surfed the Internet, but administrators cannot identify who that top user is.

 

 

 

 

 

 

 

  • Full control of data residency: Especially in heavily regulated industries, many of our customers have asked for the ability to control where their log data goes so that they have control over data residency. We give you that control. For example, you can currently select between the EU and US as data storage points for users connecting in each geographical region. Additional finer control can be achieved by configuring client proxy settings, or through Hybrid policy. And, in conjunction with Content Security Reporter 2.6, customers can centrally report on all the data, while providing access control on the generated reports.

 

 

 

 

 

 

As a globally dispersed organization, there are of course still limits to what we can offer – our support and engineering teams, for instance, might need to access data for troubleshooting purposes from other geographies.  Telemetry and other data required to operate the service would still be global.  But to the extent that we can, with the access logs that contain PII, customers want more control.

McAfee Web Gateway Cloud Service is built for the enterprise, and many organizations will gain a higher level of performance than they currently experience on premises. As your security team continues to manage highly sophisticated malware and targeted attacks that evade traditional defences, McAfee Web Gateway Cloud Service allows you to go beyond basic protection, with behaviour emulation that prevents zero-day malware in milliseconds as traffic is processed.

The post McAfee Web Security offers a more flexible approach to Data Privacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/mcafee-web-security-offers-a-more-flexible-approach-to-data-privacy/feed/ 0
Return to Workplace: Ready to Relaunch Your Career https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/return-to-workplace-ready-to-relaunch-your-career/ https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/return-to-workplace-ready-to-relaunch-your-career/#respond Thu, 21 Mar 2019 13:58:59 +0000 https://securingtomorrow.mcafee.com/?p=94674

By: Sheetal, Application Developer & Majy, IT Support McAfee offers a new program that offers professionals who dedicated extended time to their families the chance to reignite their passion for the technology industry and relaunch their careers. Sometimes, it’s necessary to put your career on hold to raise kids, care for loved ones or serve […]

The post Return to Workplace: Ready to Relaunch Your Career appeared first on McAfee Blogs.

]]>

By: Sheetal, Application Developer & Majy, IT Support

McAfee offers a new program that offers professionals who dedicated extended time to their families the chance to reignite their passion for the technology industry and relaunch their careers.

Sometimes, it’s necessary to put your career on hold to raise kids, care for loved ones or serve your country. For many, it can be daunting to reenter the workplace after time away. That’s why McAfee designed its Return to Workplace program.

Launched in India in 2018, the 12-week Return to Work program offers training, support and resources for those who are looking to reenter the technology field and put their careers back on track.

Read Sheetal’s and Majy’s stories about how McAfee’s Return to Workplace program helped them build the skills they needed to reenter the workforce and come back strong.

Sheetal’s Return to Workplace Journey – Application Developer

To pursue my love for technology, I moved to Bangalore to complete my engineering degree in computer science, and I found rewarding work as a Quality Auditor. In 2015, I added another momentous title to my resume—mom. I gave birth to my first child and took my maternity leave; however, family circumstances extended my break.

Returning to Tech

Three years later, I was finally ready to get back to work, and I anxiously began my job hunt. It wasn’t as easy as I thought it would be, and I had a few concerns to say the least. Not only did I fear I’d be behind in the fast-paced technology industry, I also feared I wouldn’t find a supportive workplace as a single mom.

All Thanks to McAfee

As a single mother, McAfee allowed me to balance both my career and my family by giving me flexible work hours, technical mentoring, soft skills training, sessions with the HR team and several other resources to sharpen my professional skills. It helped me build my confidence over time, and today, I am working as a part of the application development team, assuring that the business works efficiently as possible.

McAfee has offered not only me, but a number of other wonderful women, a second chance to resume their careers at their own pace, without having to give up time with their families and children.

Majy’s Story – IT Support

Passionate about technology, I pursued my education in engineering at Calicut University and began my career soon after as a software engineer. I loved my career and the people I worked with—it’s what got me out of bed and excited about each day. Eventually, my reasons to start the day shifted when my husband and I were blessed with our first child. I decided it was time to put a hold on my career, to be there for my son and spend quality time at home during those early development years.

Facing Fears About Getting Back to Work

My son was growing up right before my eyes, and as he became more independent, I considered returning to my career. Even though I was eager to get back to work, I feared I wouldn’t find a company that allowed me to manage both a fulfilling career and raising a child at home—or if my skills would still be relevant.

 

Discovering McAfee Was the Best Thing Ever

McAfee’s Return to Workplace initiative completely blew me away. With the working environment that McAfee offered me, which was flexible and encouraging, I absolutely could not miss this opportunity. McAfee offered me several avenues to learn and brush up on my technical skills. They even provided me with a technical mentor! Having access to my mentor created a safe environment where I could ask my technical queries without feeling the pressure of asking the wrong question. In addition to this, the host of online courses I could leverage was an advantage for me. Ultimately, McAfee provided me with an environment where I could learn and grow without feeling intimidated. This was empowering and gave me the push I needed to successfully complete the program. McAfee was my natural first choice for returning to work and I couldn’t have been happier to accept a full-time position.

For more stories like this, follow @LifeAtMcAfee  on Instagram and on Twitter @McAfee to see what working at McAfee is all about.

Ready to relaunch your career? Get the resources you need at McAfee. Apply here.

The post Return to Workplace: Ready to Relaunch Your Career appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/return-to-workplace-ready-to-relaunch-your-career/feed/ 0
Analysis of a Chrome Zero Day: CVE-2019-5786 https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/#respond Wed, 20 Mar 2019 22:36:10 +0000 https://securingtomorrow.mcafee.com/?p=94698

1. Introduction On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group reported the bug as being exploited in the wild and targeting Windows 7, 32-bit platforms. The exploit leads to code execution in the Renderer process, […]

The post Analysis of a Chrome Zero Day: CVE-2019-5786 appeared first on McAfee Blogs.

]]>

1. Introduction

On March 1st, Google published an advisory [1] for a use-after-free in the Chrome implementation of the FileReader API (CVE 2019-5786). Clement Lecigne from Google Threat Analysis Group reported the bug as being exploited in the wild and targeting Windows 7, 32-bit platforms. The exploit leads to code execution in the Renderer process, and a second exploit was used to fully compromise the host system [2]. This blog is a technical write-up detailing the first bug and how to find more information about it. At the time of writing, the bug report [2b] is still sealed. Default installation of Chrome will install updates automatically, and users running the latest version of Chrome are already protected against that bug. To make sure you’re running the patched version, visit chrome://version, the version number displayed on the page should be 72.0.3626.121 or greater.

2. Information gathering

2.1 The bug fix

Most of the Chrome codebase is based on the Chromium open source project. The bug we are looking at is contained inside the open source code, so we can directly look at what was fixed in the new release pertaining to the FileReader API. Conveniently, Google shares the changelog for its new release [3].

We can see that there’s only one commit that modifies files related to the FileReader API, with the following message:

The message hints that having multiple references to the same underlying ArrayBuffer is a bad thing. It is not clear what it means right now, but the following paragraphs will work on figuring out what wisdom lies hidden in this message.

For starters, we can look at the commit diff [3b] and see what changed. For ease of reading, here is a comparison of the function before and after the patch.

The old one:

The new one:

The two versions can be found on GitHub at [4a] and [4b]. This change modifies the behavior of the ArrayBufferResult function that is responsible for returning data when a user wants to access the FileReader.result member.
The behavior of the function is as follows: if the result is already ‘cached,’ return that. If not, there are two cases; if the data has finished loading, create a DOMArrayBuffer, cache the result, and returns it. If not, it creates a temporary DOMArrayBuffer and returns that instead. The difference between the unpatched and patched version is how that temporary DOMArrayBuffer is handled, in case of a partial load. In one case, we can see a call to:

 

This prompted us to go down a few more rabbit holes. Let us compare what is going on in both the unpatched and patched situation.

We can start with the patched version, as it is the simplest to understand. We can see a call to ArrayBuffer::Create that takes two arguments, a pointer to the data and its length (the function is defined in the source tree at /third_party/blink/renderer/platform/wtf/typed_arrays/array_buffer.h)

 

This basically creates a new ArrayBuffer, wraps it into a scoped_refptr<ArrayBuffer> and then copies the data into it. The scoped_refptr is a way for Chromium to handle reference counting [5]. For readers unfamiliar with the notion, the idea is to keep track of how many times an object is being referenced. When creating a new instance of a scoped_refptr, the reference count for the underlying object is incremented; when the object exits its scope, the reference count is decremented. When that reference count reaches 0, the object is deleted (and for the curious, Chrome will kill a process if the reference count overflows….). As we’re looking for a potential use-after-free, knowing that the buffer is ref-counted closes some avenues of exploitation.

In the unpatched version, instead of calling ArrayBuffer::Create, the code uses the return value of ArrayBufferBuilder::ToArrayBuffer() (from third_party/blink/renderer/platform/wtf/typed_arrays/array_buffer_builder.cc):

 

Here is yet another rabbit hole to dive into (but we will keep it high level).  Depending on the value of bytes_used_), the function will either return its buffer, or a Sliced version of it (i.e. a new ArrayBuffer of a smaller size, that contains a copy of the data)

 

To sum up what we have so far, in all the code paths we have looked at, they all return a copy of the data instead of the actual buffer, unless we run the unpatched code, and the buffer we try to access is `fully used` (per the comment in ArrayBufferBuilder::ToArrayBuffer()).
Because of the implementation of the FileReaderLoader object, the buffer_->ByteLength() is the pre-allocated size of the buffer, which correspond to the size of the data we want to load (this will be relevant later on).
If we now remember the commit message and what the bad scenario was, it looks like the only situation to exploit the bug is to access multiple times the ArrayBufferBuilder::ToArrayBuffer(), before the finished_loading is set to true, but after the data is fully loaded.

To wrap up this part of the code review, let us look at the behavior of the DOMArrayBuffer::Create function that is being called in both patched/unpatched cases, the case interesting to us is when we have the following call DOMArrayBuffer::Create(raw_data_->ToArrayBuffer());

From third_party/blink/renderer/core/typed_arrays/dom_array_buffer.h:

 

Something interesting to look at is the use of std::move, which has the semantic of transferring ownership.
For instance, in the following snippet:

then `b` takes ownership of what belonged to `a` (`b` now contains “hello”) and `a` is now in a somewhat undefined state (C++11 specs explain that in more precise terms)).

In our current situation, what is going on here is somewhat confusing [6a] [6b]. The object returned by ArrayBufferBuilder::ToArrayBuffer() is already a scoped_refptr<ArrayBuffer>. I believe the meaning of all this, is that when calling ToArrayBuffer(), the refcount on the ArrayBuffer is increased by one, and the std::move takes ownership of that instance of the refcounted object (as opposed to the one owned by the ArrayBufferBuilder). Calling ToArrayBuffer() 10 times will increase the refcount by 10, but all the return values will be valid (as opposed to the toy example with the strings `a` and `b` mentioned above where operating on `a` would result in unexpected behavior).
This closes an obvious case of use-after-free where the buffer_ object from the ArrayBufferBuilder would get corrupted if we would call ToArrayBuffer() multiple times during the sweet spot described above.

2.2 FileReader API

Another angle of approach for figuring out how to exploit this bug is to look at the API that is available to us from JavaScript and see if we can come up with a way to reach the sweet spot we were looking at.

We can get all the information we want from Mozilla web docs [7]. Our options are fairly terse; we can call readAsXXX functions on either Blob or File, we can abort the read, and finally there are a couple of events to which we can register callbacks (onloadstart, onprogress, onloadend, …).

The onprogress events sounds like the most interesting one, as it is being called while data is loading, but before the loading is finished. If we look at the FileReader.cc source file, we can see that the logic behind the invocation of this event is to fire every 50ms (or so) when data is received. Let us have a look at how this behaves in a real system…

3. Testing in a web-browser

3.1 Getting started

The first thing we want to do is download a vulnerable version of the code. There are some pretty useful resources out there [8] where one can download older builds rather than having to build them yourself.

Something interesting to note is that there is also a separate zip file that has `syms` in its name. You can also download to get debug symbols for the build (in the form of .pdb files). Debuggers and disassemblers can import those symbols which will make your life way easier as every function will be renamed by its actual name in the source code.

3.2 Attaching a debugger

Chromium is a complex software and multiple processes communicate together which makes debugging harder. The most efficient way to debug it is to start Chromium normally and then attach the debugger to the process you want to exploit. The code we are debugging is running in the renderer process, and the functions we were looking at are exposed by chrome_child.dll (those details were found by trial and error, attaching to any Chrome process, and looking for function names of interest).

 

If you want to import symbols in x64dbg, a possible solution is to go in the Symbol pane, right click on the .dll/.exe you want to import the symbols for and select Download symbols. It may fail if the symbol server setting is not configured properly, but it will still create the directory structure in x64dbg’s `symbols` directory, where you can put the .pdb files you’ve previously downloaded.

3.3 Looking for the exploitable code path

Not that we have downloaded an unpatched version of Chromium, and we know how to attach a debugger, let us write some JavaScript to see if we can hit the code path we care about.

 

To sum up what is going on here, we create a Blob that we pass to the FileReader. We register a callback to the progress event and, when the event is invoked, we try to access multiple times the result from the reader. We have seen previously that the data needs to be fully loaded (that is why we check the size of the buffer) and if we get multiple DOMArrayBuffer with the same backing ArrayBuffer, they should appear to be to separate objects to JavaScript (hence the equality test). Finally, to double check we have indeed two different objects backed by the same buffer, we create views to modify the underlying data and we verify that modify one modifies the other as well.

There is an unfortunate issue that we had not foreseen: the progress event is not called frequently, so we have to load a really large array in order to force the process to take some time and trigger the event multiple times. There might be better ways of doing so (maybe the Google bug report will reveal one!) but all the attempts to create a slow loading object were a failure (using a Proxy, extending the Blob class…). The loading is tied to a Mojo Pipe, so exposing MojoJS could be a way of having more control as well but it seems unrealistic in an attacker scenario as this is the entry point of the attack. See [9] for an example for that approach.

3.4 Causing a crash

So, now that we have figured out how to get into the code path that is vulnerable, how do we exploit it? This was definitely the hardest question to answer, and this paragraph is meant to share the process to find an answer to that question.

We have seen that the underlying ArrayBuffer is refcounted, so it is unlikely we’ll be able to magically free it by just getting garbage collected from some of the DOMArrayBuffer we’ve obtained. Overflowing the refcount sounds like a fun idea, but if we try by hand to modify the refcount value to be near its maximum value (via x64dbg) and see what happens… well, the process crashes. Finally, we cannot do much on those ArrayBuffers; we can change their content but not their size, nor can we manually free them…
Not being familiar enough with the codebase, the best approach then is to pour through various bug reports that mention use-after-free, ArrayBuffer, etc., and see what people did or talked about. There must be some assumption somewhere that a DOMArrayBuffer owns its underlying memory, and that is an assumption we know we are breaking.
After some searching, we started to find some interesting comments like this one [10a] and this one [10b]. Those two links talk about various situation where DOMArrayBuffer gets externalized, transferred and neutered. We are not familiar with those terms, but from the context it sounds like when this happens, the ownership of the memory is transferred to somebody else. That sounds pretty perfect for us as we want the underlying buffer to be freed (as we are hunting for a use-after-free).
The use-after-free in WebAudio shows us how to get our ArrayBuffer “transferred” so let’s try that!

 

And as seen in the debugger:

The memory being dereferenced is in ECX (we also have EAX == 0 but that’s because we’re looking at the first item in the view). The address looks valid, but it isn’t. ECX contains the address where the raw data of our buffer was stored (the AAAAA…) but because it got freed, the system unmapped the pages that held it, causing the access violation (we’re trying to access an unmapped memory address). We reached the use-after-free we were looking for!

4. Exploit considerations and next steps

4.1 Exploit

It is not the point of this document to illustrate how to push beyond the use-after-free to get full code execution (in fact Exodus have released a blog and a working exploit roughly coinciding with the timing of this publication). However, there are some interesting comments to be made.
Due to the way we are triggering the use-after-free, we are ending up with a very large buffer unallocated. The usual way to exploit a use-after-free is to get a new object allocated on top of the freed region to create some sort of confusion. Here, we are freeing the raw memory that is used to back the data of our ArrayBuffer. That is great because we can read/write over a large region. Yet, a problem in this approach is that because the memory region is really large, there is no one object that would just fit in. If we had a small buffer, we could create lots of objects that have that specific size and hope one would be allocated there. Here it is harder because we need to wait that until that memory is reclaimed by the heap for unrelated objects. On Windows 10 64-bit, it is hard because of how random allocations are, and the entropy available for random addresses. On Windows 7 32-bit, it is much easier as the address space is much smaller, and the heap allocation is more deterministic. Allocating a 10k object might be enough to have some metadata land within the address space we can control.
The second interesting aspect is that because we are going to dereference a region that has been unmapped, if the 10k allocation mentioned above fails to allocate at least one object in that area we control, then we are out of luck; we will get an access violation and the process will die. There are ways to make this step more reliable, such as the iframe method described here [11]
An example on how to move on if one can corrupt the metadata of a JavaScript object can be found here [12].

4.2 Next step

Once an attacker has gained code execution inside the renderer process they are still limited by the sandbox. In the exploit found in the wild, the attacker used a second 0-day that targeted the Windows Kernel to escape the sandbox. A write up describing that exploit was recently released by the 360CoreSec here [13].

5. Conclusion

By looking at the commit that fixed the bug and hunting down hints and similar fixes we were able to recover the likely path towards exploitation. Once again, we can see that modern mitigations introduced in the later version of Windows makes life way harder on attackers and we should celebrate those wins from the defensive side. Also, Google is extremely efficient and aggressive in its patching strategy, and most of its user base will have already seamlessly updated to the latest version of Chrome.

 

Links

[1] https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html
[2] https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
[2b] https://bugs.chromium.org/p/chromium/issues/detail?id=936448
[3] https://chromium.googlesource.com/chromium/src/+log/72.0.3626.119..72.0.3626.121?pretty=fuller
[3b] https://github.com/chromium/chromium/commit/ba9748e78ec7e9c0d594e7edf7b2c07ea2a90449
[4a] https://github.com/chromium/chromium/blob/17cc212565230c962c1f5d036bab27fe800909f9/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
[4b] https://github.com/chromium/chromium/blob/75ab588a6055a19d23564ef27532349797ad454d/third_party/blink/renderer/core/fileapi/file_reader_loader.cc
[5] https://www.chromium.org/developers/smart-pointer-guidelines
[6a] https://chromium.googlesource.com/chromium/src/+/lkgr/styleguide/c++/c++.md#object-ownership-and-calling-conventions
[6b] https://www.chromium.org/rvalue-references
[7] https://developer.mozilla.org/en-US/docs/Web/API/FileReader
[8] https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/612439/
[9] https://www.exploit-db.com/exploits/46475
[10a] https://bugs.chromium.org/p/v8/issues/detail?id=2802
[10b] https://bugs.chromium.org/p/chromium/issues/detail?id=761801
[11] https://blog.exodusintel.com/2019/01/22/exploiting-the-magellan-bug-on-64-bit-chrome-desktop/
[12] https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
[13] http://blogs.360.cn/post/RootCause_CVE-2019-0808_EN.html

The post Analysis of a Chrome Zero Day: CVE-2019-5786 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/analysis-of-a-chrome-zero-day-cve-2019-5786/feed/ 0
How Online Scams Drive College Basketball Fans Mad https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/#respond Wed, 20 Mar 2019 10:00:54 +0000 https://securingtomorrow.mcafee.com/?p=94656

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most […]

The post How Online Scams Drive College Basketball Fans Mad appeared first on McAfee Blogs.

]]>

Sports fans everywhere look forward to mid-March for the NCAA men’s college basketball tournament. However, it’s not just college basketball fans that look forward to this time of year. Cybercriminals use March to launch malicious campaigns in the hopes of gaining access to personal information from unsuspecting fans. Let’s take a look at the most popular techniques cybercriminals use to gain access to passwords and financial information, as well as encourage victims to click on suspicious links.

Online betting provides cybercriminals with a wealth of opportunities to steal personal and financial information from users looking to engage with the games while potentially making a few extra bucks. The American Gaming Association (AGA) estimates that consumers will wager $8.5 billion on the 2019 NCAA men’s basketball tournament. What many users don’t realize is that online pools that ask for your personal and credit card information create a perfect opportunity for cybercriminals to take advantage of unsuspecting fans.

In addition to online betting scams, users should also be on the lookout for malicious streaming sites. As fewer and fewer homes have cable, many users look to online streaming sites to keep up with all of the games. However, even seemingly reputable sites could contain malicious phishing links. If a streaming site asks you to download a “player” to watch the games, there’s a possibility that you could end up with a nasty malware on your computer.

Ticket scammers are also on the prowl during March, distributing fake tickets on classified sites they’ve designed to look just like the real thing. Of course, these fake tickets all have the same barcode. With these scams floating around the internet, users looking for cheap tickets to the games may be more susceptible to buying counterfeit tickets if they are just looking for the best deal online and are too hasty in their purchase.

So, if you’re a college basketball fan hoping to partake in this exciting month – what next? In order to enjoy the fun that comes with the NCAA tournament without the risk of cyberthreats, check out the following tips to help you box out cybercriminals this March:

  • Verify the legitimacy of gambling sites. Before creating a new account or providing any personal information on an online gambling website, poke around and look for information any legitimate site would have. Most gambling sites will have information about the site rules (i.e., age requirements) and contact information. If you can’t find such information, you’re better off not using the site.
  • Be leery of free streaming websites. The content on some of these free streaming websites is likely stolen and hosted in a suspicious manner, as well as potentially contains malware. So, if you’re going to watch the games online, it’s best to purchase a subscription from a legitimate streaming service.
  • Stay cautious on popular sports sites and apps. Cybercriminals know that millions of loyal fans will be logging on to popular sports sites and apps to stay updated on the scores. Be careful when you’re visiting these sites you’re not clicking on any conspicuous ads or links that could contain malware. If you see an offer that interests you in an online ad, you’re better off going directly to the website from the company displaying the ad as opposed to clicking on the ad from the sports site or app.
  • Beware of online ticket scams. Scammers will be looking to steal payment information from fans in search of last-minute tickets to the games. To avoid this, it’s best to buy directly from the venue whenever possible. If you decide to purchase from a reseller, make sure to do your research and only buy from trusted vendors.
  • Use comprehensive security software. Using a tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious. It will provide visual warnings if you’re about to go to a suspicious site.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post How Online Scams Drive College Basketball Fans Mad appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/march-mayhem-online-scams/feed/ 0
Ghosts May Not Be Real but Trolls Are – Look Out for Social Media Trolls https://securingtomorrow.mcafee.com/consumer/ghosts-may-not-be-real-but-trolls-are-look-out-for-social-media-trolls/ https://securingtomorrow.mcafee.com/consumer/ghosts-may-not-be-real-but-trolls-are-look-out-for-social-media-trolls/#respond Tue, 19 Mar 2019 14:22:09 +0000 https://securingtomorrow.mcafee.com/?p=94668 The Cambridge Dictionary describes a troll as “an imaginary, either very large or very small creature in traditional Scandinavian stories, that has magical powers and lives in mountains or caves.” If you have read your fairy tales, you would know that trolls are generally grotesque creatures that stay away from human habitation. They take pleasure […]

The post Ghosts May Not Be Real but Trolls Are – Look Out for Social Media Trolls appeared first on McAfee Blogs.

]]>
The Cambridge Dictionary describes a troll as “an imaginary, either very large or very small creature in traditional Scandinavian stories, that has magical powers and lives in mountains or caves.”

If you have read your fairy tales, you would know that trolls are generally grotesque creatures that stay away from human habitation. They take pleasure in carrying out antisocial activities and causing people pain and mental suffering.

Those trolls are mythical, but the online trolls are very much real. These digital trolls use the anonymity offered by the net to stay hidden and cause disruption and harm through their malicious and negative comments. They share provocative, malicious content and delight in fomenting unrest. If the victim takes the comments personally, it can leave them emotionally disturbed.

Why do people troll?

Why do people troll? Why do they want to insult, abuse, criticize, hurt and spread negativity? There are many studies available online that offer detailed analysis of how a troll’s mind works. However, we won’t go into such details. For our convenience and easy understanding, it will suffice to say that trolling may be the result of an individual’s background, low empathy levels, anger, frustration, jealousy, sadness and/or bitterness.

  • Low empathy: There are people who have less empathy or sensitivity and often find grim or disturbing situations funny. They will, for e.g.; not think twice about posting a joke on a social media thread where everyone is offering condolence on the demise of a loved one. They may see nothing wrong in it, rather it may give them a laugh.
  • Inflexible attitude: Some people find it difficult to accept that others too can have their individual viewpoints and instinctively target people with different opinions as enemies and make it their mission to abuse them, as if to prove that they are wrong. They hamper freedom of speech online for they do try to desist other users from sharing their personal opinions.
  • Revenge: Some go on a rampage to seek revenge for the ‘wrong’ done to them or someone else.

The anonymity provided by the net enables many cowardly people to feel strong by attacking others and give vent to their emotions online.

How do you identify trolls?

Easy. They are the rabble rousers, the ones who have nothing positive to contribute but are only out to disrupt, disturb and upset you. Their posts may vary from personal comments on your photo, satirical outbursts on your blogs or videos or direct attacks on your person, to out-of-context malicious remarks in an ongoing discussion. They would definitely be using a false bio and either no profile pic or a false one.

What do you do if you are trolled?

  • Avoid feeding them – they thrive on your emotional upheaval and vituperative responses. The smart thing to do is to neither acknowledge their comments nor respond to them. Nothing is as putting off as an IGNORE.
  • Keep records and block – If the trolling continues, keep records and block account of the troll and report to the platform. Let your friends know about the account too.
  • Consider keeping commenting off on your YouTube channel – you may also choose to delete negative comments.
  • Make amendments to posts – if factual or grammatical errors or an archaic style of writing your posts or blogs have brought out the trolls, consider apologizing for the errors and making revisions. Reply positively, thanking the troll for the feedback. You will take the wind out of the troll’s sails.
  • Don’t take it to heart – adults may use humour to counter trolls online, but it may not be easy for teens to keep emotions aside and reply to abusive comments lightly. So, it’s best to ignore.

As a digital parent, you may already be aware of trolls and the emotional havoc they can cause. You want to protect your kids from their attacks when they go online. At the same time, you need to explain to them why trolling is wrong and sometimes funny isn’t funny at all but may be hurtful and nasty.

How to ensure your kids know it’s wrong to troll?

  • Good manners: Whether online or off it, there is no substitute to good manners and etiquette. Ensure your kids feel happy and secure at home. Model the kind of behavior you expect from them and reward good manners with appreciation.
  • Empathy: The world runs on kindness and empathy. Reinforce empathy right from childhood. They need to understand that there are all kinds of people and each one is special in some way. Help them grow up to be generous, tolerant and broad-minded people.
  • Positivity: A child with a positive outlook and sunny disposition is most unlikely to be rude and deliberately mean online. Lay stress on being positive, whatever the situation may be.
  • Monitoring: It is recommended that parents monitor the conversations kids have online. Avoid participating in their conversations or taking to task those who maybe bullying or trolling them, for though this will delight the troll, it will be embarrassing for the child. Instead, have discussions on how he/she plans to handle it and let him/her tackle the issue.
  • Last but not the least, ensure all your devices are installed with licensed comprehensive security software that offers the parental controls feature. This will allow you to monitor activities remotely, though you should keep your child informed that you are doing so.

One last word: we cannot make trolls vanish, but we can empower our kids to vanquish them.

The post Ghosts May Not Be Real but Trolls Are – Look Out for Social Media Trolls appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/ghosts-may-not-be-real-but-trolls-are-look-out-for-social-media-trolls/feed/ 0
How to Safeguard Your Family Against A Medical Data Breach https://securingtomorrow.mcafee.com/consumer/family-safety/steps-to-safeguard-your-family-against-a-medical-data-breach/ https://securingtomorrow.mcafee.com/consumer/family-safety/steps-to-safeguard-your-family-against-a-medical-data-breach/#respond Sat, 16 Mar 2019 14:14:19 +0000 https://securingtomorrow.mcafee.com/?p=94597

The risk to your family’s healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed. That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From […]

The post How to Safeguard Your Family Against A Medical Data Breach appeared first on McAfee Blogs.

]]>

Medical Data BreachThe risk to your family’s healthcare data often begins with that piece of paper on a clipboard your physician or hospital asks you to fill out or in the online application for healthcare you completed.

That data gets transferred into a computer where a patient Electronic Health Record (EHR) is created or added to. From there, depending on the security measures your physician, healthcare facility, or healthcare provider has put in place, your data is either safely stored or up for grabs.

It’s a double-edged sword: We all need healthcare but to access it we have to hand over our most sensitive data armed only with the hope that the people on the other side of the glass window will do their part to protect it.

Breaches on the Rise

Feeling a tad vulnerable? You aren’t alone. The stats on medical breaches don’t do much to assuage consumer fears.

A recent study in the Journal of the American Medical Association reveals that the number of annual health data breaches increased 70% over the past seven years, with 75% of the breached, lost, or stolen records being breached by a hacking or IT incident at a cost close to consumers at nearly $6 billion.

The IoT Factor

Medical Data Breach

Not only are medical facilities vulnerable to hackers, but with the growth of the Internet of Things (IoT) consumer products — which, in short, means everything is digitally connected to everything else — also provide entry points for hackers. Wireless devices at risk include insulin pumps and monitors, Fitbits, scales, thermometers, heart and blood pressure monitors.

To protect yourself when using these devices, experts recommend staying on top of device updates and inputting as little personal information as possible when launching and maintaining the app or device.

The Dark Web

The engine driving healthcare attacks of all kinds is the Dark Web where criminals can buy, sell, and trade stolen consumer data without detection. Healthcare data is precious because it often includes a much more complete picture of a person including social security number, credit card/banking information, birthdate, address, health care card information, and patient history.

With this kind of data, many corrupt acts are possible including identity theft, fraudulent medical claims, tax fraud, credit card fraud, and the list goes on. Complete medical profiles garner higher prices on the Dark Web.

Some of the most valuable data to criminals are children’s health information (stolen from pediatrician offices) since a child’s credit records are clean and more useful tools in credit card fraud.

According to Raj Samani, Chief Scientist and McAfee Fellow, Advanced Threat Research, predictions for 2019 include criminals working even more diligently in the Dark Web marketplace to devise and launch more significant threats.

“The game of cat and mouse the security industry plays with ransomware developers will escalate, and the industry will need to respond more quickly and effectively than ever before,” Says Samani.

Medical Data Breach

Healthcare professionals, hospitals, and health insurance companies, while giving criminals an entry point, though responsible, aren’t the bad guys. They are being fined by the government for breaches and lack of proper security, and targeted and extorted by cyber crooks, while simultaneously focusing on patient care and outcomes. Another factor working against them is the lack of qualified cybersecurity professionals equipped to protect healthcare practices and facilities.

Protecting ourselves and our families in the face of this kind of threat can feel overwhelming and even futile. It’s not. Every layer of protection you build between you and a hacker, matters. There are some things you can do to strengthen your family’s healthcare data practices.

Ways to Safeguard Medical Data

Don’t be quick to share your SSN. Your family’s patient information needs to be treated like financial data because it has that same power. For that reason, don’t give away your Social Security Number — even if a medical provider asks for it. The American Medical Association (AMA) discourages medical professionals from collecting patient SSNs nowadays in light of all the security breaches.

Keep your healthcare card close. Treat your healthcare card like a banking card. Know where it is, only offer it to physicians when checking in for an appointment, and report it immediately if it’s missing.

Monitor statements. The Federal Trade Commission recommends consumers keep a close eye on medical bills. If someone has compromised your data, you will notice bogus charges right away. Pay close attention to your “explanation of benefits,” and immediately contact your healthcare provider if anything appears suspicious.

Ask about security. While it’s not likely you can change your healthcare provider’s security practices on the spot, the more consumers inquire about security standards, the more accountable healthcare providers are to following strong data protection practices.

Pay attention to apps, wearables. Understand how app owners are using your data. Where is the data stored? Who is it shared with? If the app seems sketchy on privacy, find a better one.

How to Protect IoT Devices

Medical Data Breach

According to the Federal Bureau of Investigation (FBI), IoT devices, while improving medical care and outcomes, have their own set of safety precautions consumers need to follow.

  • Change default usernames and passwords
  • Isolate IoT devices on their protected networks
  • Configure network firewalls to inhibit traffic from unauthorized IP addresses
  • Implement security recommendations from the device manufacturer and, if appropriate, turn off devices when not in use
  • Visit reputable websites that specialize in cybersecurity analysis when purchasing an IoT device
  • Ensure devices and their associated security patches are up-to-date
  • Apply cybersecurity best practices when connecting devices to a wireless network
  • Invest in a secure router with appropriate security and authentication practices

The post How to Safeguard Your Family Against A Medical Data Breach appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/steps-to-safeguard-your-family-against-a-medical-data-breach/feed/ 0
Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vulnerability-cve-2018-20250/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vulnerability-cve-2018-20250/#comments Thu, 14 Mar 2019 19:00:50 +0000 https://securingtomorrow.mcafee.com/?p=94446

Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable […]

The post Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) appeared first on McAfee Blogs.

]]>

Earlier this month Check Point Research reported discovery of a 19 year old code execution vulnerability in the wildly popular WinRAR compression tool. Rarlab reports that that are over 500 million users of this program. While a patched version, 5.70, was released on February 26, attackers are releasing exploits in an effort to reach vulnerable systems before they can be patched.

One recent example piggybacks on a bootlegged copy of Ariana Grande’s hit album “Thank U, Next” with a file name of “Ariana_Grande-thank_u,_next(2019)_[320].rar”

When a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Account Control (UAC) does not apply, so no alert is displayed to the user. The next time the system restarts, the malware is run.

Figure 1 – Malformed Archive detected by McAfee as CVE2018-20250!4A63011F5B88
SHA256: e6e5530ed748283d4f6ef3485bfbf84ae573289ad28db0815f711dc45f448bec

Figure 2 – Extracted non-malicious MP3 files

Figure 3 – Extracted Malware payload detected by McAfee as Generic Trojan.i
SHA256: A1C06018B4E331F95A0E33B47F0FAA5CB6A084D15FEC30772923269669F4BC91

In the first week since the vulnerability was disclosed, McAfee has identified over 100 unique exploits and counting, with most of the initial targets residing in the United States at the time of writing.

 

McAfee advises users to keep their anti-malware signatures up to date at all times. McAfee products detect known and unknown malformed ACE files exploiting the vulnerability as CVE2018-20250![Partial hash] starting with the following content

  • V2 DATs version 9183 released March 2, 2019
  • V3 DATs version 3634 released March 2, 2019

Additional GTI coverage exists for email-based attacks, in tandem with the Suspicious Attachment feature. When this feature is enabled, Artemis![Partial hash] detections will occur on known exploits.

Update: An earlier version of this article used the phrase User Access Control (UAC) which has now been changed to User Account Control (UAC) and the term “bypass” which has now been changed to “does not apply.”

The post Attackers Exploiting WinRAR UNACEV2.DLL Vulnerability (CVE-2018-20250) appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/attackers-exploiting-winrar-unacev2-dll-vulnerability-cve-2018-20250/feed/ 1
McAfee CTO @ RSA: Catching Lightning in a Bottle or Burning Bridges to the Future? https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/mcafee-cto-rsa-catching-lightning-in-a-bottle-or-burning-bridges-to-the-future/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/mcafee-cto-rsa-catching-lightning-in-a-bottle-or-burning-bridges-to-the-future/#respond Thu, 14 Mar 2019 16:58:29 +0000 https://securingtomorrow.mcafee.com/?p=94606

I spoke last week at the RSA Conference in San Francisco on the subject of AI related threats and opportunities in the cybersecurity field. I asserted that innovations such as AI can strengthen our defenses but can also enhance the effectiveness of a cyber attacker.  I also looked at some examples of underlying fragility in […]

The post McAfee CTO @ RSA: Catching Lightning in a Bottle or Burning Bridges to the Future? appeared first on McAfee Blogs.

]]>

I spoke last week at the RSA Conference in San Francisco on the subject of AI related threats and opportunities in the cybersecurity field. I asserted that innovations such as AI can strengthen our defenses but can also enhance the effectiveness of a cyber attacker.  I also looked at some examples of underlying fragility in AI that enable an attacker opportunity to evade AI based defenses. The key to successfully unlocking the potential of AI in cybersecurity requires that we in the cybersecurity industry answer the question of how we can nurture the sparks of AI innovation while recognizing its limitations and how it can be used against us.

We should look to the history of key technological advances to better understand how technology can bring both benefits and challenges. Consider flight in the 20th century. The technology has changed every aspect of our lives, allowing us to move between continents in hours, instead of weeks. Businesses, supply chains, and economies operate globally, and our ability to explore the world and the universe has been forever changed.

But this exact same technology also fundamentally changed warfare. In World War II alone, the strategic bombing campaigns of the Allied and Axis powers killed more than two million people, many of them civilians.

The underlying technology of flight is Bernoulli’s Principle, which explains why an airplane wing creates lift. Of course, the technology in play has no knowledge of whether the airplane wing is connected to a ‘life-flight’ rescue mission, or to a plane carrying bombs to be dropped on civilian targets.

When Orville Wright was asked in 1948 after the devastation of air power during World War II whether he regretted inventing the airplane he answered:

“No, I don’t have any regrets about my part in the invention of the airplane, though no one could deplore more than I do the destruction it has caused. We dared to hope we had invented something that would bring lasting peace to the earth. But we were wrong. I feel about the airplane much the same as I do in regard to fire. That is, I regret all the terrible damage caused by fire, but I think it is good for the human race that someone discovered how to start fires, and that we have learned how to put fire to thousands of important uses.”

Orville’s insight that technology does not comprehend morality—and that any advances in technology can be used for both beneficial and troubling purposes.  This dual use of technology is something our industry has struggled with for years.

Cryptography is a prime example. The exact same algorithm can be used to protect data from theft, or to hold an individual or organization for ransom. This matters more than ever given that we now encrypt 75% of the world’s web traffic, protecting over 150 exabytes of data each month.  At the same time, organizations and individuals are enduring record exploitation through ransomware.

The RSA Conference itself was at the epicenter of a debate during the 1990’s on whether it was possible to conditionally use strong encryption only in desirable places, or only for desirable functions.  At the time, the U.S. government classified strong encryption as a munition along with strict export restrictions.   Encryption is ultimately just math and it’s not possible to stop someone from doing math.  We must be intellectually honest about our technologies; how they work, what the precursors to use them are and when, how and if they should be contained.

Our shared challenge in cybersecurity is to capture lightning in a bottle, to seize the promise of advances like flight, while remaining aware of the risks that come with technology.  Let’s take a closer look at that aspect.

History repeats itself

Regardless of how you define it, AI is without a doubt the new foundation for cybersecurity defense. The entire industry is tapping into the tremendous power that this technology offers to better defend our environments. It enables better detection of threats beyond what we’ve seen in the past, and helps us out-innovate our cyber adversaries. The combination of threat intelligence and artificial intelligence, together or human-machine teaming provides us far better security outcomes—faster—than either capability on their own.

Not only does AI enable us to build stronger cyber defense technology, but also helps us solve other key issues such as addressing our talent shortage. We can now delegate many tasks to free up our human security professionals to focus on the most critical and complex aspects of defending our organizations.

“It’s just math..”

Like encryption, AI is just math. It can enhance criminal enterprises in addition to its beneficial purposes. McAfee Chief Data Scientist Celeste Fralick joined me on stage during this week’s keynote to run through some examples of how this math can be applied for good or ill. (visit here to view the keynote).  From machine learning fueled crime-spree predictors to DeepFake videos to highly effective attack obfuscation, we touch on them all.

It’s important to understand that the cybersecurity industry is very different from other sectors that use AI and machine learning. For a start, in many other industries, there isn’t an adversary trying to confuse the models.

AI is extremely fragile, therefore one focus area of the data science group at McAfee is Adversarial Machine Learning. Where we’re working to better understand how attackers could try to evade or poison machine learning models.  We are developing models that are more resilient to attacks using techniques such as feature reduction, adding noise, distillation and others.

AI and False Positives: A Warning

We must recognize that this technology, while incredibly powerful, is also incredibly different from what many cybersecurity defenders worked with historically. In order to deal with issues such as evasion, models will need to be tuned to high levels of sensitivity. The high level of sensitivity makes false positives inherent and something we must fully work into the methodology for using the technology.

False positive can have catastrophic results.  For an excellent example of this, watch the video of the keynote here if you haven’t seen it yet.  I talk through the quintessential example of how a false positive almost started World War III and nuclear Armageddon.

The Take-Away

As with fire and flight, how we manage new innovations is the real story.  Recognizing technology does not have a moral compass is key.  Our adversaries will use the technology to make their attacks more effective and we must move forward with our eyes wide open to all aspects of how technology will be used…. Its benefits, limitations and how it will be used against us.

 

Please see the video recording of our keynote speech RSA Conference 2019: https://www.rsaconference.com/events/us19/presentations/keynote-mcafee

 

The post McAfee CTO @ RSA: Catching Lightning in a Bottle or Burning Bridges to the Future? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/mcafee-cto-rsa-catching-lightning-in-a-bottle-or-burning-bridges-to-the-future/feed/ 0
Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/#respond Wed, 13 Mar 2019 22:23:02 +0000 https://securingtomorrow.mcafee.com/?p=94598

Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for […]

The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.

]]>

Free apps have a lot of appeal for users. They don’t cost a cent and can help users complete tasks on-the-go. However, users should take precautions before installing any app on their device. Researchers here at McAfee have observed some Android apps using extremely deceptive techniques to try and trick users into signing up for a very expensive service plan to use basic tool functionalities like voice recording and opening zip files.

The two apps being called into question, “Voice recorder free” and “Zip File Reader,” have been downloaded over 600,000 times combined. So at first glance, users may assume that these are reputable apps. Once installed, they offer the user an option to use a “Free trial” or to “Pay now.” If the user selects the trial version, they are presented with a subscription page to enter their credit card details for when the three-day trial is over. However, these apps charge a ridiculously high amount once the trial is up. “Voice recorder free” charges a whopping $242 a month and “Zip File Reader” charges $160 a week.

Users who have downloaded these apps and then deleted them after their free trial may be surprised to know that uninstalling the app will not cancel the subscription, so they could still be charged these astronomical amounts for weeks without realizing it. While this is not technically illegal, it is a deceptive tactic that app developers are using to try to make an easy profit off of consumers who might forget to cancel their free trial.

With that said, there are a few things users can do to avoid becoming victim to deceptive schemes such as these in the future. Here are some tips to keep in mind when it comes to downloading free apps:

  • Be vigilant and read app reviews. Even if an app has a lot of downloads, make sure to comb through all of the reviews and read up before downloading anything to your device.
  • Read the fine print. If you decide to install an app with a free trial, make sure you understand what fees you will be charged if you keep the subscription.
  • Remember to cancel your subscription. If you find a reputable free app that you’ve researched and want to use for a trial period, remember to cancel the subscription before uninstalling the app off your device. Instructions on canceling, pausing, and changing a subscription can be found on Google Play’s Help page.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Basic Android Apps Are Charging High Subscription Fees With Deceptive Tactics appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/android-apps-charging-high-fees/feed/ 0
ST02: Mobile World Congress 2019 Recap with Gary Davis https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/st02-mobile-world-congress-2019-recap-with-gary-davis-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/st02-mobile-world-congress-2019-recap-with-gary-davis-2/#respond Wed, 13 Mar 2019 16:49:41 +0000 https://securingtomorrow.mcafee.com/?p=94595

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.

The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.


The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/st02-mobile-world-congress-2019-recap-with-gary-davis-2/feed/ 0
5 Tips For Creating Bulletproof Passwords https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/#respond Tue, 12 Mar 2019 22:13:56 +0000 https://securingtomorrow.mcafee.com/?p=94589

While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives. This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can […]

The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blogs.

]]>

While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.

This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.

Remember, simple is not safe

Every year surveys find that the most popular passwords are as simple as  “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.

When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.

Tricks:

  • Make sure that your passwords are at least 12 characters long and include numbers, symbols, and upper and lowercase letters.
  • Try substituting numbers and symbols for letters, such as zero for “O”, or @ for “A”.
  • If you’re using internet-connected devices, like IP cameras and interactive speakers, make sure to change the default passwords to something unique, since hackers often know the manufacturer’s default settings.

Keep it impersonal

Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.

Tricks:

  • Try making your password a phrase, with random numbers and characters. For instance, if you love crime novels you might pick the phrase: ILoveBooksOnCrime
    Then you would substitute some letters for numbers and characters, and put a portion in all caps to make it even stronger, such as: 1L0VEBook$oNcRIM3!
  • If you do need to use personal information when setting up security questions, choose answers that are not easy to find online.
  • Keep all your passwords and passphrases private.

Never reuse passwords

If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.

Tricks:

  • Use unique passwords for each one of your accounts, even if it’s for an account that doesn’t hold a lot of personal information. These too can be compromised, and if you use the same password for more sensitive accounts, they too are at risk.
  • If a website or monitoring service you use warns you that your details may have been exposed, change your password immediately.

Employ a password manager

If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.

Tricks:

  • Look for security software that includes a password manager
  • Make sure your password manager uses multi-factor authentication, meaning it uses multiple pieces of information to identify you, such as facial recognition, a fingerprint, and a password.

Boost your overall security

Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.

Tricks:

  • Keep you software up-to-date and consider using a web advisor that protects you from accidentally typing passwords into phishing sites.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tips-for-creating-passwords/feed/ 0
Artificial Intelligence, Machine Learning and More at RSAC 2019 https://securingtomorrow.mcafee.com/business/artificial-intelligence-machine-learning-and-more-at-rsac-2019/ https://securingtomorrow.mcafee.com/business/artificial-intelligence-machine-learning-and-more-at-rsac-2019/#respond Tue, 12 Mar 2019 16:16:52 +0000 https://securingtomorrow.mcafee.com/?p=94578

Last week, the RSA Conference painted San Francisco’s Moscone Center purple with the theme ‘Better’, and the cybersecurity industry did not disappoint in making the digital world a better and safer place. Below, we’re sharing a few McAfee highlights from this year’s event. Behind the Scenes of MGM Resorts’ Digital Transformation at CSA Summit In […]

The post Artificial Intelligence, Machine Learning and More at RSAC 2019 appeared first on McAfee Blogs.

]]>

Last week, the RSA Conference painted San Francisco’s Moscone Center purple with the theme ‘Better’, and the cybersecurity industry did not disappoint in making the digital world a better and safer place. Below, we’re sharing a few McAfee highlights from this year’s event.

Behind the Scenes of MGM Resorts’ Digital Transformation at CSA Summit

In its tenth year at the RSA Conference, the CSA Summit welcomed Rajiv Gupta, Senior Vice President, Cloud Security Business Unit at McAfee and Scott Howitt, Senior Vice President & Chief Information Security Officer at MGM Resorts International to the stage. During the keynote, Howitt discussed MGM’s digital transformation and how adopting the cloud into MGM’s business model resulted in delivering a modern experience to customers and more engaged and productive employees. We also heard Gupta share statistics from our Cloud Report on how cloud data distribution has changed dramatically ,which now requires new and better solutions. Before attendees headed out for lunch, Howitt and Gupta closed the first half of the CSA summit by solidifying the positive impact the cloud can have on enterprise businesses. 

Tapping into the Tremendous Power of Artificial Intelligence at RSAC

On Tuesday, SVP and Chief Technology Officer, Steve Grobman and Chief Data Scientist, Dr. Celeste Fralick, took the mainstage at RSAC. During their keynote, Grobman and Fralick discussed how the industry needs to think about artificial intelligence, its power, how it can be used against us and its adversarial uses. Fralick shared how “most people don’t realize how fragile AI and machine learning can really be” and voiced how her team is involved in a technical area called the adversarial machine learning, where they study ways that adversaries can invade or poison machine learning classifier. In closing, Grobman told RSA attendees that “we must embrace AI but never ignore its limitations. It’s just math. It’s fragile. And there is a cost to both false positives and false negatives.”

EXPO- nentially Better

This year’s RSAC expo didn’t disappoint, with over 400 exhibitors showcasing unique content from the world’s top cybersecurity minds and the latest security solutions. Every day our booth was full as we connected with our customers, partners, and prospects. At this year’s conference, we hosted a fun and interactive Capture the Flag challenge which tested the investigative and analytical skills of RSA attendees. Contestants were given various challenges and received “flag” details on how to complete each challenge as quickly and accurately as possible.

RSAC was full of announcements with new and better products along with the buzzing of cybersecurity professionals making better connections with peers from around the world, with the same goal of keeping the digital world safe and making the real world a better place.

The post Artificial Intelligence, Machine Learning and More at RSAC 2019 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/artificial-intelligence-machine-learning-and-more-at-rsac-2019/feed/ 0
You Rang? New Voice Phishing Attack Tricks Unsuspecting Users https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/voice-phishing-tricks-unsuspecting-users/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/voice-phishing-tricks-unsuspecting-users/#respond Tue, 12 Mar 2019 13:00:47 +0000 https://securingtomorrow.mcafee.com/?p=94534

In this digital day and age, the average user is likely familiar with the techniques and avenues cybercriminals use to get ahold of personal data and money. With this knowledge, we’ve become smarter and keen to the tricks of the cybercrime trade. However, cybercriminals have become smarter too, and therefore their attacks have become more […]

The post You Rang? New Voice Phishing Attack Tricks Unsuspecting Users appeared first on McAfee Blogs.

]]>

In this digital day and age, the average user is likely familiar with the techniques and avenues cybercriminals use to get ahold of personal data and money. With this knowledge, we’ve become smarter and keen to the tricks of the cybercrime trade. However, cybercriminals have become smarter too, and therefore their attacks have become more complex. Take phishing, for example. There has been a dramatic shift in phishing attacks, from simple and general to complex and personalized. What was once spoofing emails or websites has now evolved into something more devious – vishing, or voice phishing. This method involves a cybercriminal attempting to gain access to a victim’s personal or financial information by pretending to be a financial institution via phone call. And now a new vishing attack is proving to be more difficult to detect than the typical phishing scams.

In April 2018, Min-Chang Jang, a manager at Korea Financial Security Institute and Korea University, made a breakthrough in his investigation into malicious apps designed to intercept calls to users from legitimate numbers. This tactic puts a new but troubling twist on the original voice phishing cyberattack. To be successful in this venture, a hacker must first convince a user to download a fake app. To do this, a link is sent to the victim, luring them in with an amazing offer around loan refinancing or something similar, which then prompts the user to download the faulty app. If the target takes the bait, calls will start to come in from the financial institution following up on the possible loan refinancing offer. The call, however, isn’t connected to the actual financial company, rather it is intercepted and connected to the bad actor.

We know that as we adjust to the world around us and become smarter about our security, cybercriminals will do the same with their thievery. Today it’s an advanced vishing attack, tomorrow it could be a different type of phishing vector. However, users can rest assured that companies like McAfee are working tirelessly to ensure our users can thwart any cyberattack that comes their way. While this voice phishing attack is hard to detect, here are some proactive steps you can take to ensure you don’t fall victim to cybercriminals’ schemes:

  • Only install apps from authorized sources. To avoid malicious apps getting ahold of your data, only download apps from authorized vendors. For Android users, use the Google Play Store. For iPhone users, use the Apple App Store. Never trust a third-party app with information that could be exploited in the wrong hands.
  • Turn on caller ID or other services. Numerous carriers now offer free services that notify users of possible scam calls. And a lot of phones come with call-identifying capabilities that can give the user a quick diagnostic of whether the call is legitimate or not. With this feature, users can report scam calls to a database too.
  • Always think twice. In addition to tips and apps, there’s no better judge than common sense so if an offer or deal sounds too good to be true, it most likely is.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post You Rang? New Voice Phishing Attack Tricks Unsuspecting Users appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/voice-phishing-tricks-unsuspecting-users/feed/ 0
ST02: Mobile World Congress 2019 Recap with Gary Davis https://securingtomorrow.mcafee.com/other-blogs/podcast/st02-mobile-world-congress-2019-recap-with-gary-davis/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st02-mobile-world-congress-2019-recap-with-gary-davis/#respond Mon, 11 Mar 2019 17:46:59 +0000 https://securingtomorrow.mcafee.com/?p=94538

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.

The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>

Our Chief Consumer Evangelist, Gary Davis, joins us in discussing the recent Mobile World Congress 2019 on his and McAfee’s views ranging from trending themes from the show to McAfee key announcements and goals.

The post ST02: Mobile World Congress 2019 Recap with Gary Davis appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st02-mobile-world-congress-2019-recap-with-gary-davis/feed/ 0
How to Make Sure Spring Break Doesn’t Wreck Your Digital Rep https://securingtomorrow.mcafee.com/consumer/family-safety/how-to-make-sure-spring-break-doesnt-wreck-your-digital-rep/ https://securingtomorrow.mcafee.com/consumer/family-safety/how-to-make-sure-spring-break-doesnt-wreck-your-digital-rep/#respond Sat, 09 Mar 2019 15:00:38 +0000 https://securingtomorrow.mcafee.com/?p=94500 Spring Break and reputation management

Spring Break 2019 is in full swing, which means high school and college kids have hit the road determined to make this rite of passage epic. Unfortunately, not everyone will return home with his or her online reputation intact. Despite the headlines and warnings, kids are still uploading their lives 24/7 and not all of […]

The post How to Make Sure Spring Break Doesn’t Wreck Your Digital Rep appeared first on McAfee Blogs.

]]>
Spring Break and reputation management

Spring Break and reputation management Spring Break 2019 is in full swing, which means high school and college kids have hit the road determined to make this rite of passage epic. Unfortunately, not everyone will return home with his or her online reputation intact.

Despite the headlines and warnings, kids are still uploading their lives 24/7 and not all of their choices will be wise. While impressive at the moment, showcasing one’s exceptional beer pong or body shot skills could become a future digital skeleton.

Define it

The decision to share reckless content online has damaged (even destroyed) scholarships, opportunities, reputations, and careers.

Each day more than one billion names are searched on Google, and 77% of job recruiters look up potential employees up online during the hiring process, according to BrandYourself.com. Also, 45% of people have found content in an online search that made them decide not to do business with someone.

As elementary as it sounds, the first step to helping your child safeguard his or her online reputation this spring break is defining what is and is not appropriate online content.

Spring Break and reputation management

Technology has created a chasm between generations so don’t assume your values align with your child’s in this area. Behavior once considered inappropriate has slowly become acceptable to kids who grew up in the online space. Also, peers often have far more influence than parents.

So take the time to define (and come to an agreement on) content you consider off limits such as profanity, racy photos, mean, disrespectful, or racist comments, irresponsible or prank videos, or pictures that include alcohol or drug use. (Yes, state the obvious!)

Untag It

Spring Break and reputation management

Turn off tagging. Like it or not, people often judged us by the company we keep. Your child’s online behavior may be stellar but tag-happy, reckless friends can sink that quickly. To make sure your child doesn’t get tagged in risky photos on Twitter, Instagram, or Facebook, encourage them to adjust privacy settings to prevent tagging or require user approval. Also, help your kids to pay more attention to unflattering Snapchat photos and Snapchat story photos that other people post about them that can be problematic if shared elsewhere.

Lock It

Amp privacy settings. By adjusting privacy settings to “friends only” on select social networks content, digital mistakes can be minimized. However, we know that anything uploaded can be shared and screen captured before it’s deleted so tightening privacy settings isn’t a guarantee.

Google It

Spring Break and reputation management To get a clear picture of your child’s digital footprint and what a school or future employer might find, Google your child’s name. Examine the social networks, links, and sites that have cataloged information about your child. One of the best ways to replace damaging digital information is by creating positive information that overshadows it. Encourage your child to set up a Facebook page that reflects their best self — their values, their goals, and their character. Make the page public so others can view it. They may also consider setting up a LinkedIn page that highlights specific achievements, goals, and online endorsements from teachers and past employers.

If for some reason there’s damaging content that can’t be removed by request, encourage your child to set up a personal website and blog weekly. This can be a professional or hobby blog, but the idea is to repopulate the search results with favorable content and push the tainted content further down on Google.

Balance It

In your guiding, don’t forget the wise words of Cyndi Lauper who reminds us all, “Girls just wanna have fun!” Strive for balance in giving kids the room to make memories with friends while at the same time equipping them to make wise choices online.

The post How to Make Sure Spring Break Doesn’t Wreck Your Digital Rep appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/how-to-make-sure-spring-break-doesnt-wreck-your-digital-rep/feed/ 0
809 Million Records Left Exposed: How Users Can Protect Their Data https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/#respond Fri, 08 Mar 2019 21:41:42 +0000 https://securingtomorrow.mcafee.com/?p=94522

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection […]

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

]]>

It’s no secret that technological advancements and online threats are directly proportional to each other. So now more than ever, it’s imperative that users prioritize the security of their digital presence, especially in the face of advanced malware attacks and massive data leaks. Speaking of the latter — less than two months after the Collection #1 data breach exposed 773 million email addresses, it seems we have another massive data dump in our midst. Last week, researchers discovered a 150-gigabyte database containing 809 million records exposed by the email validation firm, Verifications.io.

You may be wondering how Verifications.io had so much data left to be exposed. Most people have heard of email marketing, but very few realize that these companies often vet user email addresses to ensure their validity. Enter Verifications.io. This company serves as a way email marketing firms can outsource the extensive work involved with validating mass amounts of emails and avoid the risk of having their infrastructure blacklisted by spam filters. Verifications.io was entrusted with a lot of data provided by email marketing firms looking to streamline their processes, creating an information-heavy database.

This unusual data trove contains tons of sensitive information like names, email addresses, phone numbers, physical addresses, gender, date of birth, personal mortgage amounts, interest rates, social media accounts, and characterizations of people’s credit scores. While the data doesn’t contain Social Security Numbers or credit card information, that amount of aggregated data makes it much easier for cybercriminals to run new social engineering scams or expand their target audience. According to security researcher Troy Hunt, owner of HaveIBeenPwned, 35% of the data exposed by Verifications.io is new to his database. With that said, it was the second largest data dump added in terms of email addresses to Hunt’s website, which allows users to check whether their data has been exposed or breached.

Upon discovery, the firm was made aware of the incident. And while proper security measures were taken, users can take various steps themselves to protect their information in the event of largescale data exposure. Check out the following tips:

  • Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
  • Use strong, unique passwords. Make sure to use complex passwords for each of your individual accounts, and never reuse your credentials across different platforms. It’s also a good idea to update your passwords on a consistent basis to further protect your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post 809 Million Records Left Exposed: How Users Can Protect Their Data appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/809-million-records-exposed/feed/ 0
Don’t Let Thunderclap Flaws Strike Your Device https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/#respond Fri, 08 Mar 2019 19:15:19 +0000 https://securingtomorrow.mcafee.com/?p=94515

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial […]

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

]]>

If you own a Mac or PC, odds are you’ve used your laptop’s Thunderbolt port to connect another device to your machine. Thunderbolt ports are convenient for charging other devices using your laptop or desktop’s battery power. However, a new flaw called Thunderclap allows attackers to steal sensitive information such as passwords, encryption keys, financial information, or run detrimental code on the system if a malicious device is plugged into a machine’s port while it’s running.

So, how can attackers exploit this flaw? Thunderbolt accessories are granted direct-memory access (DMA), which is a method of transferring data from a computer’s random-access memory (RAM) to another part of the computer without it needing to pass through the central processing unit (CPU). DMA can save processing time and is a more efficient way to move data from the computer’s memory to other devices. However, attackers with physical access to the computer can take advantage of DMA by running arbitrary code on the device plugged into the Thunderbolt port. This allows criminals to steal sensitive data from the computer. Mind you, Thunderclap vulnerabilities also provide cybercriminals with direct and unlimited access to the machine’s memory, allowing for greater malicious activity.

Thunderclap-based attacks can be carried out with either specially built malicious peripheral devices or common devices such as projectors or chargers that have been altered to automatically attack the host they are connected to. What’s more, they can compromise a vulnerable computer in just a matter of seconds. Researchers who discovered this vulnerability informed manufacturers and fixes have been deployed, but it’s always good to take extra precautions. So, here are some ways users can defend themselves against these flaws:

  • Disable the Thunderbolt interface on your computer. To remove Thunderbolt accessibility on a Mac, go to the Network Preference panel, click “OK” on the New Interface Detected dialog, and select “Thunderbolt Bridge” from the sidebar. Click the [-] button to delete the option as a networking interface and choose “Apply.” PCs often allow users to disable Thunderbolt in BIOS or UEFI firmware settings, which connect a computer’s firmware to its operating system.
  • Don’t leave your computer unattended. Because this flaw requires a cybercriminal to have physical access to your device, make sure you keep a close eye on your laptop or PC to ensure no one can plug anything into your machine without permission.
  • Don’t borrow chargers or use publicly available charging stations. Public chargers may have been maliciously altered without your knowledge, so always use your own computer accessories.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Don’t Let Thunderclap Flaws Strike Your Device appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/thunderclap-flaws/feed/ 0
How To Secure Your Smart Home https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/#respond Thu, 07 Mar 2019 01:00:41 +0000 https://securingtomorrow.mcafee.com/?p=94485

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by […]

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

]]>

Do you live in a “smart” home? If you look around and see interactive speakers, IP cameras, and other internet-connected devices like thermostats and appliances, you are now one of the millions of people who live with so-called “smart” devices. They bring convenience and comfort into our lives, but they also bring greater risks, by giving cybercrooks new opportunities to access our information, and even launch attacks.

You may remember a couple of years ago when thousands of infected devices were used to take down the websites of internet giants like Twitter and Netflix by overwhelming them with traffic. The owners of those devices were regular consumers, who had no idea that their IP cameras and DVRs had been compromised. You may also have heard stories of people who were eavesdropped on via their baby monitors, digital assistants, and webcams when their private networks were breached.

Unfortunately, these are not rare cases. In recent months, the “Internet of Things” (IoT) has been used repeatedly to spy on businesses, launch attacks, or even deliver cryptojacking malware or ransomware.

Still, given the benefits we get from these devices, they are probably here to stay.  We just need to acknowledge that today’s “smart” devices can be a little “dumb” when it comes to security. Many lack built-in security protections, and consumers are still learning about the risks they can pose. This is particularly concerning since the market for smart devices is large and growing. There are currently 7 billion IoT devices being used worldwide, and that number is expected to grow to 22 billion by 2025.

Cybercrooks have already taken note of these opportunities since malware attacks on smart devices have escalated rapidly. In fact, McAfee reported that malware directed at IoT devices was up 73%in the third quarter of 2018 alone.

So, whether you have one IoT device, or many, it’s worth learning how to use them safely.

Follow these smart home safety tips:

  • Research before you buy—Although most IoT devices don’t have built-in protection, some are safer than others. Look for devices that make it easy to disable unnecessary features, update software, or change default passwords. If you already have an older device that lacks many of these features, consider upgrading it.
  • Safeguard your devices—Before you connect a new IoT device to your home network — allowing it to potentially connect with other data-rich devices, like smartphones and computers— change the default username and password to something strong, and unique. Hackers often know the default settings and share them online.Then, turn off any manufacturer settings that do not benefit you, like remote access. This is a feature some manufacturers use to monitor their products, but it could also be used by cybercrooks to access your system. Finally, make sure that your device software is up-to-date by checking the manufacturer’s website. This ensures that you are protected from any known vulnerabilities.
  • Secure your network—Your router is the central hub that connects all of the devices in your home, so you need to make sure that it’s secure. If you haven’t already, change the default password and name of your router. Make sure your network name does not give away your address, so hackers can’t locate it. Then check that your router is using an encryption method, like WPA2, which will keep your communications secure. Consider setting up a “guest network” for your IoT devices. This is a second network on your router that allows you to keep your computers and smartphones separate from IoT devices. So, if a device is compromised, a hacker still cannot get to all the valuable information that is saved on your computers. Check your router’s manual for instructions on how to set up a guest network. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
  • Install comprehensive security software –Finally, use comprehensive security software that can safeguard all your devices and data from known vulnerabilities and emerging threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Secure Your Smart Home appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-secure-your-smart-home/feed/ 0
How to Steer Clear of Tax Season Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/#respond Wed, 06 Mar 2019 17:27:04 +0000 https://securingtomorrow.mcafee.com/?p=94481

*This blog contains research discovered by Elizabeth Farrell It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up […]

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

]]>

*This blog contains research discovered by Elizabeth Farrell

It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.

So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.

In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. Even back in December, we saw a surge of new email phishing scams trying to fool consumers into thinking the message was coming from the IRS or other members of the tax community. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.

Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.

Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:

  • File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
  • Obtain a copy of your credit report. FYI – you’re entitled to a free copy of your credit report from each of the major bureaus once a year. So, make it a habit to request a copy of your file every three to four months, each time from a different credit bureau. That way, you can keep better track of and monitor any suspicious activity and act early if something appears fishy.
  • Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Be wary of strange file attachment names such as “virus-for-you.doc.” Remember: the IRS only contacts people by snail mail, so if you get an email from someone claiming to be from the IRS, stay away.
  • Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
  • Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/tax-season-scams-2019/feed/ 0
McAfee Employees Strike Their #BalanceForBetter Pose This International Women’s Day https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-employees-strike-their-balanceforbetter-pose-this-international-womens-day/ https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-employees-strike-their-balanceforbetter-pose-this-international-womens-day/#respond Wed, 06 Mar 2019 15:08:44 +0000 https://securingtomorrow.mcafee.com/?p=94403

By Karla, Digital Media Specialist During the month of March, we are thrilled to support International Women’s Day, on March 8, and Women’s History Month. At McAfee, we recognize the importance of an inclusive and diverse culture and as part of this year’s International Women’s Day call to action, we’ve asked team members from across […]

The post McAfee Employees Strike Their #BalanceForBetter Pose This International Women’s Day appeared first on McAfee Blogs.

]]>

By Karla, Digital Media Specialist

During the month of March, we are thrilled to support International Women’s Day, on March 8, and Women’s History Month. At McAfee, we recognize the importance of an inclusive and diverse culture and as part of this year’s International Women’s Day call to action, we’ve asked team members from across the globe to share how they #BalanceForBetter at McAfee.

Check out some of these great moments and be sure to share your own #BalanceForBetter stories in the comments below!

 

Silvia – Software Sales Account Representative (Chile)

“I always wanted to work for a company that would support me in my role as a woman, a mother, a professional and an athlete. I found that place. McAfee allows me to be me and encourages me to do what I need to do to #BalanceForBetter.”

 

 

 

Priya – Customer Success Manager (India)

“At McAfee, I feel like I can grow my career and be an independent career-focused woman while still being a doting and caring mother and spouse. McAfee helped create the right balance between my family, future and career. #BalanceForBetter”

 

 

 

 

Steve – Head of Advanced Threat Research (U.S.)

“I wish I could say we had gender balance in Advanced Threat Research of 50/50 men and women. I wish we could say this at the industry level in general. However, there’s no time better than the present to change this.

What #BalanceForBetter means to me is engaging early by hosting lab days at McAfee or visiting schools. At McAfee, we have a chance to spark interest, demonstrate inclusiveness and promote real change in the gender gap across the IT industry. Without more women in tech, I truly feel like we are missing out on a unique and diverse perspective. As a father of two young girls with the potential to be anything, I know it’s time we change the status quo.”

 

 

Gurjeet – Engineering Manager (Canada)

“McAfee is like my second family. We celebrate each other’s achievements, encourage one another to give our best and are wonderful friends who always cheer each other up during difficult times.

Here, I can be my personal best every day at the office while doing all the things I cherish with my real family, like hiking, running, traveling and exploring the beautiful world.”

 

 

Paula – Head of Consumer ORD (Brazil)

“The consumer online business is a heavily results-driven organization that demands strong planning and speedy execution, so every minute counts! I #BalanceForBetter by creating clear business objectives that help me to prioritize my tasks and meetings – guaranteeing my weekdays are as productive as possible. This balance ensures that my mornings are spent in the gym and my evenings with family and friends, which ultimately gives me the energy and joy needed to execute my work each day.”

 

 

Laura – Marketing Communications Manager (Mexico)

“After working in marketing for more than 20 years in tech, I certainly believe that technology helps you find a balance of work and play – not having to choose between one or the other. I #BalanceForBetter at McAfee to define the best version of myself.”

 

 

 

Charan Jeet – MSSP Solutions Architect (Australia)

“McAfee’s flexible and supportive work culture plays a vital role. It encourages equal opportunity to every individual/employee irrespective of gender or background. It has helped me keep myself actively engaged in the activities I love, helping me #BalanceForBetter.”

 

 

 

Sonia – Talent Acquisition Partner (Argentina)

“We all live in the same world, but each person lives and experiences life through a different lens. Learning how to accept and sympathize with these different points of view is what makes the world a better place. As a recruiter, I enjoy communicating with diverse people to help them reach their full potential in all aspects of their work lives and personal lives. #BalanceForBetter”

 

 

 

Laura – Program Manager (Ireland)

“At McAfee, we are tipping the scales in terms of championing equality in the workplace. From our investment in gender pay parity to living the McAfee values and creating a better workplace where we are encouraged to be our full authentic selves. For me, that’s #BalanceforBetter.”

 

 

 

 

Andrea – Program Manager (Argentina)

“At McAfee, I #BalanceForBetter by leveraging my skills as a Program Manager to collaborate with teams around the globe. As a working mom at McAfee, I am offered a great work-life balance and I can #BalanceForBetter by devoting time to another one of my passions – playing soccer with my boys! This healthy mix helps me stay happy and well.”

 

 

 

McAfee is an inclusive employer and is proud to support inclusion and diversity. Interested in joining our teams? We’re hiring! Apply now.

For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about.

 

The post McAfee Employees Strike Their #BalanceForBetter Pose This International Women’s Day appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-employees-strike-their-balanceforbetter-pose-this-international-womens-day/feed/ 0
Let’s Discuss Cybersecurity as a Career Option This International Women’s Day https://securingtomorrow.mcafee.com/consumer/lets-discuss-cybersecurity-as-a-career-option-this-international-womens-day/ https://securingtomorrow.mcafee.com/consumer/lets-discuss-cybersecurity-as-a-career-option-this-international-womens-day/#respond Tue, 05 Mar 2019 15:31:15 +0000 https://securingtomorrow.mcafee.com/?p=94429 Even as I write this blog, the higher secondary board exams have started in schools across India and I send up a silent prayer for the thousands of nervous youngsters who are at the juxtaposition of a crucial time in their lives – the time when they have to take serious decisions regarding college education […]

The post Let’s Discuss Cybersecurity as a Career Option This International Women’s Day appeared first on McAfee Blogs.

]]>
Even as I write this blog, the higher secondary board exams have started in schools across India and I send up a silent prayer for the thousands of nervous youngsters who are at the juxtaposition of a crucial time in their lives – the time when they have to take serious decisions regarding college education and career. The Board results would no doubt play a major role in this decision making.

With International Women’s Day around the corner, I am naturally thinking about women, their emancipation and their choices in life. I imagine them thinking independently, making decisions based on their capabilities and preferences, and supplying the necessary valuable skills that our country so needs.

But often that isn’t the case for teens as they are indecisive, and their knowledge of professions isn’t vast. They often miss out on plum prospects because, well, they were not aware of them or feel they may later hamper their family lives! I am going to do my bit for all the young ladies finishing school education this year- I am going to talk to you about choosing cybersecurity as a career option.

So girls, if you possess good reasoning power, enjoy ferreting out the source of the problem, are a natural at coding or are a serious video gamer, think cybersecurity.

Why Cybersecurity you ask? Let me present the facts.

  • Skills shortage

The National Association of Software and Services Companies (NASSCOM) recently estimated that India alone will need 1 million cybersecurity professionals by 2020 to meet the demands of its rapidly growing economy.

Demand for security professionals in India will increase in all sectors due to the unprecedented rise in the number of cyber-attacks, added NASSCOM. Despite having the largest information technology talent pool in the world, India is struggling to produce an adequate number of professionals to close the cybersecurity skill gap.

  • The age of diversification

There is gender gap in the cybersecurity sector and companies globally are trying to correct this, not just to promote diversity but to add value to their work culture with the addition of the visions, perspectives and skills that women bring in.

  • Flexible work arrangements

With more women joining the profession, employers are doing their best to make the work atmosphere favourable for them. Not only are they offering flexi-timings but also work-from-home opportunities when it’s possible. I have heard of companies that allow mothers with infants to work from home for extended periods! Isn’t that a blessing?

According to a 2013 McKinsey Report, 34 percent of India’s IT workforce is female. However, most of them exit the employment pipeline at the junior to mid-level.

This only goes to reveal that many women scientists and engineers drop out, perhaps because they find it difficult manage their work-home balance. With flexi-timings and work-from-home options, this figure will definitely decrease!

  • Good support system

Great news for all women exploring cybersecurity as a career! There are organizations like Women in CyberSecurity (WiCyS) that aims at offering a common platform to women cybersecurity professionals from academia, research and industry where they can network, mentor and be mentored, share information and experience; which means, you will never feel alone as help is just a click away!

  • You don’t need to be an engineer

Employers are trying to plug the cybersecurity skills gap with alternative solutions. It has been found that video gamers too have the right types of skills along with a different approach to threat hunting. So, if you are an avid gamer, go for it!

  • Steady jobs with good pay

This last bit is the clincher really! In this super-competitive market, isn’t it a dream to have a high salary job that rarely gets monotonous?

McAfee lists some cool cybersecurity job prospects for you, check them out!

Job 1 – Forensics Expert

They analyze and determine who the mastermind behind a security breach might be. It can be almost as complex and precise as understanding human DNA.

Job 2  – Cryptographer/ Cryptanalysts

Cryptographers develop algorithms, ciphers and security systems to encrypt and hide sensitive information from cyber hackers.

Job 3 – Threat Hunter

Threat hunters use manual or machine-assisted skills to detect and prepare for security incidents

Job 4 – Security Architect

They design systems to help develop and test the security vulnerabilities of a business

Parenting tips to rear future cyber security experts:

You can help your child make faster career decisions if you instill security habits in them from an early age. It goes without saying that you need to model cybersecurity habits so that they can learn by imitating you. Discuss cybersecurity as a profession and explore the prospects together online. Take your child to meet friends in the field so that they can get their doubts cleared. Have dinner time conversations on how attacks are becoming more advanced and the best means to fight them. If your daughter enjoys playing online games, use that as a conversation starter to talk about how security firms are looking at video gamers—even those without a background in cybersecurity.

The best gift you can give the women in your family on International Women’s Day is a sense of independence, security and equality.

Happy International Women’s Day!!

Credits:

https://anitab.org/blog/indian-women-in-technology-barriers/

CSO

McAfee

The post Let’s Discuss Cybersecurity as a Career Option This International Women’s Day appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/lets-discuss-cybersecurity-as-a-career-option-this-international-womens-day/feed/ 0
McAfee Protects Against Suspicious Email Attachments https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-protects-against-suspicious-email-attachments/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-protects-against-suspicious-email-attachments/#respond Mon, 04 Mar 2019 02:00:26 +0000 https://securingtomorrow.mcafee.com/?p=94351

Email remains a top vector for attackers.  Over the years, defenses have evolved, and policy-based protections have become standard for email clients such as Microsoft Outlook and Microsoft Mail.  Such policies are highly effective, but only if they are maintained as attacker’s keep changing their tactics to evade defenses.  For this reason, McAfee endpoint products […]

The post McAfee Protects Against Suspicious Email Attachments appeared first on McAfee Blogs.

]]>

Email remains a top vector for attackers.  Over the years, defenses have evolved, and policy-based protections have become standard for email clients such as Microsoft Outlook and Microsoft Mail.  Such policies are highly effective, but only if they are maintained as attacker’s keep changing their tactics to evade defenses.  For this reason, McAfee endpoint products use a combination of product features and content for increased agility.  In McAfee Endpoint Security (ENS) 10.5+, such protection is enabled via the ‘Detect suspicious email attachments’ option and maintained through DAT content.  This capability goes beyond the level of protection offered by email clients by not only blocking applications and scripts, but also a variety of threat types in their native form, as well as those compressed and contained within archives and other formats.

Figure 1 – ENS 10.6.1 Configuration Screen

An example of this capability in action can be seen against a recent spam run.

In this campaign, a malicious email message contained the attachment BANK DETAILS.ZIP.  Inside this archive was the file BANK DETAILS.ISO.  Malicious ISO spam has been increasing over the past six months, and while it is common for ISO files to be blocked by email clients, this is not the case where the ISO is inside of a ZIP.  Inside the BANK DETAILS.ISO file resides BANK DETAILS.EXE.  Email clients will typically block executable files attached to messages, but not if they are inside a container.

When the email client attempts to write the attachment to disk, ENS scans inside the ZIP and subsequently the contained ISO and EXE files (ZIP -> ISO -> EXE).

Figure 2 – ENS Toaster Popup

In this case, 2-year-old DAT content proactively stopped the threat.

If the system had not been protected, an unsuspecting user might open the ZIP to reveal the ISO.

Figure 3 – Inside ZIP file showing ISO file

The ISO can then be accessed via Windows Explorer, which appears as a DVD Drive containing the executable, password-stealing, payload.

Figure 4 – EXE file inside Bank Details.ISO

Since the advent of policy-based email attachment blocking, attackers have continued to seek ways to evade that protection. ISO abuse may be the latest chapter in the story, but others are sure to follow.

Tens of thousands of new and unique malicious attachments are blocked each month via the ‘Suspicious Attachment’ detection feature.

The post McAfee Protects Against Suspicious Email Attachments appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-protects-against-suspicious-email-attachments/feed/ 0
Alleged ‘Momo Challenge’ Reminds Parents to Monitor Online Content https://securingtomorrow.mcafee.com/consumer/family-safety/disturbing-momo-challenge-has-parents-law-enforcement-on-alert/ https://securingtomorrow.mcafee.com/consumer/family-safety/disturbing-momo-challenge-has-parents-law-enforcement-on-alert/#respond Sat, 02 Mar 2019 15:00:36 +0000 https://securingtomorrow.mcafee.com/?p=94368

Editor’s Note: This blog post includes disturbing content and mentions of suicide. Internet challenges have been going on for years. They can be fun and harmless, or they can be dim-witted and even deadly. The latest challenge referred to as the Momo challenge seemingly hits a whole new level of creepy but experts say there’s […]

The post Alleged ‘Momo Challenge’ Reminds Parents to Monitor Online Content appeared first on McAfee Blogs.

]]>
Momo challenge
This eerie image is connected to the alleged Momo challenge causing panic among parents.

Editor’s Note: This blog post includes disturbing content and mentions of suicide.

Internet challenges have been going on for years. They can be fun and harmless, or they can be dim-witted and even deadly. The latest challenge referred to as the Momo challenge seemingly hits a whole new level of creepy but experts say there’s little evidence the challenge is real.

What Is It?

To participate in the alleged challenge players using various apps or games are purportedly urged by a pop-up image of “Momo” to hurt themselves or others to avoid being cursed by the creature. (The creepy image of Momo is reportedly a half-girl-half-bird sculpture created by a Japanese artist unrelated to the game). Rumors allege the game ends with Momo encouraging participants to take their own lives and record it for social media.

Real or rumor?

Is the challenge real or a hoax? While several youth suicides around the world are rumored to be tied to the Momo game, none of the connections have been proven, according to both the Washington Post, Snopes, and other news sources.

Rumored or reality, one thing is for certain: The viral Momo story is creating a genuine panic and perceived threat among parents that requires an equally strategic response.

With devices in the hands of most kids by the time they are 10, the viral Momo challenge offers all of us a chance to stop, think, and connect with our kids specifically about digital content, peer pressure, and the danger of online challenges.

Talking Points for Families

Be hands-on. This story, while considered an internet myth, represents an opportunity to get even more hands-on with your digital parenting efforts. As silly, viral challenges like Momo arise (and there will be more), resolve to routinely monitor the content your kids engage with online. This includes apps, YouTube content, video games, TV shows online, and chat apps. Feel overwhelmed with monitoring? Consider getting a software program to be your eyes and ears online and help filter out risky content.

Get proactive. Depending on the age of your child, chances are if they’ve heard about the Momo game or seen the image, they could be frightened. Talk about the dangers of peer pressure, bullying, and online challenges. Make sure the conversation is two-way and includes your child’s experiences and thoughts on the topic. Ask your child to come to you immediately if anyone or anything online ever makes them feel unsafe, afraid, or provoked.

Stay informed. Risky digital behaviors that affect kids, tweens, and teens make the headlines each week. Any parent in the know will tell you candidly that staying informed about online risk is a part-time job attached to parenting. Read blogs, set google alerts, listen to podcasts, and connect with experts online to stay informed. Other dangerous online challenges include the Bird Box Challenge and several others.

Encourage critical thinking. If your child blows off the potential seriousness of online stunts or games, encourage him or her to think a behavior through. Ask them: “Walk through each step of the stunt and tell me where you think things could go wrong.” This will help your child personally determine if an activity is risky or not.

Know Those Apps! One of the biggest threats to a child’s online safety is his or her choice in apps. Apps run the gamut of risk and range from educational and uplifting to inappropriate and dangerous. Go on your child’s phone regularly and check for risky apps. Google the app and read app reviews. Look at age restrictions and customer reviews so you will be better equipped to evaluate whether an app may be suitable for your child. Dangerous apps include Kik Messenger, Ask.Fm, Tumblr, and any other social network that allows anonymous users.

Monitor online communities. Your kids have friends they bring home, but they also have friends online you will never meet face to face. Dig in and get curious. Look for apps such as WhatsApp or Kik that allow kids to chat with anyone, anywhere. Ask your kids to show you where they spend their time and the kind of people they choose to talk with. Remember: The direct message feature on favorite apps like Instagram and Snapchat are also ways kids connect with peers online.

The contour of our digital life evolves and expands every day. And, unfortunately, along with that growth will come people who attempt to cause harm or plant fear just for sport. Rather than respond with fear, consider approaching risks with a fresh determination to equip your family with the knowledge and tools it needs to thrive and stay safe in this ever-changing digital terrain.

The post Alleged ‘Momo Challenge’ Reminds Parents to Monitor Online Content appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/disturbing-momo-challenge-has-parents-law-enforcement-on-alert/feed/ 0
JAVA-VBS Joint Exercise Delivers RAT https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/java-vbs-joint-exercise-delivers-rat/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/java-vbs-joint-exercise-delivers-rat/#respond Fri, 01 Mar 2019 16:00:15 +0000 https://securingtomorrow.mcafee.com/?p=94312

The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. […]

The post JAVA-VBS Joint Exercise Delivers RAT appeared first on McAfee Blogs.

]]>

The Adwind remote administration tool (RAT) is a Java-based backdoor Trojan that targets various platforms supporting Java files. For an infection to occur, the user must typically execute the malware by double-clicking on the .jar file that usually arrives as an email attachment. Generally, infection begins if the user has the Java Runtime Environment installed. Once the malicious .jar file runs successfully on the target system, the malware silently installs itself and connects to a remote server through a preconfigured port. This allows it to receive commands from the remote attacker and perform further malicious activities. Recently, McAfee labs has seen a surge in a variant which comes as a JAR attachment via a spam email and uses the famous Houdini VBS worm to infect user.

Infection chain:

The malware’s spreading mechanism is the same as in previous versions. It arrives in a spam email with a .jar attachment. The contents of the email are carefully crafted to lure victims using social engineering techniques. We can summarise the whole infection chain as shown in the below snippet:

 

The spam email may look like this:

The parent JAR file:

To keep things simple, we just called the attached .jar file as a parent jar file and named it Sample.jar. Generally, Adwind comes in an obfuscated form to hide its malicious intent. Its payload and configuration file (which serves as an installation file) are encrypted with the DES, RC4, or RC6 cipher, depending on the variant. The Adwind backdoor will decrypt itself on the fly during execution. In this variant we can see the contents of Manifest.MF. It has main class bogjbycqdq.Mawbkhvaype.

Mawbkhvaype.class

The main task of this class is to check for a resource file available in the Jar bundle. Here, resource mzesvhbami is a vbs file. Mawbkhvaye.class will check for mzesvhbami in the resource section and later drop bymqzbfsrg.vbs in the user’s Home directory before executing it with the help of wscript.

Bymqzbfsrg.vbs

It has a huge chunk of obfuscated base64 encoded data present. The below snippet shows the partial part of Bymqzbfsrg.vbs script.

Once deobfuscated and decoded, the base64 encoded data converts to ntfsmgr.jar and is dropped in %appdata%/Roaming. The below snippet shows the conversion of base64 encoded data into Jar file:

Decoded to JAR file (ntfsmgr.jar)

Ntfsmgr.jar

Here, important files present in ntfsmgr.jar are drop.box, mega.download and sky.drive which will be used later for creating the configuration file for the malware.

Final Payload:

Ntfsmgr.jar has operational.Jrat as the main class. The purpose of operational.Jrat is to drop another .jar file into the %TEMP% folder with random file name [underscore] [dot] [random numbers] [dot] class, e.g. _0.1234567897654265678.class, which will be the actual payload and later will perform malicious activities on the user’s system. The below snippet shows the routine present in operational.Jrat for creation of the final payload in %TEMP% location.

The contents of Manifest.MF looks somewhat similar to ntfsmgr.jar. All the other files in the final Java archive will be decrypted on the fly and will infect the system. After Adwind successfully infects a system, we have seen it log keystrokes, modify and delete files, download and execute further malware, take screenshots, access the system’s camera, take control of the mouse and keyboard, update itself, and more. We are not going to dig into this threat in this direction now but you can read more about Adwind here and here. In this blog we will now discuss another part of the story, Bymqzbfsrg.vbs

Working of Bymqzbfsrg.vbs

After successful execution, Bymqzbfsrg.vbs drops ntfsmgr.jar and sKXoevtgAv.vbs in %appdata%/Roaming.

Bymqzbfsrg.vbs dynamically executes a method naira inside the script by using ExecuteGlobal, as seen in the below snippet.:

Dynamic execution of the script looks like this:

The below snippet shows the script for dropping sKXoevtgAv.vbs in %appdata%Roaming.

Here we see the script for dropping ntfsmgr in %appdata%Roaming.

At the time of execution, sKXoevtgAv.vbs decodes itself to Houdini vbs worm which is the final payload. The first few lines of the script are as follows:

The attacker may perform many malicious activities on the victim’s machine, including::

  • Downloading and executing files on the victim’s machine
  • Running command instructions
  • Updating or uninstalling a copy of itself
  • Downloading and uploading files
  • Deleting a file or folder
  • Terminating certain process

Enumerating files and folders on the victim’s machine

Additional Points:

  1. For persistence it creates a run entry.

When the ntfsmgtr.jar runs, it adds itself into the start-up so that it will be run whenever the system starts.

  1. It checks for installed anti-malware products on the system.

  1. If available, it copies the installed Java Runtime files to a temporary directory within the victim’s home directory, otherwise it downloads from the web and copies in the same directory.

Conclusion:

In past, we have seen threat actors using two similar functioning malware families in a single infection. Usually, threat actors chose this path for higher probability of successful infection.

The hashes used in the analysis:

Sample.jar: 07cb6297b47c007aab43311fcfa9976158b4149961911f42d96783afc517226a

Ntfsmgr.jar: ee868807a4261a418e02b0fb1de7ee7a8900acfb66855ce46628eb5ab9b1d029

McAfee advises users to keep their antimalware signatures up to date at all times. McAfee products detect the malicious jar files as Adwind-FDVH.jar! [Partial hash] and Adwind-FDVJ.jar! [Partial Hash], with DAT Versions 9137 and later.

The post JAVA-VBS Joint Exercise Delivers RAT appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/java-vbs-joint-exercise-delivers-rat/feed/ 0
What MWC 2019 Shows Us About the Future of Connectivity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/#respond Thu, 28 Feb 2019 22:18:47 +0000 https://securingtomorrow.mcafee.com/?p=94383

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event: […]

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

]]>

The time has come to say goodbye to Barcelona as we wrap up our time here at Mobile World Congress (MWC). Although it’s hard to believe that the show is already over, MWC 2019 managed to deliver a slew of showstoppers that captured our attention. Here are some of my main takeaways from the event:

Foldable Phones Are the Future

 MWC is an opportunity for telecommunications companies, chipmakers, and smartphone firms to show off their latest and greatest innovations, and they sure delivered this year. One particular device that had the show floor buzzing was the Huawei Mate X, a 5G-enabled smartphone that folds out to become an 8-inch tablet. Additionally, Samsung revealed its plans to hold a press event in early April for its foldable smartphone, the Galaxy Fold. Unlike Huawei’s Mate X, the Galaxy Fold bends so that it encloses like a book. Although neither of these devices are available at to the public yet, they’ve definitely made a bold statement when it comes to smartphone design.

Smart Home Technology Goes Mobile

 Google is one company taking advantage of smartphone enhancements by putting its Google Assistant into the Android texting app. Assistant for Android Messages allows slices of Google search results to be laid out for users based on their text messages. For example, if one user texted another asking to grab some lunch, a bubble would pop up authorizing Assistant to share suggestions for nearby restaurant locations. While Assistant for Android currently only works for movies and restaurants, we can imagine how this technology could expand to other facets of consumer lives. This addition also demonstrates how AI is slowly but surely making its way onto almost every high-end phone through its apps and other tools.

Enhancing the Gaming Experience with 5G, VR, and AR

Not to be shown up, gaming developers also made a statement by using 5G technology to bring gamers into a more immersed gaming environment. Mobile game developer Niantic, creator of Pokémon Go and the upcoming Harry Potter: Wizards Uniteapp, is already working on games that will require a 5G upgrade. One such prototype the company showcased, codenamed Neon, allows multiple people in the same place to play an augmented reality (AR) game at the same time. Each players’ phone shows them the game’s graphics superimposed on the real world and allows the players to shoot each other, duck and dodge, and pick up virtual items, all in real-time.

Niantic wasn’t the only one looking to expand the gaming experience with the help of 5G. At the Intel and Nokia booths, Sony set up an Oculus Rift VR game inspired by Marvel and Sony’s upcoming film Spider-Man: Far From Home. Thanks to the low latency and real-time responsiveness of 5G, one player in the Nokia booth was able to race the other player in the Intel booth as if they were swinging through spiderwebs in Manhattan. Players were able to experience how the next-generation of wireless technology will allow them to participate in a highly immersive gaming experience.

Bringing 4G and 5G to the Automotive Industry

Gaming isn’t the only industry that’s getting a facelift from 5G. At the show, Qualcomm announced two new additions to their automotive platform: the Qualcomm Snapdragon Automotive 4G and 5G Platforms. One of the main features of these platforms is vehicle-to-everything communication, or C-V2X, which allows a car to communicate with other vehicles on the road, roadside infrastructure, and more. In addition, the platforms offer a high-precision, multi-frequency global navigation satellite system, which will help enable self-driving implementations. The platforms also include features like multi-gigabit cloud connectivity, high bandwidth low latency teleoperations support, and precise positioning for lane-level navigation accuracy. These advancements in connectivity will potentially help future vehicles to improve safety, communications, and overall in-car experience for consumers.

Securing Consumers On-the-Go

The advancements in mobile connectivity have already made a huge impact on consumer lifestyles, especially given the widespread adoption of IoT devices and smart gadgets. But the rise in popularity of these devices has also caught the interest of malicious actors looking to access users’ networks. According to our latest Mobile Threat Report, cybercriminals look to trusted devices to gain access to other devices on the user’s home network. For example, McAfee researchers recently discovered a vulnerability within a Mr. Coffee brand coffee maker that could allow a malicious actor to access the user’s home network. In addition, they also uncovered a new vulnerability within BoxLock smart padlocks that could enable cybercriminals to unlock the devices within a matter of seconds.

And while consumers must take necessary security steps to combat vulnerabilities such as these, we at McAfee are also doing our part of help users everywhere remain secure. For instance, we’ve recently extended our partnerships with both Samsung and Türk Telekom in order to overcome some of these cybersecurity challenges. Together, we’re working to secure consumers from cyberthreats on Samsung Galaxy S10 smartphones and provide McAfee Safe Family protection for Türk Telekom’s fixed and mobile broadband customers.

While the likes of 5G, bendable smartphones, and VR took this year’s tradeshow by storm, it’s important for consumers to keep the cybersecurity implications of these advancements in mind. As the sun sets on our time here in Barcelona, we will keep working to safeguard every aspect of the consumer lifestyle so they can embrace improvements in mobile connectivity with confidence.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What MWC 2019 Shows Us About the Future of Connectivity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-2019-future-of-connectivity/feed/ 0
Mobile Threat Report Commentary: Mobile Malware is Not Going Away https://securingtomorrow.mcafee.com/business/endpoint-security/mobile-threat-report-commentary-mobile-malware-is-not-going-away/ https://securingtomorrow.mcafee.com/business/endpoint-security/mobile-threat-report-commentary-mobile-malware-is-not-going-away/#respond Thu, 28 Feb 2019 15:00:19 +0000 https://securingtomorrow.mcafee.com/?p=94346

Employees use their mobile devices to be proactive and stay connected in both their personal and work lives. The movement to the cloud has allowed employees to check email, download documents, and share information that may contain sensitive information, even when they’re not on an enterprise network. Businesses must protect their enterprise environments and combat […]

The post Mobile Threat Report Commentary: Mobile Malware is Not Going Away appeared first on McAfee Blogs.

]]>

Employees use their mobile devices to be proactive and stay connected in both their personal and work lives. The movement to the cloud has allowed employees to check email, download documents, and share information that may contain sensitive information, even when they’re not on an enterprise network. Businesses must protect their enterprise environments and combat threats that target their employees as average consumers.

McAfee research shows that every mobile-enabled device is subject to some type of malicious exploit. In 2018, McAfee researchers discovered mobile malware named TimpDoor, which turned Android devices into hidden proxies. But in 2019, businesses should be prepared for malware that goes beyond mobile devices too.

Detections of backdoors, cryptomining, fake apps, and banking Trojans all increased substantially in the second half of 2018 and attacks on other connected household devices gained momentum as well. While hidden apps like Adware remain by far the most common form of mobile malware, others are growing and learning how to infect other devices.

Mobile devices are becoming a hub for ransomware and malware developers. One common thread through much of the mobile attack landscape is the quest for illicit profits. Criminals are looking for ways to maximize their income and shift tactics in response to changes in the market.

“75% rise in banking Trojans, enabling cybercriminals to steal financial credentials from mobile devices”

“550% increase in mobile malware realized by the end of 2018”

Weak to non-existent security controls from manufacturers and a lack of simple evasion techniques, such as changing the default username and password, make connected devices in the home and workplace targets for cybercriminals.

Although mobile devices have become key enablers for business productivity and connectivity, they’re still the greatest risk to enterprises today. This changes how enterprises need to secure the mobile devices that connect to their environment. Enterprises must invest in endpoint security solutions to protect themselves from the evolving threat landscape. Mobile is one of the fastest growing endpoints and needs to be protected just as much as laptops and desktop computers.

McAfee has addressed the growing need by introducing the MVISION portfolio family, which provides IT administrators with comprehension and control through one single management console. McAfee MVISION Mobile provides on-device detection, local (end user) threat remediation, visual mapping of nearby dangerous networks, customizable on-device user notifications, and advanced threat detection. This provides the enterprise-class threat defense that businesses today need to be secure.

Read the McAfee Mobile Threat Report to learn more about protecting your employees’ mobile devices from malware and other cyberthreats.

The post Mobile Threat Report Commentary: Mobile Malware is Not Going Away appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/mobile-threat-report-commentary-mobile-malware-is-not-going-away/feed/ 0
McAfee Partners With Telefónica To Help Secure Consumers Worldwide https://securingtomorrow.mcafee.com/consumer/mcafee-partners-with-telefonica/ https://securingtomorrow.mcafee.com/consumer/mcafee-partners-with-telefonica/#respond Wed, 27 Feb 2019 08:00:48 +0000 https://securingtomorrow.mcafee.com/?p=94253

These days, cyberattacks can feel relentless. Due to the interconnected nature of the world we live in, cybercriminals have managed to infiltrate our personal devices, our networks, and even our homes. That’s why we at McAfee believe it’s important now more than ever to secure every facet of the modern consumer lifestyle. And we’ve partnered with […]

The post McAfee Partners With Telefónica To Help Secure Consumers Worldwide appeared first on McAfee Blogs.

]]>

These days, cyberattacks can feel relentless. Due to the interconnected nature of the world we live in, cybercriminals have managed to infiltrate our personal devices, our networks, and even our homes. That’s why we at McAfee believe it’s important now more than ever to secure every facet of the modern consumer lifestyle. And we’ve partnered with Telefónica to do just that.

This partnership first began back in February of last year, when ElevenPaths, Telefónica Cyber Security Unit, and McAfee announced we’re working together to reinforce the online security of Telefónica’s broadband and mobile customers across multiple markets. This partnership covers Europe and Latin America with plans to progressively roll out solutions in the different countries where Telefónica operates. It’s the first time a telecommunications company has delivered a security service to all of its customers, regardless of where they connect from. Fast forward to present day, and this partnership has only expanded. The global product developed by Telefónica and powered by McAfee was first launched in Spain as Movistar Conexión Segura, a service that protects home and mobile customers’ connectivity. Telefónica protects Fusión customers’ home connections with a smart router, thanks to the ElevenPaths solution powered by McAfee Secure Home Platform, which enables seamless security and easy activation. Conexión Segura is also available for Movistar mobile customers, including network protection and one license of Seguridad Dispositivo, a multi-device security protection. Only a few weeks after Spain, Movistar Argentina launched the solution for its fixed and mobile customers. These services help realize Telefónica’s “Security by Default” strategy, offering customers a more robust security solution that protects against threats like viruses, malware, phishing, and emerging IoT threats.

Telefónica and McAfee’s 360 partnership is dedicated to protecting the productivity of consumers everywhere. “This agreement gives customers current and contextual information on their cybersecurity status so they can stay connected with confidence,” said Pedro Pablo Pérez, Global Security VP of Telefónica and CEO of ElevenPaths, Telefónica Cybersecurity Unit.

ElevenPaths and Mcafee’s joint vision to create a more secure tomorrow brings us a step closer to stopping widespread cyberattacks. By joining forces to implement more robust security solutions around the world, we can ensure that our connectivity goes undisrupted. Because together is power.

To learn more about consumer security and our approach to it, be sure to follow us at @ElevenPaths and @McAfee.

The post McAfee Partners With Telefónica To Help Secure Consumers Worldwide appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mcafee-partners-with-telefonica/feed/ 0
In 2019 the Threat is “Everywhere Malware”, Not just Mobile Malware https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/in-2019-the-threat-is-everywhere-malware-not-just-mobile-malware/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/in-2019-the-threat-is-everywhere-malware-not-just-mobile-malware/#respond Wed, 27 Feb 2019 07:00:42 +0000 https://securingtomorrow.mcafee.com/?p=94289

This time last year, we said that 2018 would be the year of mobile malware. Today at MWC, we’re calling 2019 the year of everywhere malware. In their quest for profit, criminals are constantly forced to shift their tactics and adapt to a changing mobile market. Take crypto-mining, for example. A year ago this was […]

The post In 2019 the Threat is “Everywhere Malware”, Not just Mobile Malware appeared first on McAfee Blogs.

]]>

This time last year, we said that 2018 would be the year of mobile malware.

Today at MWC, we’re calling 2019 the year of everywhere malware.

In their quest for profit, criminals are constantly forced to shift their tactics and adapt to a changing mobile market. Take crypto-mining, for example. A year ago this was a relatively hassle-free way of making money. But the bottom dropped out of the crypto-currency market over the course of 2018. Now it’s not as lucrative, so we witness more aggressive forms of ransomware that make payment more likely.

Our latest Mobile Threat Report has revealed a huge increase in backdoors, fake apps and banking Trojans. Hidden apps are being exploited as quickly as app stores can take them down and adversaries are adapting and developing new threats. The number of attacks on other connected things is growing too – your voice assistant might even be letting criminals into your home. And smartphones, of course, remain a prime target.

In particular, the use of banking Trojans to steal financial credentials has exploded. Their popularity is growing so fast that we saw the number of incidents double between June and September last year. They then spiked by a further 75 percent in December. Android users in particular are being targeted, as malware authors find new ways of bypassing Google’s security. Unfortunately for consumers, these Trojans represent a solid source of income for cybercriminals so, for the foreseeable future at least, we can expect them to continue to evolve and become more sophisticated.

A worrying new trend sees attacks extending beyond mobile apps and operating systems and into our homes. Smart home tech is becoming integral to our domestic lifestyle – there are already over 25 million voice assistants such as Google Home and Alexa in our homes, and this is expected to grow to as many as 275 million within the next five years. Add to this a growing number of connected thermostats, locks and doorbells, and this represents a huge – and hugely attractive – attack vector for cybercriminals. The quirks and vulnerabilities of these devices, coupled with weak to non-existent security controls could provide unfettered access to the rest of your home network.

At the heart of all of this, of course, lies the smartphone. The control hub and gateway to the voice assistants and smart devices we engage with on a day-to-day basis, these devices track where we are, what we’re doing, and often hold important personal information. Access to our smartphones is clearly worth its weight in gold to criminals. After all, from here they steal our bank details and even make their way into our homes. And with new malware families especially designed to trick smartphone users into giving them access, that’s just what they’re trying to do.

The mobile ecosystem is continually changing. Operators and developers can get wise to tactics used by criminals but criminals will never give up in their pursuit for profit. If one door closes on them, they’ll just open another one. They’ll change their tactics and broaden their efforts to target more aspects of our increasingly ubiquitous mobile use.

That’s why the entire tech industry, from the manufacturers of smart device manufacturers and mobile devices to developers and app store owners, must work more closely. Only then will we be able to tackle this insidious threat and protect consumers at every point of their increasingly digital life.

To find out more, see our latest Mobile Threat Report here.

The post In 2019 the Threat is “Everywhere Malware”, Not just Mobile Malware appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/in-2019-the-threat-is-everywhere-malware-not-just-mobile-malware/feed/ 0
Open Backdoors and Voice Assistant Attacks: Key Takeaways from the 2019 Mobile Threat Report https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/2019-mobile-threat-report/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/2019-mobile-threat-report/#respond Tue, 26 Feb 2019 08:00:23 +0000 https://securingtomorrow.mcafee.com/?p=94299

These days, we seem to have a newfound reliance on all things ‘smart.’ We give these devices the keys to our digital lives, entrusting them with tons of personal information. In fact, we are so eager to adopt this technology that we connect 4,800 devices per minute to the internet with no sign of slowing down. […]

The post Open Backdoors and Voice Assistant Attacks: Key Takeaways from the 2019 Mobile Threat Report appeared first on McAfee Blogs.

]]>

These days, we seem to have a newfound reliance on all things ‘smart.’ We give these devices the keys to our digital lives, entrusting them with tons of personal information. In fact, we are so eager to adopt this technology that we connect 4,800 devices per minute to the internet with no sign of slowing down.  This is largely because smart devices make our lives easier and enjoyable. But even though these devices are convenient, it’s important to understand they’re also convenient for cybercriminals, given they contain a treasure trove of personal data. To examine how exactly these hackers plan on capturing that data, we at McAfee have taken a deep dive into the mobile threat landscape in this year’s Mobile Threat Report. In this report, we examine some of the most significant threat trends, including new spyware, mobile malware, and IoT attack surfaces. Let’s take a look at these trends and how you can keep all your devices protected.

Operations RedDawn and FoulGoal

In our 2018 report, we predicted that attacks targeted toward mobile devices would increase, and everything from fake Fortnite apps to increased mobile malware has proven this to be true. However, two recent discoveries, Operation RedDawn and FoulGoal, prove just how targeted these attacks can really get. RedDawn, in particular, has set its sights on North Korean refugees, as the spyware attempts to copy photos, contacts, SMS messages, and other personal data belonging to the victim.

The latter attack, FoulGoal, actually occurred during last year’s World Cup, as the campaign used an app called Golden Cup to install spyware on victims’ devices. This app promised users live streams of games from the Russian 2018 FIFA World Cup, as well as a searchable database of previous World Cup records. In addition to stealing the user’s phone number, device details, and installed packages, FoulGoal also downloaded spyware to expand its infection into SMS messages, contacts, GPS details, and audio recordings.

A Virtual Backdoor

Our smartphones are now like remote controls for our smart homes, controlling everything from lights to locks to kitchen appliances. So, it was only a matter of time before cybercriminals looked for ways to trick users into leaving open a virtual backdoor. Enter TimpDoor, an Android-based malware family that does just that. First appearing in March 2018, it quickly became the leading mobile backdoor family, as it runs a SMiShing campaign that tricks users into downloading fake voice-messaging apps.

These virtual backdoors are now an ever-growing threat as hackers begin to take advantage of the always-connected nature of mobile phones and other connected devices. Once distributed as Trojanized apps through apps stores, like Google Play, these backdoors can come disguised as add-on games or customization tools. And while most are removed fairly quickly from app stores, hackers can still pivot their distribution efforts and leverage popular websites to conceive a socially engineered attack to trick users into enabling unknown sources.

The Voice Heard Around the Home

Around the world, there are already over 25 million voice assistants, or smart speakers, in use. From simple queries to controlling other IoT gadgets throughout the home, these devices play a big role in our living environments. But many of these IoT devices fail to pass even the most basic security practices, and have easily guessable passwords, notable buffer overflow issues, and unpatched vulnerabilities. This makes voice assistants an increasingly valuable and potentially profitable attack vector for cybercrime.

For a typical voice assistant in the home, the attack surface is quite broad. Cybercriminals could gain access to the microphone or listening stream, and then monitor everything said. Additionally, they could command the speakers to perform actions via other speaker devices, such as embedding commands in a TV program or internet video. Crooks could even alter customized actions to somehow aid their malicious schemes. However, some of the most pressing vulnerabilities can come from associated IoT devices, such as smart plugs, door locks, cameras, or connected appliances, which can have their own flaws and could provide unrestrained access to the rest of the home network.

The good news? We at McAfee are working tirelessly to evolve our home and mobile solutions to keep you protected from any current and future threats. Plus, there are quite a few steps you can personally take to secure your devices. Start by following these tips:

  • Delete apps at the first sign of suspicious activity. If an app requests access to anything outside of its service, or didn’t originate from a trusted source, remove it immediately from your device.
  • Protect your devices by protecting your home network. While we continue to embrace the idea of “smart homes” and connected devices, we also need to embrace the idea that with great connectivity, comes great responsibility to secure those connections. Consider built-in network security, which can automatically secure your connected devices at the router-level.
  • Keep your security software up-to-date. Whether it’s an antivirus solution or a comprehensive security suite, always keep your security solutions up-to-date. Software and firmware patches are ever-evolving and are made to combat newly discovered threats, so be sure to update every time you’re prompted to. Better yet, flip on automatic updates.
  • Change your device’s factory security settings. When it comes to products, many manufacturers don’t think “security first.” That means your device can be potentially vulnerable as soon as you open the box. By changing the factory settings you’re instantly upping your smart device’s security.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Open Backdoors and Voice Assistant Attacks: Key Takeaways from the 2019 Mobile Threat Report appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/2019-mobile-threat-report/feed/ 0
Your Smart Coffee Maker is Brewing Up Trouble https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/your-smart-coffee-maker-is-brewing-up-trouble/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/your-smart-coffee-maker-is-brewing-up-trouble/#respond Mon, 25 Feb 2019 10:10:44 +0000 https://securingtomorrow.mcafee.com/?p=94261

IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke. With that in mind, I began […]

The post Your Smart Coffee Maker is Brewing Up Trouble appeared first on McAfee Blogs.

]]>

IOT devices are notoriously insecure and this claim can be backed up with a laundry list of examples. With more devices “needing” to connect to the internet, the possibility of your WiFi enabled toaster getting hacked and tweeting out your credit card number is, amazingly, no longer a joke.

With that in mind, I began to investigate the Mr. Coffee Coffee Maker with Wemo (WeMo_WW_2.00.11058.PVT-OWRT-Smart) since we had previously bought one for our research lab (and we don’t have many coffee drinkers, so I didn’t feel bad about demolishing it!). My hope was to build on previous work done by my colleague Douglas McKee (@fulmetalpackets) and his Wemo Insight smart plug exploit. Finding a similar attack vector absent in this product, I explored a unique avenue and was able to find another vulnerability.  In this post I will explore my methodology and processes in detail.

All Wemo devices have two ways of communicating with the Wemo App, remotely via the internet or locally directly to the Wemo App. Remote connectivity is only present when the remote access setting is enabled, which it is by default. To allow the Wemo device to be controlled remotely, the Wemo checks Belkin’s servers periodically for updates. This way the Wemo doesn’t need to open any ports on your network. However, if you are trying to control your Wemo devices locally, or the remote access setting is disabled, the Wemo app connects directly to the Wemo. All my research is based on local device communication with the remote access setting turned off.

To gain insight on how the coffee maker communicates with its mobile application, I first set up a local network capture on my cellphone using an application called “SSL Capture.” SSL Capture allows the user to capture traffic from mobile applications. In this case, I selected the Wemo application. With the capture running, I went through the Wemo app and initiated several standard commands to generate network traffic. By doing this, I was able to view the communication between the coffee maker and the Wemo application. One of the unique characteristics about the app is that the user is able schedule the coffee maker to brew at a specified time. I made a few schedules and saved them.

I began analyzing the network traffic between the phone application and the Mr. Coffee machine. All transmissions between the two devices were issued in plaintext, meaning no encryption was used. I also noticed that the coffee maker and the mobile app were communicating over a protocol called UPNP (Universal Plug and Play), which has preset actions called “SOAP ACTIONS.” Digging deeper into the network capture from the device, I saw the SOAP action “SetRules.” This included XML content that pertained to the “brew schedule” I had set from the mobile application.

A Mr. Coffee “brew” being scheduled.

At this point I was able to see how the Wemo mobile application handled brewing schedules. Next, I wanted to see if the coffee maker performed any sort of validation of these schedules so I went back into the mobile application and disabled them all. I then copied the data and headers from the network capture and used the Linux Curl command to send the packet back to the coffee maker. I got the return header status of “200” which means “OK” in HTTP. This indicated there was no validation of the source of brewing schedules; I further verified with the mobile application and the newly scheduled brew appeared.

Curl command to send a “Brew” schedule to the Wemo Coffee maker.

Screenshot of the Curl command populating the Wemo app with a brew schedule

At this point I could change the coffee maker’s brew schedule without ever using the Wemo mobile application. To understand how the schedules were stored on the Wemo coffee maker, I decided to physically disassemble it and look at the electronics inside. Once disassembled, I saw there was a Wemo module connected to a larger PCB responsible for controlling the functions of the coffee maker. I then extracted the Wemo module from the coffee maker. This looked almost Identical to the Wemo module that was in the Wemo Insight device. I leveraged Doug’s blog on exploitation of the Wemo Insight to replicate the serial identification, firmware extraction, and root password change. After I obtained root access via the serial port on the Wemo device, I began to investigate the way in which the Wemo application is initiated from the underlying Linux Operating System. While looking through some of the most common Linux files and directories, I noticed something odd in the “crontab” file (used in Linux to execute and schedule commands).

It appeared the developers decided to take the easy route and used the Linux crontab file to schedule tasks instead of writing their own brew scheduling function. The crontab entry was the same as the scheduled brew I sent via the Wemo application (coffee-3) and executed as root. This was especially interesting; if I could add some sort of command to execute from the replayed UPNP packet, I could potentially execute my command as root over the network.

With the firmware dumped, I decided to look at the “rtng_run_rule” executable that was called in the crontab. The rtng_run_rule is a Lua script. As Lua is a scripting language, it was written in plaintext and not compiled like all the other Wemo executables. I followed the flow of execution until I noticed the rule passing parameters to a template for execution. At this point, I knew it would be useless trying to inject commands directly into the rule and instead looked at modifying the template performing the execution.

I went back to the Wemo mobile application network captures and started to dig around again. I found the application also sends the templates to the Wemo coffee maker. If I could figure out how to modify the template and still have the Wemo think it is valid, I could get arbitrary code execution.

Template with the correct syntax to pass Wemo’s verification

There were 3 templates sent over, “do,” “do_if,” and “do_unless.” Each of the templates were Lua scripts and encoded with base64. Based on this, I knew it would be trivial to insert my own code; the only remaining challenge would be the MD5 hash included at the top of the template. As it turned out, that was hardly an obstacle.

I created an MD5 hash of the base-64 decoded Lua script and the base64 encoded script separately, simply to see if one or the other matched the hash that was being sent; however, neither matched the MD5 being sent in the template. I began to think the developers used some sort of HMAC or clever way to hash the template, which would have made it much harder to upload a malicious template. Instead, I was astounded to find out that it was simply the base64 code prepended by the string “begin-base64 644 <template name>” and appended with the string “====.”

At last I had the ability to upload any template of my choice and have it pass all the Wemo’s verification steps necessary to be used by a scheduled rule.

I appended a new template called “hack” and added a block of code within the template to download and execute a shell script.

Within that shell command, I instructed the Mr. Coffee Coffee Maker with Wemo to download a cross-complied version of Netcat so I can get a reverse shell, and also added an entry to “rc.local.” This was done so that if the coffee maker was power cycled, I would have persistent access to the device after reboot, via the Netcat reverse shell.

The final aspect of this exploit was to use what I learned earlier to schedule a brew with my new “hack” template executing my shell script. I took the schedule I was able to replay earlier and modified it to have the “hack” template execute 5 minutes from the time of sending. I did have to convert the time value required into the epoch time format.

Converting time to Epoch time.

Now, I sat back and waited as the coffee maker (at my specified time delay) connected to my computer, downloaded my shell script, and ran it. I verified that I had a reverse shell and that it ran as intended, perfectly.

This vulnerability does require network access to the same network the coffee maker is on. Depending on the complexity of the user’s password, WiFi cracking can be a relatively simple task to accomplish with today’s computing power. For example, we demonstrate a quick and easy brute force dictionary attack to crack a semi-complex WPA2 password (10 characters alpha-numeric) in the demo for the Wemo Insight smart plug.  However, even a slightly more complex password, employing special characters, would exponentially increase the difficulty of a brute force attack. We contacted Belkin (who owns Wemo) on November 16th, 2018 and disclosed this issue to them. While the vendor did not respond to this report, we were pleasantly surprised to see that the latest firmware update has patched the issue. Despite a general lack of communication, we’re delighted to see the results of our research further securing home automation devices.

This vulnerability shows that not all exploits are overly complicated or require an exceptional amount of effort to pull off, if you know what to look for. This vulnerability exists solely because a few poor coding decisions were made in conjunction with a lack of input sanitation and validation. Even though this target does not contain sensitive data and is limited to your local network, it doesn’t mean malicious hackers are not targeting IOT devices like this. These devices may serve as a sought-after target as they are often overlooked from a security standpoint and can provide a simple and unmonitored foothold into your home or business network. It is very important for any consumer, when purchasing new IOT gadgets, to ask themself: “Does this really need to be connected to the internet?” In the case of a coffee maker, I’ll let you be the judge.

The post Your Smart Coffee Maker is Brewing Up Trouble appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/your-smart-coffee-maker-is-brewing-up-trouble/feed/ 0
What’s in the Box? https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/whats-in-the-box/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/whats-in-the-box/#respond Mon, 25 Feb 2019 10:09:56 +0000 https://securingtomorrow.mcafee.com/?p=94271

2018 was another record-setting year in the continuing trend for consumer online shopping.  With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that shopping online is their preferred method. Chart depicting growth of online, web-influenced and offline sales by year.1 In direct correlation […]

The post What’s in the Box? appeared first on McAfee Blogs.

]]>

2018 was another record-setting year in the continuing trend for consumer online shopping.  With an increase in technology and efficiency, and a decrease in cost and shipping time, consumers have clearly made a statement that shopping online is their preferred method.

Chart depicting growth of online, web-influenced and offline sales by year.1

In direct correlation to the growth of online shopping preferences is the increase in home delivery, and correspondingly, package theft. Though my initial instinct was to attempt to recreate YouTuber Mark Rober’s glitter bomb, I practiced restraint and instead settled on investigating an innovative product called the BoxLock (BoxLock Firmware: 94.50 or below). The BoxLock is a smart padlock that you can setup outside of your house to secure a package delivery container. It can be opened either via the mobile application (Android or iPhone) or by using the built-in barcode scanner to scan a package that is out for delivery. The intent is that delivery drivers will use the BoxLock to unlock a secure drop box and place your package safely out of reach of package thieves. The homeowner can then unlock the lock from their phone using the app to retrieve their valuable deliveries.

Since I am more of a hardware researcher, the first step I did when I got the BoxLock was to take it apart to view the internals.

With the device disassembled and the main PCB extracted, I began to look for interesting pins, mainly UART and JTAG connections. I found 5 pins below the WiFi module that I thought could be UART, but after running it through a logic analyzer I didn’t see anything that looked like communication.

The BoxLock uses a SOC (System-on-a-Chip) which contains the CPU, RAM, ROM, and flash memory all in one. However, there was still an additional flash chip which I thought was odd. I used my Exodus Intelligence hardware interface board to connect to the SPI flash chip and dump the contents.

Exodus Intelligence XI Hardware Interface Board

The flash chip was completely empty. My working theory is that this flash chip is used to store the barcodes of packages out for delivery. There could also have been in issue with my version of Flashrom, which is the software I used to dump flash. The only reason I question my version of Flashrom is because I had to compile it myself with support for the exact flash chip (FT25H04S), since it is not supported by default.

The Main SOC (ATSAMD21J18)

Even though I couldn’t get anything from that flash chip, my main target here was the SOC. On the underside of the Process Control Board (PCB), I identified two tag-connect connection ports. I identified the SWD (Serial Wire Debug) pins located on the SOC (Pin 57 and 58 on the image above) and very slowly and carefully visually traced the paths to the smaller Tag-Connect connection.

 

Adafruit Feather M0 Development board

Since I have not done much JTAG analysis before, I grabbed an Adafruit Feather M0 that we had in our lab for testing, since the Feather uses the exact same SOC and WiFi chip as the BoxLock. The Adafruit Feather has excellent documentation on how to connect to the SOC via SWD pins I traced. I used Atmel Studio to read the info off the ATSAMD21 SOC; this showed me how to read the fuses as well as dump the entire flash off the Adafruit Feather.

SWD information of the Adafruit Feather M0

Atmel Studio also will let you know if the device has the “Security Bit” enabled. When set, the security bit is used to disable all external programming and debugging interfaces, making memory extraction and analysis extremely difficult. Once the security bit is set, the only way to bypass or clear the bit is to completely erase the chip.

Showing how to set the security bit on the Adafruit Feather M0

After I felt comfortable with the Adafruit feather I connected the BoxLock to a Segger JLink and loaded up Atmel Studio. The Segger JLink is a debugging device that can be used for JTAG and SWD. I was surprised that the developers set the security bit; this is a feature often overlooked in IOT devices. However, with the goal of finding vulnerabilities, this was a roadblock. I started to look elsewhere.

Segger JLink used for SWD communication

After spending some time under the microscope, I was able to trace back the larger Tag-Connect port to the BLE (Bluetooth Low Energy) module. The BLE module also has a full SOC which could be interesting to look at, but before I began investigating the BLE chip I still had two vectors to look at first: BLE and WiFi network traffic.

BLE is different to Bluetooth. The communication between BLE devices is secured by the use of encryption, whose robustness depends on the pairing mode used and BLE allows a few different pairing modes; the least secure “Just Works ” pairing mode is what the BoxLock is using. This mode allows any device to connect to it without the pin pairing that normal Bluetooth connections are known for. This means BLE devices can be passively intercepted and are susceptible to MITM (Man in The Middle) attacks.

BLE roles are defined at the connection layer. GAP (Generic Access Profile) describes how devices identify and connect to each other. The two most important roles are the Central and Peripheral roles. Low power devices like the BoxLock follow the Peripheral role and will broadcast their presence (Advertisement). More powerful devices, such as your phone, will scan for advertising devices and connect to them (this is the Central role). The communication between the two roles is done via special commands usually targeted at a GATT (Generic Attributes) services. GATT services can be standard and generic, such as the command value 0x180F, which is the Battery Service. Standardized GATT services help devices communicate with one another without the need for custom protocols. The GATT services present on the BoxLock were all custom, which means they will be displayed as “Unknown Service” when enumerated in a Bluetooth/BLE app.  I chose Nordic’s NRF Connect, available in both the Apple and Android app stores or as a desktop application.

NRF Connect application connected to the BoxLock via BLE

Since the BoxLock was using custom GATT commands I decided to disassemble the Android APK to see if I could find any more information on the “Unknown” UUIDs. I used a tool called “dex2jar” to disassemble the Android APK and then ran the JavaScript code through JSBeautify to clean up the code.

Next, I began searching for UUIDs and the keyword “GATT”. I was able to find the entire list of GATT services and what they pertain to.

GATT services UUID descriptions

The one I was most interested in was labeled as “Command Service”, where the unlock GATT command is sent to. To try it out, I used the NRF Connect application to send a GATT “sendOpenSignal” command with an attribute value of “2”.

How the Android application sends the unlock command

It was just that simple; lo and behold, the BoxLock unlocked!

I was amazed; the phone that I used to send the GATT command over had never connected to the BoxLock before and did not have the BoxLock application installed, yet it was able to unlock the BoxLock. (The vulnerable application version is v1.25 and below).

Continuing to explore the other GATT UUIDs, I was able to read the WiFi SSID, access token, user’s email, and client ID directly off the device. I was also able to write any of these same values arbitrarily.

Information that you can see about the BoxLock via the NRF Connect application

The mandatory identifiers required for the BoxLock to unlock are the access token, user email, and client ID. If those values are not present the device will not authenticate via the cloud API and will not unlock.

The most glaring issue with having all these fields readable and writeable is that I was able to successfully replay them on the device, ultimately bypassing any authentication which led to the BoxLock unlocking.

From my testing, these values never expired and the only way I found that the device cleared the credentials necessary to authenticate was when I removed the battery from the BoxLock. The BoxLock battery is “technically” never supposed to be removed, but since I physically disassembled the lock, (which took a decent amount of effort), I was able to test this.

Even though I was able to unlock the BoxLock, I still wanted to explore one other common attack vector.  I analyzed the network traffic between the device and the internet. I quickly noticed that, apart from firmware updates, device-to-cloud traffic was properly secured with HTTPS and I could not easily get useful information from this vector.

I do not currently have an estimate of the extent of this product’s deployment, so I cannot comment on how wide the potential impact could have been if this issue had been found by a malicious party. One constraint to the attack vector is that it requires BLE, which communicates from a distance of approximately 30 or 40 feet. However, for someone looking to steal packages this would not be a challenge difficult to overcome, as the unlocking attack could be completed very quickly and easily, making the bar for exploitation simply a smart phone with Bluetooth capability. The ease and speed of the exploit could have made for an enticing target for criminals.

I want to take a moment to give some very positive feedback on this vendor. Vulnerability disclosure can be a challenging issue for any company to deal with, but BoxLock was incredibly responsive, easy to work with and immediately recognized the value that McAfee ATR had provided. Our goal is to eliminate vulnerabilities before malicious actors find them, as well as illuminate security issues to the industry so we can raise the overall standard for security. BoxLock was an excellent example of this process at work; the day after disclosing the vulnerability, they set up a meeting with us to discuss our findings, where we proposed a mitigation plan. The BoxLock team set a plan in place to patch not only the BoxLock firmware but the mobile applications as well. Within a week, the vendor created a patch for the vulnerability and updated the mobile apps to force mandatory update to the patched firmware version. We tested the firmware and app update and verified that the application properly clears credentials after use on the vulnerable firmware. We also tested the new firmware which clears the credentials even without the mobile app’s interaction.

IoT security has increasingly become a deciding factor for consumers. The process of vulnerability disclosure is an effective method to increase collaboration between vendors, manufacturers, the security community and the consumer. It is our hope that vendors move towards prioritizing security early in the product development lifecycle. We’d like to thank BoxLock for an effective end-to-end communication process, and we’re pleased to report that this significant flaw has been quickly eradicated. We welcome any questions or comments on this blog!

The post What’s in the Box? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/whats-in-the-box/feed/ 0
Kicking Off MWC 2019 with Insights on Mobile Security and Growing Partnerships https://securingtomorrow.mcafee.com/consumer/mwc-2019-kickoff/ https://securingtomorrow.mcafee.com/consumer/mwc-2019-kickoff/#respond Mon, 25 Feb 2019 08:00:24 +0000 https://securingtomorrow.mcafee.com/?p=94251

We’ve touched down in Barcelona for Mobile World Congress 2019 (MWC), which is looking to stretch the limits of mobile technology with new advancements made possible by the likes of IoT and 5G. This year, we are excited to announce the unveiling of our 2019 Mobile Threat Report, our extended partnership with Samsung to protect […]

The post Kicking Off MWC 2019 with Insights on Mobile Security and Growing Partnerships appeared first on McAfee Blogs.

]]>

We’ve touched down in Barcelona for Mobile World Congress 2019 (MWC), which is looking to stretch the limits of mobile technology with new advancements made possible by the likes of IoT and 5G. This year, we are excited to announce the unveiling of our 2019 Mobile Threat Report, our extended partnership with Samsung to protect Galaxy S10 smartphones, and our strengthened partnership with Türk Telekom to provide a security solution to protect families online.

Mobile Connectivity and the Evolving Threat Landscape

These days, it’s a rare occurrence to enter a home that isn’t utilizing smart technology. Devices like smart TVs, voice assistants, and security cameras make our lives more convenient and connected. However, as consumers adopt this technology into their everyday lives, cybercriminals find new ways to exploit these devices for malicious activity. With an evolving threat landscape, cybercriminals are shifting their tactics in response to changes in the market. As we revealed in our latest Mobile Threat Report, malicious actors look for ways to maximize their profit, primarily through gaining control of trusted IoT devices like voice assistants. There are over 25 million voice assistants in use across the globe and many of these devices are connected to other things like thermostats, door locks, and smart plugs. With this increase in connectivity, cybercriminals have more opportunities to exploit users’ devices for malicious purposes. Additionally, cybercriminals are leveraging users’ reliance on their mobile phones to mine for cryptocurrency without the device owner’s knowledge. According to our Mobile Threat Report, cybersecurity researchers found more than 600 malicious cryptocurrency apps spread across 20 different app stores. In order to protect users during this time of rapid IoT and mobile growth, we here at McAfee are pushing to deliver solutions for relevant, real-world security challenges with the help of our partners.

Growing Partnerships to Protect What Matters

Some cybersecurity challenges we are working to overcome include threats like mobile malware and unsecured Wi-Fi. This year, we’ve extended our long-standing partnership with Samsung to help secure consumers from cyberthreats on Samsung Galaxy S10 smartphones. McAfee is also supporting Samsung Secure Wi-Fi service by providing backend infrastructure to protect consumers from risky Wi-Fi. In addition to mobile, this partnership also expands to help protect Samsung smart TVs, PCs, and laptops.

We’ve also strengthened our partnership with Türk Telekom, Turkey’s largest fixed broadband ISP. Last year, we announced this partnership to deliver cross-device security protection. This year, we’re providing a security solution to help parents protect their family’s digital lives. Powered by McAfee Safe Family, Türk Telekom’s fixed and mobile broadband customers will have the option to benefit from robust parental controls. These controls will allow parents to better manage their children’s online experience and give them greater peace of mind.

We’re excited to see what’s to come for the rest of MWC, and how these announcements will help improve consumers’ digital experiences. It is our hope that by continuing to extend our relationships with technology innovators, we can help champion built-in security across devices and networks.

To stay on top of McAfee’s MWC news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Kicking Off MWC 2019 with Insights on Mobile Security and Growing Partnerships appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mwc-2019-kickoff/feed/ 0
Don’t Take the Bait! How to Steer Clear of Tax Time Scams https://securingtomorrow.mcafee.com/consumer/family-safety/dont-take-the-bait-how-to-steer-clear-of-tax-time-scams/ https://securingtomorrow.mcafee.com/consumer/family-safety/dont-take-the-bait-how-to-steer-clear-of-tax-time-scams/#respond Sat, 23 Feb 2019 15:00:54 +0000 https://securingtomorrow.mcafee.com/?p=94213

For cybercriminals tax time is the most wonderful time of the year. They are in the shadows giddy, eager, and methodically setting a variety of digital traps knowing that enough taxpayers take the bait to render their efforts worthwhile. Indeed, with the frenzy of online tax filings, personal information (and money) moving through mailboxes, and […]

The post Don’t Take the Bait! How to Steer Clear of Tax Time Scams appeared first on McAfee Blogs.

]]>

tax time scamsFor cybercriminals tax time is the most wonderful time of the year. They are in the shadows giddy, eager, and methodically setting a variety of digital traps knowing that enough taxpayers take the bait to render their efforts worthwhile.

Indeed, with the frenzy of online tax filings, personal information (and money) moving through mailboxes, and hardworking people eagerly awaiting tax refunds, crooks are perfectly positioned for big returns this year.

So let’s be wiser and let’s be ready.

Last year, the IRS noted a 60 percent spike in bogus email schemes seeking to steal money or tax information. This year its a surge in phishing scams, says the IRS, that should have taxpayers on alert.

“The holidays and tax season present great opportunities for scam artists to try stealing valuable information through fake emails,” said IRS Commissioner Chuck Rettig. “Watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from the IRS or our partners in the tax community. Taking a few simple steps can protect yourself during the holiday season and at tax time.”

Scams to Look For

According to the IRS, phishing emails are circulating with subjects such as “IRS Important Notice,” “IRS Taxpayer Notice” and other iterations of that message. The fraudulent emails may demand payment with the threat of seizing the recipient’s tax refund or even jail time.

tax time scams

Attacks may also use email or malicious links to solicit tax or financial information by posing as a trustworthy organization or even a personal friend or business associate of the recipient.

While some emails may have obvious spelling errors or grammar mistakes, some scammers have gone to great lengths to piece together a victim’s personal information to gain their trust. These emails look legitimate, have an authentic tone, and are crafted to get even skeptics to compromise personal data using malicious web links.

Scams include emails with hyperlinks that take users to a fake site or PDF attachments that may download malware or viruses designed to grab sensitive information off your devices. With the right data in hand such as a social security number, crooks can file fake returns and claim your tax return, open credit cards, or run up medical bills.

Other tax scams include threatening phone calls from bogus IRS agents demanding immediate payment of past due tax bills and robocalls that leave urgent callback messages designed to scare victims into immediate payment.

Remember, the IRS will NOT:

  • Call to demand immediate payment over the phone, nor will the agency call about taxes owed without first having mailed you several bills.
  • Call or email you to verify your identity by asking for personal and financial information.tax time scams
  • Demand that you pay taxes without giving you the opportunity to question or appeal the amount they say you owe.
  • Require you to use a specific payment method for your taxes, such as a prepaid debit card.
  • Ask for credit or debit card numbers over the phone or
    e-mail.
  • Threaten to immediately bring in local police or other law-enforcement groups to have you arrested for not paying.

How to Protect Yourself

Be hyper-aware. Never open a link or attachment from an unknown or suspicious source. In fact, approach all emails with caution even those from people you know. Scams are getting more sophisticated. According to the IRS, thieves can compromise a friend’s email address, or they may be spoofing the address with a slight change in the email text that is hard to recognize.

Reduce your digital footprint. Now is a great time to go through your social accounts and online profiles, posts, and photos and boost your family’s privacy. Edit out any personal information such as your alma mater, your address, birthdate, pet names, children’s names, or mother’s maiden name. Consider making your social profiles private and filtering your friends’ list to actual people you know.

Have a strong password strategy. Cybercrooks count on their victims using the same password for multiple accounts. Lock them out by using unique passwords for separate accounts. Also, consider using two-factor authentification that requires a security code (sent to your phone) to access your account.

Install security software. Phishing emails carry malware and viruses designed to infect your devices and grab your family’s sensitive data or even seize your computer via ransomware. Crooks aren’t messing around so neither should you. Meet fire with fire by investing in comprehensive security software to protect your devices.

If you are the victim of tax fraud or identity theft, take the proper reporting steps. If you receive any unsolicited emails claiming to be from the IRS, forward them to phishing@irs.gov  (then delete the emails).

The post Don’t Take the Bait! How to Steer Clear of Tax Time Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/dont-take-the-bait-how-to-steer-clear-of-tax-time-scams/feed/ 0
Ryuk, Exploring the Human Connection https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/#respond Wed, 20 Feb 2019 05:01:05 +0000 https://securingtomorrow.mcafee.com/?p=94215

In collaboration with Bill Siegel and Alex Holdtman from Coveware.   At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk’s inner workings, the overlap between Ryuk and Hermes2.1, […]

The post Ryuk, Exploring the Human Connection appeared first on McAfee Blogs.

]]>

In collaboration with Bill Siegel and Alex Holdtman from Coveware.

 

At the beginning of 2019, McAfee ATR published an article describing how the hasty attribution of Ryuk ransomware to North Korea was missing the point. Since then, collective industry peers discovered additional technical details on Ryuk’s inner workings, the overlap between Ryuk and Hermes2.1, and a detailed description of how the ransomware is piggybacking the infamous and ever evolving Trickbot as a primary attack vector. In this blog post we have teamed up with Coveware to take a closer look at the adversary and victim dynamics of Ryuk Ransomware. We structured our research using the Diamond threat model and challenged our existing hypotheses with fresh insights.

Introduction to The Diamond Model

Within Cyber Threat intelligence research, a popular approach is to model the characteristics of an attack using The Diamond Model of Intrusion Analysis. This model relates four basic elements of an intrusion: adversary, capabilities, infrastructure and victim.

For the Ryuk case described above the model can be applied as follows: “An Adversary, cyber-criminal(s), have a capability (Ryuk Ransomware) that is being spread via a TrickBot infection Infrastructure targeting specific victims.

Diamond model of Intrusion Analysis

The Diamond Model offers a holistic view of an intrusion that is a helpful guideline to shape the direction of intelligence research. By searching for relationships between two elements one can gather new evidence. For instance, by analyzing and reverse engineering a piece of malware one might uncover that a certain server is being used for command and control infrastructure, thus linking capability with infrastructure (as shown below).

Linking Infrastructure and Capability

Alternatively, one might search underground forums to find information on adversaries who sell certain pieces of malware, thus linking an adversary with a capability. For instance, finding the underground forum advertisement of Hermes2.1.

Linking Adversary and Capability

Analysis of Competing Hypotheses

In our earlier publication we explained The Analysis of Competing Hypotheses (ACH), the process of challenging formed hypotheses with research findings.
By following this method, we concluded that the strongest hypothesis is not the one with the most verifying evidence, but the one with the least falsifying evidence.

In order to construct a hypothesis with the least falsifying evidence we welcome research published by our industry peers to dissimilate insights that challenge our hypotheses. When we combined all the evidence with links on the diamond model, we discovered that one essential link wasn’t made, the link between adversary and victim.

Seeking New Insights Between Adversary and Victim

Despite published research, the direct link between adversary and victim remained relatively unexplored. Unlike most cybercrime, ransomware and digital extortion frequently creates a strong social connection between adversary and victim. The adversary has certain needs and views the victim as the means to fulfill those needs. The connection between an adversary and victim often generates valuable insights, especially in cases where (extensive) negotiation take place.

Luckily, one of our NoMoreRansom partners, Coveware, is specialized in ransomware negotiations and has gained valuable insights help us link adversary and victim.

The social connection between Adversary and Victim

Ransom Amounts and Negotiations

By aggregating ransomware negotiation and payment data, Coveware is able to identify strain-specific ransomware trends. With regards to Ryuk, it should be noted that ransom amounts average more than 10x the average, making it the costliest type of ransomware. Coveware also observed that some Ryuk ransoms were highly negotiable, while others were not. The bar-belled negotiation results generated an average ransom payment of $71k, a 60% discount from an average opening ask of $145k.

The bar-belled negotiation outcomes meant that some victims were stonewalled. These victims either lost their data or took on staggering financial risk to pay the ransom. The outcomes also imply that in certain cases the adversary would rather receive infrequent large windfalls (often in excess of 100BTC), while in other cases the adversary was keen to monetize every attack and accept lower amounts to ensure payment. This difference in modus operandi suggests that more than one cyber-criminal group is operating Ryuk ransomware.

Ransom Note and Negotiation Similarities and Differences

Similarities between Bitpaymer and Ryuk ransom notes have been observed before. While it is not uncommon for ransom notes to share similar language, sequences of phrases tend to remain within the same ransomware family. Slight copy+paste modifications are made to the ransom text as a variant is passed along to different groups, but large alterations are rarely made. Below is a comparison of a Bitpaymer initial email (left) and a standard Ryuk initial email (right).

A comparison of a Bitpaymer initial email (left) and a standard Ryuk initial email (right)

The shared language implies that text once unique to a Bitpaymer campaign was borrowed for a Ryuk campaign, possibly by an operator running simultaneous ransom campaigns of both Bitpaymer and Ryuk or the imitation can be considered as the sincerest form of flattery.

Different Initial Email Response May Be Different Adversaries?

A more dramatic scripted communication difference has been observed in the initial email response from Ryuk adversaries. The initial email response is typically identical within ransomware families belonging to the same campaign. When significant differences in length, language, and initial ransom amount appear in the initial email response we are comfortable assuming they belong to unique groups with unique modus operandi. This would mean that Ryuk in being spread by more than one actor group.

Below are two such Ryuk examples:

 

Post Payment Bitcoin Activity

A final indicator that multiple groups are running simultaneous Ryuk campaigns can be observed in the activity of bitcoin after it hits a ransom address. Surprisingly, despite the differences between negotiation outcome and initial communications, Coveware observed little difference between the BTC wallets (blacked out to protect victims) associated with the above cases. Initial comparison showed no meaningful discrepancy in difference between the time of a ransom payment and the time of a corresponding withdraw. Additionally, the distribution of funds upon withdrawal was consistently split between two addresses. Coveware will continue to monitor the funds associated with campaigns for meaningful indicators.

Ryuk Negotiating Profiles

With few exceptions, the rest of the email replies during a Ryuk extortion negotiation are extremely short and blunt. Typical replies and retorts are generally less than 10 written words and often just a single number if the ransom amount is the point of discussion. This correspondence is unique to Ryuk.

One reply did contain quite a remarkable expression; “à la guerre comme à la guerre,” to contextualize the methods and reasons for the cyber criminals’ attacks on western companies. The French expression originates from the seventeenth century and literally translates to “in war as in war” and loosely translates to: “In Harsh times one has to do with what’s available”. The striking thing about this expression is that is prominently featured in volume 30 of the collected works of the Soviet Revolutionary leader Vladimir Lenin. Lenin uses the expression to describe the struggle of his people during the war against western capitalism.

This concept of “The capitalistic West versus the Poor east” is actually something McAfee ATR sees quite often expressed by cyber criminals from some of the Post-Soviet republics. This expression may be a clear indicator of the origin and cultural view of the criminals behind Ryuk.

Ryuk poses existential risk to certain industries

Even though the average ransom discounts of Ryuk are large (~60%), the absolute level of the ransom is extreme. Accordingly, we have seen evidence that links ransom demands to the size of the network footprint of the victim company. However, this doesn’t mean that the ransom demand correlates to the victims actual operational and financial size.

Companies in the IT Hosting and the Freight and Logistics industries have been particularly susceptible to this discrepancy. Coveware has assisted at least 3 companies that have had to unwind their business when an affordable ransom amount, could not be reached. Typically, downtime costs are 10x the ransom amount, but in these industries downtime costs can be particularly extreme.

IT Hosting companies are of note as the size and number of their servers can make them appear like a large organization. Unfortunately, the business of hosting involves high fixed costs, low operating margins, and zero tolerance of downtime by end clients.  Hosting companies that get attacked typically have a few hours to restore service before their clients drop them for alternatives. Moreover, these companies suffer irreparable harm to their reputations, and may trigger SLA breaches that leave them exposed to liability.  The inability to pay a six-figure ransom has caused multiple hosting companies to shut down.

Freight and Logistics firms are also acutely exposed. These firms also present like larger firms given the volume of data they move and their network footprint. Additionally, attacks against Freight and Logistics firms can cause immediate supply chain issues for the victims’ end clients, who are subsequently forced to route through other service providers. Similar to IT Hosting, Freight and Logistics firms have low operating margins and end clients with little tolerance for service interruptions. The inability to pay or negotiate a large ransom has materially impacted several firms in this industry.

Ryuk Decryptor findings and issues

When victims do pay the exorbitant ransom amount, the criminals will provide a decryptor to unlock a their files. This decryptor is actually framework that needs to be loaded with a victim’s private RSA key, provided by the criminals, in order to decrypt. Ensuring that the provided decryptor will only work for this specific victim. This setup allows the criminals to quickly load a victim’s key in the framework and offer a custom decryptor with minimal code change while the underlaying framework remains the same.

From Coveware’s experience we have learned that the decryption process is quite cumbersome and full of possible fatal errors. Luckily Coveware was able to share the Ryuk decryptor with McAfee ATR in order to take a closer look at the issues and level of sophistication of the decryptor.

Once launched the first thing the decryptor does is to search the HKEY_CURRENT_USER Hive for a value pair named “svchos” in the path “SOFTWARE\Microsoft\Windows\CurrentVersion\Run” and delete the specific entry. This removes the persistence of the malware. Afterwards it will reboot the system and remove any remaining Ryuk malware still receding on the system.

Deleting the “svchos” value from the registry.

Once rebooted the user needs to run the tool again and the decryptor will provide two options to decrypt.

  • Decryption per file
  • Automatic decryption

The main interface of the Ryuk decryptor with the different menu options.

HERMES File Marker

During the decryption process we have found that the decryptor searches for the known file marker string HERMES which is located in the encrypted file.

The HERMES marker clearly visible within the file

The fact that Ryuk ransomware adds HERMES filemarker string was already known, but discovering this specific check routine in the decryptor strengthens the hypotheses that Ryuk is a slightly modified version of Hermes2.1 ransomware kit that is sold online even more.

Decryptor Issues

While examining the decryptor we were astonished by the lack of sophistication and the amount of errors that resided within the code. Some of the most prominent issues were:

  • If there is a space in the Windows file path the decryptor will fail the decryption process.
  • If there is a quotation mark (“) in the file path the decryptor will report an error that it cannot find the specific file.
  • The decryptor uses the “GetVersionExW” function to determine the windows version, from Windows 8.1. the value returned by this API has changed and the decryptor isn’t designed to handle this value.
  • The decryptor doesn’t remove the .RYUK extension and replace it with the original extension. So, there is no way the name of the file can give an indication towards the type of the file, something that can be extremely labor intensive for enterprise victims.
  • When choosing the manual option in the decryptor, the user has to supply a path of the specific file or choose “0” to finish. However, choosing a “0” will put the decryptor into an infinite loop.

Looking at the decryptor, it is very worrisome to see that the criminals behind Ryuk can get away with such bad programming. It shows a clear lack of empathy towards their victims and the absence of solid coding skills. Victims who do pay the exorbitant ransom demand are far from in the clear. The decryptor offered by the criminals has a very high risk of malfunctioning, resulting in permanent damage to their precious files. Victims should always make an exact copy of the encrypted hard disk before trying to use the decryptor.

Call to action in piecing the different parts together

By combining all the fresh insights with the information that was already discovered by ourselves and industry peers we can start defining our leading hypotheses around Ryuk. Based on this hypothesis, we will actively look for falsifying evidence. We encourage the security community to participate in this process. We realize that only by collaboration can we piece the different parts of the Ryuk puzzle together.

By now it should be without question that involvement of the DPRK is the least likely hypothesis. Our leading Hypothesis on Ryuk until proven otherwise is;

Ryuk is a direct descendant from Hermes2.1 with slight modifications, based on the code overlap in the ransomware as well as the decryptor. Ryuk is not designed to be used in a largescale corporate environment, based on all the scalability issues in the decryptor. At this moment there are several actors or actor-groups spreading Ryuk, based on the extortion modus operandi and different communications with the victims. The actors or actor-groups behind Ryuk have a relationship with one of the Post-Soviet republics, based on the Russian found in one of the encrypted files and the cultural references observed in the negotiations. The actors behind Ryuk most likely have an affiliation or relationship with the actors behind Trickbot and, based on their TTP, are better skilled at exploitation and lateral movement than pure Ransomware development.

Conclusion

In the last seven months Ryuk has proven to be a highly profitable form of ransomware, despite the poor programming behind it and its decryptor. The criminals have proven to be ruthless and several of their victims were forced to wind down their businesses after they were unable to afford the exorbitant ransom.

When a company does give in to the high demands it is extra painful to see a situation occur where they are permanently unable to recover their files due to the faulty decryptor.

A solid data loss prevention strategy still remains the best advice against all forms of ransomware, for general prevention advice please visit NoMoreRansom. Always seek professional assistance when you are faced with a targeted ransomware attack such as Ryuk.

The post Ryuk, Exploring the Human Connection appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/feed/ 0
MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/#respond Tue, 19 Feb 2019 17:00:10 +0000 https://securingtomorrow.mcafee.com/?p=94185

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize […]

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

]]>

These days, it’s rare to walk into a home that doesn’t have a smart device in use. From voice assistants, smart TVs, tablets, and more, these devices have greatly enhanced our way of life through intelligent connectivity. Intelligent connectivity is defined by the highly contextualized and personal experiences offered by the smart devices we utilize on a daily basis. However, as manufacturers continue to push out the latest technology to stay ahead of their competitors, device security isn’t always top-of-mind. As a result, the level of confidence consumers have in their devices is reduced. At McAfee, we understand that the notion of digital trust is imperative to the future of security as we adopt technologies shaped by the likes of 5G networks, the Internet of Things (IoT), artificial intelligence (AI), and big data. And as we head into Mobile World Congress 2019 (MWC), one can’t help but wonder, how will these advancements shape the future of mobile connectivity?

Almost every new device is built to connect, and as our 2019 Threats Predictions Report showed us, our dependence on technology is ubiquitous. Take your smartphone, for example. Everywhere you go, this minicomputer allows you to chat with your friends online, send emails, and look up new information with just the press of a button. Only upping the ante, 5G is set to roll out across the nation, bringing greater speed to handheld devices with more data and lower latency. These benefits will set the stage for more IoT devices, such as your smart refrigerator or smart plug, to connect to the network as well. The ability to control the temperature of your refrigerator from your smartphone is a pretty cool capability. But what happens if your smartphone gets hacked and a cybercriminal remotely disables your refrigerator? You may be left with a bigger problem than some spoiled food.

With all of your smart devices on the same 5G network, malicious actors can gain full access to the data that lives in your smart home technology through just your mobile phone. The increase in devices on the 5G network also increases the risk of Distributed Denial-of-service, or DDoS, attacks. These attacks are caused by cybercriminals flooding a network with so much traffic that it can’t operate or communicate as it normally would. And with more IoT devices operating on the 5G network, the consequences of such a cyberattack could be truly crippling. So, how can we continue to trust the devices we use on a daily basis despite the cybersecurity risks caused by greater connectivity?

Digital trust, or the level of confidence consumers have in their technology and mobile devices, is extremely delicate. And as our experiences with our devices become more and more personalized thanks to intelligent connectivity, it’s important to realize that it can’t be intelligent if there is no trust. That’s why consumers should embrace advancements in mobile technology but remember to keep cybersecurity practices at the forefront.

Whether you’re headed out to Barcelona for MWC 2019 or watching from afar, we here at McAfee are committed to helping you take the necessary precautions required in order to connect with confidence in a world where everything is built to connect.

Stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post MWC 2019: The Key to Establishing Digital Trust with Intelligent Connectivity appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mwc-digital-trust/feed/ 0
Mobile World Congress 2019: Q&A with McAfee Leadership https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/mobile-world-congress-2019-qa-with-mcafee-leadership/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/mobile-world-congress-2019-qa-with-mcafee-leadership/#respond Tue, 19 Feb 2019 15:00:06 +0000 https://securingtomorrow.mcafee.com/?p=94183

Next week, Mobile World Congress (MWC) will kick off in Barcelona. This year’s event will have an estimated 107,000 attendees, along with 2,400 exhibitors, all representing about 205 countries. While the focus of the event is mobility, we can expect the industry to continue to drive conversations around IoT, artificial intelligence, 5G, connectivity, and more. […]

The post Mobile World Congress 2019: Q&A with McAfee Leadership appeared first on McAfee Blogs.

]]>

Next week, Mobile World Congress (MWC) will kick off in Barcelona. This year’s event will have an estimated 107,000 attendees, along with 2,400 exhibitors, all representing about 205 countries. While the focus of the event is mobility, we can expect the industry to continue to drive conversations around IoT, artificial intelligence, 5G, connectivity, and more.

As Europe’s biggest gathering in the IT sector nears, we spoke with McAfee leadership about the major themes we should expect to see at MWC this year and what it means for McAfee.

Q: Artificial intelligence and the new 5G standard have been the hot topics of mobility. Do you think these two topics will play an important role at this year’s Mobile World Congress?

Gary Davis, Chief Consumer Security Evangelist: Absolutely. With 5G starting to be rolled out, everyone is waiting on bated breath to see how that affects society and our ecosystems in general. With technologies like 5G enabling almost zero latency, more data will be collected and aggregated. Insights from that mass of data can only be gleaned by using AI-based solutions.

Radhika Sarang, Director of Global Consumer Product Marketing: 5G and AI should be hot topics of discussion at MWC 2019. I fully expect several products and services displaying both technologies on the show floor. 5G will be transformative in how we consume content, adopt new technologies, and connect with one another. However, this phenomenon will increase the need for redefining the concept of digital trust. Narrow or weak AI has grown leaps and bounds recently in areas of natural language processing, machine learning, and advanced analytics. These technologies are also enabling cybersecurity teams to foresee cyberattacks and create proactive solutions.

Q: This year’s theme for Mobile World Congress is Intelligent Connectivity. What does this term mean to McAfee? What does it mean for enterprise businesses?

Davis: For McAfee, we would interpret that to mean that for something to be intelligent, trust must be established. Without trust, intelligent connectivity fails to exist.

Nathan Jenniges, Senior Director of the Device Security Business: It means having access to information when and how you need it. Increasingly the “how” is through mobile devices. The “when” is not defined by traditional business hours, as people engage at all times of the day. They also use the same device for enterprise business as they do for personal business, which increases the level of risk to an organization. Inherent in intelligent connectivity is security. You can connect at any time. But to connect intelligently, you need to be confident the connection is secure and not increasing your risk. As an example, you could connect your mission critical equipment to any electrical outlet. But if you connected intelligently, you’d have some sort of surge protector, so you don’t destroy your mission critical equipment. The surge protector is equivalent to protecting mobile devices from attack when they are connected to organizational resources.

Q: At any industry event, we can expect to see announcements for new technologies and IoT devices. What can you tell us about new security challenges that may arise this year and beyond?

Davis: Most everything being built today is engineered to be connected. However, most manufacturers are solving for time to market and convenience, thus forgoing any meaningful security controls. This results in the rapid expansion of the attack surface, which bad actors will most definitely target.

Sarang: Security threat vectors are shifting and evolving alongside the growth of IoT among consumers, enterprises, and network providers. Hackers are always looking to find creative ways to monetize in this increasingly connected world. With predictions of over 50 devices in each household by 2020, we fully expect to see more DDoS attacks and IoT-based ransomware. And with the advent of 5G that promises to transform our digital lives, it’s imperative that security is addressed as a top priority by service providers to create consumer digital trust in an even more connected world.

Q: How will mobile impact the enterprise in 2019?

Jenniges: Mobile threats continue to increase at record-breaking levels with more and more vulnerabilities discovered every month. In alignment with the threat, more business work is being done on mobile than ever before as mobile devices quickly become the dominant endpoint device. These devices access the same information and contain the same information that a traditional endpoint does with zero protection. As an attacker, you will look for the most efficient attack path and mobile is clearly the new favorite path.

 

We’ll be making a splash at this year’s conference, so be sure to stop by booth #5A21 in Expo Hall 5, where we will host demos, giveaways, and more. Also, be sure to follow @McAfee and @McAfee_Home for real-time updates from the show and opportunities to win giveaways throughout the week.

The post Mobile World Congress 2019: Q&A with McAfee Leadership appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/mobile-world-congress-2019-qa-with-mcafee-leadership/feed/ 0
MWC 2019: Why 5G + Fortnite = a win-win for criminals https://securingtomorrow.mcafee.com/consumer/mwc-2019-why-5g-fortnite-a-win-win-for-criminals/ https://securingtomorrow.mcafee.com/consumer/mwc-2019-why-5g-fortnite-a-win-win-for-criminals/#respond Mon, 18 Feb 2019 15:00:53 +0000 https://securingtomorrow.mcafee.com/?p=94202

So apparently, the company behind Fortnite has so much cash that it’s forming a $100 million prize fund for upcoming competitions. It’s hardly surprising since its creators, Epic Games, confirmed that by the end of November 2018, 200 million players had registered accounts across PCs, gaming consoles and on mobile. The Android app alone was […]

The post MWC 2019: Why 5G + Fortnite = a win-win for criminals appeared first on McAfee Blogs.

]]>

So apparently, the company behind Fortnite has so much cash that it’s forming a $100 million prize fund for upcoming competitions. It’s hardly surprising since its creators, Epic Games, confirmed that by the end of November 2018, 200 million players had registered accounts across PCs, gaming consoles and on mobile. The Android app alone was downloaded 15 million times within the first three weeks of its release.

Staggeringly though, this remains a ‘free’ game and while the freemium model is hardly new in the world of mobile apps – just consider the returns Supercell got with Clash of Clans – it does provide an opportunity for criminals to also get their share. Unsurprisingly the promise of achieving an advantage is particularly attractive since top gamers can earn hundreds of thousands of dollars.

Combined with alternative delivery methods such as the use of an invitation-only beta version of Fortnite distributed in August 2018, we saw the growth in promises of invitations, and over-eager YouTubers with links to apps that were not what they appeared. From an InfoSec perspective this is hardly surprising, but the reality is that we are dealing with an audience demonstrating no due diligence in their pursuit of access to the latest games.

While Fortnite is undoubtedly a phenomenon, it’s just the tip of the iceberg. There are already challengers nipping at its heels. PUBG Mobile, for example, is played by 30 million people daily, while there are plans for EA’s Apex Legends to move over to mobile, having acquired 10 million online players in its first 72 hours.

The growing appetite for mobile gaming will only increase further this year with the arrival of 5G networks and its promise of super-fast speeds and ultra-low latency. And of course, as the number of mobile gamers continues to grow, so too will the opportunity for criminals to exploit them.

75 percent of gamers claimed security was the element that most concerned them about the future of gaming. Such concerns are hardly surprising since we found almost two thirds of gamers have or know someone who has been directly affected by a cyberattack, with the average gamer experiencing around five attacks. However, the likelihood is that these concerns are put to one side when a link to a third-party app store offers a beta version to the latest gaming phenomenon.

Analysts suggest that 2018 was a tipping point for mobile gaming, when cost, convenience and a social element saw the channel become bigger than console and PC gaming combined. Unfortunately, this means opportunistic criminals now have their eyes on a huge and growing number of potential victims.

Join us at this year’s Mobile World Congress in Barcelona, where we’ll be demoing McAfee Gamer Security, and revealing how criminals are cashing in on Fortnite and its unorthodox distribution method.

The post MWC 2019: Why 5G + Fortnite = a win-win for criminals appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mwc-2019-why-5g-fortnite-a-win-win-for-criminals/feed/ 0
The Risks of Public Wi-Fi and How to Close the Security Gap https://securingtomorrow.mcafee.com/consumer/family-safety/the-risks-of-public-wi-fi-and-how-to-close-the-security-gap/ https://securingtomorrow.mcafee.com/consumer/family-safety/the-risks-of-public-wi-fi-and-how-to-close-the-security-gap/#respond Sat, 16 Feb 2019 15:00:58 +0000 https://securingtomorrow.mcafee.com/?p=94104

As I write this blog post, I’m digitally exposed, and I know it. For the past week, I’ve had to log on to a hospital’s public Wi-Fi each day to work while a loved one recuperates. What seems like a routine, casual connection to the hospital’s Wi-Fi isn’t. Using public Wi-Fi is a daily choice […]

The post The Risks of Public Wi-Fi and How to Close the Security Gap appeared first on McAfee Blogs.

]]>

public wi-fi risksAs I write this blog post, I’m digitally exposed, and I know it. For the past week, I’ve had to log on to a hospital’s public Wi-Fi each day to work while a loved one recuperates.

What seems like a routine, casual connection to the hospital’s Wi-Fi isn’t. Using public Wi-Fi is a daily choice loaded with risk. Sure, I’m conducting business and knocking out my to-do list like a rock star but at what cost to my security?

The Risks

By using public Wi-Fi, I’ve opened my online activity and personal data (via my laptop) up to a variety of threats including eavesdropping, malware distribution, and bitcoin mining. There’s even a chance I could have logged on to a malicious hotspot that looked like the hospital network.

Like many public Wi-Fi spots, the hospital’s network could lack encryption, which is a security measure that scrambles the information sent from my computer to the hospital’s router so other people can’t read it. Minus encryption, whatever I send over the hospital’s network could potentially be intercepted and used maliciously by cybercriminals.

Because logging on to public Wi-Fi is often a necessity — like my situation this week — security isn’t always the first thing on our minds. But over the past year, a new normal is emerging. A lot of us are thinking twice. With data breaches, privacy concerns, the increase in the market for stolen credentials, and increasingly sophisticated online scams making the headlines every day, the risks of using public Wi-Fi are front and center.

Rising Star: VPNpublic wi-fi risks

The solution to risky public Wi-Fi? A Virtual Private Network (VPN). A VPN allows users to securely access a private network and share data remotely through public networks. Much like a firewall protects the data on your computer, a VPN protects your online activity by encrypting your data when you connect to the internet from a remote or public location. A VPN also conceals your location, IP address, and online activity.

Using a VPN helps protect you from potential hackers using public Wi-Fi, which is one of their favorite easy-to-access security loopholes.

Who Needs a VPN?

If you (or your family members) travel and love to shop online, access your bank account, watch movies, and do everyday business via your phone or laptop, a VPN would allow you to connect safely and encrypt your data no matter where you are.

A VPN can mask, or scramble, your physical location, banking account credentials, and credit card information.

Also, if you have a family data plan you’ve likely encouraged your kids to save data by connecting to public Wi-Fi whenever possible. Using a VPN, this habit would be secured from criminal sniffers and snoopers.

A VPN allows you to connect to a proxy server that will access online sites on your behalf and enables a secure connection most anywhere you go. A VPN also allows hides your IP address and allows you to browse anonymously from any location.

How VPNs work

To use a VPN you subscribe to VPN service, download the app onto your desktop or phone, set up your account, and then log onto a VPN server to conduct your online activity privately.

If you are still logging on to public Wi-Fi, here are a few tips to keep you safe until VPNs become as popular as Wi-Fi.

Stay Safe on Public Wi-Fi 

Verify your connection. Fake networks that mine your data abound. If you are logging on to Wi-Fi in a coffee shop, hotel, airport, or library, verify the exact name of the network with an employee. Also, only use Wi-Fi that requires a password to log on.public wi-fi risks

Don’t get distracted. For adults, as well as kids, it’s easy to get distracted and absorbed with our screens — this is risky when on public Wi-Fi, according to Diana Graber, author of Raising Humans in a Digital World. “Knowing how to guard their personal information online is one of the most important skills parents need to equip their young kids with today,” says Graber. “Lots of young people visit public spaces, like a local coffee shop or library, and use public Wi-Fi to do homework, for example. It’s not uncommon for them to get distracted by something else online or even tempted to buy something, without realizing their personal information (or yours!) might be at risk.”

Disable auto Wi-Fi connect. If your phone automatically joins surrounding networks, you can disable this function in your settings. Avoid linking to unknown or unrecognized networks.

Turn off Wi-Fi when done. Your computer or phone can still transmit data even when you are not using it. Be sure to disable your Wi-Fi from the network when you are finished using it.

Avoid financial transactions. If you must use public Wi-Fi, don’t conduct a sensitive transaction such as banking, shopping, or any kind of activity that requires your social security or credit card numbers or password use. Wait until you get to a secured home network to conduct personal business.

Look for the HTTPS. Fake or unsecured websites will not have the HTTPS in their address. Also, look for the little lock icon in the address bar to confirm a secure connection.

Secure your devices. Use a personal VPN as an extra layer of security against hackers and malware.

The post The Risks of Public Wi-Fi and How to Close the Security Gap appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/the-risks-of-public-wi-fi-and-how-to-close-the-security-gap/feed/ 0
PACE – People, Alignment, Culture, and Execution https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/pace-people-alignment-culture-and-execution/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/pace-people-alignment-culture-and-execution/#respond Fri, 15 Feb 2019 15:00:12 +0000 https://securingtomorrow.mcafee.com/?p=94178

McAfee was founded in 1987, and at 32 years old, we’re moving faster than ever before with more precision, agility, and innovation. With McAfee’s expected growth in 2019 as the device-to-cloud cybersecurity company, we recognize the need to ensure that the Americas Channel Team is sharply focused. As I’ve met with members of my team, […]

The post PACE – People, Alignment, Culture, and Execution appeared first on McAfee Blogs.

]]>

McAfee was founded in 1987, and at 32 years old, we’re moving faster than ever before with more precision, agility, and innovation. With McAfee’s expected growth in 2019 as the device-to-cloud cybersecurity company, we recognize the need to ensure that the Americas Channel Team is sharply focused. As I’ve met with members of my team, both individually and in planning sessions, we are already hitting the ground running. This year, the stage is set for our PACE—our pace within the company, and our People, Alignment, Culture, and Execution.

The first focus area, Our People, not only encompasses our team, but also our partners and customers. I truly believe if you take care of the people, the people will take care of you. As a Channel Organization, we ensure that both our partners’ and customers’ needs are met. Through tightly aligned cross-functional organizations internally, we are creating powerful unity as we serve customers together.

Our Alignment concentrates on making sure we’re moving in the same direction at the same time.

Within Our Culture, we have a primary and secondary culture. Our primary culture is centered around our pledge that each McAfee employee signs, declaring dedication to keeping the world safe from cyberthreats. However, the Channel Organization has also cultivated a secondary culture, which is supported by our corporate value surrounding candor and transparency. We aim for both cultures to be evident in everything we do.

With Our Execution, we believe that if we commit to something, we must execute it. Accountability is a priority for our team. Our Execution is currently centered around our MVISION portfolio family, which includes MVISION Endpoint, ePO, Cloud, Mobile, and EDR (coming soon). Designed to encompass our overall brand through a simple approach, MVISION is an integrated, open system from device to cloud that offers consolidated visibility, comprehension, and control across a digital landscape. If you’re not up to speed on MVISION, please take some time to research and get familiar. Our mutual customers are going to love it.

This year, we are excited to be working on our PACE. We are committed to maintaining a healthy PACE for the betterment of our customers, partners, and team. We hope the PACE we set this year will serve all who interact with McAfee.

The post PACE – People, Alignment, Culture, and Execution appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-partners/pace-people-alignment-culture-and-execution/feed/ 0
ST01: Cloud Adoption Trends with Sekhar Sarukkai and Vittorio Viarengo https://securingtomorrow.mcafee.com/other-blogs/podcast/st01-cloud-adoption-trends-with-sekhar-sarukkai-and-vittorio-viarengo/ https://securingtomorrow.mcafee.com/other-blogs/podcast/st01-cloud-adoption-trends-with-sekhar-sarukkai-and-vittorio-viarengo/#respond Thu, 14 Feb 2019 23:32:20 +0000 https://securingtomorrow.mcafee.com/?p=94194

Co-founder of Skyhigh Networks Sekhar Sarukkai and Head of Cloud Marketing Vittorio Viarengo discuss a range of topics from cloud adoption trends, to Office 365 security, AWS, and much more.

The post ST01: Cloud Adoption Trends with Sekhar Sarukkai and Vittorio Viarengo appeared first on McAfee Blogs.

]]>

Co-founder of Skyhigh Networks Sekhar Sarukkai and Head of Cloud Marketing Vittorio Viarengo discuss a range of topics from cloud adoption trends, to Office 365 security, AWS, and much more.

The post ST01: Cloud Adoption Trends with Sekhar Sarukkai and Vittorio Viarengo appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/podcast/st01-cloud-adoption-trends-with-sekhar-sarukkai-and-vittorio-viarengo/feed/ 0
How To Sidestep Popular Social Scams https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/#respond Thu, 14 Feb 2019 22:28:16 +0000 https://securingtomorrow.mcafee.com/?p=94189

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you […]

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

]]>

Each year, internet users lose billions of dollars to online scams, using clever ploys to trick us out of our information and money. By offering prizes, referencing current events, or just creating a sense of urgency, scammers know how to get us to click when we really shouldn’t. Check out these recent scams, so you know what to look out for.

Nosy Quizzes & Questionnaires

Quizzes circulating on Facebook, Twitter, and other social platforms may look like a fun way to win free stuff, but often they are phishing attacks in disguise. Many appear to be sponsored by big-name brands such as airlines and major retailers, offering free products or discount tickets if you just answer a few questions. The questions are designed to get you to reveal personal information that can be used to guess your passwords or security questions, such as your mother’s maiden name, or your hometown.

Creepy Crypto Scams 

While cryptocurrencies lost a lot of value over the last year, the same cannot be said for cryptocurrency scams. The majority of them center on distributing crypto mining malware, which allows hackers to access a person’s computer or device without their permission in order to mine for cryptocurrencies. In fact, these scams have been so prolific that at the end of 2018 McAfee reported that coin mining malware had grown more than 4000% in the previous year.

Many of these miners were distributed through phishing emails and websites, using “giveaway” scams on social media, or even via crypto mining chat groups on platforms such as Slack. Cybercrooks enter the chat rooms, pretending to be fellow miners, and encourage users to download malware disguised as “fixes” to crypto issues.

Romance & “Sextortion” Scams 

The meteoric rise of online dating has led to a similar increase in romance scams. These often involve bad actors preying on lonely people who are looking to connect. Scammers build up a sense of trust over online dating and social media platforms, before asking for money. They often claim the money is for an emergency, or a plane ticket to visit. This kind of manipulation works so well that the Better Business Bureau estimates that victims in the U.S. and Canada lost nearly $1 billion to romance scams between 2015 and 2018.

And while romance is one way to manipulate users, another driver is fear. This is certainly the case with the recent rise in so-called “sextortion” scams, which scare users into paying money to prevent incriminating pictures or videos of them from getting out. The bad guys claim that they obtained the embarrassing content by infecting the victim’s device with malware, and often send part of an old, leaked password as proof that they could have accessed their account.

Topical News Hooks

Whenever a major story sweeps the news, chances are the scammers are looking for ways to capitalize on it. This is exactly what happened during the recent U.S. government shutdown, which left 800,000 federal employees out of work for over a month. Since many of these workers were looking for extra income, job scams abounded. Some phony job ads asked workers to fill out detailed job application forms, in order to steal their Social Security numbers and other private information.

In another ruse, scammers sent out phony emails that appeared to be from the IRS, saying that the recipient could get a discount on their tax bills if they paid during the shutdown.

Tried-and-True Scams

Package Delivery— Phony package delivery emails usually spike around the holidays, but in the age of Amazon Prime delivery scams are circulating year-round. Be on the lookout for more recent Amazon scams that come in the form of a phishing email, asking you to review a product to get rewards. If you click on the link it could deliver malware, or even ransomware.

Tech Support— This is one of the oldest, but most persistent scams to date. Phishing websites and phony pop-up warnings that a computer or device is infected have led thousands of people to hand over personal and financial information to fix a problem they don’t really have.

Even though consumers have become savvier about these scams, a recent Microsoft survey found that 3 out of 5 people have been exposed to tech support scams over the last year.

So, now that you know what to look out for, here are our top tips for sidestepping the scammers:

  • Be careful where you click—Don’t open suspicious links and attachments, and never click on pop-up messages from an unknown source. If you get a suspicious login or payment request, go directly to the provider’s official website to see if the request is legitimate.
  • Know how to spot the fake—Phony messages or documents will often look like a simplified version of the real thing, with poor quality graphics, incorrect grammar and spelling, and a generic personal greeting.
  • Keep your personal information private—Avoid online quizzes, and never share personal or financial details with someone you don’t know in real life. Review your privacy and security settings on social sites to make sure that you aren’t leaking information.
  • Be a smart online shopper—Only buy from reputable websites, and steer away from deals that seem too good to be true. Be suspicious of unusual payment requests, such as buying gift cards or using virtual currency.
  • Become a password pro—Choose complex and unique passwords for all of your accounts. Consider using a password manager to help you create and store complicated passwords securely.
  • Protect your computers and devices—Use comprehensive security software that can safeguard you from the latest threats.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

The post How To Sidestep Popular Social Scams appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-to-sidestep-popular-social-scams/feed/ 0
The Best Ways to Catch McAfee at RSA Conference 2019 https://securingtomorrow.mcafee.com/business/the-best-ways-to-catch-mcafee-at-rsa-conference-2019/ https://securingtomorrow.mcafee.com/business/the-best-ways-to-catch-mcafee-at-rsa-conference-2019/#respond Thu, 14 Feb 2019 16:00:29 +0000 https://securingtomorrow.mcafee.com/?p=94126

In just a few weeks, San Francisco will be taken over by cybersecurity professionals and vendors at Moscone Center for the 2019 RSA Conference. There’s a lot packed into the conference—that’s why we’re breaking down the best ways to see McAfee in action. So take out your calendars and make note of the events below. […]

The post The Best Ways to Catch McAfee at RSA Conference 2019 appeared first on McAfee Blogs.

]]>

In just a few weeks, San Francisco will be taken over by cybersecurity professionals and vendors at Moscone Center for the 2019 RSA Conference. There’s a lot packed into the conference—that’s why we’re breaking down the best ways to see McAfee in action. So take out your calendars and make note of the events below.

McAfee Leadership Takes the Stage

CSA Summit Keynote: Case Study: Behind the Scenes of MGM Resorts’ Digital Transformation
Monday, March 4 | 11:35 am – 11:55 am | Moscone Center

Rajiv Gupta, Senior Vice President, Cloud Security Business Unit, McAfee

Scott Howitt, Senior Vice President & Chief Information Security Officer, MGM Resorts International

As a leader in their industry, MGM is transforming into a digital business by aggressively adopting the cloud to make their employees more engaged and productive and to deliver modern experiences to their customers. Join Rajiv Gupta, SVP of McAfee’s Cloud Business, and Scott Howitt, SVP and CISO for MGM Resorts International, to hear how MGM is protecting their enterprise data across the whole spectrum of their evolving infrastructure, from on-prem, to the device, to their SaaS, IaaS and PaaS cloud instances. More, here.

 

Session: #Ransomware – The Rise, Death and Resurrection of Digital Extortion
Monday, March 4 | 4:45 pm – 5:15 pm | Session Code: SEM-M03

John Fokker

Head of Cyber Investigations

Raj Samani

Chief Scientist, McAfee Fellow

 

Hear from cybercrime experts on the successes and lessons learned from the No More Ransom initiative, an online portal that has prevented millions of dollars in ransom payments to cybercriminals. Recent statistics point to a decrease in the number of ransomware variants. So, is ransomware dead? Not so fast. Get up to speed on what’s new in the ongoing effort to combat the threat of ransomware. More, here.

Keynote: Lightning in a Bottle, or Burning Down the House?
Tuesday, March 5 | 8:35 am – 8:55 am | RSA, West Stage

Dr. Celeste Fralick 

Chief Data Scientist 

Steve Grobman

Senior Vice President and Chief Technology Officer

 

Fire. In the wild, it’s a force for destruction. Controlled, it powers civilization’s forward evolution. But containing phenomena—natural or manmade—is a devilish challenge. Today’s regulatory hotspots include AI and quantum computing, because innovations that strengthen defenses can also fuel targeted threats. The weaponization of AI to amplify cyberattack impacts is enough to give anyone pause, so discussion of export controls on these and other technologies is a worthy conversation. What is the path forward to advance and protect human progress? How do we nurture sparks of innovation without burning bridges to the future? More, here.

Session: Using Machine Learning to Improve Security Predictions
Tuesday, March 5 | 11:00 am – 11:50 am | Session Code: SPO2-T06

Grant Bourzikas

Chief Information Security Officer (CISO) & Vice President of McAfee Labs Operations

 

 

 

Organizations are overwhelmed by data and dependent on outdated (nonpredictive) tools and methods. Security companies can’t keep up with the frequency of attacks, 50% of which are missed by traditional antivirus programs. In this session, McAfee’s CISO will share his experiences, providing valuable information for security organizations to predict attacks by relying on data science and machine learning. More, here.

Session: Mulitparty Vulnerability Disclosure: From Here to Where?
Wednesday, March 6 | 9:20 am – 10:10 am | Session Code: PDAC-W03

As the world grows ever more dependent on complex technological systems, the risk of broadly impactful vulnerabilities in software and hardware is driving the need for improvements in how the global ecosystem addresses identification and disclosure of those vulnerabilities. This panel will discuss what works, what doesn’t, and suggest a path forward that can benefit everyone globally. More, here.

Moderator: John Banghart, Senior Director, Venable

Panelists: Kent Landfield, Chief Standards and Technology Policy Strategist, McAfee LLC

Art Manion, Vulnerability Analysis Technical Manager, CERT Coordination Center

Audrey Plonk, Director, Global Security Policy, Intel Corporation

Session: Law Enforcement: The Secret Weapon in the CISO’s Toolkit
Friday, March 8 | 11:10 am – 12:00 pm | Session Code: AIR-F03

John Fokker

Head of Cyber Investigations

 

 

 

This session will show you how to get the most out of working with law enforcement agencies (LEA) before, during or after a security breach. Learn why partnering with law enforcement can be a valuable strategic asset in the CISO’s ever-expanding toolbox of security measures. More, here.

Hack Your Way Through the Crowds at the McAfee Booth

We’re hosting a fun and interactive Capture the Flag challenge at our RSA booth to test the investigative and analytical skills of RSA attendees. Contestants will be given various challenges and will receive “flag” details on how to complete each challenge as quickly and accurately as possible. Want to know who is in the lead? Don’t worry, we’ll have a live scoreboard. The winner of the RSA Capture the Flag contest will get bragging rights and a cool prize to take home. Visit us at booth #N5745 in the North Hall.

Cloud Security BarCade Challenge

Tuesday, March 5 | 6:00 pm – Midnight | Coin-Op Game Room, San Francisco | 508 4th Street

We’re hosting an epic cloud security networking event at Coin-Op Game Room in San Francisco! What’s the challenge? Come out to see us and find out. There will be prizes, games, food, networking, and more. Register here.

RSA After-Hours Social & Cloud Security Panels

Wednesday, March 6 | 6:30 pm – 11:00 pm | Mourad, San Francisco | 140 New Montgomery Street

We’re bringing the cloud community together for a night of networking at Mourad, so grab your peers and head over to the after-hours social. We will have a DJ, awesome food, creative libations, and a VIP area upstairs for a private whiskey tasting. Throughout the night, we’ll be hosting cloud security panels, where you’ll hear perspectives from industry experts on the current security landscape, best practices, and how to elevate your cloud security posture. Register here and join us as we close out RSA at the after-hours social of the year.

There’s a lot to look forward to at RSA 2019, so be sure to stop by booth #N5745 in the North Hall for demos, theater sessions, and more. Feel free to use code XSU9MCAFEE for a free RSAC expo pass. Also, be sure to follow @McAfee for real-time updates from the show throughout the week.

The post The Best Ways to Catch McAfee at RSA Conference 2019 appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/the-best-ways-to-catch-mcafee-at-rsa-conference-2019/feed/ 0
What About a Heart-To-Heart Talk with Your Loved Ones This Valentine’s Day? https://securingtomorrow.mcafee.com/consumer/what-about-a-heart-to-heart-talk-with-your-loved-ones-this-valentines-day/ https://securingtomorrow.mcafee.com/consumer/what-about-a-heart-to-heart-talk-with-your-loved-ones-this-valentines-day/#respond Wed, 13 Feb 2019 18:25:50 +0000 https://securingtomorrow.mcafee.com/?p=94171 I was listening to the Valentine’s Day playlist of my friend when suddenly espied one of my favorites- Ain’t No Mountain High Enough and started humming the song. Remember it? If you need me call me No matter where you are No matter how far; Just call my name I’ll be there in a hurry […]

The post What About a Heart-To-Heart Talk with Your Loved Ones This Valentine’s Day? appeared first on McAfee Blogs.

]]>
I was listening to the Valentine’s Day playlist of my friend when suddenly espied one of my favorites- Ain’t No Mountain High Enough and started humming the song. Remember it?

If you need me call me

No matter where you are

No matter how far;

Just call my name

I’ll be there in a hurry

You don’t have to worry coz

Baby there ain’t any mountain high enough…

To keep me from getting to you.

Post becoming a mom, it resonated more with me and I would often find myself singing the song whilst doing my daily chores. (Hope the kids heard me and remember the words!).

In the digital age, when kids are maturing faster and social media reflects the rapid rate at which hearts are getting connected and then disconnected, it’s important that we talk about online romances, dating sites and privacy with our teens.

Is your teen sporting a moony look and walking around as if on cloud 9? Then it’s time to sit them down and have ‘the talk’- the one about crushes, love and the need for separating digital life from their romantic life.

So how do you go about it? You can start on a light note, discussing Valentine’s Day and the number of roses they may have received or gifted. Talk about their friends and the various plans they are making for this special day. You may then gently lead the conversation to online romances and the rising interest in dating websites among adolescents. Finally, it’s time to discuss account security and privacy.

Here are some tips you can share with your kids during your heart-to-heart talk on digital age romance:

  • Whisper sweet nothings in each other’s ears but not your account passwords
  • Share your hobbies and dreams, but keep your sensitive information private
  • Make new friends online but only as long as the conversation stays decent and non-intrusive
  • Use PIN or biometrics to lock your devices. Set autolock to 10 sec
  • Money attracts the attention of cyber criminals like nothing else. Avoid making online payments to help out a friend seemingly in distress, without consulting someone senior and trusted. Be judicious – do not share ATM PIN or credit card CVV number
  • Take time to decide whether or not you want to create a common social media account and avoid if possible. You wouldn’t have the control over posting
  • If your social media account is compromised, write a general post informing all about it, take screenshots of offending content and delete account
  • Use only secured devices with authentic software -This is to be implemented without fail by all family members

Isn’t it also a good time to talk to kids about real love – The love that isn’t limited to romance? Love is also when Mom gets up at midnight to make a studious child a cup of hot chocolate; when Dad forgoes his annual vacation plans to buy a collegian a dream laptop; when friends make plans to spend maximum time possible with a depressed friend; when a teacher spends extra time helping a child improve grades; when a 4-year old makes and proudly serves her Mom a cup of tea. Love is all that and more.

Recently Safer Internet Day was celebrated worldwide and I am really happy to note that not only security firms, government agencies and experts, but even schools, media and various NGOs showed support through activities, slogans, posts and discussions. Though the number is still insignificant, if you consider that we are a billion plus nation, it’s a start. Awareness of the issue and commitment to be a changemaker are the first two steps towards a positive digital life.

Here are some DIY ideas for your child for Valentine’s Day:

  1. Make cards for near and dear ones, showing appreciation and love
  2. Make and hang heart chains to decorate their rooms/the house
  3. Get flowers and chocolates for grandparents, domestic help, school bus drivers, canteen staff etc. to thank them for their support
  4. Compose poems and songs mentioning each loved one and sing it at the next social meet
  5. Visit a children’s hospital with parents and share cards and small gifts

These activities will not only boost their creativity and realization of real relationsships, but will also help them lead a balanced digital life.

Happy Valentine’s Day to you all!

The post What About a Heart-To-Heart Talk with Your Loved Ones This Valentine’s Day? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/what-about-a-heart-to-heart-talk-with-your-loved-ones-this-valentines-day/feed/ 0
Kicking off 2019 with Recognition Across the McAfee Portfolio https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/ https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/#respond Tue, 12 Feb 2019 14:00:01 +0000 https://securingtomorrow.mcafee.com/?p=94143

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude […]

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

]]>

It’s always great to start out a new year with recognition from our industry. We hear over and over from our customers that they are looking for us to help them overcome the complexity challenges that are inherent in building a resilient enterprise. This requires partnering with a vendor that delivers excellence across a multitude of technologies. Excellence that we believe is validated by our larger peer and analyst community.

We’ve just announced that McAfee was named a Gartner Peer Insights Customers’ Choice for another two technologies. Our customers have recognized us as a January 2019 Gartner Peer Insights Customers’ Choice for Secure Web Gateway for McAfee Web Protection, McAfee Web Gateway, and McAfee WebGateway Cloud Service. In addition, for the second year in a row McAfee’s MVISION Cloud (formerly McAfee Skyhigh Security Cloud) was named a January 2019 Gartner Peer Insights Customers’ Choice for Cloud Access Security Brokers. In 2018, McAfee was the only vendor named a Customers’ Choice in the Cloud Access Security Brokers market.

Our team at McAfee takes great pride in these distinctions, as customer feedback is essential in shaping our products and services. We put our customers at the core of everything we do and this shows pervasively across our portfolio. We believe our position as a Gartner Peer Insights Customers’ Choice for Secure Web Gateway, Data Loss Prevention, SIEM, Endpoint Protection and Cloud Access Security Broker (CASB) is a testament to the strength of our device-to-cloud strategy. This adds up to recognition’s in the last year in five different markets.

We also think it’s a signal of the way enterprises are approaching security – with the innovative technology solutions and integrated strategies that must evolve to fight a threat that is constantly evolving, too.

The post Kicking off 2019 with Recognition Across the McAfee Portfolio appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/kicking-off-2019-with-recognition-across-the-mcafee-portfolio/feed/ 0
The Exploit Model of Serverless Cloud Applications https://securingtomorrow.mcafee.com/business/cloud-security/the-exploit-model-of-serverless-cloud-applications/ https://securingtomorrow.mcafee.com/business/cloud-security/the-exploit-model-of-serverless-cloud-applications/#respond Mon, 11 Feb 2019 15:00:02 +0000 https://securingtomorrow.mcafee.com/?p=94091

Serverless platform-as-a-service (PaaS) offerings are being deployed at an increasing rate for many reasons. They relate to information in a myriad of ways, unlocking new opportunities to collect data, identify data, and ultimately find ways to transform data to value. Figure 1. Serverless application models. Serverless applications can cost-effectively reply and process information at scale, returning […]

The post The Exploit Model of Serverless Cloud Applications appeared first on McAfee Blogs.

]]>

Serverless platform-as-a-service (PaaS) offerings are being deployed at an increasing rate for many reasons. They relate to information in a myriad of ways, unlocking new opportunities to collect data, identify data, and ultimately find ways to transform data to value.

Figure 1. Serverless application models.

Serverless applications can cost-effectively reply and process information at scale, returning critical data models and transformations synchronously to browsers or mobile devices. Synchronous serverless applications unlock mobile device interactions and near-real-time processing for on-the-go insights.

Asynchronous serverless applications can create data sets and views on large batches of data over time. We previously needed to have every piece of data and run batch reports, but we now have the ability to stagger events, or even make requests, wait some time to check in on them, and get results that bring value to the organization a few minutes or an hour later.

Areas as diverse as tractors, manufacturing, and navigation are benefiting from the ability to stream individual data points and look for larger relationships. These streams build value out of small bits of data. Individually they’re innocuous and of minimal value, but together they provide new intelligence we struggled to capture before.

The key theme throughout these models is the value of the underlying data. Protecting this data, while still using it to create value becomes a critical objective for the cloud-transforming enterprise. We can start by looking at the model for how data moves into and out of the application. A basic access and data model illustrates the way the application, access medium, CSP provider security, and serverless PaaS application have to work together to balance protection and capability.

Figure 2. Basic access and data model for serverless applications.

A deeper exploration of the security environment—and the shared responsibility in cloud security—forces us to look more carefully at who is involved, and how each party in the cloud ecosystem is empowered to see potential threats to the environment, and to the transaction specifically. When we expand the access and data model to look at the activities in a modern synchronous serverless application, we can see how the potential threats expand rapidly.

Figure 3. Expanded access and data model for a synchronous serverless application.

Organizations using this common model for an integrated serverless PaaS application are also gaining information from infrastructure-as-a-service (IaaS) elements in the environment. This leads to a more specific view of the threats that exist:

Figure 4. Sample threats in a serverless application.

 

By pushing the information security team to more carefully and specifically consider the ways the application can be exploited, they can then take simple actions to ensure that both development activities and the architecture for the application itself offer protection. A few examples:

  • Threat: Network sniffing/MITM
  • Protection: High integrity TLS, with signed API requests and responses

 

  • Threat: Code exploit
  • Protection: Code review, and SAST/pen testing on regular schedule

 

  • Threat: Data structure exploit
  • Protection: API forced data segmentation and request limiting, managed data model

The organization first must recognize the potential risk, make it part of the culture to ask the question, “What threats to my data does my change or new widget introduce?” and make it an expectation of deployment that privacy and security demand a response.

Otherwise, your intellectual property may just become the foundation of someone else’s profit.

The post The Exploit Model of Serverless Cloud Applications appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/cloud-security/the-exploit-model-of-serverless-cloud-applications/feed/ 0
Roses Are Red, Violets Are Blue – What Does Your Personal Data Say About You? https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/personal-data-and-you/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/personal-data-and-you/#respond Mon, 11 Feb 2019 14:00:48 +0000 https://securingtomorrow.mcafee.com/?p=94098

A classic meet-cute – the moment where two people, destined to be together, meet for the first time. This rom-com cornerstone is turned on its head by Netflix’s latest bingeable series “You.” For those who have watched, we have learned two things. One, never trust someone who is overly protective of their basement. And two, […]

The post Roses Are Red, Violets Are Blue – What Does Your Personal Data Say About You? appeared first on McAfee Blogs.

]]>

A classic meet-cute – the moment where two people, destined to be together, meet for the first time. This rom-com cornerstone is turned on its head by Netflix’s latest bingeable series “You.” For those who have watched, we have learned two things. One, never trust someone who is overly protective of their basement. And two, in the era of social media and dating apps, it’s incredibly easy to take advantage of the amount of personal data consumers readily, and somewhat naively, share online and with the cloud every day.

We first meet Joe Goldberg and Guinevere Beck – the show’s lead characters – in a bookstore, she’s looking for a book, he’s a book clerk. They flirt, she buys a book, he learns her name. For all intents and purposes, this is where their story should end – but it doesn’t. With a simple search of her name, Joe discovers the world of Guinevere Beck’s social media channels, all conveniently set to public. And before we know it, Joe has made himself a figurative rear-window into Beck’s life, which brings to light the dangers of social media and highlights how a lack of digital privacy could put users in situations of unnecessary risk. With this information on Beck, Joe soon becomes both a physical and digital stalker, even managing to steal her phone while trailing her one day, which as luck would have it, is not password protected. From there, Joe follows her every text, plan and move thanks to the cloud.

Now, while Joe and Beck’s situation is unique (and a tad dramatized), the amount of data exposed via their interactions could potentially occur through another romantic avenue – online dating. Many millennial couples meet on dating sites where users are invited to share personal anecdotes, answer questions, and post photos of themselves. The nature of these apps is to get to know a stranger better, but the amount of personal information we choose to share can create security risks. We have to be careful as the line between creepy and cute quickly blurs when users can access someone’s every status update, tweet, and geotagged photo.

While “You” is an extreme case of social media gone wrong, dating app, social media, and cloud usage are all very predominant in 2019. Therefore, if you’re a digital user, be sure to consider these precautions:

  • Always set privacy and security settings. Anyone with access to the internet can view your social media if it’s public, so turn your profiles to private in order to have control over who can follow you. Take it a step further and go into your app settings to control which apps you want to share your location with and which ones you don’t.
  • Use a screen name for social media accounts. If you don’t want a simple search of your name on Google to lead to all your social media accounts, consider using a different variation of your real name.
  • Watch what you post. Before tagging your friends or location on Instagram and posting your location on Facebook, think about what this private information reveals about you publicly and how it could be used by a third-party.
  • Use strong passwords. In the chance your data does become exposed, or your device is stolen, a strong, unique password can help prevent your accounts from being hacked.
  • Leverage two-factor authentication. Remember to always implement two-factor authentication to add an extra layer of security to your device. This will help strengthen your online accounts with a unique, one-time code required to log in and access your data.
  • Use the cloud with caution. If you plan to store your data in the cloud, be sure to set up an additional layer of access security (one way of doing this is through two-factor authentication) so that no one can access the wealth of information your cloud holds. If your smartphone is lost or stolen, you can access your password protected cloud account to lock third-parties out of your device, and more importantly your personal data.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Roses Are Red, Violets Are Blue – What Does Your Personal Data Say About You? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/personal-data-and-you/feed/ 0
Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account https://securingtomorrow.mcafee.com/consumer/family-safety/valentines-alert-dont-let-scammers-break-your-heart-or-your-bank-account/ https://securingtomorrow.mcafee.com/consumer/family-safety/valentines-alert-dont-let-scammers-break-your-heart-or-your-bank-account/#respond Sat, 09 Feb 2019 15:02:17 +0000 https://securingtomorrow.mcafee.com/?p=94123

It’s hard to believe that as savvy as we’ve become about our tech, people are still getting catfished, scammed, and heartbroken in their pursuit of love online. The dinner conversation between bystanders goes something like this: “How could anyone be so dumb? Seriously? If they are going to be that reckless and uninformed, then maybe […]

The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blogs.

]]>

Online Dating ScamsIt’s hard to believe that as savvy as we’ve become about our tech, people are still getting catfished, scammed, and heartbroken in their pursuit of love online.

The dinner conversation between bystanders goes something like this: “How could anyone be so dumb? Seriously? If they are going to be that reckless and uninformed, then maybe they deserve what they got!”

Some friends and I recently had a similar conversation about online dating scams. I noticed, however, that one friend, Sarah*, wasn’t so eager to jump into the conversation. She shrunk back in the booth and quietly sipped her margarita. Only later did she share her story with me.

The power of love

A single mom in her late 40s, well-educated, and attractive, Sarah’s teenager had convinced her to join a dating site the year before. She was especially lonely after her divorce three years earlier, so she agreed to create a profile on a popular dating app. After a handful of dates fell flat, she found Scott. He was charismatic, kind. “We had an instant connection,” according to Sarah. They spent hours on the phone sharing their deepest secrets and even started imagining a future together. But after about three months, Scott fell on hard times. At first, he needed to borrow $400 to pay for airfare to visit a dying relative, which he paid back immediately. Over the next few months, the numbers grew to $1,000 for rent and $3,000 for a business venture.

Online Dating Scams

Before long, Sarah had loaned her new love over $8,500. When she pressed him to repay the money, Scott ghosted Sarah online, moved out of town, and she never saw him again. My friend didn’t share her story with many people. She didn’t report it. She was too embarrassed and humiliated and even became depressed following what she calls “the Scott scam.” Her trust in other people and in love itself has been obliterated.

Sarah’s story doesn’t just echo that of desperate, clueless people, or lonely older women. Scammers are targeting good people who still believe in and value love and companionship. The pursuit of love online extends to adults as well as teens.

Confidence Fraud

Law enforcement calls these kinds of online romance scams confidence fraud because scammers will take a considerable amount of time gaining the trust and confidence of their victims. They will appear empathetic and supportive as they gather personal information they can use over time to carry out their scam.

According to the Federal Bureau of Investigation (FBI) confidence fraud has jumped 20% in the past year despite reports and warnings — especially around this time of year.

The FBI’s Internet Crime Complaint Center (IC3) reports that romance scams top all other financial online crimes. In 2016, people reported almost 15,000 romance scams to IC3 (nearly 2,500 more than the previous year), with losses exceeding $230 million.

Tips for Safe Online Dating

Never send money. Be it a romantic relationship you’ve engaged with or a phishing email, no matter the sob story, do not send money to anyone online. If you do send money, put a loan agreement in place that is legally enforceable should one party default.

Suspicious behavior. If someone promises to meet you somewhere but keeps canceling or if he or she refuses to video chat, those are red flags. Technology means anyone from anywhere in the world can successfully maintain a scam.Online Dating Scams

Take things slow. If someone is pushing the pace of a relationship or too quick to declare love and talk about the future, pause and assess the situation.

Do a background check. Love is a powerful force and can easily cloud a person’s correct understanding of reality. If you dare to create a dating profile, make a deal with yourself that you will extend the same courage to doing a background check on someone.

Be a sleuth. Don’t be afraid to gather facts on someone you’ve met online. Simple steps such as Googling the person’s name or dropping their photo in Google’s Reverse Image Search will help you get a better understanding of a person. Have faith: Good, legitimate people do exist. However, if there’s anything dubious, it’s best to find it out earlier rather than later. Part of doing your homework is tracking down mutual friends and making inquiries about the person you are talking with online.

Keep your social profiles private. Experts agree that you should edit your online footprint before you start dating people you’ve met online. Making your Instagram, Twitter, and Facebook private will guard you against potential.

Never send racy photos. Some scammers gain the confidence of their victims with every intention of extorting them in the future. They will threaten to send any racy photos with your family, friends, or business associates. The best way to avoid this is to never, ever send racy photos to anyone.Online Dating Scams

Google yourself, restrict info. Google yourself to see if there are any digital breadcrumbs that give away your home address or phone number. If possible, delete or revise that info. Likewise, go through your social accounts and remove any personal information you’ve shared in the past. Digital stalking is a risk for people who date online so turn off GPS on your dating apps and make sure your profile information is vague. Even if you get comfortable online with others, never get too comfortable since apps have privacy loopholes that can easily be exploited by hackers.

Take solid precautions. Enlist at least one friend as your dating safety pal. This will be the person who knows where you are going, who you will be with, and the background on the person you are meeting. Ask that person to check in with you during the date and carry pepper spray or a taser for physical protection. Go the extra step and turn on your Friend Finder or a location app that allows safety friend to track your whereabouts during a date.

*Names have been changed

The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/valentines-alert-dont-let-scammers-break-your-heart-or-your-bank-account/feed/ 0
How Online Gamers Can Play It Safe https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/#respond Fri, 08 Feb 2019 23:23:47 +0000 https://securingtomorrow.mcafee.com/?p=94146

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk. From malware and phishing scams, to phony […]

The post How Online Gamers Can Play It Safe appeared first on McAfee Blogs.

]]>

Online gaming has grown exponentially in recent years, and scammers have taken note. With the industry raking in over $100 billion dollars in 2017 alone[1], the opportunity to funnel some money off through fraud or theft has proven irresistible to the bad guys, leaving gamers at greater risk.

From malware and phishing scams, to phony game hacks, identity theft, and more, gamers of all stripes now face a minefield of obstacles online and in real life. So, if you’re going to play games, it’s best to play it safe.

Here’s what to look out for:

Dodgy Downloads

Gamers who play on their computer or mobile device need to watch out for dangerous links or malicious apps disguised as popular or “free” games. Hackers often use innocent-looking downloads to deliver viruses and spyware, or even sign you up for paid services, without your consent. In one prominent case, more than 2.6 million Android users downloaded fake Minecraft apps that allowed hackers to take control of their devices.

Researchers have even discovered a ransomware threat that targets gamers. TeslaCrypt was designed to encrypt game-play data until a ransom is paid. Originally distributed through a malicious website, it has since been circulating via spam.

And while it’s true that game consoles like PlayStation and Xbox aren’t as vulnerable to viruses, since they are closed systems, that doesn’t mean that their users don’t face other risks.

Social Scams

Players on any platform could wind up with malware, sent directly from other players via chat messages. Some scammers use social engineering tricks, like inviting other players to download “helpful” tools that turn out to be malware instead. When you consider that 62% of kids play games where they speak to others, the odds of a risky interaction with a stranger seems quite real.

Players of the Origin and Steam services, for instance, were targeted by hackers posing as other players, inviting them to play on their teams. Over chat message, they suggested the players download an “audio tool” that turned out to be a keystroke logger, aimed at stealing their access credentials for the game.

Other social scams include malicious YouTube videos or websites, offering game bonuses and currency, for free.

Another widespread social threat is account takeover, or ATO for short. This is when a scammer hacks a real account in order to post spammy links, and scam messages that appear to come from a trusted contact. Some accounts, for games like League of Legends, have even been stolen and sold online for money because they boasted a high level, or rare skins.

Phishing

Finally, be on the lookout for phishing websites, offering free games or bonuses, or phishy emails prompting you to login to your account, with a link leading to a copycat gaming site. Often, these are designed to steal your login credentials or distribute fake games that contain malware.

Players of the wildly popular Fortnite, for example, have been particularly targeted. The latest phishing scam is aimed at stealing the third-party sign-in tokens that allow cybercriminals to access a user’s account, and the payment details associated with it.

So now that you know about a little more about gaming threats, here’s how to win at playing it safe:

  1. Do Your Research—Before downloading any games from the Internet or app stores, make sure to read other users’ reviews first to see that they are safe. This also goes for sites that sell game hacks, credits, patches, or virtual assets typically used to gain rank within a game. Avoid illegal file-sharing sites and “free” downloads, since these are often peppered with malware. It’s always best to go for a safer, paid option from a reputable source.
  2. Play Undercover— Be very careful about sharing personal information, in both your profile information, and your chat messages. Private information, such as your full name, address, pet’s name, school, or work details, could be used to guess your account password clues, or even impersonate you. Consider playing under an alias.
  3. Be Suspicious—Since scammers use the social aspect of games to fool people, you need to keep your guard up when you receive messages from strangers, or even read reviews.
    Some YouTube and social media reviews are placed there to trick users into thinking that the game or asset is legitimate. Dig deep, and avoid looking for free hacks. Ask gamers you know in real life for recommendations that worked for them.
  4. Protect Yourself—Avoid using older versions of games, and make sure that games you do play are updated with patches and fixes. And if you think a gaming account may already have been compromised, change your passwords immediately to something unique and complex.Safeguard your computers and devices from known and emerging threats by investing in comprehensive security software, and keep yourself up-to-date on the latest scams.

Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.

[1]According to The 2017 Year In Review Report by SuperData

The post How Online Gamers Can Play It Safe appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/how-online-gamers-can-play-it-safe/feed/ 0
Your Mobile Phone: Friend or Foe? https://securingtomorrow.mcafee.com/business/endpoint-security/your-mobile-phone-friend-or-foe/ https://securingtomorrow.mcafee.com/business/endpoint-security/your-mobile-phone-friend-or-foe/#respond Wed, 06 Feb 2019 16:00:29 +0000 https://securingtomorrow.mcafee.com/?p=93999

Where would we be without our mobile phones?  Our kids, boss, friends – so many people reach out to us via our mobile phone.  And unfortunately, hackers have also started reaching out – in major ways. The severity of attacks on mobile devices is often underestimated. It is now common to have employees use their […]

The post Your Mobile Phone: Friend or Foe? appeared first on McAfee Blogs.

]]>

Where would we be without our mobile phones?  Our kids, boss, friends – so many people reach out to us via our mobile phone.  And unfortunately, hackers have also started reaching out – in major ways. The severity of attacks on mobile devices is often underestimated. It is now common to have employees use their phones for work-related tasks when they are not within the perimeter of their corporate firewall, giving cybercriminals the opportunity to access sensitive information if and when they hack into an employee’s phone. Let’s take a closer look at some of the common mobile threats that put your business at risk and how to prevent them.

App-Based Threats

Although new mobile malware declined by 24% in Q3 2018, per our latest Quarterly Threats Report, app-based threats still dominate the threat landscape. Malicious actors use social engineering techniques by asking users to update their applications by uninstalling the real app and re-installing a malicious one. With one click, malware can be installed on your mobile device.

Many app-based threats can evolve into more insidious attacks and can go beyond exploiting your personal information. An attacker’s initial goal is to get access and all they need is one vulnerable employee to fall victim to an app-based threat. Once the attacker gains access to an employee’s personally identifiable information (PII) or credentials, they can hijack accounts, impersonate the employee, and trick other employees into divulging even more sensitive corporate data.

Late last year, the McAfee Mobile Research team discovered an active phishing campaign that uses text messages (SMS) to trick users into downloading and installing a fake voice-message app. The app allowed cybercriminals to use infected devices as network proxies without the users’ knowledge.

This year, we expect to see an increase in underground discussions on mobile malware—mostly focused on Android—regarding botnets, banking fraud, ransomware, and bypassing two-factor authentication security.

Risky Wi-Fi Networks

Using public Wi-Fi is one of the most common attack vectors for cybercriminals today. With free public Wi-Fi widely available in larger cities, it has become a convenient way to access online accounts, check emails, and catch up on work while on the go. The industry has seen network spoofing increase dramatically in the past year. To put this into perspective, picture a hacker setting up a rogue access point in a public place like your local bank. A hacker will wait for you to connect to Wi-Fi that you think is a trusted network. Once the hacker gains access, they’re connected to your mobile device. They’ll watch remotely as you access sensitive information, revealing log-in credentials, confidential documents, and more.

Whether you are at home or working remotely, network security needs to be a high priority.

Device Attacks

Cybercriminals have various ways of enticing users to install malware on their mobile devices. Ad and click fraud is a growing concern for device attacks, where criminals can gain access to a company’s internal network by sending an SMS phish. These types of phishing attempts may start as adware, but can easily spread to spyware to the entire botnet.

Another growing concern with mobile device threats is when malware is hidden in other IoT devices and the information obtained by the hacker can be used as an entry point to your mobile device or your company network. With IoT malware families rapidly being customized and developed, it’s important for users to be aware and know how to protect themselves.

How to Better Protect Your Mobile Device

 

Mobile devices have all the organizational information that traditional endpoints have. McAfee® MVISION Mobile lets you protect against threats to your employees and your data on iOS and Android devices like you do on your PCs. With MVISION Mobile, you can manage the defense of your mobile devices alongside your PCs, IoT devices, servers, and cloud workloads inside McAfee ePolicy Orchestrator (McAfee ePO) with unified visibility into threats, integrated compliance reporting, and threat response orchestration.

The most comprehensive mobile device security is on the device itself, and MVISION Mobile delivers unparalleled on-device protection. Visit our web site for more information, and a product tour.

The post Your Mobile Phone: Friend or Foe? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/endpoint-security/your-mobile-phone-friend-or-foe/feed/ 0
Should you pull your smart plug? https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/should-you-pull-your-smart-plug-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/should-you-pull-your-smart-plug-2/#respond Tue, 05 Feb 2019 17:00:50 +0000 https://securingtomorrow.mcafee.com/?p=94030

While some may think, “why would I need my toaster to connect to the internet,” smart home devices continue to become more and more popular. In fact, a recent study by Intel found that by 2025, 71% of Americans will have at least one smart device in their home. For many that aren’t ready to […]

The post Should you pull your smart plug? appeared first on McAfee Blogs.

]]>

While some may think, “why would I need my toaster to connect to the internet,” smart home devices continue to become more and more popular. In fact, a recent study by Intel found that by 2025, 71% of Americans will have at least one smart device in their home. For many that aren’t ready to replace their favorite “dumb” appliances, smart plugs are an easy and affordable way to connect anything. But, do they leave your virtual “front door” wide open for cybercriminals? 

In the latest episode of “Hackable?” our host Geoff Siskind and the team investigate just how risky smart plugs are for homeowners. Can just one weak link compromise your entire home network? To find out, Geoff invites a white-hat to hack the smart plug in his studio. Learn if your smart home and devices are at risk.      
 

Listen now to the award-winning podcast “Hackable?” on Apple Podcasts!     

 

 


The post Should you pull your smart plug? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/should-you-pull-your-smart-plug-2/feed/ 0
Should you pull your smart plug? https://securingtomorrow.mcafee.com/consumer/should-you-pull-your-smart-plug/ https://securingtomorrow.mcafee.com/consumer/should-you-pull-your-smart-plug/#respond Tue, 05 Feb 2019 17:00:30 +0000 https://securingtomorrow.mcafee.com/?p=94026

While some may think, “why would I need my toaster to connect to the internet,” smart home devices continue to become more and more popular. In fact, a recent study by Intel found that by 2025, 71% of Americans will have at least one smart device in their home. For many that aren’t ready to […]

The post Should you pull your smart plug? appeared first on McAfee Blogs.

]]>

While some may think, “why would I need my toaster to connect to the internet,” smart home devices continue to become more and more popular. In fact, a recent study by Intel found that by 2025, 71% of Americans will have at least one smart device in their home. For many that aren’t ready to replace their favorite “dumb” appliances, smart plugs are an easy and affordable way to connect anything. But, do they leave your virtual “front door” wide open for cybercriminals? 

In the latest episode of “Hackable?” our host Geoff Siskind and the team investigate just how risky smart plugs are for homeowners. Can just one weak link compromise your entire home network? To find out, Geoff invites a white-hat to hack the smart plug in his studio. Learn if your smart home and devices are at risk.      
 

Listen now to the award-winning podcast “Hackable?” on Apple Podcasts!     

 

 


The post Should you pull your smart plug? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/should-you-pull-your-smart-plug/feed/ 0
Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/ https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/#respond Tue, 05 Feb 2019 15:00:38 +0000 https://securingtomorrow.mcafee.com/?p=93996

Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared. “Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to […]

The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.

]]>

Patrick Butler, CEO of the Australian cybersecurity firm Loop Secure, is excited about how the cloud is growing his business. His clients are enthused too by the tremendous opportunities and advantages the cloud presents. They’re also a little scared.

“Every year more companies are digitizing all aspects of their business—from manufacturing plants coming online to new ways of serving up information to customers,” says Butler, whose firm provides a full range of cybersecurity services, from one-time red team engagements to managing security operations, primarily for midsize enterprises. “It’s exciting what technology can do to transform what we do with computers. … We’re seeing a huge uptake in collaboration technology, with a lot of customers moving to AWS [Amazon Web Services].”

But Butler acknowledges his clients’ fears—putting sensitive data in the cloud introduces new risks. “Our job is to help customers leverage digital transformation positively without having to worry about the risks, [such as] breaches and brand reputation damage,” he says. “We’ve had to focus on how we protect them in [the cloud and] those areas of their business—areas that have traditionally been quite dark.”

The Challenge of Securing the Cloud

“Setting up security for the cloud can be quite technical,” Butler explains. “There are a lot of configuration options. … Yes, the cloud brings a lot of speed and scale, but one wrong configuration and suddenly you have an AWS S3 bucket available to the broader public with all of your confidential information on it. The cloud brings benefits, but it also brings new and different risks.”

Confidently Securing the Cloud with Help from McAfee

As one of the longest-running cybersecurity companies in Australia, Loop Secure has been a McAfee partner for over a decade. For its clients moving operations into the cloud, the firm primarily uses McAfee solutions to help them reach their security objectives—easily and effectively. For instance, for a midsize services client, Loop Secure implemented McAfee® Virtual Network Security Platform (McAfee vNSP), a complete network threat and intrusion prevention system (IPS) built for the unique demands of private and public clouds. Using McAfee vNSP allowed the company to apply the same robust security policies to endpoints within AWS as on premises.

“What McAfee brings to the table is a comprehensive portfolio, scale, and focus,” Butler explains. “Like us, McAfee focuses only on cybersecurity. That’s important. … To us, the McAfee ‘Together is Power’ mantra means that with McAfee we have a broader team—our people plus McAfee people and products—all dedicated to keeping our clients’ data and environments safe.”

Many of Butler’s clients use McAfee endpoint, networking, and/or web protection solutions and McAfee ePolicy Orchestrator® (McAfee ePO™). In the near future, Butler looks forward to offering them McAfee MVISION, an innovative, integrated, open system from device to cloud. McAfee MVISION could simplify security for these Loop Secure customers by providing consolidated visibility, comprehension, and control across their entire digital estate.

With the acceleration of cloud adoption by its clients and McAfee’s device-to-cloud approach, “The future’s pretty exciting for both us and McAfee,” Butler says.

View below for a short video interview with Patrick Butler. Get your questions answered by tweeting @McAfee_Business.

The post Australian Cybersecurity Firm Experiences Exciting Times as Clients’ Shift to Cloud Accelerates appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/australian-cybersecurity-firm-experiences-exciting-times-as-clients-shift-to-cloud-accelerates/feed/ 0
Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/#respond Tue, 05 Feb 2019 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=94069

Integration: it seems to be all the rage. As technology becomes more sophisticated, we sprint to incorporate these new innovations into our everyday lives. But as we celebrate Safer Internet Day, one can’t help but wonder, is all integration good when it comes to information shared online? Major privacy concerns have been raised surrounding Facebook’s […]

The post Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety appeared first on McAfee Blogs.

]]>

Integration: it seems to be all the rage. As technology becomes more sophisticated, we sprint to incorporate these new innovations into our everyday lives. But as we celebrate Safer Internet Day, one can’t help but wonder, is all integration good when it comes to information shared online? Major privacy concerns have been raised surrounding Facebook’s recent plans to merge Messenger, WhatsApp, and Instagram. This integration will allow cross-messaging between the three platforms (which will all still operate as standalone apps), so users could talk to their Messenger-only friends without leaving WhatsApp.

While Facebook’s plans to merge the messaging platforms are not yet finalized, the company is in the process of rebuilding the underlying infrastructure so that users who might utilize only one of the apps will be able to communicate with others within the company’s ecosystem. Facebook plans to include end-to-end encryption for the apps, ensuring that only the participants of a conversation can view the messages being sent. By allowing each app to speak to one another across platforms, Facebook hopes users become more engaged and use this as their primary messaging service.

But Facebook’s messaging changes have greater implications for online safety as consumers become more protective of their data. For example, WhatsApp only requires a phone number to sign up for the app while Facebook asks users to verify their identities. Will this force more data to be shared with WhatsApp, or will its encryption become less secure? While nothing has been finalized, it’s important for users to think about how the information they share online could be affected by this merge.

Although the internet has paved the way for advancements in social media and technology in general, users need to make sure they’re aware of the potential risks involved. And while this merge hasn’t happened yet, Safer Internet Day helps remind us to make good choices when it comes to browsing online. Following these tips can help keep you and your data safe and secure:

  • Get selective about what you share. Although social media is a great way to keep your friends and family in the loop on your daily life, be conservative about the information you put on the internet. Additionally, be cautious of what you send through messaging platforms, especially when it comes to your personally identifiable information.
  • Update your privacy settings. To make sure that you’re sharing your status with just your intended audience, check your privacy settings. Choose which apps you wish to share your location with and turn your profiles to private if you don’t want all users to have access to your information.
  • Keep your apps up-to-date. Keeping your social media apps updated can prevent exposure to threats brought on by software bugs. Turn on automatic updates so you always have the latest security patches, and make sure that your security software is set to run regular scans.
  • Click with caution. Cybercriminals can leverage social media messaging to spread phishing links. Don’t interact with users or messages that seem suspicious and keep your guard up by blocking unfamiliar users who try to send you sketchy content.
  • Stay secure while you browse online. Security solutions like McAfee WebAdvisor can help block malware and phishing sites if you accidentally click on a malicious link. This can help protect you from potential threats when you access your social channels from a desktop or laptop.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Facebook’s Plans to Merge Messaging Platforms: What This Means for Online Safety appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/facebook-messaging-merge/feed/ 0
Safer Internet Day 2019 – Together for a Better Internet https://securingtomorrow.mcafee.com/consumer/safer-internet-day-2019/ https://securingtomorrow.mcafee.com/consumer/safer-internet-day-2019/#respond Tue, 05 Feb 2019 00:15:17 +0000 https://securingtomorrow.mcafee.com/?p=94075

What You Can Do Today to Help Create a Better Internet   Today is Safer Internet Day (SID) – an annual worldwide event to encourage us all to work together to create a better internet. Celebrated globally in over 130 countries, SID is an opportunity for millions of people worldwide to come together to inspire […]

The post Safer Internet Day 2019 – Together for a Better Internet appeared first on McAfee Blogs.

]]>

What You Can Do Today to Help Create a Better Internet

 

Today is Safer Internet Day (SID) – an annual worldwide event to encourage us all to work together to create a better internet. Celebrated globally in over 130 countries, SID is an opportunity for millions of people worldwide to come together to inspire positive change and raise awareness about the importance of online safety.

The theme for 2019 is: ‘Together for a Better Internet’ which I believe is a timely reminder of the importance of us all working together if we are serious about making the internet a safer place. Whether we are parents, carers, teachers or just avid users, we all have a part to play.

The 4R’s of Online Safety

In order to make a positive change to our online world, this year we are being encouraged to focus on four critical skills that many experts believe will help us all (especially our kids) better navigate the internet and create a more positive online environment. Let’s call them the 4R’s of online safety: Respect, Responsibility, Reasoning and Resilience. So, here is my advice on what we can do to try and incorporate these four important skills into our family’s digital lives

  1. Respect – ‘I treat myself and others the way I like to be treated’

I firmly believe that having respect for others online is critical if we are going to foster a safer and more supportive internet for our children and future generations. While many parents realise that our constant reminders about the importance of good manners and respect must also now be extended to include the online world, not everyone is on the same page.

Keyboard warriors who fire off abusive comments online, or harass and troll others clearly do not have any notion of online respect. Online actions can have serious real-world implications. In fact, online actions can often have more significant implications as the dialogue is not just contained to a few, rather it is witnessed by everyone’s online friends which could stretch into the 1000’s. Such public exchanges then create the opportunity for commentary which often further magnifies the hurt and fallout.

It is therefore essential that we have very direct conversations with our children about what is and isn’t appropriate online. And if there is even any confusion, always revert to one of my favourite lessons from my Sunday School days: treat others how you would like to be treated yourself.

  1. Responsibility – ‘I am accountable for my actions and I take a stand when I feel something is wrong’

In my opinion, teaching our kids online responsibility is another important step in making the internet a better place. Ensuring our kids understand that they are not only responsible but accountable for their behaviour is essential. If they harass or bully others online, or are involved in sending inappropriate pics, there are consequences that could quite possible include interactions with the police department.

But being responsible online also means getting involved if you feel something isn’t right. Whether a mate is on the receiving end of online harassment or a cruel joke, getting involved and telling the perpetrator that their behaviour ‘isn’t cool’ is essential.

  1. Reasoning – ‘I question what is real’

Teaching our kids to think critically is an essential survival skill for our kids in our content-driven online world. We need our kids to question, analyse and verify online content. They need to be able to identify reputable and credible sources and think carefully before they share and digest information.

The best thing we can do as parents is challenge our kids and get them thinking! If for example, your child is researching online for a school assignment then get them thinking. Ask them what agenda the author of the article has. Ask them whether there is a counter argument to the one laid out in the article. Ask them whether the source sharing the information is trustworthy. The aim is to teach them to question and not take anything they find online at face value.

  1. Resilience – ‘I get back up from tough situations’

Unfortunately, the chances that your child will experience some challenges online is quite high. Whether someone posts a mean comment, they are harassed, or worst case, cyberbullied – these nasty online interactions can really hurt.

Ensuring your kids know that they can come to you about any issue they experience is essential. And you need to repeat this to them regularly, so they don’t forget! And if your child does come to you with a problem they experienced online, the worst thing you can do is threaten to disconnect them. If you do this, I guarantee you that they will never share anything else with you again.

In 2014, Parent Zone, one of the UK’s leading family digital safety organisations collaborated with the Oxford Internet Institute to examine ways to build children’s online resilience. The resulting report, A Shared Responsibility: Building Children’s Online Resilience, showed that unconditional love and respect from parents, a good set of digital skills plus the opportunity for kids to take risks and develop strategies in the online world – without being overly micro-managed by their parents – were key to building online resilience.

So, love them, educate them and give them some independence so they can start to take some small risks online and start developing resilience.

What Can You Do this Safer Internet Day?

Why not pledge to make one small change to help make the internet a better place this Safer Internet Day? Whether it’s modelling online respect, reminding your kids of their online responsibilities, challenging them to demonstrate reasoning when assessing online content or working with them to develop online resilience, just a few small steps can make a positive change.

 

 

 

 

 

The post Safer Internet Day 2019 – Together for a Better Internet appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/safer-internet-day-2019/feed/ 0
MalBus: Popular South Korean Bus App Series in Google Play Found Dropping Malware After 5 Years of Development https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/malbus-popular-south-korean-bus-app-series-in-google-play-found-dropping-malware-after-5-years-of-development/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/malbus-popular-south-korean-bus-app-series-in-google-play-found-dropping-malware-after-5-years-of-development/#respond Mon, 04 Feb 2019 18:00:12 +0000 https://securingtomorrow.mcafee.com/?p=94034

McAfee’s Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total […]

The post MalBus: Popular South Korean Bus App Series in Google Play Found Dropping Malware After 5 Years of Development appeared first on McAfee Blogs.

]]>

McAfee’s Mobile Research team recently learned of a new malicious Android application masquerading as a plugin for a transportation application series developed by a South Korean developer. The series provides a range of information for each region of South Korea, such as bus stop locations, bus arrival times and so on. There are a total of four apps in the series, with three of them available from Google Play since 2013 and the other from around 2017. Currently, all four apps have been removed from Google Play while the fake plugin itself was never uploaded to the store. While analyzing the fake plugin, we were looking for initial downloaders and additional payloads – we discovered one specific version of each app in the series (uploaded at the same date) which was dropping malware onto the devices on which they were installed, explaining their removal from Google Play after 5 years of development.

Figure 1. Cached Google Play page of Daegu Bus application, one of the apps in series

When the malicious transportation app is installed, it downloads an additional payload from hacked web servers which includes the fake plugin we originally acquired. After the fake plugin is downloaded and installed, it does something completely different – it acts as a plugin of the transportation application and installs a trojan on the device, trying to phish users to input their Google account password and completely take control of the device. What is interesting is that the malware uses the native library to take over the device and also deletes the library to hide from detection. It uses names of popular South Korean services like Naver, KakaoTalk, Daum and SKT. According to our telemetry data, the number of infected devices was quite low, suggesting that the final payload was installed to only a small group of targets.

The Campaign

The following diagram explains the overall flow from malware distribution to device infection.

Figure 2. Device infection process

When the malicious version of the transportation app is installed, it checks whether the fake plugin is already installed and, if not, downloads from the server and installs it. After that, it downloads and executes an additional native trojan binary which is similar to the trojan which is dropped by the fake plugin. After everything is done, it connects with the C2 servers and handles received commands.

Initial Downloader

The following table shows information about the malicious version of each transportation app in the series. As the Google Play number of install stats shows, these apps have been downloaded on many devices.

Unlike the clean version of the app, the malicious version contains a native library named “libAudio3.0.so”.

Figure 3. Transportation app version with malicious native library embedded

In the BaseMainActivity class of the app, it loads the malicious library and calls startUpdate() and updateApplication().

Figure 4. Malicious library being loaded and executed in the app

startUpdate() checks whether the app is correctly installed by checking for the existence of a specific flag file named “background.png” and whether the fake plugin is installed already. If the device is not already infected, the fake plugin is downloaded from a hacked web server and installed after displaying a toast message to the victim. updateApplication() downloads a native binary from the same hacked server and dynamically loads it. The downloaded file (saved as libSound1.1.so) is then deleted after being loaded into memory and, finally, it executes an exported function which acts as a trojan. As previously explained, this file is similar to the file dropped by the fake plugin which is discussed later in this post.

Figure 5 Additional payload download servers

Fake Plugin

The fake plugin is downloaded from a hacked web server with file extension “.mov” to look like a media file. When it is installed and executed, it displays a toast message saying the plugin was successfully installed (in Korean) and calls a native function named playMovie(). The icon for the fake plugin soon disappears from the screen. The native function implemented in LibMovie.so, which is stored inside the asset folder, drops a malicious trojan to the current running app’s directory masquerading as libpng.2.1.so file. The dropped trojan is originally embedded in the LibMovie.so xor’ed, which is decoded at runtime. After giving permissions, the address of the exported function “Libfunc” in the dropped trojan is dynamically retrieved using dlsym(). The dropped binary in the filesystem is deleted to avoid detection and finally Libfunc is executed.

Figure 6 Toast message when malware is installed

In the other forked process, it tries to access the “naver.property” file on an installed SD Card, if there is one, and if it succeeds, it tries starting “.KaKaoTalk” activity which displays a Google phishing page (more on that in the next section) . The overall flow of the dropper is explained in the following diagram:

Figure 7. Execution flow of the dropper

Following is a snippet of a manifest file showing that “.KaKaoTalk” activity is exported.

Figure 8. Android Manifest defining “.KaKaoTalk” activity as exported

Phishing in JavaScript

KakaoTalk class opens a local HTML file, javapage.html, with the user’s email address registered on the infected device automatically set to log into their account.

Figure 9. KakaoTalk class loads malicious local html file

The victim’s email address is set to the local page through a JavaScript function setEmailAddress after the page is finished loading. A fake Korean Google login website is displayed:

Figure 10. The malicious JavaScript shows crafted Google login page with user account

We found the following attempts of exploitation of Google legitimate services by the malware author:

  • Steal victim’s Google account and password
  • Request password recovery for a specific account
  • Set recovery email address when creating new Google account

An interesting element of the phishing attack is that the malware authors tried to set their own email as the recovery address on Google’s legitimate services. For example, when a user clicks on the new Google account creation link in the phishing page, the crafted link is opened with the malware author’s email address as a parameter of RecoveryEmailAddress.

Figure 11. The crafted JavaScript attempts to set recovery email address for new Google account creation.

Fortunately for end users, none of the above malicious attempts are successful. The parameter with the malware author’s email address is simply ignored at the account creation stage.

Trojan

In addition to the Google phishing page, when “Libfunc” function of the trojan (dropped by the fake plugin or downloaded from the server) is executed, the mobile phone is totally compromised. It receives commands from the following hardcoded list of C2 servers. The main functionality of the trojan is implemented in a function called “doMainProc()”. Please note that there are a few variants of the trojanwith different functionality but, overall, they are pretty much the same.

Figure 12. Hardcoded list of C2 servers

The geolocation of hardcoded C2 servers lookslike the following:

Figure 13. Location of C2 Servers

Inside doMainProc(), the trojan receives commands from the C2 server and calls appropriate handlers. Part of the switch block below gives us an idea of what type of commands this trojan supports.

Figure 14. Subset of command handlers implemented in the dropped trojan.

As you can see, it has all the functionality that a normal trojan has. Downloading, uploading and deleting files on the device, leaking information to a remote server and so on. The following table explains supported C2 commands:

Figure 15. C2 Commands

Before entering the command handling loop, the trojan does some initialization, like sending device information files to the server and checking the UID of the device. Only after the UID checking returns a 1 does it enter the loop.

Figure 16 Servers connected before entering command loop

Among these commands, directory indexing in particular is important. The directory structure is saved in a file named “kakao.property” and while indexing the given path in the user device, it checks the file with specific keywords and if it matches, uploads the file to the remote upload server. These keywords are Korean and its translated English version is as per the following table:

Figure 17 Search file keywords

By looking at the keywords we can anticipate that the malware authors were looking for files related to the military, politics and so on. These files are uploaded to a separate server.

Figure 18 Keyword matching file upload server

Conclusion

Applications can easily trick users into installing them before then leaking sensitive information. Also, it is not uncommon to see malware sneaking onto the official Google Play store, making it hard for users to protect their devices. This malware has not been written for ordinary phishing attempts, but rather very targeted attacks, searching the victim’s devices for files related to the military and politics, likely trying to leak confidential information. Users should always install applications that they can fully trust even though they are downloaded from trusted sources.

McAfee Mobile Security detects this threat as Android/MalBus and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit https://www.mcafeemobilesecurity.com.

Hashes (SHA-256)

Initial Downloader (APK)
• 19162b063503105fdc1899f8f653b42d1ff4fcfcdf261f04467fad5f563c0270
• bed3e665d2b5fd53aab19b8a62035a5d9b169817adca8dfb158e3baf71140ceb
• 3252fbcee2d1aff76a9f18b858231adb741d4dc07e803f640dcbbab96db240f9
• e71dc11e8609f6fd84b7af78486b05a6f7a2c75ed49a46026e463e9f86877801

Fake Plugin (APK)
• ecb6603a8cd1354c9be236a3c3e7bf498576ee71f7c5d0a810cb77e1138139ec
• b8b5d82eb25815dd3685630af9e9b0938bccecb3a89ce0ad94324b12d25983f0

Trojan (additional payload)
• b9d9b2e39247744723f72f63888deb191eafa3ffa137a903a474eda5c0c335cf
• 12518eaa24d405debd014863112a3c00a652f3416df27c424310520a8f55b2ec
• 91f8c1f11227ee1d71f096fd97501c17a1361d71b81c3e16bcdabad52bfa5d9f
• 20e6391cf3598a517467cfbc5d327a7bb1248313983cba2b56fd01f8e88bb6b9

The post MalBus: Popular South Korean Bus App Series in Google Play Found Dropping Malware After 5 Years of Development appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/malbus-popular-south-korean-bus-app-series-in-google-play-found-dropping-malware-after-5-years-of-development/feed/ 0
California Consumer Privacy Act https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/ https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/#respond Mon, 04 Feb 2019 14:00:17 +0000 https://securingtomorrow.mcafee.com/?p=93964

This blog was written by Gerald Jones Jr. More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights. Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of […]

The post California Consumer Privacy Act appeared first on McAfee Blogs.

]]>

This blog was written by Gerald Jones Jr.

More sweeping privacy law changes are on the horizon as California law overhauls consumer protection and privacy rights.

Shortly after the European Union’s watershed General Data Protection Regulation (GDPR) enforcement began on May 25, 2018, California passed its own privacy bill, the California Consumer Privacy Act of 2018 (CCPA), in June. Amid pressure to act or swallow a more stringent bill initiated by a private California resident, the CCPA broadens the scope of privacy rights for Californians. It includes data access rights and a limited private right of action, or the right to file a lawsuit.

The CCPA takes effect in January 2020 (or July 2020, if the California Attorney General implements additional regulations) and is widely regarded as the foremost privacy law in the United States. Yet the CCPA may have broader implications. The range of companies falling within the Act’s scope, i.e., not just the usual suspects in the technology industry, might pressure Congress into enacting a federal privacy regime, which would pre-empt the CCPA.

The Act grants consumers greater control over their personally identifiable information and prods companies doing business in the state to prioritize the practice of sound data governance. Here are some key takeaways under the CCPA:

  • It impacts companies doing business in California that meet one of the following thresholds:
    • Has annual gross revenues greater than $25 million; or
    • Receives or shares the personal information of 50,000 or more California consumers for monetary or other valuable consideration; or
    • Receives 50% or more of its annual revenue from selling consumer personal information.
  • “Personal Information now explicitly includes IP addresses, geolocation data, and unique identifiers such as cookies, beacons, pixel tags, browsing history, and another electronic network information. Consumer Information includes information that relates to households.
  • The California Attorney General will enforce the law, though Californians have a private right of action limited to circumstances where there is an unauthorized access to nonencrypted personal information or “disclosure of personal information because of a business failure to implement and maintain reasonable security procedures.”
  • Violators of the law are subject to civil penalties of up $2500 per each unintentional violation—failing to cure a violation within 30 days of receiving noncompliance notification from the California Attorney General—and a maximum of $7,500 for each intentional violation (not acknowledging the request for data, for example) if the civil action is brought by the California Attorney General.

What Does This All Mean?

Regulators are working on guidance, and there is still time for amendments to be made on the law, so things might change before the law goes into effect. Residents of the European Economic Area have been exercising their data subject access rights since late May. Now, Californians will join them in being able to similarly ask about the data that CCPA-applicable companies hold about them. The CCPA gives companies a 45-day window to comply with an individual’s request for access to data or deletion (a Data Subject Access Request, or DSAR) in contrast to the GDPR’s 30 days.

Companies may need to prepare for an increase in DSARs and implement new features to comply with the law, like providing two communication methods for consumers electing to exercise their rights (web portal, email address, toll free telephone number, or another viable mode of communication) and provide a conspicuous link on the company’s website that informs the consumer of her CCPA rights.

The California Legislature’s reference to Cambridge Analytica makes it apparent that legislators expect businesses to exercise transparency in their consumer data use practices. Even without legislative nudging, companies are slowly recognizing value in sound privacy and data governance practices. Companies no longer see privacy as a mere compliance checkbox, but instead as a competitive advantage that simultaneously builds consumer confidence.

We may see more changes to the California law, and we likely will see other laws come in to play both in the United States and abroad (Brazil, China, India, etc.), but companies with privacy in their DNA will have an edge over companies scrambling to meet compliance efforts.

The post California Consumer Privacy Act appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/business/california-consumer-privacy-act/feed/ 0
Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/#respond Fri, 01 Feb 2019 14:00:22 +0000 https://securingtomorrow.mcafee.com/?p=93991

Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a […]

The post Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure appeared first on McAfee Blogs.

]]>

Many of us rely on customer support websites for navigating new technology. Whether it’s installing a new piece of software or troubleshooting a computer program, we look to customer support to save the day. Unfortunately, cybercriminals are leveraging our reliance on customer support pages to access our personal information for financial gain. It appears that a malicious website is attempting to trick users into handing over their McAfee activation keys and personally identifiable information (PII) data by disguising themselves as the official McAfee customer support website.

So how exactly does this cyberthreat work? First, malicious actors advertise the fake website on Twitter. If a user clicks on the ad, they are presented with a “Download McAfee” button. When the user clicks on the download button, they are redirected to a screen prompting them to enter their name, email address, contact number, and product activation key to proceed with the download. However, when the user clicks on the “Start Download” button, they are redirected to a screen stating that their download failed due to an unexpected error.

 

At this point, the site owner has received the user’s personal data, which they could exploit in a variety of ways. And while this scheme may seem tricky to spot, there are a number of ways users can defend themselves from similar scams:

  • Be vigilant when clicking on social media links. Although it may be tempting to click on advertisements on your social media feed, these ads could possibly house sketchy websites developed by cybercriminals. Use caution when interacting with social media ads.
  • Go straight to the source. If you come across an advertisement claiming to be from a company and the link asks for personal data, it’s best to go directly to the company’s website instead. Use the official McAfee customer support page if you require technical support or assistance with your McAfee product.
  • Use security software. A security solution like McAfee WebAdvisor can help you spot suspicious websites and protect you from accidentally clicking on malicious links.

And, as always, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Customer Support Scams Are Popping up in Social Media Ads: How to Stay Secure appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/mcafee-customer-support-scam/feed/ 0
What You Need to Know About DNS Flag Day https://securingtomorrow.mcafee.com/business/what-you-need-to-know-about-dns-flag-day/ Thu, 31 Jan 2019 17:37:02 +0000 https://securingtomorrow.mcafee.com/?p=94009

This blog was written by Michael Schneider, Lead Product Manger. The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive […]

The post What You Need to Know About DNS Flag Day appeared first on McAfee Blogs.

]]>

This blog was written by Michael Schneider, Lead Product Manger.

The internet is built on Postel’s law, often referred to as the robustness principle: “Be conservative in what you do, be liberal in what you accept from others.” In the protocol world, this means that receivers will try to accept and interpret data that they receive to their best knowledge and will be flexible if the data doesn’t fully match a specification. Senders should adhere to specifications and comply with protocol specifications, as laid out in Request for Comment documents (RFCs) by the Internet Engineering Task Force.

DNS was released as RFC 1035 in 1987 and was superseded by EDNS in 1999 with RFCs 2671 and 6891. EDNS, or extension mechanisms for DNS, aimed to flexibly deploy new features into the DNS protocol, including protection against DNS flooding attacks amongst other performance and security enhancements. These attacks can cause a major outage for cloud-based infrastructure, which happened in 2016 with the DDoS attack on DNS provider Dyn.

To avoid such attacks and improve DNS efficiency, several DNS software and service providers—like Google, Cisco, and Cloudflare—have agreed to “coordinate removing accommodations for non-compliant DNS implementations from their software or service,” beginning Feb. 1, 2019, or DNS Flag Day.

Before DNS Flag Day, if an EDNS server requested a name resolution from a non-EDNS resolver, it would first send an EDNS query. If there was no response, the server would then send a legacy DNS query. That means that the timeout for the first query would need to be reached before the legacy DNS query was sent, generating a delayed response. These delays ultimately make DNS operations less efficient.

But with the new changes introduced for DNS Flag Day, any DNS server that doesn’t respond to EDNS will be seen as “dead” and no additional DNS query will be sent to that server. The result? Certain domains or offerings may no longer be available, as name resolution will fail. Organizations should plan to provide a bridge between their internal DNS and a provider’s DNS to ensure that the EDNS protocol is used. They should also work with their vendors to verify that EDNS is part of DNS communication and obtain a version of the respective product that complied with the requirements of EDNS.

The DNS Flag Day protocols are a disruptive move, as they break from Postel’s law—servers can no longer automatically accept every query. But as with most internet-related innovations, progress requires a little disruption.

The post What You Need to Know About DNS Flag Day appeared first on McAfee Blogs.

]]>
Teach Kids The 4Rs Critical for Online Safety on Safer Internet Day https://securingtomorrow.mcafee.com/consumer/teach-kids-the-4rs-critical-for-online-safety-on-safer-internet-day/ https://securingtomorrow.mcafee.com/consumer/teach-kids-the-4rs-critical-for-online-safety-on-safer-internet-day/#respond Thu, 31 Jan 2019 17:04:30 +0000 https://securingtomorrow.mcafee.com/?p=94006 “What are you doing?” “Uploading pics of our school fest. And don’t peer over my shoulder, Aunty. I have already uploaded a few so check them out on your Instagram account.” I beat a hasty retreat and did as instructed. The photos brought out a smile- such fresh, innocent faces of kids having a good […]

The post Teach Kids The 4Rs Critical for Online Safety on Safer Internet Day appeared first on McAfee Blogs.

]]>
What are you doing?”

Uploading pics of our school fest. And don’t peer over my shoulder, Aunty. I have already uploaded a few so check them out on your Instagram account.”

I beat a hasty retreat and did as instructed. The photos brought out a smile- such fresh, innocent faces of kids having a good time! But that feeling rapidly changed when I read the comments on one particular pic.

Now why are you frowning?” asked the niece.

Perhaps you shouldn’t have shared this one. It’s attracting rude comments. “

Instantly remorseful, the niece took down the picture, but I decided to nevertheless give her a talk on responsible posting.

On the occasion of Safer Internet Day (SID) 2019, let us find out what can make our digital world a happier and safer place, and our digital experience a more positive one.

There are many, like you my dear readers, well aware digital users who endeavor to take measures and ensure that your accounts are secure and devices safe. However, one needs to keep in mind that we are linked online, and therefore the key word is ‘together’. No single entity or product can guarantee 100% safety online, but together we can strive to bring about a better digital experience for all. That’s the theme for 2019 too – ‘Together for a better internet’.

Incidentally, McAfee too has a similar tagline, ‘Together is Power’, underlining the fact that it needs the collaboration of all players- digital users, organizations and vendors- to make cybersecurity effective.

Organizations lay down rules and monitor usage, vendors provide security tools and that leaves us, the users.  What can we do?

‘What can we do as parents?’ Let us start by helping our kids develop four critical skills – the 4Rs of online safety:

  • Respect– I treat myself and others the way I like to be treated
  • Responsibility – I am accountable for my actions and I take a stand when I feel something is wrong
  • Reasoning – I question what is real
  • Resilience – I get back up from tough situations

RESPECT

How do we teach what respect means? We respect those we love or admire. But we also need to learn to respect rules, people’s feelings and take a sympathetic view of differences in physical and emotional aspects of people.  The two values that this calls for are tolerance and empathy.

Here are a few ways you can teach kids respect:

  1. Appreciate when they are tactful and kind
  2. Correct them if they are mean
  3. Make it a family practice to use ‘sorry’, ‘please’, and ‘thank you’ a lot
  4. Role model respectful behavior like being silent in the library, sharing photos with permission, treating boys and girls as equals
  5. Set rules and specify penalties for breaching them

At the same time, help your kids identify undesirable behavior that may show disrespect and abuse.

  1. Being approached by strangers online who ask for photos, personal thoughts
  2. Being a witness to rude, aggressive behavior that causes anguish
  3. Being belittled for beliefs, appearance, race, gender
  4. Being challenged to perform a dare the child isn’t comfortable with

Resilience

Standing up to injustice and aggression as well as springing back to normalcy despite a negative experience is what resilience is about. Let’s accept it, bullies will continue to exist and so it is in the interest of the kids to know how to survive tough situations online. The recipe also calls for dollops of love, support, patience from the family and friends.

Actions that may lead to negative experiences:

  1. Cyberbullying
  2. Risky challenges
  3. Being ignored by peers online
  4. Befriending child groomers
  5. Falling prey to hackers and scammers

You know what to do, right? Teach them cybersafety practices; change account settings and passwords or even delete accounts if necessary; report scam and abuse; rope in teachers to stop bullying in school. Stand by your child. Encourage them to get back on their feet and resume normal life. Help them be tough and face the world- they will thank you for it.

Responsibility

We have often discussed responsible online behavior in these pages, so will not rehash it. Suffice to say that we are the digital space users, content generators and consumers. So, our actions online will ultimately affect us and those in contact with us and their contacts and so on and so forth, covering the entire digital populace. Practice STOP. THINK. CONNECT. SHARE.

Reasoning

We will do the kids a big favour if we can help them to think and act instead of following the herd mentality. Encourage them to question, to reason before accepting any online content to be true. Help them understand the reach and consequences of digital posts and ways to distinguish between a fake news and a real one. Kids have wonderful reasoning power and let us push them to exercise it fully.

What can we do as a community? I think South Korea has set a sterling example:

A civil activist group in South Korea, Sunfull Internet Peace Movement, initiated the “Internet Peace Prize” in 2018 to promote online etiquette and fight cyberbullying. The award went to two people from Japan for their effort to protect human rights by tackling cyberbullying. We can start something similar in our children’s school or our neighbourhood. Schools can set up cyber armies to identify and stop cyberbullying and offer support to victims. The possibilities are many.

Stay safe online everyday; it just calls for a little care. Just like in the real world.

Credits:

Office of the eSafety Commissioner, An Australian Government initiative

 

The post Teach Kids The 4Rs Critical for Online Safety on Safer Internet Day appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/teach-kids-the-4rs-critical-for-online-safety-on-safer-internet-day/feed/ 0
Apple Users: Here’s What to Do About the Major FaceTime Bug https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/#respond Tue, 29 Jan 2019 19:05:31 +0000 https://securingtomorrow.mcafee.com/?p=93993

FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime […]

The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blogs.

]]>

FaceTime is a popular way for people of all ages to connect with long-distance loved ones. The feature permits Apple users to video chat with other device owners from essentially anywhere at any time. And now, a bug in the software takes that connection a step further – as it permits users calling via FaceTime to hear the audio coming from the recipient’s phone, even before they’ve accepted or denied the call.

Let’s start with how the eavesdropping bug actually works. First, a user would have to start a FaceTime video call with an iPhone contact and while the call is dialing, they must swipe up from the bottom of the screen and tap “Add Person.” Then, they can add their own phone number to the “Add Person” screen. From there, the user can start a group FaceTime call between themselves and the original person dialed, even if that person hasn’t accepted the call. What’s more – if the user presses the volume up or down, the victim’s front-face camera is exposed too.

This bug acts as a reminder that these days your smartphone is just as data rich as your computer. So, as we adopt new technology into our everyday lives, we all must consider how these emerging technology trends could create security risks if we don’t take steps to protect our data.

Therefore, it’s crucial all iOS users that are running iOS 12.1 or later take the right steps now to protect their device and their data. If you’re an Apple user affected by this bug, be sure to follow these helpful security steps:

  • Update, update, update. Speaking of fixes – patches for bugs are included in software updates that come from the provider. Therefore, make sure you always update your device as soon as one is available. Apple has already confirmed that a fix is underway as we speak.
  • Be sure to disable FaceTime in iOS settings now. Until this bug is fixed, it is best to just disable the feature entirely to be sure no one is listening in on you. When a fix does emerge from Apple, you can look into enabling the service again.
  • Apply additional security to your phone. Though the bug will hopefully be patched within the next software update, it doesn’t hurt to always cover your device with an extra layer of security. To protect your phone from any additional mobile threats coming its way, be sure to use a security solution such as McAfee Mobile Security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Apple Users: Here’s What to Do About the Major FaceTime Bug appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/apple-facetime-bug/feed/ 0
Privacy and Security by Design: Thoughts for Data Privacy Day https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/privacy-and-security-by-design-thoughts-for-data-privacy-day/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/privacy-and-security-by-design-thoughts-for-data-privacy-day/#respond Mon, 28 Jan 2019 14:00:56 +0000 https://securingtomorrow.mcafee.com/?p=93986

Data Privacy Day has particular relevance this year, as 2018 brought privacy into focus in ways other years have not. Ironically, in the same year that the European Union’s (EU) General Data Protection Regulation (GDPR) came into effect, the public also learned of glaring misuses of personal information and a continued stream of personal data […]

The post Privacy and Security by Design: Thoughts for Data Privacy Day appeared first on McAfee Blogs.

]]>

Data Privacy Day has particular relevance this year, as 2018 brought privacy into focus in ways other years have not. Ironically, in the same year that the European Union’s (EU) General Data Protection Regulation (GDPR) came into effect, the public also learned of glaring misuses of personal information and a continued stream of personal data breaches. Policymakers in the United States know they cannot ignore data privacy, and multiple efforts are underway: bills were introduced in Congress, draft legislation was floated, privacy principles were announced, and a National Institute of Standards and Technology (NIST) Privacy Framework and a National Telecommunications and Information Administration (NTIA) effort to develop the administration’s approach to consumer privacy are in process.

These are all positive steps forward, as revelations about widespread misuse of personal data are causing people to mistrust technology—a situation that must be remedied.

Effective consumer privacy policies and regulations are critical to the continued growth of the U.S. economy, the internet, and the many innovative technologies that rely on consumers’ personal data. Companies need clear privacy and security expectations to not only comply with the diversity of existing laws, but also to grow businesses, improve efficiencies, remain competitive, and most importantly, to encourage consumers to trust organizations and their technology.

If an organization puts the customer at the core of everything it does, as we do at McAfee, then protecting customers’ data is an essential component of doing business. Robust privacy and security solutions are fundamental to McAfee’s strategic vision, products, services, and technology solutions. Likewise, our data protection and security solutions enable our enterprise and government customers to more efficiently and effectively comply with regulatory requirements.

Our approach derives from seeing privacy and security as two sides of the same coin. You can’t have privacy without security. While you can have security without privacy, we strongly believe the two should go hand in hand.

In comments we submitted to NIST on “Developing a Privacy Framework,” we made the case for Privacy and Security by Design. This approach requires companies to consider privacy and security on the drawing board and throughout the development process for products and services going to market. It also means protecting data through a technology design that considers privacy engineering principles. This proactive approach is the most effective way to enable data protection because the data protection strategies are integrated into the technology as the product or service is created. Privacy and Security by Design encourages accountability in the development of technologies, making certain that privacy and security are foundational components of the product and service development processes.

The concept of Privacy and Security by Design is aspirational but is absolutely the best way to achieve privacy and security without end users having to think much about them. We have some recommendations for organizations to consider in designing and enforcing privacy practices.

There are several layers that should be included in the creation of privacy and data security programs:

  • Internal policies should clearly articulate what is permissible and impermissible.
  • Specific departments should specify further granularity regarding policy requirements and best practices (e.g., HR, IT, legal, and marketing will have different requirements and restrictions for the collection, use, and protection of personal data).
  • Privacy (legal and non-legal) and security professionals in the organization must have detailed documentation and process tools that streamline the implementation of the risk-based framework.
  • Ongoing organizational training regarding the importance of protecting personal data and best practices is essential to the continued success of these programs.
  • The policy requirements should be tied to the organization’s code of conduct and enforced as required when polices are violated.

Finally, an organization must have easy-to-understand external privacy and data security policies to educate the user/consumer and to drive toward informed consent to collect and share data wherever possible. The aim must be to make security and privacy ubiquitous, simple, and understood by all.

As we acknowledge Data Privacy Day this year, we hope that privacy will not only be a talking point for policymakers but that it will also result in action. Constructing and agreeing upon U.S. privacy principles through legislation or a framework will be a complicated process. We better start now because we’re already behind many other countries around the globe.

The post Privacy and Security by Design: Thoughts for Data Privacy Day appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/privacy-and-security-by-design-thoughts-for-data-privacy-day/feed/ 0
Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/#respond Mon, 28 Jan 2019 14:00:25 +0000 https://securingtomorrow.mcafee.com/?p=93934

It’s 2019 and technology is becoming more sophisticated and prevalent than ever. With more technology comes greater connectivity. In fact, by 2020, there will be more than 20 billion internet-connected devices around the world. This equates to more than four devices per person. As we adopt new technology into our everyday lives, it’s important to consider […]

The post Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy appeared first on McAfee Blogs.

]]>

It’s 2019 and technology is becoming more sophisticated and prevalent than ever. With more technology comes greater connectivity. In fact, by 2020, there will be more than 20 billion internet-connected devices around the world. This equates to more than four devices per person. As we adopt new technology into our everyday lives, it’s important to consider how this emerging technology could lead to greater privacy risks if we don’t take steps to protect our data. That’s why the National Cyber Security Alliance (NCSA) started Data Privacy Day to help create awareness surrounding the importance of recognizing our digital footprints and safeguarding our data. To further investigate the impact of these footprints, let’s take a look at how we perceive the way data is shared and whose responsibility it is to keep our information safe.

The Impact of Social Media

Most of us interact with multiple social media platforms every day. And while social media is a great way to update your friends and family on your daily life, we often forget that these platforms also allow people we don’t really know to glimpse into our personal lives. For example, 82% of online stalkers use social media to find out information about potential victims, such as where they live or where they go to school. In other words, social media could expose your personal information to users beyond your intended audience.

Certain social media trends also bring up issues of privacy in the world of evolving technology. Take Facebook’s 10-year challenge, a recent viral trend encouraging users to post a side-by-side image of their profile pictures from 2009 and 2019. As WIRED reporter Katie O’Neill points out, the images offered in this trending challenge could potentially be used to train facial recognition software for age progression and age recognition. While the potential of this technology is mostly mundane, there is still a risk that this information could be used inequitably.

How to Approach Requests for Personal Data

Whether we’re using social media or other online resources, we all need to be aware of what personal data we’re offering out and consider the consequences of providing the information. While there are some instances where we can’t avoid sharing our personal data, such as for a government document or legal form, there are other areas where we can stand to be a little more conservative with the data that we divulge. For example, many of us have more than just our close family and friends on our social networks. So, if you’re sharing your location on your latest post, every single person who follows you has access to this information. The same goes for those online personality quizzes. While they may be entertaining, they put an unnecessary amount of your personal information out in the open. This is why it’s crucial to be thoughtful of how your data is collected and stored.

So, what steps can you take to better protect your online privacy? Check out the following tips to help safeguard your data:

  • Think before you post. Before tagging your friends on Instagram, sharing your location on Facebook, or enabling facial recognition, consider what this information reveals and how it could be used by a third-party.
  • Set privacy and security settings. If you don’t want the entire World Wide Web to be able to access your social media, turn your profiles to private. You can also go to your device settings and choose which apps or browsers you want to share your location with and which ones you don’t.
  • Enable two-factor authentication. In the chance your data does become exposed, a strong, unique password can help prevent your accounts from being hacked. Furthermore, you can implement two-factor authentication to stay secure. This will help strengthen your online accounts with a unique, one-time code required to log in and access your data.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Sharing Isn’t Always Caring: 3 Tips to Help Protect Your Online Privacy appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/data-privacy-day-personal-data/feed/ 0
#PrivacyAware: Will You Champion Your Family’s Online Privacy? https://securingtomorrow.mcafee.com/consumer/family-safety/will-you-champion-your-familys-online-privacy/ Sat, 26 Jan 2019 16:00:08 +0000 https://securingtomorrow.mcafee.com/?p=93939

The perky cashier stopped my transaction midway to ask for my email and phone number. Not now. Not ever. No more. I’ve had enough. I thought to myself. “I’d rather not, thank you,” I replied. The cashier finished my transaction and moved on to the next customer without a second thought. And, my email and […]

The post #PrivacyAware: Will You Champion Your Family’s Online Privacy? appeared first on McAfee Blogs.

]]>

online privacyThe perky cashier stopped my transaction midway to ask for my email and phone number.

Not now. Not ever. No more. I’ve had enough. I thought to myself.

“I’d rather not, thank you,” I replied.

The cashier finished my transaction and moved on to the next customer without a second thought.

And, my email and phone number lived in one less place that day.

This seemingly insignificant exchange happened over a year ago, but it represents the day I decided to get serious and champion my (and my family’s) privacy.

I just said no. And I’ve been doing it a lot more ever since.

A few changes I’ve made:

  • Pay attention to privacy policies (especially of banks and health care providers).
  • Read the terms and conditions of apps before downloading.
  • Block cookies from websites.
  • Refuse to purchase from companies that (appear to) take privacy lightly.
  • Max my privacy settings on social networks.
  • Change my passwords regularly and keep them strong!
  • Delete apps I no longer use.
  • Stay on top of software updates on all devices and add extra protection.
  • Have become hyper-aware before giving out my email, address, phone number, or birth date.
  • Limit the number of photos and details shared on social media.

~~~

The amount of personal information we share every day online — and off — is staggering. There’s information we post directly online such as our birth date, our location, our likes, and dislikes. Then there’s the data that’s given off unknowingly via web cookies, Metadata, downloads, and apps.

While some data breaches are out of our control, at the end of the day, we — along with our family members — are one giant data leak.

Studies show that on average by the age of 13, parents have posted 1,300 photos and videos of their child to social media. By the time kids get devices of their own, they are posting to social media 26 times per day on average — a total of nearly 70,000 posts by age 18.

The Risksonline privacy

When we overshare personal data a few things can happen. Digital fallout includes data misuse by companies, identity theft, credit card fraud, medical fraud, home break-ins, reputation damage, location and purchasing tracking, ransomware, and other risks.

The Mind Shift

The first step toward boosting your family’s privacy is to start thinking differently about privacy. Treat your data like gold (after all, that’s the way hackers see it). Guiding your family in this mind-shift will require genuine, consistent effort.

Talk to your family about privacy. Elevate its worth and the consequences when it’s undervalued or shared carelessly.

Teach your kids to treat their personal information — their browsing habits, clicks, address, personal routine, school name, passwords, and connected devices — with great care. Consider implementing this 11 Step Privacy Take Back Plan.

This mind and attitude shift will take time but, hopefully, your kids will learn to pause and think before handing over personal information to an app, a social network, a retail store, or even to friends.

Data Protection Tips*

  1. Share with care. Think before posting about yourself and others online. Consider what it reveals, who might see it and how it could be perceived now and in the future.
  2. Own your online presence. Set the privacy and security settings on websites and apps to your comfort level for information sharing. Each device, application or browser you use will have different features to limit how and with whom you share information.online privacy
  3. Think before you act. Information about you, such as the games you like to play, your contacts list, where you shop and your geographic location, has tremendous value. Be thoughtful about who gets that information and understand how it’s collected through websites and apps.
  4. Lock down your login. Your usernames and passwords are not enough to protect critical accounts like email, banking, and social media. Strengthen online accounts and use strong authentication tools like a unique, one-time code through an app on your mobile device.

* Provided by the National Cyber Security Alliance (NCSA).

January 28 National Data Privacy Day. The day highlights one of the most critical issues facing families today — protecting personal information in a hyper-connected world. It’s a great opportunity to commit to taking real steps to protect your online privacy. For more information on National Data Privacy Day or to get involved, go to Stay Safe Online.

The post #PrivacyAware: Will You Champion Your Family’s Online Privacy? appeared first on McAfee Blogs.

]]>
How Safe is Your Child’s School WiFi? https://securingtomorrow.mcafee.com/consumer/family-safety/how-safe-is-your-childs-school-wifi/ https://securingtomorrow.mcafee.com/consumer/family-safety/how-safe-is-your-childs-school-wifi/#respond Thu, 24 Jan 2019 03:15:43 +0000 https://securingtomorrow.mcafee.com/?p=93950

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily life than the canteen!! And that is saying something… You’d be hard pressed to find a child who rocked up to school without a device in their backpack in our digital age. The vast majority […]

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.

]]>

School WiFi. For many of our digital natives, school WiFi may even be a more important part of their daily life than the canteen!! And that is saying something…

You’d be hard pressed to find a child who rocked up to school without a device in their backpack in our digital age. The vast majority of schools have embraced the many positive learning benefits that internet-connected devices offer our kids. The traditional blackboard and textbook lessons that were confined to the four walls of the classroom are gone. Instead our kids can research, discover, collaborate, create and most importantly, learn like never before.

But in order for this new learning to occur, our kids need to be internet connected. And this is where school WiFi comes into play.

Do Parents Need to Be Concerned About School WiFi?

As parents, we have a responsibility to ensure our kids are safe and not at risk – and that includes when they are using the WiFi at school. Ideally, your child’s school should have a secure WiFi network but unfortunately, that doesn’t mean that they do. School budgets are tight and top-notch secure WiFi networks are expensive, so in some cases, security maybe jeopardised.

The other factor we shouldn’t ignore is that our batch of digital natives are very tech literate. The possibility that one of them may choose to cause some mayhem to their school WiFi network should also not be ignored!!

At the end of the day, the security of a WiFi network is all about whether it has tight access controls. If it allows only approved devices and people to connect via a secure login then it is more secure than public WiFi. However, if it is open to anyone or easy for anyone to connect to it, then you need to treat it like public WiFi.

What Are the Risks?

An unsecured school WiFi network is as risky as public WiFi which, according to the Harvard Business Review, is as risky as rolling a dice,

Students and staff who use an unsecured WiFi network are at risk of receiving phishing emails, being the victim of a ransomware attack or even having their data or personal details stolen. There is also a risk that the entire school’s operations could be disrupted and possibly even closed down through a DDOS – a Denial of Service Attack.

What Can Parents Do to Ensure Their Kids Are Safe Using School WiFi?

There are several steps parents can take to minimise the risks when their offspring use school WiFi.

  1. Talk To Your School

The first thing to do is speak to your child’s school to understand exactly how secure their network is. I’d recommend asking who has access to the network, what security practices they have in place and how they manage your child’s private data.

  1. Install Security Software

Operating a device without security software is no different to leaving your front door unlocked. Installing security software on all devices, including smartphones, will provide protection against viruses, online threats, risky websites and dangerous downloads. Check out McAfee’s Total Protection security software for total peace of mind!

  1. Keep Device Software Up To Date

Software updates are commonly designed to address security issues. So ensuring ALL your devices are up to date is a relatively easy way of minimising the risk of being hacked.

  1. Schedule Regular Data Back Up

If you are the victim of a ransomware attack and your data is backed up then you won’t even have to consider paying the hefty fee to retrieve your (or your child’s) data. Backing up data regularly should be not negotiable however life can often get in the way. Why not schedule automatic backups? I personally love online backup options such as Dropbox and Google Drive however you may choose to invest in a hard drive.

  1. Public Wi-Fi Rules?

If after talking to your school, you aren’t convinced that your child’s school WiFi network is secure, then I recommend that your kids should treat it as if it was public WiFi. This means that they should NEVER conduct any financial transactions using it and never share any personal details. But the absolute best way of ensuring your child is safe using an unsecured WiFi network, is to use a Virtual Private Network (VPN). A VPN like McAfee’s Safe Connect creates an encrypted tunnel so anything that is shared over WiFi is completely safe.

As a mum of 4, I am very keen to ensure my kids are engaged with their learning. And in our digital times, this means devices and WiFi. So, let’s support our kids and their teachers in their quest for interactive, digital learning but please don’t forget to check in and ensure your kids are as safe as possible while using WiFi at school.

Take Care

Alex xx

The post How Safe is Your Child’s School WiFi? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/how-safe-is-your-childs-school-wifi/feed/ 0
Happy New Year 2019! Anatova is here! https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/happy-new-year-2019-anatova-is-here/ https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/happy-new-year-2019-anatova-is-here/#respond Tue, 22 Jan 2019 20:43:53 +0000 https://securingtomorrow.mcafee.com/?p=93918

During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery public. Our telemetry showed that […]

The post Happy New Year 2019! Anatova is here! appeared first on McAfee Blogs.

]]>

During our continuous hunt for new threats, we discovered a new ransomware family we call Anatova (based on the name of the ransom note). Anatova was discovered in a private peer-to-peer (p2p) network. After initial analysis, and making sure that our customers are protected, we decided to make this discovery public.

Our telemetry showed that although Anatova is relatively new, we already discovered a widespread detection of the thread around the globe

We believe that Anatova can become a serious threat since the code is prepared for modular extension.

Additionally, it will also check if network-shares are connected and will encrypt the files on these shares too. The developers/actors behind Anatova are, according our assessment, skilled malware authors. We draw this conclusion as each sample has its own unique key, as well as other functions we will describe, which we do not often see in ransomware families.

This post will explain the technical details of Anatova, as well as some interesting facts about this new ransomware family.

For the analysis we used this particular hash: 170fb7438316f7335f34fa1a431afc1676a786f1ad9dee63d78c3f5efd3a0ac0

The main goal of Anatova is to cipher all the files that it can before requesting payment from the victim.

 

Anatova Overview

Anatova usually uses the icon of a game or application to try and fool the user into downloading it. It has a manifest to request admin rights.

Information about the binary

The Anatova ransomware is a 64bits application with the compile date of January 1st, 2019. The file size of this particular hash is 307kb, but it can change due to the amount of resources used in the sample. If we remove all these resources, the size is 32kb; a very small program with a powerful mechanism inside.

Anatova has some strong protection techniques against static analysis which makes things slightly tricky:

  • Most of the strings are encrypted (Unicode and Ascii), using different keys to decrypt them, embedded in the executable.
  • 90% of the calls are dynamic;, they only use the following non-suspicious Windows API’s and standard library of C- programming language: GetModuleHandleW, LoadLibraryW, GetProcAddress, ExitProcess and MessageBoxA.
  • When we open the binary in IDA Pro (included the latest version of IDA) the functions are bad detected, and they finish being processed after 3 opcodes. We are not sure if this is a bug in IDA Pro or perhaps the malware authors created something to cause this on purpose (which we doubt).

Problem in IDA Pro 7.2 last version

 

Entry Vector

At the moment we don´t know all entry vectors that Anatova is using, or will be using, in the near future. Our initial finding location was in private p2p.

The goal of Anatova, as with other ransomware families, is to encrypt all or many files on an infected system and insist on payment to unlock them. The actor(s) demand a ransom payment in cryptocurrency of 10 DASH – currently valued at around $700 USD, a quite high amount compared to other ransomware families.

 

In-depth highlights of version 1.0

Since this is a novel family, we didn’t find any version number inside the code, but let’s call this version 1.0

The first action that the malware executes is to get the module handle of the library “kernel32.dll” and get 29 functions from it using the function “GetProcAddress”.

Get kernel32 functions after decrypt strings

If the malware can´t get the module handle of kernel32, or some of the functions can´t be found, it will quit without executing any encryption.

Later, the malware will try to create a mutex with a hardcoded name (in this case: 6a8c9937zFIwHPZ309UZMZYVnwScPB2pR2MEx5SY7B1xgbruoO) but the mutex name changes in each sample. If the mutex is created, and gets the handle, it will call the “GetLastError” function and look if the last error is ERROR_ALREADY_EXISTS or ERROR_ACCESS_DENIED. Both errors mean that a previous instance of this mutex object exists. If that is the case, the malware will enter in a flow of cleaning memory, that we will explain later in this post, and finish.

Check mutex

After this check, Anatova will get some functions from the library “advapi32.dll”, “Crypt32.dll” and “Shell32.dll” using the same procedure as in the kernel case. All text is encrypted and decrypted one per one, get the function, free the memory, and continue with the next one.

If it fails in getting some of these modules or some of the functions it needs, it will go to the flow of cleaning tool and exit.

One interesting function we discovered was that Anatova will retrieve the username of the logged in and/or active user and compare with a list of names encrypted. If one of the names is detected, it will go to the cleaning flow procedure and exit.

The list of users searched are:

  • LaVirulera
  • tester
  • Tester
  • analyst
  • Analyst
  • lab
  • Lab
  • Malware
  • malware

Some analysts or virtual machines/sandboxes are using these default usernames in their setup, meaning that the ransomware will not work on these machines/sandboxes.

After this user-check, Anatova will check the language of the system. When we say language, we mean the system language. When a user installs the Windows OS, they choose a language to install it with (though later the user could install a different language). Anatova checks for the first installed language on the system to ensure that a user cannot install one of these blacklisted languages to avoid encryption of the files.

The list of the countries that Anatova doesn’t affect are:

  • All CIS countries
  • Syria
  • Egypt
  • Morocco
  • Iraq
  • India

It’s quite normal to see the CIS countries being excluded from execution and often an indicator that the authors might be originating from one of these countries. In this case it was surprising to see the other countries being mentioned. We do not have a clear hypothesis on why these countries in particular are excluded.

Check system language

After the language check, Anatova looks for a flag that, in all samples we looked at, has the value of 0, but if this flag would change to the value of 1 (the current malware samples never change that value), it will load two DLLs with the names (after decryption) of “extra1.dll” and “extra2.dll”. This might indicate that Anatova is prepared to be modular or to be extended with more functions in the near future.

Load extra modules

After this, the malware enumerates all processes in the system and compares them with a large list including, for example “steam.exe”, “sqlserver.exe”, etc. If some of these processes are discovered, the malware will open them and terminate them. This action is typical of ransomware that attempts to unlock files that later will be encrypted, such as database files, game files, Office related files, etc.

The next action is to create an RSA Pair of Keys using the crypto API that will cipher all strings. This function is the same as in other ransomware families, such as GandCrab or Crysis, for example. It makes sure that the keys that will be used, are per user and per execution.

If the malware can´t create the keys, it will go to the clean flow and exit.

After this, Anatova will make a random key of 32 bits and another value of 8 bytes using the function of the crypto API “CryptGenRandom” to encrypt using the Salsa20 algorithm and the private previous blob key in runtime.

During the encryption process of the files, it will decrypt the master RSA public key of the sample of 2 layers of crypto, the first one is a XOR with the value 0x55 and the second one is to decrypt it using a hardcoded key and IV in the sample using the Salsa20 algorithm.

Decrypt from first layer the master RSA public key of sample

After this, it will import the public key and with it, will encrypt the Salsa20 key and IV used to encrypt the private RSA key in runtime.

The next step is to prepare a buffer of memory and with all of the info encrypted (Salsa20 key, Salsa20 IV, and private RSA key). It makes a big string in BASE64 using the function “CryptBinaryToStringA”. The ransomware will later clean the computer’s memory of the key, IV, and private RSA key values, to prevent anyone dumping this information from memory and creating a decrypter.

This BASE64 string will be written later in the ransom note. Only the malware authors can decrypt the Salsa20 key and IV and the private RSA key that the user would need  to decrypt the files.

If this does not work, Anatova will delete itself, enter in the clean flow and exit.

When the keys are encrypted in the memory buffer, Anatova will enumerate all logic units and will search for all existing instances of the type DRIVE_FIXED (a normal hard disk for example) or DRIVE_REMOTE (for remote network shares that are mounted). Anatova will try to encrypt the files on each of those locations. This means that one corporate victim can cause a major incident when files on network-shares are being encrypted.

Check all logic units

For each mounted drive – hard disk or remote share, Anatova will get all files and folders. It will later check if it is a folder and, if it is, will check that the folder name doesn’t have the name of “.” and “..”, to avoid the same directory and the previous directory.

In the list of gathered folder names, Anatova checks against a list of blacklisted names such as “Windows”, “Program Files”, “Program Files(x86)”, etc. This is usual in many ransomware families, because the authors want to avoid destroying the Operating System, instead targeting the high value files. Anatova does the same for file-extensions .exe, .dll and .sys that are critical for the Operating system as well.

Check file name and extension

If this check is passed, Anatova will open the file and get its size, comparing it to1 MB. Anatova will only encrypt files1 MB or smaller to avoid lost time with big files; it wants to encrypt fast. By setting pointers at the end of the encrypted files, Anatova makes sure that it does not encrypt files that are already encrypted.

Next, Anatova will create a random value of 32bits as a key for the Salsa20 algorithm and another value of 8 bytes that will be used as IV for Salsa20.

With these values, it will read all files in memory or files with a maximum size of 1 MB and encrypt this information with the key and IV using the Salsa20 algorithm (this is very popular lately because it is a very quick algorithm and has open source implementations).

Encryption of files function

It will import the RSA public key created in runtime and with it, encrypt the key and IV used to encrypt the file. Next, it will write the encrypted content in the same file from the beginning of the file and then it will set the pointer to the end of the file and write the next things:

  • The block encrypted of the Salsa20 key is ciphered with the public RSA key.
  • The block encrypted of the Salsa20 IV is ciphered with the public RSA key.
  • The size of the file is smaller than 1 MB.
  • A special hardcoded value for each sample that will appear in the ransom note.
  • A special hardcoded value in the sample that is the mark of infection checked before to avoid encrypting the same file twice.

When this is completed, Anatova will write a ransom note in the same folder. So, if Anatova can´t encrypt at least something in a folder, it won’t create a ransom note in this folder, only in the affected folders.

This behavior is different from other ransomware families that write a ransom note in all folders.

The ransom note text is fully encrypted in the binary, except for the mail addresses to contact the author(s) and the dash address to pay.

Anatova doesn’t overwrite the ransom note if it already exists in a folder in order to save time.The ransom note contains the base64 block with all encrypted information that is needed to decrypt the files in a block that start with the string “—-KEY—-”, as well asthe id number.

Responding victims are then allowed to decrypt one .jpg file of maximum size 200kb free of charge, as proof that they the decrypted files can be retrieved.

Example of ransom note

When all this is done, Anatova will destroy the Volume Shadow copies 10 times in very quick succession. Like most ransomware families, it is using the vssadmin program, which required admin rights, to run and delete the volume shadow copies.

Delete of Shadow Volumes 10 times

Finally, when all steps are completed, the ransomware will follow the flow of cleaning code, as described earlier, mainly to prevent dumping memory code that could assist in creating a decryption tool.

COVERAGE

Customers of McAfee gateway and endpoint products are protected against this version. Detection names include Ransom-Anatova![partialhash].

INDICATORS OF COMPROMISE

The samples use the following MITRE ATT&CK™ techniques:

  • Execution through API
  • Application processes discovery
  • File and directory discovery: to search files to encrypt
  • Encrypt files
  • Process discovery: enumerating all processes on the endpoint to kill some special ones
  • Create files
  • Elevation of privileges: request it to run.
  • Create mutants

 

Hashes:

2a0da563f5b88c4d630aefbcd212a35e

366770ebfd096b69e5017a3e33577a94

9d844d5480eec1715b18e3f6472618aa

61139db0bbe4937cd1afc0b818049891

596ebe227dcd03863e0a740b6c605924

 

The post Happy New Year 2019! Anatova is here! appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/happy-new-year-2019-anatova-is-here/feed/ 0
5G Is Coming: Security Risks You Need to Know About https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/5g-security-risks-you-need-to-know/ https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/5g-security-risks-you-need-to-know/#respond Tue, 22 Jan 2019 19:08:43 +0000 https://securingtomorrow.mcafee.com/?p=93911

The future of connectivity is here ­– 5G. This new network is set to roll out across the nation this coming year and bring greater speed to our handheld devices, which means more data and lower latency. But perhaps one of the most anticipated and popular benefits is it will allow even more IoT devices […]

The post 5G Is Coming: Security Risks You Need to Know About appeared first on McAfee Blogs.

]]>

The future of connectivity is here ­– 5G. This new network is set to roll out across the nation this coming year and bring greater speed to our handheld devices, which means more data and lower latency. But perhaps one of the most anticipated and popular benefits is it will allow even more IoT devices to come online and encourage more connection between said devices. This would enable users to remotely connect to or monitor their IoT devices like kitchen or security gadgets. The promise of more connectivity, smoother IoT user experience, and even more devices online, means there are likely more opportunities and avenues for cyberattacks. 5G will no doubt shape the foreseeable future, let’s see how.

Today, interconnected devices operate on low-powered, low-data-rate networks, such as Cat-M and NB-IoT. With the introduction of 5G networks across the world, the capabilities of VR and AR, AI and ML, and automation and robotics will enhance immensely. Take self-driving cars, for example. These machines require close proximity to their computing to reduce the latency of decision making. The capabilities of 5G don’t end there either. From manufacturing, transportation and logistics, to public safety and the establishment of smart cities, industries are at the ready to take their business to the next level with 5G. With this newfound growing anticipation for the future of 5G, the question has to be asked, what are the security implications for smaller IoT devices?

From an innovation standpoint, 5G is a beacon of light, but from a cybersecurity standpoint, 5G is a “hotbed for a new era of intensified cyberwar.” Denial-of-service attacks, or DDoS, are particular causes of concern for cybersecurity researchers. Devices like refrigerators, thermometers, even light bulbs, will be able to come online because of 5G. Users will be able to remotely check on these appliances through a simple app, but these devices can also be usurped by malicious characters. This increased connectivity and power could see big name sites down for days, or even affect city utility capabilities. Government agencies and private entities are not immune either, but they do have plans in place in the event a DDoS attack occurs.

While consumers can only wait and see what happens with the rollout, industries across the board will want to harness the benefits of 5G. However, consumers and organizations alike need to be cautious in terms of how 5G could be used to help, or hinder, us in the future. Rest assured, even if malicious actors utilize this technology, McAfee’s security strategy will continue to keep pace with the ever-changing threat landscape.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post 5G Is Coming: Security Risks You Need to Know About appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/mobile-and-iot-security/5g-security-risks-you-need-to-know/feed/ 0
Are Smart TVs too smart for their own good? https://securingtomorrow.mcafee.com/consumer/are-smart-tvs-too-smart-for-their-own-good/ https://securingtomorrow.mcafee.com/consumer/are-smart-tvs-too-smart-for-their-own-good/#respond Tue, 22 Jan 2019 17:00:35 +0000 https://securingtomorrow.mcafee.com/?p=93865

Smart TVs give viewers instant access to streaming apps and provide a never-ending supply of binge-worthy shows and movies. But does this convenience come with a cost? Are internet-connected TVs as vulnerable to cybercrime as other smart devices? In the latest episode of “Hackable?” our host Geoff Siskind plays a prank on our producer Pedro […]

The post Are Smart TVs too smart for their own good? appeared first on McAfee Blogs.

]]>

Smart TVs give viewers instant access to streaming apps and provide a never-ending supply of binge-worthy shows and movies. But does this convenience come with a cost? Are internet-connected TVs as vulnerable to cybercrime as other smart devices?

In the latest episode of “Hackable?” our host Geoff Siskind plays a prank on our producer Pedro — in the name of education, of course. Pedro is a huge soccer fan, so Geoff drives by with two white-hat hackers to see if they can hack his smart TV during a big game. Can they take remote control in only a half an hour?   

Listen now to the award-winning podcast Hackable? on Apple Podcasts. You don’t want to miss this hilarious episode filled with pranks.   


The post Are Smart TVs too smart for their own good? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/are-smart-tvs-too-smart-for-their-own-good/feed/ 0
Are Smart TVs too smart for their own good? https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/are-smart-tvs-too-smart-for-their-own-good-2/ https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/are-smart-tvs-too-smart-for-their-own-good-2/#respond Tue, 22 Jan 2019 17:00:08 +0000 https://securingtomorrow.mcafee.com/?p=93868 Smart TVs give viewers instant access to streaming apps and provide a never-ending supply of binge-worthy shows and movies. But does this convenience come with a cost? Are internet-connected TVs as vulnerable to cybercrime as other smart devices? In the latest episode of “Hackable?” our host Geoff Siskind plays a prank on our producer Pedro […]

The post Are Smart TVs too smart for their own good? appeared first on McAfee Blogs.

]]>
Smart TVs give viewers instant access to streaming apps and provide a never-ending supply of binge-worthy shows and movies. But does this convenience come with a cost? Are internet-connected TVs as vulnerable to cybercrime as other smart devices?

In the latest episode of “Hackable?” our host Geoff Siskind plays a prank on our producer Pedro — in the name of education, of course. Pedro is a huge soccer fan, so Geoff drives by with two white-hat hackers to see if they can hack his smart TV during a big game. Can they take remote control in only a half an hour?   

Listen now to the award-winning podcast Hackable? on Apple Podcasts. You don’t want to miss this hilarious episode filled with pranks.   


The post Are Smart TVs too smart for their own good? appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/trusted-advisor/are-smart-tvs-too-smart-for-their-own-good-2/feed/ 0
AI & Your Family: The Wows and Potential Risks https://securingtomorrow.mcafee.com/consumer/family-safety/artificial-intelligence-your-family-the-wows-and-the-risks/ https://securingtomorrow.mcafee.com/consumer/family-safety/artificial-intelligence-your-family-the-wows-and-the-risks/#respond Sat, 19 Jan 2019 19:34:19 +0000 https://securingtomorrow.mcafee.com/?p=93892

Am I the only one? When I hear or see the word Artificial Intelligence (AI), my mind instantly defaults to images from sci-fi movies I’ve seen like I, Robot, Matrix, and Ex Machina. There’s always been a futuristic element — and self-imposed distance — between AI and myself. But AI is anything but futuristic or […]

The post AI & Your Family: The Wows and Potential Risks appeared first on McAfee Blogs.

]]>

artificial intelligenceAm I the only one? When I hear or see the word Artificial Intelligence (AI), my mind instantly defaults to images from sci-fi movies I’ve seen like I, Robot, Matrix, and Ex Machina. There’s always been a futuristic element — and self-imposed distance — between AI and myself.

But AI is anything but futuristic or distant. AI is here, and it’s now. And, we’re using it in ways we may not even realize.

AI has been woven throughout our lives for years in various expressions of technology. AI is in our homes, workplaces, and our hands every day via our smartphones.

Just a few everyday examples of AI:

  • Cell phones with built-in smart assistants
  • Toys that listen and respond to children
  • Social networks that determine what content you see
  • Social networking apps with fun filters
  • GPS apps that help you get where you need to go
  • Movie apps that predict what show you’d enjoy next
  • Music apps that curate playlists that echo your taste
  • Video games that deploy bots to play against you
  • Advertisers who follow you online with targeted ads
  • Refrigerators that alert you when food is about to expire
  • Home assistants that carry out voice commands
  • Flights you take that operate via an AI autopilot

The Technology

While AI sounds a little intimidating, it’s not when you break it down. AI is technology that can be programmed to accomplish a specific set of goals without assistance. In short, it’s a computer’s ability to be predictive — to process data, evaluate it, and take action.

AI is being implemented in education, business, manufacturing, retail, transportation, and just about any other sector of industry and culture you can imagine. It’s the smarter, faster, more profitable way to accomplish manual tasks.

An there’s tons of AI-generated good going on. Instagram — the #2 most popular social network — is now using AI technology to detect and combat cyberbullying on in both comments and photos.

No doubt, AI is having a significant impact on everyday life and is positioned to transform the future.

Still, there are concerns. The self-driving cars. The robots that malfunction. The potential jobs lost to AI robots.

So, as quickly as this popular new technology is being applied, now is a great time to talk with your family about both the exciting potential of AI and the risks that may come with it.

Talking points for families

Fake videos, images. AI is making it easier for people to face swap within images and videos. A desktop application called FakeApp allows users to seamlessly swap faces and share fake videos and images. This has led to the rise in “deep fake” videos that appear remarkably realistic (many of which go viral). Tip: Talk to your family about the power of AI technology and the responsibility and critical thinking they must exercise as they consume and share online content.

Privacy breaches. Following the Cambridge Analytica/Facebook scandal of 2018 that allegedly used AI technology unethically to collect Facebook user data, we’re reminded of those out to gather our private (and public) information for financial or political gain. Tip: Discuss locking down privacy settings on social networks and encourage your kids to be hyper mindful about the information they share in the public feed. That information includes liking and commenting on other content — all of which AI technology can piece together into a broader digital picture for misuse.

Cybercrime. As outlined in McAfee’s 2019 Threats Prediction Report, AI technology will likely allow hackers more ease to bypass security measures on networks undetected. This can lead to data breaches, malware attacks, ransomware, and other criminal activity. Additionally, AI-generated phishing emails are scamming people into handing over sensitive data. Tip: Bogus emails can be highly personalized and trick intelligent users into clicking malicious links. Discuss the sophistication of the AI-related scams and warn your family to think about every click — even those from friends.

IoT security. With homes becoming “smarter” and equipped with AI-powered IoT products, the opportunity for hackers to get into these devices to steal sensitive data is growing. According to McAfee’s Threat Prediction Report, voice-activated assistants are especially vulnerable as a point-of-entry for hackers. Also at risk, say security experts, are routers, smartphones, and tablets. Tip: Be sure to keep all devices updated. Secure all of your connected devices and your home internet at its source — the network. Avoid routers that come with your ISP (Internet Security Provider) since they are often less secure. And, be sure to change the default password and secure your primary network and guest network with strong passwords.

The post AI & Your Family: The Wows and Potential Risks appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/family-safety/artificial-intelligence-your-family-the-wows-and-the-risks/feed/ 0
Step Up on Emerging Technology, or Risk Falling Behind https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/#respond Fri, 18 Jan 2019 22:00:30 +0000 https://securingtomorrow.mcafee.com/?p=93885

Earlier last year, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) put out a call for public comment on criteria for identifying emerging technologies that could potentially be subject to future export control regulations. The tech industry responded in full force, providing recommendations for how the federal government can ensure U.S. competitiveness in […]

The post Step Up on Emerging Technology, or Risk Falling Behind appeared first on McAfee Blogs.

]]>

Earlier last year, the U.S. Commerce Department’s Bureau of Industry and Security (BIS) put out a call for public comment on criteria for identifying emerging technologies that could potentially be subject to future export control regulations. The tech industry responded in full force, providing recommendations for how the federal government can ensure U.S. competitiveness in the global market while supporting the development of emerging technology (read comments submitted by McAfee here).

Emerging technology poses an interesting challenge for tech companies and federal regulators alike. In many cases, technologies that BIS designates as “emerging,” such as AI and machine learning, are already in widespread use around the world. Other technologies like quantum computing are very much in the research and development phase but have the potential to alter the course of national security for decades to come. Many of these technologies are difficult to define and control, and many are software-based, which greatly complicates the development of regulation. Software technologies, by their very nature, are fundamentally different from physical items and physical process technologies. Their intangible, readily-reproducible character makes software-based technologies inherently difficult to define and control.

This task is enormous and must be handled cautiously, as history has provided countless examples of how overregulation has the capability to hamper development. A poignant example of overregulation at the cost of progress is the automobile industry. According to Deloitte, although tough restrictions on automobiles were nothing but well-intentioned in the late 1800’s, regulation greatly hampered research and advancement. The early days of the automobile industry should serve as a cautionary tale when it comes to regulating new and innovative technology.

The U.S. is in a unique position to act to protect our technological interest and secure the nation’s position as a global leader. The U.S. secured a pivotal tech leadership role, having spearheaded the development of the internet in the early 1990’s. The nation has immense power and potential to take the mantle on emerging technology, and the stakes are high. Some of the country’s greatest accomplishments have stemmed from empowering the private sector and encouraging innovation. For example, tremendous strides in private sector space exploration have been made possible due to the support and administration of empowering legislation. Companies like SpaceX and Boeing are creating next generation space technology, working each day to ensure that the U.S. maintains competitiveness.

Cybersecurity is another area that requires particular attention. Given the global availability of cybersecurity tools, many of which make use of the emerging technologies under review, McAfee understands that great care needs to be taken by our government before imposing additional export controls on American cyber companies. These rules can have the unintended and harmful consequence of stunting the growth and technical capabilities of the very companies that currently protect vital U.S. critical infrastructure, including federal and state government infrastructure, from cyber-attacks. As a leading nation, it is critical to stay ahead of threats by criminal actors. This is only possible if cyber companies have the ability to access global markets to fund the research and development needed to keep pace with rapid innovation. Controls should be implemented with a great understanding of the need to stay competitive in global innovation, particularly when it comes to cybersecurity.

Overregulation could cause great harm, and the U.S. government must tread carefully in administering a carefully-crafted, targeted approach. Rather than burdening U.S. software companies with new and substantial export control compliance costs, the U.S. should seek to empower these companies. Any controls deemed essential by the government should be as narrowly tailored as possible, especially given the broad range of current and future companies and technologies. A multilateral approach to export controls on emerging technologies is vital for U.S. companies to remain innovative and competitive in the global marketplace. This cautious approach would ensure alignment between the private and public sectors, ultimately allowing for emerging technology to be front and center. Providing an ecosystem in which the technology of tomorrow can flourish is essential to the U.S. continuing to blaze the trail on emerging technologies.

The post Step Up on Emerging Technology, or Risk Falling Behind appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/step-up-on-emerging-technology-or-risk-falling-behind/feed/ 0
The Collection #1 Data Breach: Insights and Tips on This Cyberthreat https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/#respond Fri, 18 Jan 2019 21:06:22 +0000 https://securingtomorrow.mcafee.com/?p=93887

As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the […]

The post The Collection #1 Data Breach: Insights and Tips on This Cyberthreat appeared first on McAfee Blogs.

]]>

As the cybersecurity landscape evolves to match new trends in technology, it’s important for consumers to prioritize the protection of their online presence. That means remaining aware of the internet’s more common cyberthreats, including malware, phishing, and data breaches, and how they could potentially affect you. And while most of us already know about the Equifax data breach, a new monster breach now has to become top of mind for us all. Say hello to Collection #1, a data set exposing 772,904,991 unique email addresses and over 21 million unique passwords.

Discovered by security researcher Troy Hunt, Collection #1 first appeared on the popular cloud service called MEGA. The Collection #1 folder held over 12,000 files that weigh in at over 87 gigabytes. When the storage site was taken down, the folder was then transferred to a public hacking site. What’s truly astonishing about this is that the data was not for sale; it was simply available for anyone to take.

You may be wondering, how was all this data collected? It appears that this data was comprised of a breach of breaches, aggregating over 2,000 leaked databases containing cracked passwords, in order to achieve maximum exposure. The sheer volume of this breach makes Collection #1 the second largest in size to Yahoo, and the largest public breach ever (given the data was openly exposed on the internet).

It appears that this data set is designed for use in credential-stuffing attacks, where cybercriminals will use email and password combinations to hack into consumers’ online accounts. The risks could be even greater for those who reuse credentials across multiple accounts. In order to help protect yourself from this threat, it’s vital that users act fast and use the following tips to help protect their data:

  • Use strong, unique passwords. In addition to making sure all of your passwords are strong and unique, never reuse passwords across multiple accounts. You can also enable a password manager to help keep track of your credentials.
  • Change your passwords. Even if it doesn’t appear that your data was breached, it’s better to err on the side of caution and change all of your passwords to better protect yourself.
  • Enable two-factor authentication. While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post The Collection #1 Data Breach: Insights and Tips on This Cyberthreat appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/collection-1-data-breach/feed/ 0
Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/#respond Fri, 18 Jan 2019 01:00:35 +0000 https://securingtomorrow.mcafee.com/?p=93861

Epic Games’ Fortnite has risen in popularity rapidly since its debut, and cybercriminals have leveraged that popularity to enact a handful of malicious schemes. Unfortunately, these tricks are showing no signs of slowing, as researchers recently discovered a security flaw that allowed cybercriminals to take over a gamer’s Fortnite account through a malicious link. This attack specifically […]

The post Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts appeared first on McAfee Blogs.

]]>

Epic Games’ Fortnite has risen in popularity rapidly since its debut, and cybercriminals have leveraged that popularity to enact a handful of malicious schemes. Unfortunately, these tricks are showing no signs of slowing, as researchers recently discovered a security flaw that allowed cybercriminals to take over a gamer’s Fortnite account through a malicious link. This attack specifically targeted users who used a third-party website to log in to their Fortnite accounts, such as Facebook, Google, or gaming providers like Microsoft, Nintendo, and Sony. But instead of trying to steal a gamer’s password like many of the hacks we’ve seen, this scheme targeted the special access token the third-party website exchanges with the game when a user logs in.

So, how exactly does this threat work? First, a cybercriminal sends a malicious phishing link to a Fortnite user. To increase the likelihood that a user will click on the link, the cybercriminal would send the link with an enticing message promising perks like free game credits. If the user clicked on the link, they would be redirected to the vulnerable login page. From here, Epic Games would make the request for the SSO (single sign-on) token from the third-party site, given SSO allows a user to leverage one set of login credentials across multiple accounts. This authentication token is usually sent to Fortnite over the back-end, removing the need for the user to remember a password to access the game. However, due to the unsecured login page, the user would be redirected to the attacker’s URL. This allows cybercriminals to intercept the user’s login token and take over their Fortnite account.

After acquiring a login token, a cybercriminal would gain access to a Fortnite user’s personal and financial details. Because Fortnite accounts have partial payment card numbers tied to them, a cybercriminal would be able to make in-game purchases and rack up a slew of charges on the victim’s card.

It’s important for players to understand the realities of gaming security in order to be more prepared for potential cyberthreats such as the Fortnite hack. According to McAfee research, the average gamer has experienced almost five cyberattacks, with 75% of PC gamers worried about the security of gaming. And while Epic Games has thankfully fixed this security flaw, there are a number of techniques players can use to help safeguard their gaming security now and in the future:

  • Go straight to the source70% of breaches start with a phishing email. And phishing scams can be stopped by simply avoiding the email and going straight to the source to be sure you’re working with the real deal. In the case of this particular scheme, you should be able to check your account status on the Fortnite website and determine the legitimacy of the request from there.
  • Use a strong, unique password. If you think your Fortnite account was hacked, err on the side of caution by updating your login credentials. In addition, don’t reuse passwords over multiple accounts. Reusing passwords could allow a cybercriminal to access multiple of your accounts by just hacking into one of them.
  • Stay on top of your financial transactions. Check your bank statements regularly to monitor the activity of the card linked to your Fortnite account. If you see repeat or multiple transactions from your account, or see charges that you don’t recognize, alert your bank to ensure that your funds are protected.
  • Get protection specifically designed for gamers. We’re currently building McAfee Gamer Security to help boost your PC’s performance, while simultaneously safeguarding you from a variety of threats that can disrupt your gaming experience.

And, as always, stay on top of the latest consumer and mobile security threats by following @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Frequent Fortnite Player? 4 Tips to Combat the New Attack on User Accounts appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/fortnite-flaw-phishing-accounts/feed/ 0
McAfee Honors Dr. Martin Luther King Jr. Day https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-honors-dr-martin-luther-king-jr-day/ https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-honors-dr-martin-luther-king-jr-day/#respond Thu, 17 Jan 2019 18:01:26 +0000 https://securingtomorrow.mcafee.com/?p=93844

On Monday, January 21, McAfee will join millions across the globe to recognize the life and legacy of Dr. Martin Luther King Jr. To honor the achievements of Dr. King, our McAfee African-Heritage Community (MAHC) members recently shared memorable lines from King’s iconic “I Have a Dream” speech that he delivered at the Lincoln Memorial […]

The post McAfee Honors Dr. Martin Luther King Jr. Day appeared first on McAfee Blogs.

]]>

On Monday, January 21, McAfee will join millions across the globe to recognize the life and legacy of Dr. Martin Luther King Jr.

To honor the achievements of Dr. King, our McAfee African-Heritage Community (MAHC) members recently shared memorable lines from King’s iconic “I Have a Dream” speech that he delivered at the Lincoln Memorial on August 28, 1963. The MAHC is an employee-led group that is committed to delivering education, cultural awareness, mentoring programs, community involvement and advancing diversity and inclusion within McAfee’s culture.

Watch the video here:

King shared his important message during the March on Washington for Jobs and Freedom. To provide you with the full meaning and context of King’s powerful speech, you can read the original speech in its entirety here.

McAfee is an inclusive employer and is proud to support inclusion and diversity. Interested in joining our teams? We’re hiring! Apply now.

For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about.

The post McAfee Honors Dr. Martin Luther King Jr. Day appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/other-blogs/life-at-mcafee/mcafee-honors-dr-martin-luther-king-jr-day/feed/ 0
Children’s Charity or CryptoMix? Details on This Ransomware Scam https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/ https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/#respond Wed, 16 Jan 2019 01:22:34 +0000 https://securingtomorrow.mcafee.com/?p=93839

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making […]

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>

As ransomware threats become more sophisticated, the tactics cybercriminals use to coerce payments from users become more targeted as well. And now, a stealthy strain is using deceptive techniques to mask its malicious identity. Meet CryptoMix ransomware, a strain that disguises itself as a children’s charity in order to trick users into thinking they’re making a donation instead of a ransom payment. While CryptoMix has used this guise in the past, they’ve recently upped the ante by using legitimate information from crowdfunding pages for sick children to further disguise this scheme.

So, how does CryptoMix trick users into making ransom payments? First, the victim receives a ransom note containing multiple email addresses to contact for payment instructions. When the victim contacts one of the email addresses, the “Worldwide Children Charity Community” responds with a message containing the profile of a sick child and a link to the One Time Secret site. This website service allows users to share a post that can only be read once before it’s deleted. CryptoMix’s developers use One Time Secret to distribute payment instructions to the victim and explain how their contribution will be used to provide medical help to sick children. The message claims that the victim’s data will be restored, and their system will be protected from future attacks as soon as the ransom is paid. In order to encourage the victim to act quickly, the note also warns that the ransom price could double in the next 24 hours.

After the victim makes the payment, the ransomware developers send the victim a link to the decryptor. However, they continue to pretend they are an actual charity, thanking the victim for their contribution and ensuring that a sick child will soon receive medical help.

CryptoMix’s scam tactics show how ransomware developers are evolving their techniques to ensure they make a profit. As ransomware threats become stealthier and more sophisticated, it’s important for users to educate themselves on the best techniques to combat these threats. Check out the following tips to help keep your data safe from ransomware:

  • Back up your data. In order to avoid losing access to your important files, make copies of them on an external hard drive or in the cloud. In the event of a ransomware attack, you will be able to wipe your computer or device and reinstall your files from the backup. Backups can’t always prevent ransomware, but they can help mitigate the risks.
  • Never pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments.
  • Use security software. Adding an extra layer of security with a solution such as McAfee Total Protection, which includes Ransom Guard, can help protect your devices from these types of cyberthreats.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Children’s Charity or CryptoMix? Details on This Ransomware Scam appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/consumer-threat-notices/cryptomix-ransomware-scam/feed/ 0
STOP. Read T&Cs. Then Sign Up on Social Media https://securingtomorrow.mcafee.com/consumer/stop-read-tcs-then-sign-up-on-social-media/ https://securingtomorrow.mcafee.com/consumer/stop-read-tcs-then-sign-up-on-social-media/#respond Mon, 14 Jan 2019 22:04:34 +0000 https://securingtomorrow.mcafee.com/?p=93836 “Let’s start at the very beginning, A very good place to start; When you read, you begin with A-B-C, When you sign up on SM you begin by Reading T&Cs…” The start of a new year usually has a buoyant and positive feel, like you have been offered a new opportunity to start things fresh, […]

The post STOP. Read T&Cs. Then Sign Up on Social Media appeared first on McAfee Blogs.

]]>
Let’s start at the very beginning,

A very good place to start;

When you read, you begin with A-B-C,

When you sign up on SM you begin by

Reading T&Cs…”

The start of a new year usually has a buoyant and positive feel, like you have been offered a new opportunity to start things fresh, and make amends.

Experience has taught us that nothing comes for free; and that it’s always good to run a thorough background check on a new group you plan to join. This applies to social media platforms as well. When we sign up on a new social media platform, we are asked for our names, email and other personal information and then directed to the terms and conditions page which we must read and agree before we can proceed. Rarely do we read through all the terms to understand their implications; it’s mostly a cursory scan and tick to complete the signing up process as fast as possible, and voila, we are in!

However, much, much later, if we face issues like privacy breach or cyberbullying, we tend to complain that we didn’t know. But we did, it’s all spelt out in the T&Cs we had hastily agreed to.

Long ago, I had told you the story of a relative, whose son had forged his age to sign up on Facebook. When I questioned the mother, she said she wasn’t aware of the age clause. But again, it’s there, right at the start of the T&Cs!

Most social media platforms have updated their terms in recent times to bring in more openness in their advertising and third-party sharing policies. They have also clearly explained privacy and security terms for users. It’s now up to the users to read, understand and implement the terms to stay safe online and to help maintain digital world hygiene.

Let us explore the T&Cs of some popular social media sites and find out how many of the rules we allow our kids to follow or flout.

Facebook says- “You give us permission to use your name and profile picture and information about actions you have taken on Facebook next to or in connection with ads, offers, and other sponsored content that we display across our products, without any compensation to you.”

Layman’s terms- By agreeing to T&Cs,  you are automatically giving Facebook the right to the content you share in relation to ads etc. without receiving any compensation for it. For e.g., if I like a certain product, they will appear on my friends’ timeline with the message ‘Cybermum India likes it’.

Cybersafety tip: Check ad settings and maximize privacy levels.

Twitter says- “You are responsible for your use of the services and for any content you provide, including compliance with applicable laws, rules, and regulations. You should only provide content that you are comfortable sharing with others.

Layman’s terms- The user is the sole owner of content created by her or him and Twitter will take no responsibility for it.

Cybersafety tip: STOP.THINK.POST. Do not share content that may not be 100% correct or that may be intended to cause harm, hurt, or foment trouble.

Snapchat says- “Through these Terms and our Community Guidelines, we make clear that we don’t want the Services to be put to bad use. But because we don’t review all content, we cannot guarantee that content on the Services will always conform to our Terms or Guidelines.”

Layman’s terms – There may be cases of misuse of the platform by miscreants, cyberbullies and predators.

Cybersafety tip: Follow the community guidelines to know how you can let your child have a positive experience and not be accidentally exposed to inappropriate content. Ensure your teens understand they should share with you if they face disturbing behavior on the platform. It would be helpful if you activate parental controls and use term filters to block out unsavory content

Tik Tok says- “You may not access or use the Services if you are not over 13 or otherwise able to agree to these Terms.”

Layman’s terms- The minimum to sign up on the app is 13 years.

Cybersafety tip: Use this term to guide children on the right age to sign up on social media. Explain the reason behind this age criteria and allow them to sign up when they fulfil it.

Social media platforms are a great way to connect, learn and network as long as all users endeavor to keep it clean and positive. As parents, we need to arm our kids with the right skills and knowledge to help them tackle any issues that may crop up. The first step is to read and understand what the platform has to offer and its security and privacy options. This is something parents and teens can do together as it will be a useful lesson for a lifetime- both in the real and in the digital world.

And most important of all, don’t forget to secure all your devices with comprehensive security tools.
The quicker your family adopts digital safety practices, the safer they will be online!

The post STOP. Read T&Cs. Then Sign Up on Social Media appeared first on McAfee Blogs.

]]>
https://securingtomorrow.mcafee.com/consumer/stop-read-tcs-then-sign-up-on-social-media/feed/ 0
We Put You at the Core https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/we-put-you-at-the-core/ https://securingtomorrow.mcafee.com/other-blogs/executive-perspectives/we-put-you-at-the-core/#respond Mon, 14 Jan 2019 19:00:56 +0000 https://securingtomorrow.mcafee.com/?p=93817

As we usher in the new year, I want to update you on some exciting transformations the McAfee Customer Success Group (CSG) has undergone. As a company, McAfee is committed to putting you—our customer—at the core. Our goal is to help you make the right decisions as you evolve your security maturity from device to […]

The post We Put You at the Core appeared first on McAfee Blogs.

]]>

As we usher in the new year, I want to update you on some exciting transformations the McAfee Customer Success Group (CSG) has undergone. As a company, McAfee is committed to putting you—our customer—at the core. Our goal is to help you make the right decisions as you evolve your security maturity from device to cloud and to bring you the best possible customer experience every time we interact.

McAfee uses the Net Promoter Score (NPS) to quantify customer sentiment about our brand and our products. This allows us to see customer feedback, analyze it, and make strategic decisions based on this intelligence. By listening to and acting on your input, CSG has made significant changes around people, process, technology, and offerings. These enhancements will help you make the most of your McAfee solutions so that you can successfully achieve your desired security outcomes.

We’re constantly innovating to provide cybersecurity services that align with your definition of success. The transformation changes include:

Cybersecurity Services

To help move your security goals forward, we’ve updated and developed new offerings.

McAfee Customer Success Plans

We’re now offering three unique Customer Success Plans: McAfee Premier, Enhanced, and Essential Success Plans. These plans help enterprises—of all sizes—address today’s biggest challenges: the cybersecurity talent shortage, the growing threat environment, and lack of sufficient training. The plans are a strategically packaged set of personalized services, resources, and expert guidance that help drive product adoption, reduce security risks, and maximize your investment. You can expect proactive planning, success and escalation management, consulting, and education services, and business reviews to help transform your security into a business driver. Learn more.

McAfee Education Services

The IT professionals who enforce the security policies and run the tools that protect their organizations’ data frequently lack access to the training they need. The skills shortage, combined with lack of easily accessible training, leaves organizations exposed to attacks and data loss. Our cutting-edge McAfee Education Services portfolio offers flexible product and security training options that help you stay ahead of threats, save time, and maximize your McAfee investment. We’ve added guided on-demand training, bringing the classroom training experience in a remote setting with hands-on labs access, and refreshed our product training catalog. Learn more.

McAfee Incident Response

You need to be prepared for cyberattacks. The McAfee Incident Response (IR) Service is a comprehensive offering that combines two services that prepares and strengthen your company against potential cyberattacks and gives you greater peace of mind. Our 40-hour IR readiness assessment provides you the opportunity to collaborate with McAfee security professionals to proactively build a comprehensive IR plan. You also receive 160 pre-paid emergency IR hours to use over a 12-month period. Should a cyberattack occur, you have access to McAfee security experts to help you through the crisis, saving downtime and loss of reputation. Learn more.

McAfee Corporate Support Enhancements

McAfee understands that your time is valuable. We’ve made some important changes to help you resolve issues more quickly and, ultimately, make it easier to interact with McAfee Technical Support. These enhancements include a simplified Service Request submission process, single case ownership from creation to resolution, phone lookup enhancements for direct connect to the case owner. This provides consistency and reduces the time spent on troubleshooting, ensuring your business issues are addressed. Learn more.

Self-Service Tools

To improve your digital support experience, we’ve developed several new self-service tools and resources. These include:

  • New mobile application which allows you to receive notifications and view, update, and close Services Requests.  Download to your Android or iOS mobile device from the app store
  • New portal landing pages, a central location for common resources, categorized by product, where you can get answers to your critical questions
  • Support communities where you can collaborate with liked-minded security professionals to resolve issues and share information and best practices
  • Access to a library of YouTube videos that provide “how to” support for new product features
  • Launching next month, an in-product McAfee ePO Support Center plug-in to simplify and streamline technical troubleshooting (for version 5.3 and higher)