Login
In response to the latest MITRE Engenuity ATT&CK® Evaluation 3, McAfee noted five capabilities that are must-haves for Sec Ops and displayed in the evaluation. This blog will speak to the alert actionability capability which is essential. This critical ability to react in the fastest possible way, as early as possible on the attack chain, while correlating, aggregating and summarizing all subsequent activity while reducing alert fatigue to allow Sec Ops to uphold efficient actionability.
As a Sec Ops practitioner and former analyst, I can remember the days of painstakingly sifting through countless alerts to determine if any of them could be classified as an incident. It was up to me to decide if the alert were a false positive, false alarm, or something the business should take more seriously… was it something we should wake someone up in the middle of the night over?
It’s been years since I sat on the front line, triaging the results of millions of dollars in investments installed on 100’s of 1000’s of systems worldwide. Thank goodness, times have changed. But the concept of “Alert Actionability” is still a very real aspect of SOC tooling, and it seeks to address 3 primary factors: trustworthiness, detail, and reaction capabilities.
When I say “trustworthiness” I’m referring to a quality of fidelity that has two equal, yet opposing, faces of efficacy: false positives and false negatives. Now, it would be very easy for a SOC solution provider to claim that its product offers 100% visibility if it creates an alert for every process activity and artifact recorded. Sure, its coverage is present, but how actionable is the needle in a stack of needle? As a result, the vendor is likely pressured to fine tune it’s alerting and as such introduces the risk of false negatives, or actual malicious events which go undetected. In the zeal of appealing to useability requirements the false positive curve decreases but the false negative volumes have no choice but to rise.
Resulting in a graph like this:
The secret sauce in the vendor’s capabilities lies in its capacity to push the intersection of these as far right as possible: minimize the false positives and maximize true positives while simultaneously attempting to bring false negatives down to zero. The better a vendor’s product can perform these non-trivial goals, the more likely it is to win your trust as a solution! And the more likely you are to trust the results you see on the dashboard.
Endpoint Detection and Response (EDR) tools have a unique property in which they offer both telemetry and alerting. This implies that there are two goals for EDR platforms: to include event level (telemetry) visibility with automated detection and to provide alerting capabilities for triggering action and triage. With telemetry, the concept of “falsing” is negated because it’s used in a post-facto context. After the alert is constructed, the telemetry can be correlated with the alert logic to provide supporting details. Simply, for EDR telemetry, the more the better.
As an analyst, I remember how much I loved putting together the pieces to tell a story. Extracting key artifacts from several disparate data sources and correlating hypothesis allowed me to present a compelling case as to the conclusion of the alert’s disposition. And I knew that I needed as much detail as possible to make my case; this is just as true today. The detail needs to be easily accessible, and it’s even better when the platform provides the detail proactively. In cases where such supporting evidence may not be possible in the alerting, an analyst’s expectation is that the platform makes hunting for those details easy; I’d even venture to say, “a delight.”
Many EDR platforms on the market offer reaction capabilities to address the “Response” moniker of the acronym. How flexible those response capabilities are in the platform provides a domain of options to act in response to the alert. For example, its rather evident that once an alert is convicted, the analyst may want to block the process, or remove a file from disk. But these reactions imply that the conviction is monolithic in that the analyst is absolutely sure of her conclusion. What if the conclusion is that we simply need more data? Having a robust reaction library that allows for further investigation with routines like sending a sample to a running sandbox, interacting with a given endpoint to act as an administrator, view system logs, or check the history of network connections all empower the analyst with further investigatory options. But why stop there? Having any fixed set of reactions would be presumptive. Instead, EDR products with a dynamic library and flexible, customizable, and modular reaction platform is key as every single SOC I’ve ever worked with has unique Incident Management and Standard Operating Procedures.
MITRE ENGINUITY released results for its 3rd round of ATT&CK® Evaluations in April 2021. The industry is certainly fortunate to receive such 3rd party efficacy testing in the EDR market completely free to consumers. It is incredibly important to add that the ATT&CK Evaluations should be used as a single component of your EDR evaluation program. Efficacy helps determine how fit-for-purpose the product is by answering questions like, “Will it detect a threat when I need it to?” or “Can I find what I need, when I need it?”. But practitioners realize there are also pivotal points that need to be addressed around manageability. Understanding that not alerting on everything is just as important as alerting on the right things. And giving you a plethora of alerting response capabilities helps complete the alert investigation and response actions. McAfee’s MVISION EDR embraces all of these key alert actionability factors and will help displace the manual efforts in your analytics processes. McAfee’s MVISION EDR (soon to evolve to MVISION Extended Detection & Response (XDR)) provided insight through detail and reduced alert fatigue during the evaluation providing context and enrichment, resulting in a ratio of 62% analytic detections (non-telemetry detections) out of the 274-total detections.
Check out other McAfee discussion on MITRE (see resources tab.)
The post Alert Actionability In Plain English From a Practitioner appeared first on McAfee Blogs.
Summer is here, which means more sun and more fun for everyone. It also means more streaming, gaming, and downloading. This seasonal reality reminds us that to enjoy the best of summer, it’s important to stay aware of the digital risks that could sink the fun faster than you can say, “it’s hammock time!”
Emerging from the pandemic, we’re familiar with the increase in online time that came with remote learning. However, shift into summer means the remote learning hours will quickly turn into hours spent gaming, TikTok scrolling, and social networking. If you add summer travel plans to those activities, your family also becomes vulnerable to Wi-Fi breaches, viruses, sketchy apps, and device theft.
Suppose your family’s screen time rules became laxer this year. In that case, summer is the perfect time to start re-establishing healthy digital habits for gamer security, app security, and Wi-Fi security, be it at home or while traveling. Here are just a few tips to get you rolling.
According to a recent McAfee study 2021 Consumer Security Mindset: Travel Edition, 2 out of 3 Americans plan to travel this summer. However, the study also highlighted a troubling discrepancy: while 68% of Americans confirm they are more digitally connected since the onset of COVID-19, only about half of them have implemented additional levels of internet security.
Chances are someone in your immediate family — perhaps an elderly relative or a younger child — is among those who are more connected since COVID-19 but less secure as they head into the summer months. One way to close that gap is to educate and share family internet security tips. Here are just a few.
This summer can unfold seamlessly and be packed with unforgettable family memories. Or, it could be a season you’d rather forget if you wander into a digital danger zone. Remember: Your family’s privacy is as strong as your weakest family member’s security IQ. One vulnerable person exposes the data and security of everyone under your roof. So, taking the time to build up your family’s internet security is a big step in bummer-proofing your summer. Here’s to fun, sunny, safe days ahead!
The post At Home or On-the-Go: Boost Your Internet Safety this Summer appeared first on McAfee Blogs.
When we think of tipping, many don’t see it as anything beyond a display of gratitude. However, Twitter’s latest feature is prompting its users to rethink this sentiment. It hasn’t been long since Twitter released their new Tip Jar feature, which allows users on the platform to send tips to designated accounts. However, online users and security experts are already exposing the vulnerabilities in its architecture.
Twitter’s Tip Jar has sparked concerns over user privacy due to the exposure of user’s shipping address, not to mention concerns over fraudulent payment disputes. Here’s what you need to know about this feature and what it means for your financial and data privacy.
It was recently revealed that the new feature may not be as secure as it was believed to be. Users were quick to point out a critical flaw that reveals their shipping address to the recipient when sending money through PayPal. Shortly after, others also discovered that Twitter Tip Jar could reveal a user’s email address even if no transaction took place. Only a limited number of accounts can receive payments, including creators, journalists, experts, and nonprofits. However, anyone can send tips, making the new feature’s vulnerabilities more concerning.
The reason why PayPal displays the sender’s shipping address is because Twitter categorizes tipping as a payment transaction. Therefore, recipients would receive the sender’s payment and shipping details by default, just like any other vendor would in a typical online transaction.
While your information is not shared publicly, exposing it to recipients poses increased security risks.
Picture this: Hackers recognize notable recipients and hack their accounts to steal their information—including your personal address. They then use your information to carry out targeted phishing attacks and ransomware. You lose your data, your device becomes infected and therefore unusable, and you’re even more susceptible to identity fraud—all stemming from an attempt to leave a digital tip as a token of goodwill.
Twitter Tip Jar is a prime example of a good idea gone awry. Twitter released the feature to support notable members of their community, many of whom prefer to use Twitter due to the level of anonymity that is allowed by the platform — it does not require your real name, which potentially leads to more anonymous interactions than other social media sites. For this reason, Twitter users are more vulnerable to privacy concerns when using the Tip Jar.
In addition to privacy concerns, hackers could also misuse the Tip Jar feature through fraudulent payment disputes. If someone tips a Twitter user using the Tip Jar and later files a “dispute” regarding the payment, PayPal requires the recipient pay a $20 dispute charge. Now imagine if a malicious entity does this to a recipient multiple times. The user could quickly accumulate hundreds of dollars in dispute charges instead of tips, causing the direction of money flow to effectively be reversed and financial stress on the recipient.
It can be challenging to safely navigate social media from a cybersecurity perspective because sharing is now synonymous with social networking. If you actively participate on social platforms, here are the three tips you should follow to side-step any security gotchas along the way:
Fortunately, there’s a simple workaround to avoid publicly sharing your shipping address while using the Twitter Tip Jar. When sending a tip using Tip Jar, rather than inputting an address under the shipping address form field, simply defer to the “No address needed” option to keep your address private.
Double check your privacy settings in both your social apps and your connected third-party payment systems. As you navigate this new feature and any that are up–and–coming, take note of the privacy policies that impact how your personal data is being used. (e.g. Twitter has updated its tipping prompt and Help Center to make it clear that other apps, such as PayPal, may share information between people sending and receiving tips).
Security researchers and engineers are constantly working to fix software bugs and vulnerabilities in the background. By turning on automatic updates, you are guaranteed to have all the latest security patches and enhancements for your apps and tools as soon as they become available.
It can be tempting to jump on the bandwagon when a shiny, new feature makes its way to the social media platforms you use and love. But taking the time to learn about these features before choosing to participate can save you from a potential privacy headache, especially in the case of the Twitter Tip Jar. By educating yourself on both the benefits and the risks, you’ll be able to take actionable steps that protect your personal information.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Keep the Change: 3 Tips for Using the Twitter Tip Jar appeared first on McAfee Blogs.
In the wake of the Schrems II decision[1], and even more in the light of Friday’s Facebook ruling[2], the question on everyone’s mind is how to truly protect personal data from the prying eyes of national security agencies around the world. Despite detailed guidelines[3] issued in November 2020, in the absence of new definitive guidelines for transferring data across European borders[4], many are starting to wonder whether data localisation is the magic bullet to protect personal data.
The terms ‘data sovereignty’, ‘data residency’ and ‘data localization’ are a source of confusion for most people. They are effectively three degrees of a single concept: how data privacy impacts cross-border data flows. This subject has become increasingly important following the Schrems II decision and its requirement that organizations when processing personal data must ensure their privacy is not put at risk and subject to governmental surveillance when shared across borders.
Data residency refers to the country where an organisation specifies that its data is stored, usually for regulatory or policy reasons. A common data residency requirement example is for tax purposes: to prove an organisation conducts a greater portion of its business in a given country, it will put in place an infrastructure that requires a strict data management in order to protect its taxation rights.
Data sovereignty differs from data residency in that not only is the data stored in a designated location, but it is also subject to the laws of the country in which it is physically stored. This difference is crucial, as there will be different privacy and security requirements depending on where the data centres physically sit. From a legal perspective, the difference is important because a government’s data access rights vary from country to country.
Data localisation is the most stringent concept of the three, which is the reason why it is often referred to as “hard data localisation”. It requires that data created within certain borders stay within them and is almost always applied to the creation and storage of personal data, without exception. A good example is Russia’s On Personal Data Law (OPD-Law), which requires the storage, update and retrieval of data on its citizens to be limited to data center resources within the Russian Federation.
In the post-Schrems II world, some organisations have taken the view that the GDPR requires hard data localisation. The question is then whether such practices are realistic, and whether they offer similar privacy protection to that of the GDPR.
Data localisation runs counter to the principles of cloud computing (and the internet) – allowing the free flow of data for the greatest use. It is also potentially contrary to the principles of free movement of data under EU law[5]. The Internet is global and beyond the Internet, most companies operate in an integrated global environment, bearing in mind that “remote access by an entity from a third country to data located in the EEA is also considered a transfer.”[6].
The cost of operating a localised service must also be factored in, including support, engineering (e.g. development, debugging and maintenance), and backup (e.g. redundancy) costs. So, whilst the creation of local infrastructure may in the short-term imply jobs for local economies, the reality is that given there are often fully automated, the jobs and investment dividend may be short-lived.
Data localisation is also often touted as a mean to shield European citizen data from 3rd country government surveillance in particular US Government access under the CLOUD Act. While localisation does offer some protections (i.e. from transfer of data out of the territory), it does not automatically mean that data will be protected adequately in country. For example, data localisation does not mean that appropriate encryption standards are met, nor does it mean that there is no local surveillance – even in adequate countries[7].
You have probably heard of the Five EYES, Nine EYES, and Fourteen EYES Alliances. If not, these are all about intelligence sharing agreements. Initially, the Five Eyes Alliance arose out of the cold war era and was a pact between the United States and the UK aimed at decrypting Soviet Russian intelligence. By the late 1950s, Canada, Australia, and New Zealand also joined the Alliance. These five English-speaking countries are the Five Eyes Alliance. On top of this alliance, two other international intelligence-sharing agreements are publicly known: the Nine Eyes (Five Eyes + Denmark, France, Holland, Norway) and the Fourteen Eyes Alliances (Nine Eyes + Germany, Belgium, Italy, Sweden, Spain).
With this in mind, some companies argue, without evidence, that by doing business from a given jurisdiction, they are able to offer more adequate protection against surveillance. And without much surprise, not one country, even within the European Union, offers the same level of protection against surveillance, and the US’ surveillance activity isn’t much more extensive than other countries viewed as providing adequate protection.[8] Let’s take for instance the use of a VPN to protect privacy. Many providers argue that choosing a VPN outside the 5/9/14 Eyes countries may offer further protection.
The truth is once this very obvious statement is said, the question still remains wide open for many valid reasons. VPNs are international operations, meaning effectively, any organisation operating in a given country may be liable to that country’s law enforcement, whether by treaty, or by any other type of court orders. If a country does not have a general treaty and is not part of 5/9/14 eyes, there’s nothing stopping one country from putting political pressure on the other (sanctions, for example) to get what they want. Additionally, operating in a given country, for instance Panama, does not mean a country will refuse to cooperate with another country’s authorities, such as Canada.
There is little chance to find one country that is completely immune to data access laws in one way or the other, and nothing can stop one country from putting pressure on another one to obtain what it wants. That works for companies as well. For instance, Microsoft recently announced that it has “answered Europe’s call,”[9] but it cannot reject a request based on the CLOUD Act, and the compensation offered by Microsoft for a violation of the GDPR is not equivalent to the recourse to an available judicial remedy as requested under the Schrems II decision.
Now, once all of the above is said, it must be kept in mind that just because being anonymous is impossible, that you shouldn’t still try to protect your personal data as much as possible, or request companies to strictly comply with data minimization principles. All in all, governments would not have access to so much data if companies were not holding themselves so much data. Data minimization ends up being not only a good tool for increasing security, since attackers can’t steal what you don’t have, but also because it could potentially help people decrease the costs of data redundancy, storage, etc.
In 2020, the Internet Society penned a report on the implication of data localisation for cybersecurity that has much merit, and stated that “Cybersecurity may suffer as organizations are less able to store data outside borders with the aim of increasing reliability and mitigating a wide variety of risks including cyber-attacks and national disasters.”[10]
Data localization practices may harm cybersecurity services through the following facts:
This train of thought also applies to the selling of data to unsecure third parties within the same region or preventing unauthorised access to the data gained by third parties.
Some also argue that data localisation interferes with fraud prevention. For example, the inability to mirror data across several data centers can prevent the provider from seeing patterns and trends of fraud or other risks.
Data localisation may be presented by some as a magic bullet, but the complete implications are yet to be fully understood. Hence policies or commercial practices requiring forced data localisation must be thought through carefully as they can impact the free flow of data, can comprise the ability to scale platforms and services for global customers in addition to the many cybersecurity harms that may impact operational effectiveness.
Disclaimer: This blog reflects the authors’ personal opinions. Any statements, opinions, and any errors are the authors’ own and not those of McAfee. The statements in this blog do not constitute legal advice, and each company must determine for itself its obligations under all laws. Nothing herein establishes an attorney-client relationship.
[1] https://www.europarl.europa.eu/RegData/etudes/ATAG/2020/652073/EPRS_ATA(2020)652073_EN.pdf
[2] The EU-U.S. Data Transfer Problem Is Bigger Than Most People Realise (linkedin.com)
[3] Recommendations 2020/1 and 2020/2 of the EDPB – https://edpb.europa.eu/sites/default/files/consultation/edpb_recommendations_202001_supplementarymeasurestransferstools_en.pdf
[4] European Standard Contractual Clauses, available on https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
[5] The European Parliament considers “the free movement of data as the Fifth Freedom in the single market after the free movement of persons, goods, services and capital” – Morrison Foerster Client Alert “New EU Regulation to Strengthen the Free Movement of Data 06 Nov 2018” https://www.mofo.com/resources/insights/181106-eu-regulation-data-movement.html
[6] https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
[7] For example, French surveillance laws authorises surveillance not only to combat terrorism and other criminal offences, but also to protect France’s major economic, industrial, and scientific interests.
[8] https://www.comparitech.com/blog/vpn-privacy/surveillance-states/
Canada is part of the 5 Eyes but has repeatedly demonstrated its commitment to free and unrestricted internet access and has strong protections for freedom of speech and press, and the government has expressed support for net neutrality. Iran is not part of any of the know alliances. However, VPN providers are required to request government approval before providing their services, and people accessing the international internet network using VPNs without such government approval risk up to 1 year of prison time.
[9] https://blogs.microsoft.com/eupolicy/2021/05/06/eu-data-boundary/
[10] https://www.internetsociety.org/resources/doc/2020/internet-impact-assessment-toolkit/use-case-data-localization/
The post Data Localisation – The Magic Bullet? appeared first on McAfee Blogs.
In our last blog about defense capabilities, we outlined the five efficacy objectives of Security Operations, that are most important for a Sec Ops; this blog will focus on Visibility.
The MITRE Engenuity ATT&CK® Evaluation (Round3) focused on the emulation of Carbanak+FIN7 adversaries known for their prolific intrusions impacting financial targets which included the banking and hospitality business sectors. The evaluation’s testing scope lasted 4 days – 3 days were focused on detection efficacy with all products set to detect/monitor mode only, and the remaining day focused on protection mode set for blocking events. This blog showcases the breadth and depth of our fundamental visibility capabilities across the 3 days of detection efficacy.
It is important to note that while the goal of these evaluations by MITRE Engenuity is not to rank or score products, our analysis of the results found that McAfee’s blue team was able to use MVISION EDR, complemented by McAfee’s portfolio, to obtain significant visibility, achieving:
| Scenario | Evaluation Scope | Visibility Outcome |
| Scenario – Carbanak | Across all 10 Major Steps (Attack Phases) | 100% |
| Scenario – FIN7 | Across all 10 Major Steps (Attack Phases) | 100% |
The evaluation when tracked by Sub-steps shows McAfee having 174 sub-steps with a total 87% visibility.
When you seek to defend enterprises, you need to assess your portfolio and ensure it can go the distance by spanning across the endpoint and its diverse context, as well as network visibility stemming from hostile activity executed on the target system. More importantly, your portfolio must closely track the adversary across kill-chain phases (miles-wide) to keep up with their up-tempo. The more phases you track, the better you will be able to orient your defenses in real-time.
The Carbanak emulation consisted of an attack with 10 Major Steps (Kill Chain Phases) on day one, and our portfolio provided visibility across every phase. In these 10 phases, MITRE conducted 96 substeps to emulate the behaviors aligned to the known TTPs attributed to the Carbanak adversary.
McAfee MITRE Engenuity ATT&CK Evaluation 3 Results
The FIN7 emulation consisted of an attack with 10 Major Steps (Kill Chain Phases) on day two, and our portfolio provided visibility across every phase. In these 10 phases, MITRE conducted 78 substeps to emulate the behaviors aligned to the known TTPs attributed to the FIN7 adversary.
McAfee MITRE Engenuity ATT&CK Evaluation 3 Results
Tracking the adversary across all phases of the attack (miles-wide) is significantly strong, but to be really effective at enterprise defense, you also need to stay deep within their operating mode, and keep up with their movement within and across your systems through different approaches (feet-deep). At McAfee, we design our visibility sensors across defensible components to anticipate where adversaries will interact with the system, consequently tracing their activities with diverse data sources (context) that enrich our portfolio. This not only let us track their intentions, but also discover impactful outcomes as they execute hostile actions (sub-steps).
Defensible Components and Telemetry acquired during the evaluation.
If a product is configured differently you can obtain information from each Defensible Component, but this represents telemetry acquired based on the config during the evaluation (not necessarily evidence that was accepted).
Of the 96 Sub-Steps emulating Carbanak, our visibility coverage extends from more than 10 unique data sources including the automated interception of scripted source code used in the attack by our ATD sandbox integration with the DXL fabric.
McAfee MITRE Engenuity ATT&CK Evaluation 3 Results
Of the 78 Sub-Steps emulating FIN7, our visibility coverage extends from more than 10 unique data sources providing higher context in critical phases with Systems/Api Calls Monitoring to preserve the user’s security awareness as advanced behaviors aim for in-memory approaches conducted by the adversary.
McAfee MITRE Engenuity ATT&CK Evaluation 3 Results
Acquiring data from sensors is fundamental, however, to be effective at security outcomes, your portfolio needs to essentially spread its deep coverage of data sources to balance the security visibility blue-teamers need as the progression of the attack is tracked through each phase.
This essential capability provides the blue-teamer a balance of contextual awareness from detection technologies (EDR and SIEM), and decisive disruption of impactful behaviors from protection products (ENS, DLP, ATD, NSP) oriented to neutralize the adversary’s actions on objectives.
In every phase of the attack, McAfee protection fused with detection products would successfully neutralize the adversary and afford blue teamers rich contextual visibility for investigations needing context before and after the block would have occurred.
McAfee MITRE Engenuity ATT&CK Evaluation 3 Results
This chart clearly shows how ENS (in observe mode) would have prevented a successful attack, blocking the Initial Breach, protecting the customers from further damage. For the scope of the evaluation, it’s also important to remark how the products interacted by providing telemetry on each step.
McAfee MITRE Engenuity ATT&CK Evaluation 3 Results
In the impactful kill-chain phase of “steal payment data”, the DLP product kicks into prevention, while being complemented by the ATD sandbox intercepting the payload that attempts to steal the information, as well as EDR having contextual information within the kill-chain for offline investigations the blue teamer needs.
Here, we covered the essentials of visibility and how to determine the power of having a strong telemetry foundation, not only as individual sensors or defensible components that provide information, but when analyzed and contextualized, we enable the next level of actionability required to prioritize cases with enriched detections.
Stay tuned for the next blog series explaining how detections were supported by this telemetry where we produced 274 detections that have more than 2 data sources.
The post Miles Wide & Feet Deep Visibility of Carbanak+FIN7 appeared first on McAfee Blogs.
Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect your device like a royal family fortifying a medieval castle. Unlike medieval castles that depended upon layers and layers of protection (moats, drawbridges, spiky gates, etc.), personal devices thrive on just one defense: a devoted guard called antivirus software.
Increasing your personal device’s security detail with more than one guard, or antivirus software is actually less effective than using a single, comprehensive option. Microsoft operating systems recognize the detriment of running two antivirus software programs simultaneously for real-time protection. Microsoft Windows automatically unregisters additional programs so they do not compete against each other. In theory, if you have a Microsoft device, you could run on-demand or scheduled scans from two different antivirus products without the operating system disabling one of them. But why invest in multiple software where one will do?
If you do not have a Microsoft device, here is what could happen to your device if you run more than one antivirus program at a time, and why you should consider investing in only one top-notch product.
Antivirus programs want to impress you. Each wants to be the one to catch a virus and present you with the culprit, like a cat with a mouse. When antivirus software captures a virus, it locks it in a secure place to neutralize it. If you have two programs running simultaneously, they could engage in a tussle over who gets to scan, report, and remove the virus. This added activity could cause your computer to crash or use up your device’s memory.
Antivirus software quietly monitors and collects information about how your system runs, which is similar to how viruses operate. One software could mark the other as suspicious because real-time protection software is lurking in the background. So, while one antivirus program is busy blowing the whistle on the other, malicious code could quietly slip by.
Additionally, users could be buried under a barrage of red flag notifications about each software reporting the other as suspicious. Some users become so distracted by the onslaught of notifications that they deactivate both programs or ignore notifications altogether, leaving the device vulnerable to real threats.
Running one antivirus software does not drain your battery, and it can actually make your device faster. However, two antivirus programs will not double your operating speed. In fact, it will make it run much slower and drain your battery in the process. With two programs running real-time protection constantly in the background, device performance is extremely compromised.
There is no reason to invest in two antivirus programs when one solid software will more than do the trick to protect your device. Here are some best practices to get the most out of your antivirus software:
One habit you should adopt is backing up your files regularly. You never know when malware could hit and corrupt your data. Add it to your weekly routine to sync with the cloud and back up your most important files to an external hard drive.
Whenever your software prompts you to install an update, do it! New cyber threats are evolving every day, and the best way to protect against them is to allow your software to stay as up-to-date as possible.
Always read your antivirus results reports. These reports let you know the suspicious suspects your software was busy rounding up. It will give you a good idea of the threats your devices face and perhaps the schemes that you unknowingly fell into, such as clicking on a link in a phishing email. This information can also help you improve your online safety habits.
Everyone needs strong antivirus. Yet antivirus alone isn’t enough to beat back today’s threats. Hackers, scammers, and thieves rely on far more tricks than viruses and malware to wage their attacks, and data breaches slip billions of personal and financial records into the hands of bad actors. You’ll want to pair antivirus with further protection that covers your privacy and identity as well.
For example the antivirus included with McAfee+ Ultimate can secure an unlimited number of household devices. Yet it offers far more than antivirus alone with our most comprehensive protection for your privacy, identity, and devices. The full list of features is long, yet you’ll get credit monitoring, dark web monitoring, removal of personal information from risky data broker sites, along with identity theft protection and restoration from a licensed expert if the unexpected happens. In all, it offers a single solution for antivirus, and far more that can protect you from the broad range of threats out there today.
The post Less Is More: Why One Antivirus Software Is All You Need appeared first on McAfee Blog.
Today’s technology allows you to complete various tasks at the touch of a button wherever you go. As a result, you place trust in online services that make everyday chores more convenient without second-guessing their effects. One such service is online banking. More Canadians are doing their banking virtually with over 76% using online or mobile devices. Despite the extensive measures that banks take to strengthen their online security, no system is fail-safe. It is extremely important to practice proper security habits and be on the lookout for online fraud to ensure the safety of your financial information.
According to the Canadian Bankers Association (CBA), banks in Canada use sophisticated technology and layers of security to help protect customers from fraud when doing their banking online or using a mobile banking app. Although online banking is generally safe, it does provide cybercriminals with a potentially lucrative opportunity. Some scammers turn to phishing techniques to trick people into handing over their sensitive personal information. They call, text, or email you claiming to be a representative from your bank and state that they noticed some unusual activity related to your account. The imposters then ask you to click on a link in the email or text message to verify your credentials. Unfortunately, this “verification link” is actually a phishing link, and cybercriminals can use the password or credit card details to walk right into your account.
Once cybercriminals gain access to your password and username, they may then move on to credential stuffing. Credential stuffing occurs when an attacker inserts the username and password for one account into the login page of another online service. This tactic capitalizes on the fact that many people reuse the same username and password across multiple accounts.
Hackers also use phishing to spread malware onto the devices you use to access online banking services. These suspicious emails and text messages disguised as notifications from your bank could contain malicious links or attachments that trick you into downloading malware on your device. Furthermore, attackers mimic banking and money transfer institutions to collect your credentials and access your sensitive information.
The convenience of paying bills and depositing checks without running to the bank or post office is undeniable. Everyone is always rushing about, so if you’re now doing these things online securing your online privacy is not a responsibility to speed through.
It’s important that you put your privacy first when using online and mobile banking platforms so you can use these convenient services without jeopardizing your financial accounts. Follow these tips to enhance your online banking security:
Review your bank’s terms and conditions to understand your responsibilities as the account owner and the responsibilities of your bank. Check your accounts regularly for transactions you didn’t make and contact your financial provider as soon as you find an error. Most banks have policies that reimburse you for unauthorized purchases if someone uses your credit card without your permission.
Look at the recommendations provided by your bank, for example, CIBC recommends using longer passwords for your bank account that include a combination of uppercase, lowercase, numbers, and special characters. Additionally, do not reuse this password across your other accounts. If a hacker guesses your password for one of your online accounts, it’s likely that they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel secure knowing that the majority of your data is secure if one of your accounts becomes vulnerable. If you’re worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.
Always opt-in for two- or multi-factor authentication if your financial institution offers it. This is a method of signing in that requires not only a username and password but also a one-time code that is sent by text or email. This extra layer of verification makes it much harder for a criminal to access your sensitive accounts.
From splitting the check when eating out with friends to dividing the cost of bills, third-party mobile payment apps are an incredibly easy way to share money. Before downloading these apps, do your research. Ensure that the company behind the app or the app itself hasn’t undergone any major security incidents and that they have a history of patching bugs immediately. If you decide to download a mobile payment app, set your account to private and limit the amount of data you share. Additionally, look for the lock icon in your web browser when logging in to online banking platforms. A closed lock or padlock indicates that the website you’re on is secure.
Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. These mistakes include spelling or grammar errors throughout the email or text message, using a company’s logo with the incorrect aspect ratio or low resolution, and using a URL with typos. For example, phishers may swap an “o” with a zero, or end the address with “.con” instead of “.com.” If you receive a message with any of these characteristics, do not click on any of the links and delete it immediately.
Never conduct your banking business on a public or unsecured wi-fi network. Connect to a virtual private network (VPN), which allows you to send and receive data while encrypting your information. When your data traffic is scrambled, it’s shielded from prying eyes, which protects your network and the devices connected to it.
While online banking adds a wealth of convenience to your lives, it’s important that you remain invested in your security first and foremost. Cybercriminals often take advantage of your reliance on digital platforms to disguise themselves as bank representatives and trick you into handing over your personal data. To remain secure while online banking, practice good cybersecurity hygiene by using strong, unique passwords, multi-factor authentication, and stay vigilant while looking for signs of phishing. These tips will help elevate your financial security so you can virtually bank with peace of mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Elevate Your Financial Security: How to Safely Bank Online appeared first on McAfee Blogs.
Imagine, if you will, a scene straight out of one of your favorite impossible mission movies. The background music is driving a suspenseful beat while the antagonist attempts to steal the latest technology from a very favored industry competitor called Rad-X Incorporated. It’s a trade secret that will change the industry forever, and if the villain achieves her mission, she will hold the future of aviation in the palm of her hand. She’s bypassed laser motion detectors, swung from the ceiling to avoid floor placed pressure plates, and even performed some seriously intense acrobatics to slip through video surveillance mechanisms. Then, at the apex of suspense while the music ascends to a crescendo, a hard thumping release, she reaches out to grasp a microchip placed in the center of the room on a pedestal as if the room were designed only to show off its magnificence. As her fingers gently nestle against the circuit… the music stops, the alarms sound, and she walks out completely and utterly undisturbed!
All the components in this scene were meant to record and detect when an activity occurs. But when we needed it most all that it amounts to is a noisy detection capability. It did not actually “prevent” the malicious actor from doing anything. Instead, the system merely let everyone know that it occurred… very anticlimactic if you ask me, and frankly not very useful if you’re the good guy.
SIEM technologies have been used in security operations for over 15 years for a few reasons. First, SOCs must be able to tell a story while performing incident response investigations. And to go back in time effectively, logged events of these activities can be more easily accessed if the events are stored centrally and for an appropriate longevity. So, when the police show up, the victim can accurately name the perpetrator. Next, because the data sources are so disparate, SIEMs can be used to correlate activities among usually unrelated feeds. For example, if a floor plate triggered, then a motion sensor fires within 15 seconds of each other, their collective severity may raise more of an alarm. And thirdly, centrally reporting on collective data allows the business to identify where it is effectively investing in control technologies. In this extended example, the victim can run a report monthly showing that the microchip pressure sensor triggered 5 times this month, while the others may have triggered only once or twice. Certainly, all these capabilities are just as important today as they were in 2005.
But there is one glaring gap: why isn’t there a better way to take corrective action after the incident occurs? Extended Detection and Response (XDR) capabilities have some similar outcomes as we would expect in 2021, but with an added response component… and in McAfee’s case, many response components. Some capabilities overlap SIEM’s, which is natural based on each use case, but both of which are still essential to the modern security operations program.
Figure 1: SIEM vs XDR Capabilities
While SIEM technologies, for the most part, allow its administrators to integrate through APIs with other technologies, the actions available are often limited in nature and fail to provide a seamless and consistent response option across the landscape. XDR, however, does just that. The platform is designed such that whether the system on which you are acting is an endpoint, network component, or cloud service, the security operations practitioner should expect to enjoy an intimate level of native control on that security control device. Performing actions like restricting further access, retrieving additional information, or gaining console capabilities should be as simple as a click of a button. With XDR, when the alarm sounded, Rad-X would have been able to simply click a button to lock the vaulted room and apprehend the perpetrator.
And since this is a differentiator between XDR and SIEM platforms, it should stand to reason that response capabilities should be a key factor when comparing XDR providers. McAfee offers some of the most robust response capabilities right out of the box such as quarantining affected assets, while simultaneously offering the ability to write your own for Windows, MacOS, or Linux.
While it is painfully apparent that data entering data lakes and massive data collections are regularly changing, data types are changing almost as frequently. SIEM technology, which is heavily based on collectors, parsing, enrichment, ontology, and more, often fails to address the ongoing change of data types on the data source. This means that the collectors need to be updated frequently. However, what if the data was first triaged and analyzed at the source and the results delivered to the collection and correlation points? This would address a large portion of the data type challenge while simultaneously expecting and embracing the idea that the data will continue to live at its source. Sure, there may be cases where the raw data needs to be shipped to mass storage for historical searching and hunting, but those are the minority of the cases. And, since the goal of XDR is not to meet log retention requirements as a compliance tool, it need not focus on collecting all events created.
When running a search in XDR platform, such as McAfee’s MVISION XDR, the searches can be run against mass storage or in real-time. Realtime searches allow the data source to perform the query against the raw origination of the event. And, since both capabilities are available, comparing deltas between the state of the data source is easily done. If Rad-X, were using XDR they would be able to ask questions of the corridors, cameras, and entry ways the villain was using throughout the attack. Instead, they were forced to wait for an event significant enough to have occurred to be alerted that the incident was now in the past.
Figure 2: XDR Logical Architecture
Figure 3: Traditional SIEM Architecture
As you can tell from the illustrations above, XDR offers security teams a simpler cloud-native service architectural model when compared to traditional SIEM. The majority of SIEM deployments require all the native infrastructure to be deployed as on-premises software or appliances or in IaaS. XDR can reduce the complexity of your security configuration and the expert resources required to operate it.
Rad-X’s CEO wants answers, and he wants them now! How did this happen? Did we know about this criminal and anything she may have been up to? Were we the only targets? What is our best course of action to investigate what happened here?
MVISION XDR is designed to answer exactly these questions.
MVISION XDR goes beyond consolidation of endpoint detection and response (EDR), network detection and response (NDR), and cloud detection and response capabilities as it leverages threat intelligence and analytical posture assessments from MVISION Insights to guide its ability to predict, to prescribe, and to help prioritize what’s most important in your organization. MVISION Insights would help Rad-X shift its focus left of the moment of impact by telling its defenders about the pending threats from the threat actor. Knowing that she was targeting aviation innovators and that Rad-X was in her line-of-sight would have helped, but it would also call out the gaps in defense capabilities based on her techniques and procedures.
Then, even if the incident were to still have occurred, MVISION XDR would be able to take advantage of its Artificial Intelligence data analytics by examining how the intruder behaved, what kind of artifacts were left behind on the floor, and what may be missing from the environment which “should” be there. It’s like having a virtual Sherlock Holmes analyzing each of your XDR incidents across endpoints, network, and cloud environments.
Rad-X suffered an unfortunate event, but they learned an incredibly valuable lesson: SIEM is important as it meets some critical functions, but XDR is more appropriate in performing action driven investigations, threat analytics, rapid response, and more. So, if you find yourself in a position like Rad-X and are curious about the value and benefits of XDR in your environment, take a page out of Rad-X’s playbook and consider MVISION XDR to provide a shift left in threat predictions, prescriptions, and prioritization. Consider MVISION XDR to enhance your incident analytics capabilities with cloud-based AI playbooks. And consider MVISION XDR to provide detection and response capabilities from device to cloud.
If you’d like to learn more about what MVISION XDR can do for you and how it is evolving at McAfee, join me for a live tech talk on May 25, 2021. I’ll be joined by Randy Kersey, XDR Product Manager at McAfee, to discuss how security operations teams can respond more effectively to incidents by harnessing their extensive security telemetry with the latest release of MVISION XDR. Be sure to register via LinkedIn. I hope to see you there!
The post Mission Possible: Hunting Down and Stopping Stealthy Attackers with MVISION XDR appeared first on McAfee Blogs.
Data protection acts are regularly coming into force around the world and on July 1st 2021 it is the turn of South Africa, as the POPIA (Protection of Personal Information Act) will be enforced from that date. I caught up with David Luyt, Privacy Counsel at Michalsons in Cape Town to discuss what this means for South African consumers, businesses and IT teams.
Nigel: Must my organisation comply with POPIA?
David: Essentially, if you are domiciled in South Africa or you process personal information in South Africa, then you need to comply with POPIA. POPIA, unlike the GDPR, does not apply extraterritorially. Meaning that it only applies to organisations in South Africa.
Nigel: How can I find out more about the POPI Act?
David: Knowledge is Power. Having a high-level awareness of POPIA is crucial in helping you decide what your next steps are going to be. To learn more about the impact of POPIA on your organisation, take the Michalsons’ complimentary impact assessment for your specific organisation, read our insights on it, or watch our video.
Nigel: Who is the right person to be responsible for this?
David: Every organisation has an Information Officer by default and they are responsible for ensuring that the organisation complies with POPIA. However, the whole organisation needs to understand its responsibilities. Any employee that handles personal information, all systems that store and process that information and all 3rd party and cloud providers that are part of that data processing need to be reviewed and understand their responsibilities.
Nigel: What is the impact on my organisation?
David: You need to know the impact of POPIA on your specific organisation so that you can decide what the next best steps are.
Complying with POPIA is not a case of one size fits all. Different organisations need to take different actions to comply. For example, what a small enterprise (or SME) has to do is very different from what a medium or large-sized organisation has to do.
An organisation’s actions are also dependant on the foundations already built to protect personal information. Some organisations may have many safeguards in place while others are new to the issue.
Nigel: What are my organisation’s next steps?
David: At Michalsons we believe that data protection is like personal fitness – it takes time to get fit! To learn more, have a look at our top tips for data protection projects. And if you’re wondering ‘how much does data protection compliance cost?’ then we have the answer for that too!
Nigel: Which departments seem to need the most help understanding POPIA?
David: It would be unfair to single out a single group or department, but the adage “you cannot manage what you cannot see” is very true in this situation. Every organisation needs to know where its personal data is kept, how it is handled and make sure that all employees recognise the importance of the Act.
A lot of initial work falls to the IT department to find all the current data on employees, business partners and clients and to ensure that this data is kept secure – whether inside or outside the organisation.
As we discussed in our joint webinar, this includes reviewing all outsourcing and cloud services – when you share or pass data to other organisations you are STILL responsible for everything that happens to that data, so you need to review these providers and put in appropriate measures to make sure that the data handling policies are designed to conform to the Act.
Your document on mapping POPIA to Cloud Computing has some good ideas for IT people to review – and not just for cloud, but all data handling should be reviewed in a similar way.
Nigel: Thank you for your time.
David: My pleasure.
The post POPIA – July 1st Deadline Approaches For New South African Data Protection Act appeared first on McAfee Blogs.
Many have seamlessly transitioned their fitness regimens out of the gym and into the living room since the start of the COVID-19 pandemic, thanks in part to the use of IoT devices. IoT (Internet of Things) denotes the web of interconnected physical devices embedded with sensors and software to collect and share information via the internet. The most common IoT devices used for virtual fitness include wearable fitness trackers and stationary machines equipped with digital interfaces. As effective as these devices are for facilitating a great workout, many do not realize the risks they pose for their online security. According to McAfee Labs Threats Report, new IoT malware increased by 7% at the start of the pandemic. There are various steps that users can take to continue using these devices securely without compromising performance. But first, it’s essential to understand why these devices are vulnerable to cyber-attacks.
IoT devices are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are exposed to the same vulnerabilities, namely malware and cyber-attacks.
One reason why IoT devices are so vulnerable is due to their update structure, or lack thereof. IoT devices lack the stringent security updates afforded to laptops or mobile phones. Because they do not frequently receive updates—and in some cases, never—they do not receive the necessary security patches to remain consistently secure.
What’s worse, if the developer goes out of business, there is no way to update the existing technology vulnerabilities. Alternatively, as newer models become available, older devices become less of a priority for developers and will not receive as many updates as their more contemporary counterparts.
Without these updates, cybercriminals can hack into these devices and taking advantage of the hardware components that make them a significant risk to users. For example, they can track someone’s location through a device’s GPS, or eavesdrop on private conversations through a video camera or audio technology.
IoT devices with unpatched vulnerabilities also present an easy entry point through which hackers can penetrate home networks and reach other devices. If these devices do not encrypt their data transmission between different devices and servers, hackers can intercept it to spoof communications. Spoofing is when a hacker impersonates a legitimate source, the back-end server or the IoT device in this case, to transmit false information. For instance, hackers can spoof communications between a wearable fitness tracker and the server to manipulate the tracking data to display excessive physical activity levels. They can then use this data for monetary gain by providing it to insurance companies and 3rd party websites with financial incentive programs.
Hackers can also exploit device vulnerabilities to spread malware to other devices on the same network to create a botnet or a web of interconnected devices programmed to execute automated tasks. They can then leverage this botnet to launch Distributed Denial of Service (DDoS) or Man in the Middle attacks.
Whether you own an IoT device to monitor your health or physical performance, it is essential to take the necessary precautions to minimize the risks they present to digital security. Here are a few tips to keep in mind when incorporating your device into your fitness routine.
Default names and passwords are low-hanging fruit for hackers and should be the first thing you address when securing your router. Default router names often include the make or model of the manufacturer. Changing it will reduce a hacker’s chance of infiltrating your home network by making the router model unidentifiable. Further, follow password best practices to ensure your router password is long, complex, and unique.
Next, make sure you enable the highest level of encryption which includes Wi-Fi Protected Access 2 (WPA2) or higher. Routers with older encryption protocols such as WPA or Wired Equivalent Privacy (WEP) are more susceptible to brute force attacks, where hackers will attempt to guess a person’s username and password through trial and error. WPA2 and higher encryption methods ensure that only authorized users can use your same network.
Lastly, create a guest network to segment your IoT devices from your more critical devices like laptops and mobile phones. If a hacker infiltrates your IoT devices, the damage is contained to the devices on that specific network.
Updates are critical because they go beyond regular bug fixes and algorithmic tweaks to adjust device software vulnerabilities.
Make it a point to stay on top of updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss pertinent news or information that may impact you. Additionally, make sure to update the app corresponding to your IoT device. Go into your settings and schedule regular updates automatically, so you do not have to update manually.
Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have a grade A track record for providing high-security products?
Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties. Do they have privacy policies in place to protect their users’ data under PIPEDA regulation?
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect
Next time you go for a run with geolocation activated on your smartwatch, think again about what risks this poses to your virtual security and even your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. In doing so, you ensure that hackers cannot utilize them as a foothold to invade your privacy.
IoT devices have made in-home exercise routines possible, given their increase in availability and ease of use. However, despite their capabilities for optimizing the fitness experience, the nature of these devices has made them one of many threats to personal privacy and online safety. For an elevated fitness experience beyond a great workout, start securing your IoT devices to integrate them into your everyday exercise routine safely.
The post Don’t Sweat Your Security: How to Safely Incorporate IoT Into Your Fitness Routine appeared first on McAfee Blogs.
Cybersecurity is often used as a blanket term to address online safety. Cybersecurity can refer to the software used to protect your devices, but it can also refer to the processes you put in place to protect yourself from online threats. Whether you’re implementing best practices, building awareness of security threats, or installing security software, taking a holistic approach to online security is crucial to remain secure and protected at all times.
Here are three tips for a holistic online security approach.
Efficient online protection ultimately begins with you, the end-user, and the steps you take to secure your devices.
The first step to ensure your device is secure is never to leave it unattended. Whether you’re at the grocery store or at home, always keep an eye on your devices. All it takes is a few minutes for someone to steal them or for kids to click on a malicious link while your attention is diverted. Make sure you have a contingency plan in case your device is compromised. For example, if someone steals your device, wipe the information on the device remotely. Revert it to the factory setting, so the thief can’t access your personal information. Regularly back up your data in the event of a lost or compromised device to ensure you retain important documents.
In some instances, you can also recover deleted files at any time given the right tools. Regularly shred unwanted documents for the files that you want permanently deleted. Install security measures across all devices and your networks to protect your data and privacy. Always lock your device before stepping away and layer your device security with multi-factor authentication to ensure you are the only one who can access your sensitive information.
Passwords are the gateway to your device and play just as critical a role in securing your personal information. Follow password best practices to prevent cybercriminals or mischievous children from infiltrating files and data. Use long and complex passwords and never reuse them across accounts. You can also use a password manager to keep track of your passwords in one centralized and secure location.
Strengthen your protection strategy by layering your physical device security with an enhanced awareness of relevant threats. Start by first taking a step back to assess your online persona. In other words, who are you? Are you a college student or a remote working parent who teleconferences frequently? Do you own an iOS device? Understand what your online devices and habits say about you as a person, as this will affect why and how cybercriminals target you.
For example, if you frequently teleconference for work or medical visits, you need to be aware of the teleconferencing risks of remote work or telehealth. Remote workers and telehealth patients face threats such as phishing emails or disrupted video conference calls. As a result, users must know the importance of using a video conferencing tool with end-to-end encryption and not sharing sensitive information through chat features.
Once you know the risks you face as an online user, consider the specific daily best practices for online safety. One good habit includes regularly updating your devices and software. Updating laptops, mobile devices, and routers ensure that existing bugs are fixed and security flaws are patched. Devices not equipped with the latest software are vulnerable to hackers.
Additionally, many cybercriminals will use social media to identify victims and target them through social engineering tactics. For example, they will send phishing emails to steal personal information and sell it on the dark web or hold it for ransom. Once you know what to look for, phishing emails are easy to spot. From there, you can send malicious messages straight to your trash folder and sidestep the threats that lie within. Check your privacy settings to control who can view your posts and ensure you receive notifications about suspicious activity on your account. Don’t respond to unknown messages and think twice before revealing sensitive information online. Practice better awareness by keeping up with new viruses and vulnerabilities. Use monitoring tools to check if your email or phone number is released in a recent data breach. Keep an eye on your financial accounts and consider freezing your credit to prevent hackers from taking out loans and opening new accounts in your name. Read reports such as McAfee Labs Threats Report and stay informed through credible news sources to stay one step ahead of the latest threats.
Also, stay aware of online fraud tactics since they are a significant risk for many Canadians. According to a CPA Canada Fraud Study conducted in January, almost three in four of those surveyed have received fraudulent requests including email and telemarketing requests. Evade online fraud by screening for unknown calls and steering clear of unsecured websites asking for sensitive information such as personal identification numbers and bank information.
The final component of a holistic security strategy involves implementing a complete security suite, such as McAfee Total Protection, across all your devices. Leveraging software security tools is one of the best ways to protect your devices and personal information from online threats. This software takes a multi-layered approach to security to prevent virus infection, detect vulnerabilities and minimize the risk of viruses.
For example, tools like a VPN and antivirus software take a preventive approach to online security. A VPN encrypts your data, so even if someone were to get their hands on your information, they would not be able to make much sense of it. Antivirus software guards against malware and monitors online traffic and activities for malware.
Detection and correction capabilities are also crucial to a well-rounded security suite. Identity theft protection is a critical part of this solution to ensure the integrity of your credit, as well as your court and criminal records, remain intact. Report missing ID cards and conduct a background if you suspect someone is impersonating you. The right security solution will be able to monitor your accounts and notify you when it detects unusual activity. It will also be able to guide you through the remediation process to restore your privacy and identity.
Effective cybersecurity requires a multifaceted approach to create a holistic security strategy. This approach should integrate layered protection starting with your devices, expanding to your threat awareness, and ending with the software tools you leverage to enhance your digital security. With a strategic framework in place, you can rest assured knowing that you are well equipped to handle whatever malicious threat comes your way.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 3 Tips to a Holistic Online Security Approach appeared first on McAfee Blogs.
SOCwise Weighs In
When the infamous Carbanak cyberattack rattled an East European bank three years ago this month few would have guessed it would later play a starring role in the MITRE Engenuity enterprise evaluations of cybersecurity products from ourselves and 28 other vendors. We recently shared the results of this extensive testing and in a SOCwise discussion we turn to our SOCwise experts for insights into what this unprecedented exercise may mean for SOC teams assessing both strategy concerns and their tactical effectiveness.
Carbanak is a clever opponent known for innovative attacks on banks. FIN7 uses the similar malware and strategy of effective espionage and stealth to target U.S. retail, restaurant and hospitality sectors, according to MITRE Engenuity, and both were highlighted in this emulation. These notorious actors have reportedly stolen more than $1 billion worldwide over the past five years. An annual event, the four-day ATT&CK Evaluation spanned 20 major steps and 174 sub-steps of the MITRE framework.
The first thing to realize about this exercise is few enterprises could ever hope to match its scope. What do you get when you match up red and blue teams? “I have not been through an exercise like that in an organization with both the red team and blue teams operationally trying to determine what their strengths and weaknesses are,” said Colby Burkett, McAfee XDR architect, a participant in the event, on our recent SOCwise episode. “And that was fantastic.”
A lot of SOC teams conduct vulnerability assessments and penetration testing, but never emulate these types of behaviors, noted Ismael Valenzuela, McAfee’s Sr. Principal Engineer and co-host of SOCwise. And, he adds that many organizations lack the resources and skills to do purple-teaming exercises.
While our SOCwise team raved about the value of conducting broad scale purple-team exercises, they expressed concern that the emphasis on “visibility” is no more valuable than “actionability.” McAfee, which scored 87% on visibility, one of the industry’s best, turned in a remarkable 100% on prevention in the MITRE Engenuity evaluations.
When we think about visibility, we think about how much useful information we can provide to SOC analysts when an attack is underway. There may be a tsunami of attack data entering SOCs, but it’s only actionable when the data that’s presented to analysts is relevant, noted Jesse Netz, Principal Engineer at McAfee.
A well-informed SOC finds a sweet spot on an axis where the number of false positives is low enough and the true positives are high enough “where you can actually do something about it,” added Netz.
He believes that for SOC practitioners, visibility is only part of the conversation. “How actionable is the data you’re getting? How usable is the platform in which that data is being presented to you?”
For example, in the evaluation we saw McAfee’s MVISION EDR preserve actionability and reduce alert fatigue. We excelled in the five capabilities that matter most to SOC teams: time-based security, alert actionability, detection in depth, protection, and visibility.\
If you can’t do anything about the information you obtain, your results aren’t really useful in any way. In this regard, prevention also trumps visibility. “It’s great that we can see and gain visibility into what’s happening,” explained Netz. “But it’s even better at the end of the day as a security practitioner to be able to prevent it.”
The SOCwise team overall applauded the progressively sophisticated approach taken by the MITRE Engenuity enterprise evaluations of cybersecurity products—now in its third year. However, our panel of experts noted that this round of testing was more about defending endpoints, rather than cloud-based operations, which are fairly central to defending today’s enterprise. They expect that focus may change in the future.
The MITRE Engenuity enterprise evaluations provide a lot of useful data, but they should never be the single deciding factor in a cybersecurity product purchase decision. “Use it as a component of your evaluation arsenal,” advises Netz. “It’ll help to provide kind of statistics around visibility capabilities in this latest round, including some detection capabilities as well, but be focused on the details and make sure you’re getting your information from multiple sources.”
For instance, Carbanak and FIN 7 attacks may not be relevant to your particular organization, especially if they’re centered on Cloud-based operations.
While no emulation can perfectly replicate the experience of battling real-time, zero-day threats, McAfee’s Valenzuela believes these evaluations deliver tremendous value to both our customers and our threat content engineers.
The post What the MITRE Engenuity ATT&CK® Evaluations Means to SOC Teams appeared first on McAfee Blogs.
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.
That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.
According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.
Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.
Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.
Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.
Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.
Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.
Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.
Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.
Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.
Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.
Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager, provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.
In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.
Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.
Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.
Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name.
Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.
The post 5 Ways to Protect Your Online Privacy appeared first on McAfee Blog.
Vinay Khanna, Ashwin Prabhu & Sriranga Seetharamaiah also contributed to this article.
In the Cloud, security responsibilities are shared between the Cloud Service Provider (CSP) and Enterprise Security teams. To enable Security teams to provide compliance, visibility, and control across the application stack, CSPs and security vendors have added various innovative approaches across the different layers. In this blog we compare the approaches and provide a framework for Enterprises to think of these approaches.
Cloud Service Providers are launching new services at a breakneck pace to enable enterprise application developers to bring in new business value to the marketplace faster. For each of these services the CSPs are taking up more and more of the security responsibility while letting the enterprise security teams focus more on the application. To be able to provide visibility, security and enhance existing tools in such diverse and fast changing environments CSPs enable logs, APIs, Native agents and other technologies, that can be used by Enterprise security teams.
There are many different approaches to security and each have varying tradeoffs in terms of the depth of visibility and security they provide, the ease of deployment, permissions required, the costs, and the scale they work at.
APIs and logs are the best approach to do get started with discovering your Cloud accounts and finding anomalous activity interesting to security teams in those accounts. It is easy to get access to data from various accounts using these mechanisms, without the security teams having to do much more than get cross account access to the numerous accounts in the organization. The approach provides great visibility but needs to be complemented with protection approaches.
Image and snapshot analysis are a good approach to get deeper data of the workloads both before the application starts and as they run. In this method the image/ snapshot of the disk of the running system can be analyzed to detect any anomalies, vulnerabilities, config incidents etc. Snapshots provide deep data of workloads but may not detect memory resident issues like fileless malware. Also, as we move to ephemeral workloads, analyzing snapshots periodically may have limited usage. The mechanism may not work for cloud services for which disk snapshots may not be possible to obtain. The approach provides deep data of snapshots but needs to be complemented with some protection approaches to be useful.
Native agents and scripts are a good approach to enable deeper visibility and controls by providing an easy way to enhance Cloud native agents like SSM on a machine. Based on the functionality agents can have high resource usage. Native agent support is limited by the CSP provided capabilities, like OS support/ features provided. In a lot of cases the native agents run commands that log the information needed, which implies we need to have the logging approach working in parallel.
DaemonSet and Sidecar containers is an approach to deploying agents easily in Container and serverless environments. Sidecar allow running one container per pod which provide deep data but the resource usage and the cost as a result are high, because multiple sidecars would run on a single server. Sidecars can work in Container Serverless models in which case DaemonSet containers do not work. As the functionality of a Sidecar and DaemonSet is like that of an agent, many of the agent limitations mentioned apply here too.
Agent approach provides the deepest visibility and best control of the environment in which an application runs, by running code coresident with the application. This approach is however harder because the security teams need to have deep discovery capabilities beforehand to be able to deploy these agents. There is also friction in adding agents as it has to run on every machine and security teams do not have rights to run software on every machine, especially in the cloud. The resource usage and cost of a solution can be high depending on the use cases supported. Newer technologies like Extended Berkley Packet Filters (eBPF) enable reducing resource usage of agents to make them more palatable for broader usage.
Built-into-Image/ Build-into-code approach allows for the security being built into the application image deployed. This allows security functionality to be deployed without having to work on deploying an agent with each workload. This approach provides deep visibility of the application and works even for serverless workloads. Compiling in code adds immense friction by having to add code into the build process, and code libraries need to be available in every application language.
MVISION Cloud takes a Multi-pronged approach to securing applications and enable security teams to gain control of their Cloud environments.
The various approaches to security have their own unique tradeoffs and no one approach can satisfy all the requirements for the various teams, for the diverse set of platforms they support.
At any point of time different cloud services will be at different levels of adoption maturity. Security teams need to take an incremental approach where they start off adopting solutions that are easy to insert and can provide the basic guardrail of security and visibility, at the start of the service adoption cycle. As applications on a service mature and more high value apps come online, an approach to security that provides deeper discovery and control will be necessary to complement the existing approaches.
No one approach will be able to satisfy all customer use cases and at any time there will be different sets of security solutions that will be active. We are headed to a world of even more diverse security approaches, that have to all work seamlessly to help secure the Enterprise.
The post Cloud Native Security Approach Comparisons appeared first on McAfee Blogs.
Even as the internet kept us connected with family and friends during the pandemic, people remain understandably eager to reconnect in person as vaccines roll out and restrictions ease. In fact, people are making travel plans accordingly. Nearly two-thirds (64%) of people worldwide said that they’re planning to travel for leisure this year. And, as always, they’re bringing their devices with them.
These are a few of the top-line findings from our 2021 Consumer Security Mindset Report: Travel Edition, which garnered responses from more than 11,000 people aged 18 to 75 in eleven countries across North and South America, Europe, Asia, and the South Pacific. More broadly, this survey provides insight into people’s plans and preferences for travel and how they view online security while traveling—particularly after relying heavily on the internet at home during the pandemic for more than a year.
Indeed, people feel more connected by the internet today than they did prior to the onset of COVID-19 with a significant 76% of respondents stating as much. In light of that increasing reliance on the internet, 61% reported implementing more protection for their devices, connected homes, and online activities in general. This was particularly the case in nations like India (86%), Mexico (79%), and Brazil (68%). However, other nations trended much lower than the average, such as the UK (47%) and France (34%). In the U.S., that figure was lower than the international trend with roughly half of the people implementing more protection.
As called out earlier, people are taking the first steps toward leisure travel once again. Only 12% of people in the U.S said that they were planning on traveling internationally compared to a global average of 16%, while nations like Singapore (30%), the UK (25%), and Germany (24%) trending well above the average. In contrast, the outlook for domestic leisure travel appears exceptionally strong, particularly for respondents in Australia (88%), India (79%) and the U.S. (77%) who plan to travel as such.
The pandemic has shaped people’s views on where they’d like to stay, with 62% stating that their preference for lodging has changed this year. Well over one-third of respondents in the U.S., Australia, Indonesia, and Canada said that staying with family and friends as their preferred option. Globally speaking, hotel and motel accommodations topped the list at 41%. Vacation home rentals entered the mix as well with roughly 25% of respondents saying a rental was part of their plan.
Yet how have attitudes changed toward connecting to networks outside of the home, particularly after the past year saw the majority of people improve their security at home?
For a baseline, we found that 80% of respondents said that they’ve connected a device when visiting a home or place that is not their own. The devices they mentioned most include laptops, streaming devices, Bluetooth speakers, and gaming devices as well. To connect those devices, they’ll use the home network of the friend’s or rental home where they’re staying (48%) or the network provided by the hotel where they’re staying (48%). And while in-between places, public Wi-Fi remains a popular means of network connection at 50%, along with airport Wi-Fi (41%) plus transit Wi-Fi (31%). 
As to how secure people feel on those networks, the answer varies greatly. While people expect low risk or no risk at all on their home network (85%) or a friend’s home (73%), they’re far less apt to trust other networks. In general, they see Wi-Fi networks as most vulnerable to cyber threats than any other network or device at 68% and feel most at risk connecting to networks in hotels (25%) and rentals (21%).
Despite these findings, only 47% people said they take the same online security measures that they take at home when they’re on holiday or vacation. Similarly, just 52% of people check if the network they are joining is secure before they connect. Of that, 22% say they don’t check because they feel the network poses no threat and another 26% say that they simply don’t know how to check.
As travel becomes an actual possibility for people once again, it’s an opportunity to remember just how important security is outside the home. Whether people are at home or away, there will be banking to do, chances to shop online, and moments to stream a few shows while at the airport or on the road. Protecting laptops and mobile devices for travel become extra important when using public, airport, and public Wi-Fi, as those networks can expose people to more threats than their home networks.
With that, here are five things people can do to protect themselves and others while traveling:
The post Seeking Reconnection: Internet Usage and the Return to Travel appeared first on McAfee Blogs.
More and more social platforms are coming up with safer ways for younger kids to access their apps. The most recent announcement comes from Facebook who is reportedly creating a version of Instagram for kids 13 and under.
It’s a family safety win to see so many companies (YouTube, TikTok, and Facebook have parental control channels) making changes. That’s because currently, kids under 13 have no problem getting around an app’s age restrictions, a decision that can expose them to risks such as cyberbullying, stranger connections, and inappropriate content.
With apps making an overall shift toward safer experiences, areas of concern for families still exist especially since kids are increasingly connecting with social media companies before they enter middle school. Here are just a few things to consider as your child moves into the world of social networking, regardless of his or her age.
The window between 9-12 is an important one when it comes to teaching kids digital skills and influencing their digital behavior. It’s never too early to begin these conversations. Remember, kids need aware, digitally savvy parents more than ever to prepare them for the challenges ahead.
The post More Apps for Younger Users Emerging. Here’s What Parents Need to Know. appeared first on McAfee Blog.
When gyms were forced to close last year, you likely looked for other ways to get some exercise and stay active during quarantine. From investing in a few pairs of dumbbells or perhaps downloading an app or two to help you track your workouts, you found alternatives to help you break a sweat. As an accessible, easy way to release endorphins, running quickly grew in popularity along with the platforms that help runners stay accountable. According to Runner’s World, there was a 34% uptick in outdoor miles logged by common fitness apps between March and September 2020 compared to the same stretch in 2019. But are these tools potentially endangering your privacy?
According to TechCrunch, running apps could potentially threaten your security if the data they collect ends up in the wrong hands. Let’s explore the functionalities of these apps and how they could pose a threat to your online safety.
Running apps are solid companions for advanced and amateur runners alike, allowing you to track the length of your run and set a pace for yourself. These apps learn a lot about you the more you use them by gathering health data like your height and weight and even your location. But similar to the threats that exist when you overshare on other online platforms, this data could pose a serious threat to your privacy. For example, location data could identify where you live or where you work – information that you definitely wouldn’t want in the hands of a stranger. If a cybercriminal is able to hack into your account, they could exploit this information to commit identity theft or craft a phishing email disguised as your employer.
Additionally, many of these apps lack basic security measures to prevent hackers from breaking into accounts or from health and fitness data from spilling out. For example, many popular running apps allow the most basic passwords like “qwerty” and “password.” Oftentimes, hackers automate their attacks by targeting accounts with easy-to-crack passwords like the ones mentioned. This allows them to exploit the most accounts with as little effort as possible. Furthermore, these apps do not have the option to set up two-factor authentication, which creates an additional barrier to prevent hackers from exploiting reused passwords.
No matter where you are in your fitness journey, it is essential to take the necessary precautions to minimize the risks of the platforms you use to hold yourself accountable – running apps included. If you are looking to hit your stride while keeping security and privacy top of mind, follow these tips:
Your password is your first line of defense, so it is important that you use one that is strong and unique to your other account credentials. If a hacker does manage to guess your password for one of your online accounts, it is likely they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel slightly more at ease knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
You can also use a password manager to help you create strong passwords, remove the hassle of remembering numerous passwords, and log on to websites automatically.
Some running apps are configured to publicly share user data by default. After you download an app, spend some time researching how to change these settings so your data is not shared with strangers without your permission.
If your running app of choice does undergo any security updates, make sure that they are installed as soon as possible. Developers actively work to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections. The easiest way to do this is to enable automatic software updates on your mobile device.
Next time you go for a run with your location services on, think again about what risks this poses to your virtual security and your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. This will help prevent hackers from using your location as a vehicle to invade your privacy.
Since the data collected on running apps involves sensitive health and location information, it is worth reviewing the privacy policies for all of the fitness platforms you regularly use to see how your data might be affected. To ensure that you can keep moving toward your fitness goals while protecting your online safety, stay educated on the tools you use to track your progress and implement the necessary security measure to do so with security in mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Remain Secure While Using Running Apps appeared first on McAfee Blogs.
Social media is a great place to connect with friends and family. Unfortunately, it is also a great place for misinformation to run rampant, and it is a virtual treasure chest for cybercriminals to steal personal information. Over 25 million Canadians own a social media account, and more than 80% of the Canadian population is expected to be on social media by 2025.
Check out this roundup of common social media scams so you can network intelligently, spot misinformation, and stop its spread.
The classic saying of “Don’t believe everything you see on TV” applies neatly to “Don’t believe everything you read on social media.” There is a resurgence of false news reports circulating on social media surrounding COVID-19 and the vaccine. For example, 5G aiding the spread of the virus and the preventive properties of garlic are just two of the rumors about COVID-19.
Misinformation leads to chaos and is a major threat to public health. Before you reshare a post or article, it is great to take a few minutes to digest the message, determine if it is true, and ask yourself if friends and family would genuinely benefit if they heard the news it carries.
There are a few tell-tale signs of fake news posts. First, they often try to inspire extreme emotions, such as rage and indignation, to prompt people to share immediately. Next, fake news reports are frequently poorly written and vague about where they received their information. Always try to find the primary source for “facts.” In the case of COVID-19 news, all health tips should be sourced from a licensed medical professional.
If you are ever in doubt about the facts, especially when they deal with public health, do not share the post. Instead, leave the reporting to trained medical professionals. Consult the World Health Organization and the Public Health Agency of Canada or direct your network to #ScienceUpFirst for the latest and most accurate reports about COVID-19 and the vaccine.
There was a recent data leak at Facebook, and the contents of about half a billion accounts were posted on a hacking website, including 3.49 million Canadian accounts. Hackers can get a lot of mileage out of just one social media profile because it contains all the greatest hits of information needed to verify an identity.
Most profiles list your real full name, birthday, your relationship status, your hometown, and contact information. Also, hackers can skim a user’s posting history to find even more personal details. Many social media users have posted at one time or another a “get to know you” post, where they list many revealing facts. These posts are a pot of gold to cybercriminals. They are basically lists of possible answers to security questions: Where did you go to primary school? What was the model of your first car? What is the name of your favorite stuffed animal?
Another recent trend that can make you vulnerable in case of a data leak is posting COVID-19 vaccine cards. Social media users are excited to share the big milestone of getting their first shot. What they might not realize is that vaccine cards contain vital personal information that could be used by malicious actors. There are alternative ways to share the happy news. Instead, post a picture of the fun bandage the nurse put on your arm or take a selfie outside of the vaccination center.
It is a shame that what you share on social media can be turned against you by cybercriminals, but that does not mean you have to stop sharing details about your life. Instead of posting personal details online that could be used maliciously in the event of a data leak, think about creating an exclusive email newsletter or secure group chat for your closest friends and family.
There is a major thrill when you think you have won something; however, if you receive a notification on social media that you have won a contest, reserve your excitement until you have confirmed its legitimacy. Be especially wary if you do not remember entering a contest.
Contest scams are a type of social engineering tactic used by cybercriminals. Social engineering relies on people’s tendency to trust others. Cybercriminals often capitalize upon extreme emotions, like fear, urgency, and in this case excitement, to trick unsuspecting people into hastily giving up sensitive information.
Phishing is also common in contest scams. Social media users may receive a message that they have won a giveaway and to click on a link to claim their prize. Luckily, easy-to-spot signs of a phishing message include poor grammar, misspellings, and a sense of urgency. Always approach these types of messages with caution. Instead of clicking on any of the links, hover your cursor over them to see where they redirect. If the redirect site URL is suspicious and contains misspellings, steer clear.
If you ever receive a notification on social media that you have won a prize, remain skeptical until you have verified the authenticity. Locate the organization’s official social media page (which you can likely find on their website), and direct message them for more details.
With all of these common scams floating about and waiting to strike, check out these tips to network safely.
The joy of social media is sharing your everyday life with your friends and family. It is fun to have dozens of people wish you a happy birthday on your profile, but consider removing the year of your birthday. Also, consider removing your phone number, home address, and email address from your profile. If a friend or family member wants to get in touch with you, they can personally direct message you. Cybercriminals can take your contact information and full birthday and use it to steal your identity, so it is best not to post it online.
While you may want to share the latest news with your networks, do not share information that you are not sure is true. According to Statistics Canada, only half of Canadians investigated the accuracy of COVID-19 social media posts before they reshared. Do your due diligence and be a part of the solution, not part of the problem.
Even if you are a diligent and intelligent social media user, there is a chance that you could accidentally click on a phishing link. In case this happens, you should have a backup plan to safeguard your devices and your personal information from viruses and malware. Protect your devices with a comprehensive antivirus program, such as McAfee Total Protection. You can rest assured that if you or a member of your family accidentally opens a malicious link, your devices will be safe.
The post Beware of Social Media Scams appeared first on McAfee Blogs.
Bottom Line: McAfee stopped the MITRE ATT&CK Evaluation Carbanak and FIN7 threats in their tracks within the first 15% of the major steps of the attack chain (on average), delivering on a critical security operations center (SOC) strategy: Stop the attack as early as possible.
In April 2021, MITRE Engenuity released the results of the Carbanak and FIN7 evaluations that leveraged Tactics, Techniques, and Procedures (TTP’s) from the MITRE ATT&CK framework. McAfee and 28 other vendors tested the capabilities of our cybersecurity solutions across a wide range of attack vectors. These multi-stage simulated attacks leveraged a full range of known TTPs to execute the Carbanak and FIN7 attack campaigns.
The Carbanak attack requires stealth and time. Threat actors count on operating undetected inside your infrastructure long enough to penetrate and own your crown jewel assets and information. They methodically step through complex custom TTPs to achieve their objectives. The sooner an attack can be detected and stopped, the lower the risk of a successful breach, damage to assets, and exfiltration of critical information.
McAfee displayed superior protection by blocking 100% across all 10 tests. On the other hand, several endpoint security providers failed to detect and block all threats. CrowdStrike, for example, was unable to block 30% of protection tests.
Additionally, McAfee was able to block the attacks within the first 15% of attack steps on average across all tests. On the other hand, CrowdStrike allowed 50% of the attack chain steps on average to execute before blocking. The earlier in the attack chain that a threat is detected, the more likely it will be shut down before it causes damage.
McAfee combines data and telemetry with comprehensive analytics-based detections that accelerate the pivot to defensive execution. This Time-Based Security metric determines if a blue team will have meaningful, timely, and actionable information. McAfee scores well on this metric by including specific references to MITRE Engenuity’s ATT&CK framework with centralized incident pivots to enriched telemetry, enabling faster detection, investigation, and reaction, and therefore lower exposure. Prioritizing Time-Based Security* (TBS) contributes to McAfee’s ability to block early and mitigate further damage. McAfee significantly outperformed CrowdStrike on the dimension of Time-Based Security.
How did McAfee achieve this success in the evaluation and against such a sophisticated threat?
Core to McAfee’s success is the alignment of products and capabilities around the ability to “shift left” in the attack cycle. Shifting left, or engaging as early as possible in the kill chain timeline, allows defenders to detect and stop an attack, minimize risk, and achieve these results at the lowest cost.
For scenarios where threats are not blocked, McAfee provides extensive and actionable alerting and intelligence to ensure that responses and remediations are timely. In the case of the MITRE Carbanak+FIN7 testing, McAfee demonstrated clear superiority over CrowdStrike in terms of Alert Actionability*.
(For more information on Time-based Security and Alert Actionability, please review the following blog: SOC vs MITRE APT29 evaluation – Racing with Cozy Bear | McAfee Blogs)
Sophisticated adversaries surround us, and MITRE ATT&CK evaluations emulated their techniques and procedures. It’s time to let your teams know that with the right tools from McAfee and Shift Left best practices, intelligent defenders will prevail.
Sneaky attackers traverse infrastructures and assets opportunistically and unpredictably. The complexity and variability in the attack chains associated with these threat actors make threats challenging to identify. McAfee will continue to evolve extended detection and response capabilities that go beyond the endpoint. The integration of these capabilities with solutions such as McAfee’s MVISION XDR enables the security operations team to benefit from unified visibility and control across the hybrid enterprise: endpoints, network, and the cloud.
Most important is the integration of the ecosystem to fight and defeat attackers. McAfee MVISION XDR orchestrates both McAfee and non-McAfee security assets to deliver actionable cyber threat management and support both guided and automated investigations.
As illustrated by the recent MITRE Carbanak+FIN7 protection tests, the industry recognizes the value of proactive capabilities to detect and block early, reducing reactive cyber defense efforts and damage. This dynamic enables your team to stop these sophisticated attacks earlier and more effectively. McAfee empowers your security operations teams to achieve faster and more effective results.
To find out more about the MITRE ATT&CK Evaluation results, please reach out to sales@mcafee.com.
* These critical capabilities are defined by McAfee algorithms designed to maximize value to SOC and XDR needs. Please see this McAfee MITRE blog for details on these algorithms
Assessments of performance are McAfee’s and not those of MITRE Engenuity.
MITRE Engenuity ATT&CK Evaluations are paid for by vendors and are intended to help vendors and end-users better understand a product’s capabilities in relation to MITRE’s publicly accessible ATT&CKⓇ framework. MITRE developed and maintains the ATT&CK knowledge base, which is based on real word reporting of adversary tactics and techniques. ATT&CK is freely available and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense. MITRE Engenuity makes the methodology and resulting data publicly available so other organizations may benefit and conduct their own analysis and interpretation. The evaluations do not provide rankings or endorsements.
The post McAfee Proactive Security Proves Effective in Recent MITRE ATT&CK™ appeared first on McAfee Blogs.
World Password Day isn’t the most popular day on the calendar, but it’s an important reminder that good password hygiene is essential to staying safe online. This World Password Day, we’d like to talk about improving your password hygiene, how you can help your friends and family improve theirs, and what the future of authentication holds.
The SolarWinds hack in 2020 is one of the most devastating hacks in the history of the internet. Close to 20,000 company’s systems were compromised, losing billions of pieces of data in the process. If you’re one of the 37% of Americans that go long periods of time without updating passwords*, large-scale attacks like SolarWinds can be devastating. By stealing so many login credentials simultaneously, attackers can potentially access exponentially more accounts by reusing leaked credentials on different sites. Unfortunately this is not an isolated event, data breaches from websites and services we frequently use continue to happen through 2021 as well.
According to a recent survey we conducted, 34% of Americans have reused the same, or similar, password more than once. By using the same password for multiple accounts, attackers only need to find one password, creating a domino effect that makes it easier to access more accounts. If that password is weak, it becomes even easier to tip over that first domino.
Our guidance is to create strong, hard-to-guess passwords to protect your accounts. We recommend creating a unique password for every online account, using more than 16 characters, with upper and lower case letters, some numbers, and special symbols, to make a stronger than average password. How are you supposed to remember all of those strong passwords, though?
Well, password managers, especially those included in comprehensive security suites like McAfee® Total Protection, do much of the heavy lifting for you. For instance, McAfee’s integrated password manager not only helps you create stronger passwords and store them, but will also autofill your credentials and log you into websites as well. These convenient features extend beyond just your computer and can be used on other devices like your phone and tablet. Best of all, password managers that are an integrated part of a security suite can be monitored, so you’ll be alerted if your passwords get exposed in a data breach.
You’ve already taken a step towards improving your password hygiene by reading this blog post. But the next step is, have an honest look at your passwords. Do you write them down, use the same for many accounts, or use weak ones? Then it may be time for a change to better protect your accounts and the personal info in those accounts.
If you’re like a certain member of my family—that will remain nameless, Mom—who kept their passwords written down in a notepad, making the change to a password manager (McAfee’s, naturally) was a life-changing moment. Not only did it help her see just how often she was using the same login credentials, she now has an easy way to store, auto-fill, and even generate strong passwords across all her accounts and devices. An intended bonus was that she also realized how many accounts she was no longer using!
Now that you know more about what makes a strong password and how to protect them, let’s talk about why strong passwords are just the start of keeping your accounts safe. You’re probably already using Two-Factor Authentication for apps and services, but you may not have heard the term before. Two-Factor Authentication, or 2FA, is the second layer of protection to authenticate or prove you are the owner of this account. If you’ve received a text message or an email to confirm a new account signup, that’s a type of 2FA.
Text messages and email aren’t the only types of 2FA. There are USB keys, apps, and even systems built-in to your phone, like facial recognition to open phone apps, for example. Some popular 2FA options are USB keys and Google Authenticator.
The great thing about 2FA is that it helps make your strong passwords even more effective by stopping an attacker from using stolen credentials. If you fell victim to a phishing attack that looked like your bank’s website, the attacker would have your email and password combination. Without 2FA, they could log into your account and pretend they’re you. With 2FA in place, it becomes much harder for an attacker to access your account because they’re missing that last important piece of information.
Humans are almost always the weakest link when it comes to securing information. But by committing ourselves to better password practices, with help from the latest technology, we can make sure passwords are a strong link in our security chain; one that will only get stronger in the future.
For instance, using a device like a key-fob, new passwordless systems can authenticate a user without entering their login details. Not only does this make logging into your accounts lightning fast, you also never have to remember a complicated password again.
Biometric locks, like FaceID, are another example of passwordless entry. Using your face, or a fingerprint to authenticate yourself makes it much harder for attackers to break into your accounts.
We hope this Password Day post has helped answer some questions about password hygiene and how to take better care of your online accounts. Online security changes from day to day, so staying aware of new technologies and building safe new habits is essential. Perhaps one day this day will no longer need to exist on our calendars, as we look to a future where we might not need passwords at all. While we collectively make strikes towards this future, let’s celebrate this day while it lasts.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post World Password Day: Make Passwords the Strongest Link in Your Online Security appeared first on McAfee Blogs.
Google’s Android operating system has been a boon for the average consumer. No other operating system has given so much freedom to developers and hardware manufacturers to make quality devices at reasonable prices. The number of Android phones in the world is astounding. That success comes with a price, however.
A recent report from our own McAfee Mobile Research team has found malicious apps with hundreds of thousands of downloads in the Google Play store. This round of apps poses as simple wallpaper, camera filters, and picture editing, but they hide their nature till after they’ve been installed on your device.
Figure 1. Infected Apps on Google Play
On the bright side, Google Play performs a review for every app to ensure that they are legitimate, safe, and don’t contain malware before they’re allowed on the Play store. However, enterprising criminals regularly find ways to sneak malware past Google’s security checks.
Figure 2. Negative reviews on Google Play
When developers upload their apps to the Play store for approval, they have to send supporting documents that tell Google what the app is, what it does and what age group it’s intended for. By sending Google a “clean” version of their app, attackers can later get their malicious code into the store via a future update where it sits and waits for someone to download it. Once installed, the app contacts a remote server, controlled by the attackers, so it can download new parts of the app that Google has never seen. You can think of it as a malware add-on pack that installs itself on your device without you realizing it. By contacting their own server for the malware files, attackers sneak around Google security checks and can put anything they want on your device.
The current round of malware we’re seeing hijack your SMS messages so they can make purchases through your device, without your knowledge. Through a combination of hidden functionality and abuse of permissions like the ability to read notifications, that simple looking wallpaper app can send subscription requests and confirm them as if it were you. These apps will regularly run up large bills through purchasing subscriptions to premium rate services. The more troubling part is how they can read any message that you receive, possibly exposing your personal information to attackers.
To start, a comprehensive and cross-platform solution like McAfee Total Protection can help detect threats like malware and alerts you if your devices have been infected. I’d also like to share some tips our Research team has shared with me.
Before you hit that install button, take a good look at an app’s reviews. Do they look like they were written by real people? Do the account names of the reviewers make sense? Are people leaving real feedback, or are the majority of comments things like, “Works great. Loved it.” with no other information?
Scammers can easily generate fake reviews for an app to make it look like people are engaging with the developers. Look out for vague reviews that don’t mention the app or what it does, nothing but five-star reviews, and generic sounding account names like, “girl345834”. They’re probably bots, so be wary.
Search for the app developers’ company and see if they have a website. Having a website doesn’t guarantee an app is legitimate, but it’s another good indicator of how trustworthy a company’s app is. Through their website, you should be able to find out where their team is based, or at least some personal information about the company. If they’re hiding that information, or there’s no site at all, that might be a good sign to try a different app.
A lot of malicious apps offer features that your phone already provides, like a flashlight or photo viewer. Unless there’s a very specific reason why you need a separate app to do something your device already does, it’s not recommended to use a third-party app. Especially if it’s free.
App permissions must be clearly stated on the app’s page in order to get into the Google Play store. They’re found near the bottom of the page, along with developer information. Check the permissions every app asks for before you install it and ask yourself if they make sense. For example, a photo editor doesn’t need access to your contacts list, and wallpapers don’t need to have access to your location data. If the permissions don’t make sense for the type of app, steer clear.
Mobile devices are vulnerable to malware and viruses, just like your computer. By installing McAfee protection to your mobile device, you can secure your mobile data, protect your privacy, and even find lost devices.
Android is one of the most popular operating systems on the planet, which means the rewards for creating malware for Android devices are well worth it. It’s unlikely that Android malware is going away any time soon, so staying safe means being cautious with the things you install on your devices.
You can protect yourself by installing McAfee Total Protection on your mobile device and reading the permissions apps ask for when you install them. There’s no good reason for a wallpaper app to have SMS permissions, but that request should ring some alarm bells that something isn’t right and stop you from installing it.
The post Fraudulent Apps that Automatically Charge you Money Spotted in Google Play appeared first on McAfee Blogs.
Industry analysts perform a huge service in evaluating markets, technology, vendors and sharing their insights with customers via one-on-one discussions and regular publications and events. Gartner publishes Magic Quadrant reports that review a particular market and evaluate vendors for their Completeness of Vision and Ability to Execute.
Gartner also has a separate team of analysts that evaluates single products in greater depth. Their reports review each product or product family across hundreds of criteria and produce a scorecard, key findings and customer recommendations.
We are proud to read the new Solution Scorecard for McAfee MVISION Cloud by Gartner, where we scored “94 out of 100 against Gartner’s 480-point Solution Criteria for Cloud Access Security Brokers”. MVISION Cloud was the only CASB product to score 94 out of 100 in the 2021 scorecards.”
We have licensed it for anyone to read.
We believe, for this review, they reviewed 480 sets of criteria across eleven areas from architecture, management and functions such as data security, threat protection and Cloud Security Posture Management. Once they had reviewed and weighted each attribute, MVISION Cloud came out with a total blended total score of 94 out of 100.
The framework that they used splits each of the criteria into one of three categories – Required, Preferred and Optional. We are pleased to see that they consider MVISION Cloud provides 97% of the Required functionality.
We have also licensed the Magic Quadrant for Cloud Access Security Brokers report from October 2020 – available here.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from McAfee. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner, Solution Scorecard for McAfee MVISION Cloud, 5 April 2021, Sushil Aryal, Dennis Xu, Patrick Hevesi
The post McAfee Recognised in 2021 Gartner Solution Scorecard Report appeared first on McAfee Blogs.
Ahhhh. Can you feel it? Summer is so close. Everything feels a little more buoyant, a little brighter. We’re in the home stretch of social distancing, a sense of normalcy is returning, and there’s a collective energy that’s ready to throw the screen door open, run outside, and pounce on summer.
There’s no doubt you’ve established great digital ground rules that worked well during quarantine. However, as we begin the mental trek toward some degree of our former life, summer may be the perfect window to think about a digital reset.
A reset is simply taking a moment to pause, assess, and adjust where it makes sense. Consider what digital expectations and ground rules you established during the pandemic, what worked for your family, and what needs to be phased out before the new school year approaches.
We know that during quarantine (and even after), kids’ screen time doubled for several reasons, including learning from home, needing to connect with friends online more, and boredom. During the pandemic, we also knew that helping kids manage the ongoing stress of homebound life was crucial for helping them maintain digital, emotional, and physical health. All of these factors impacted our digital routines and expectations.
Summer routines will look different for every family. Some students are attending school on site throughout the summer as many districts strive to bridge 2020 learning losses. Other students will enjoy a traditional summer break before starting back to school in a few months.
Whichever way your family’s summer routine rolls out, here are a few small shifts you can begin making today that will slowly help you re-establish smart digital habits.
1. Pause, assess, adjust. Stop to evaluate the role technology has grown to occupy in your home over the past year. Assess your family’s screen time and device habits that shifted or grew. Where do you need to help your kids slowly pull back? How many hours a day do the kids play video games? How much TikTok or YouTube scrolling is going on? Are the TV binges out of control? Is there still a phone curfew in place, or have kids started taking their phones to bed?
2. Give parental controls a go. If you gave your kids a little more device freedom during the pandemic and put the idea of parental controls on hold, summer is a great time to give this option a go. Test monitoring features, content filters, and make adjustments that fit your family’s needs. If your goal for your kids is less device time and more outside time this summer, parental controls include screen limits to help you reset any poor habits that have set in.
3. Safety and Privacy revamp. During summer especially, take time to understand the friends your kids connect with online – new friend groups can form over the summer. Review privacy and location settings on apps. Teens often leave their location on for one another so they can find things to do. This practice isn’t always a good idea since location-based apps can open your family up to risks.
4. Screen-free zones. Another wise habit that may have gone by the wayside is creating screen-free zones such as the dinner table, the bedroom, restaurants, and family trips. Setting a tech curfew is also a great way to help kids get into consistent sleep patterns. These few steps can add hours of family time to your day and give kids a much-needed device break. If you are going on vacation, creating screen-free zones on your trip will ensure you are fully engaged and don’t miss out on the experience.
5. Get a plan. The summer has a way of flying by, especially if kids end up playing video games, watching YouTube videos, or chatting on social media all day. Get in front of that temptation with a plan. Collaborate on a wish list of things every family member would like to do over the summer. Maybe it’s canoeing, a trip somewhere fun, a family project, volunteering, or a new hobby that taps into their creativity.
As you ease back into new habits, remember to share your reasoning for the reset. Handing down digital edicts rarely sticks, but when kids understand the mental and physical benefits of balancing their technology, they will be more likely to get on board with the change.
The post 5 Ways to Reset Your Family’s Digital Habits this Summer appeared first on McAfee Blog.
Of all the pastimes that took off during the pandemic, it’s not surprising that online gaming was one of them. After all, gaming offers excitement, new experiences, and social interaction, all from the comfort of home. It’s no wonder then that the gaming industry saw a 20% increase in revenue in 2020, as new and previously-retired gamers returned to this pastime.
But while the gaming industry was finding a lot of new allies, the players themselves faced growing exposure to malware and threats. Our 2020 Mobile Threat Report found that gamers are being targeted with phishing attacks and malicious apps, aimed at stealing usernames and passwords. With this information, hackers could potentially steal hard-earned in-game collectibles, as well as real-world money and personal information. And PC gamers face similar threats, from viruses and spyware to network attacks that could potentially put their personal information and property at risk.
While 75% of gamers surveyed worry about their security while gaming in the future, some worry they’ll have to compromise performance to be protected. That’s why McAfee® Gamer Security offers robust protection to PC gamers with one of the lowest impacts on system performance in the industry.
To protect the growing number of gamers against increasing threats, we are offering one free year of McAfee Gamer Security for one gaming PC to multi-device McAfee ® Total Protection and McAfee® Live Safe users in the U.S. This powerful software was built from the ground up to address the challenges gamers face, with speedy performance, system optimization, uninterrupted gaming, and no pop-up apps.
But don’t just take it from me. This is what one of our users have to say: “I believe [McAfee Gamer Security] had a positive impact … because it increased the speed of my game as well as gave me peace of mind that I was protected during my gameplay.”
We know that gamers are some of the most tech-savvy and connected users out there, so it’s important that we meet them where they are by giving them the performance and security they need to play at full throttle. After all, many users are seeking stress relief through gaming, not the extra worry over their online security.
With McAfee Gamer Security we made security for players more fun, by including a gamer-centric interface that was inspired by familiar apps like game launchers — you can check the current status of your system and key resources that impact in-game performance, like GPU, CPU, and memory, as well as perform real-time optimization. And of course, we’ve also included monitoring for your all-important FPS (frames per second). You can even access past performance data to better understand your game-by-game trends.
Let’s keep the excitement of gaming while adding the extra confidence of knowing that your digital life is protected. Whether you are new to McAfee or already enjoying our personal protection, you can download McAfee Gamer Security for free in under one minute with a qualifying subscription! In our mission to provide users with personal protection, we are welcoming PC gamers with open arms.
The post PC Gamers (and Parents of Gamers) Rejoice! appeared first on McAfee Blogs.
It’s easy to imagine where we would be without women in technology.
We’d be poorer for it.
With Mother’s Day upon us, I couldn’t help but think once more about the stark employment figures I shared in my International Women’s Day blog just a few weeks ago. Millions of women have involuntarily left the workforce at a much higher rate than men during the pandemic—with roughly one third of women in the U.S. aged 25-44 citing that childcare was the reason for that unemployment.
Reflecting on this further, I thought about the women in technology who’ve left their positions during this past year. It’s a loss of talent and capability that’s set back decades of advances by trailblazing women who not only shine in their field yet also do so in male-dominated realms of study, research, and employment.
So as we look ahead to recovery, we should also look back. By celebrating just a few of the women in technology who shaped our world today, women who truly are “mothers of invention,” perhaps we can remember just how vital women are in our field—and how we should double down on our efforts to welcome them back.
Imagine a time when the term “software engineering” wasn’t recognized, even though it was crucial to us landing on the moon.
Such were the days when Margaret Hamilton began her work at Massachusetts Institute of Technology (MIT) as a job to support her family while her husband went to law school at Harvard. This was in 1959 and would introduce her to Edward Lorenz, the father of chaos theory, and put her on the path to help humanity set its first footsteps on the moon.
It was her work and her code that developed a software-driven system that warned astronauts of in-flight emergencies, an advance she credits her young daughter for inspiring, as recounted in this interview:
Often in the evening or at weekends I would bring my young daughter, Lauren, into work with me. One day, she was with me when I was doing a simulation of a mission to the moon. She liked to imitate me – playing astronaut. She started hitting keys and all of a sudden, the simulation started. Then she pressed other keys and the simulation crashed … I thought: my God – this could inadvertently happen in a real mission.
I suggested a program change to prevent a prelaunch program being selected during flight. But the higher-ups at MIT and NASA said the astronauts were too well trained to make such a mistake. Midcourse on the very next mission, Apollo 8, one of the astronauts on board accidentally did exactly what Lauren had done. The Lauren bug! It created much havoc and required the mission to be reconfigured. After that, they let me put the program change in, all right.
When you search online, you have this woman to thank.
A true pioneer, Karen Spärck Jones worked at Cambridge, during which time she developed the algorithm for deriving a statistic known as “term frequency–inverse document frequency” (TFIDF). In lay terms, TFIDF determines how important a word is relative to the document or collection of terms in which it is found. Sound familiar? It should, as her work forms the basis of practically every search engine today.
Spärck Jones remained outspoken with regards to what she referred to as “professionalism” in technology. This had two layers: the first being the technical efficacy of a solution, the second being the rationale for even doing it in the first place. In her words,
“[T]o be a proper professional you need to think about the context and motivation and justifications of what you’re doing … You don’t need a fundamental philosophical discussion every time you put finger to keyboard, but as computing is spreading so far into people’s lives you need to think about these things.”
Her vision for computing and her hands-on work led to development of COBOL, a programming language still in use today. Driving that vision was the belief that human language could be used as the basis for a programming language, making it more accessible, particularly for business use. The result was the FLOW-MATIC programming language, which was later developed into COBOL, a language that is estimated to be used in 95% of ATM card swipes.
During her time as a naval officer, she helped transform centralized Defense Department systems into smaller, distributed networks akin to the internet we now know and use. At her retirement near the age of 80, she went to work in the private sector where she held the role of full-time senior consultant until her passing at age 85. This 1983 profile of her, aired when she was 76, is certainly worth a watch.
Quite plainly, Perlman’s work paved the way for the routing protocols that underpin the modern internet.
Prior to Perlman’s work, as networks grew and accordingly became more complex, data would often flow into loops that prevented them from reaching their intended destination. Enter her creation of the Spanning Tree Protocol (STP), which can handle large clouds of computers and network devices. While its since evolved, the concept of an adaptive network remains squarely in place.
Another advance of hers was introducing computer programming to young children aged 3 to 5 back in the 1970s. While working at MIT’s LOGO Lab, she created TORTIS (Toddler’s Own Recursive Turtle Interpreter System), which used buttons from programming and allowed for experimentation with a robotic turtle that would follow a toddler’s commands. In the abstract for her paper that documented the work, she emphasized what she felt was a vital point, “Most important of all, it should teach that learning is fun.”
These women have led and inspired, and likewise it’s on all of us in technology to build on the advances they made possible through both our work and the workplace cultures we foster—particularly as we begin our recovery from this pandemic.
One of the many reasons I’m proud to be a part of McAfee is our Women in Security (WISE) community. It’s truly a forward-thinking program, which we introduced to enrich and support women in the tech sector through mentorship programs and professional development conferences. It’s one of the several, tangible ways we actively strive for a vibrant and diverse culture at McAfee.
Another powerful voice for women in tech is AnitaB.org, which supports women in technical fields, as well as the organizations that employ them and the academic institutions training the next generation. A full roster of programs help women grow, learn, and develop their highest potential.
And for looking forward yet further, there’s Girls Who Code, which is building the next generation of female engineers and technologists. Their data shows why this is so vital. They found that 66 percent of girls aged six to 12 show interest in computing, but that drops to 32 percent for girls aged 13 to 17, and then plummets to only 4 percent for college freshmen. Accordingly, they support several programs for school-aged girls from third grade up through senior year of high school, help educators and communities launch clubs, and advocate for women in their field through their work in public policy and research.
And that’s just for starters. For an overview of yet more organizations where you can get involved, check out this list of 16 organizations for women in tech—all of which help us realize a better world with women in technology.
The post The Mothers of Invention: Women Who Blazed the Trail in Technology appeared first on McAfee Blogs.
While we’re enjoying the fruits of digital life—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there will come a time we should ask ourselves, What happens to all of this good stuff when I die?
Like anything else we own, those things can be passed along through our estates too.
With the explosion of digital media, commerce, and even digital currency too, there’s a very good chance you have thousands of dollars of digital assets in your possession. For example, we can look at research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past ten years, that figure feels conservative.
Enter the notion of a digital legacy, the way you can catalog and prepare your digital assets for passing through your estate.
Like so many aspects of digital life nowadays, estate planning law has started to catch up to the realities that attorneys, executors, and heirs face when dealing with an estate and its digital assets. In the U.S., new laws are rolling out that address how digital assets are treated when the owner passes away. For example, they give fiduciaries (like an estate executor, trustee, or an agent under a power of attorney) the right to manage a person’s digital assets if they already have the right to manage a person’s tangible assets. Such laws continue to evolve, and they can vary from state to state here in the U.S.
With that in mind, nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your estate attorney for counsel on the best approach for you and the laws in your area. However, consider this article as a sort of checklist that can help you with your estate planning.
My hope is that this article will open your eyes to the digital value you have to pass along, both real and sentimental, and help you prepare your estate accordingly for the ones you care about.
The best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer with the right to use it.
To frame it up in everyday terms, let’s look at some real-world examples of digital assets that quickly come to mind. They include but are not limited to:
However, digital assets can readily expand to further include:
And as far as your estate is concerned, you can also consider:
That’s quite the list, and it’s not entirely comprehensive, either.
The process of lining up your digital assets begins just like any other aspect of estate planning, by listing all the digital assets and accounts you own. From there, you can see what you have and what you’d like to distribute—and what you can distribute. In fact, when it comes to digital, there are some things you simply can’t pass along. Let’s take a closer look.
Generally speaking, digital assets that you own can be passed along. “Own” is the operative word here. Many digital things we have are in fact licensed to us, which are not transferrable. More on that next, yet examples of things you can likely transfer include:
Check with your legal counsel to ensure you’re following the letter of the law in your region, and also look into any licensing agreements you may have for items like internet domain names and airline miles that you may hold to determine if they are in fact transferrable.
This is an important topic. As mentioned above, some accounts you hold are simply licensed to you and you alone. Thus, they will not transfer. Two of the biggest examples are social media and email accounts. This can have serious repercussions if you do not leave specific instructions as to how those accounts should be handled after your passing.
For example, do you want your social media profiles to remain online as a memorial or do you want them simply to shut down? Note that different social media platforms have different policies for handling the accounts of users who have passed away. For example, Facebook allows for creating memorialized accounts that allow friends and families to continue sharing memories. Policies vary, so check with your social media platforms of choice for specifics.
Likewise, will your executor need access to your email account to handle affairs of the estate? And what about access to online accounts for paying bills and then ultimately closing those accounts? In all, these are points of discussion to have with an experienced estate attorney who knows the law in your region.
Other things to be aware of are that subscriptions to streaming accounts are likely non-transferrable as well. Often, eBooks and digital publications you own are only licensed to you as the sole owner and can’t be transferred. Again, check the agreements associated with items like these and have a talk with your attorney about them to determine what can and can’t be done with them.
Another aspect of your digital legacy is your voice. If you’re a blogger or a participant in an online community, you may wish for a fiduciary or family member to leave a farewell post. Additionally, in the case of a blog, you may want to set up some means for your work to stay online or get archived in some manner. Again, you can work with your attorney to leave specific instructions as to what should be said and then what should be done with the blog or site in question.
I have a real-life example of why this is so vital. A friend of mine lost the photos of her and her husband because they were kept in an online storage account to which she had no access. And sadly, the company would not grant her access after his passing. This is often the case with many online accounts and services. Legally speaking, while the deceased may have owned the storage account and the media kept within it, the cloud storage company owns the servers on which that media is stored. The potential difficulty here is that the online service provider may view giving your personal representatives access to your account as a breach of their privacy policy or user agreements.
One way you can avoid heartbreak like this is to discuss giving your executor access to your accounts. This can be provided through a list of accounts, usernames, and passwords that are kept in a sealed letter along with your will, along with instructions that outline your wishes. This is important: a will is public record after you pass away. You won’t want info like usernames and passwords getting out there. Again, you can discuss an option such as this with your attorney.
One thing you can do today that can protect your digital assets for the long haul is to use comprehensive security protection. Far more than just antivirus, comprehensive security can store precious and important files securely with encryption, arm all your online accounts with strong passwords, and protect your identity as well. Features like these will help you see to it that your digital legacy is secure.
When I’ve brought up the idea of a digital legacy with friends, a light goes on in their head. “Of course, that makes a lot of sense.” It’s easy to take our digital possessions somewhat for granted, perhaps in a way that we simply don’t with our physical possessions. Yet as you can see, there’s a good chance that you indeed have a digital legacy to pass along. By getting organized now, you can see to it that your wishes are followed, and I hope this checklist helps you get started.
The post Digital Estate Planning – What to Do With Your Digital Assets appeared first on McAfee Blog.
With on-premises infrastructure, securing server workloads and applications involves putting security controls between an organization’s network and the outside world. As organisations migrate workloads (“lift and shift”) to the cloud, the same approach was often used. On the contrary to lift and shift, many enterprise businesses had realized that in order to use the cloud efficiently they need to redesign their apps to become cloud-native. Cloud native is an approach to building and running applications that exploits the advantages of the cloud computing delivery model. Cloud native development incorporates the concepts of DevOps, continuous delivery, microservices, and containers.
”IDC predicts, by 2025, nearly two-thirds of enterprises will be prolific software producers with code deployed daily, over 90% of new apps cloud native, 80% of code externally sourced, and 1.6 times more developers”
Monolithic Apps vs Cloud Native Apps
Successful protection of cloud-native applications will require a combination of multiple security controls working together and managed from one security platform. First, the cloud infrastructure where is the cloud-native application is running (containers, serverless functions and virtual machines) should be assessed for security misconfigurations (security posture ), compliance and for known vulnerabilities. Second, securing the workloads needs a different security approach. Workloads are becoming more granular with shorter life spans as development organizations adopt DevOps-style development patterns. DevOps delivers faster software releases , in some cases, several times per day. The best way to secure these rapidly changing and short-lived cloud-native workloads is to start their protection proactively and build security into every part of the DevOps lifecycle.
Cloud Security Posture Management (CSPM):
The biggest cloud breaches are caused by customer misconfiguration, mismanagement, and mistakes. CSPM is a class of security tools to enable compliance monitoring, DevOps integration, incident response, risk assessment, and risk visualization. It is imperative for security and risk management leaders to enable cloud security posture management processes to proactively identify and address data risks.
Cloud Workload Protection Platforms (CWPP):
CWPP is an agent-based workload security protection technology. CWPP addresses unique requirements of server workload protection in modern hybrid data center architectures including on-premises, physical and virtual machines (VMs), and multiple public cloud infrastructure. This includes support for container-based application architectures.
MVISION CNAPP is the industry’s first platform to bring application and risk context to converge Cloud Security Posture Management (CSPM) for multi public cloud infrastructure, and Cloud Workload Protection (CWPP) to protect hybrid, multi cloud workloads including VMs, containers, and serverless functions. McAfee MVISION CNAPP extends MVISION Cloud’s data protection – both Data Loss Prevention and malware detection – threat prevention, governance and compliance to comprehensively address the needs of this new cloud-native application world thereby improving security capabilities and reducing the Total Cost of Ownership of cloud security.
1. Single Hybrid multi cloud security platform: McAfee MVISION Cloud simplify multi-cloud complexity by using a single, cloud-native enforcement point. It’s a comprehensive cloud security solution that protects and prevents enterprise and customer data, assets and applications from advanced security threats and cyberattacks across multiple cloud infrastructures and environments.
2. Cloud Security Posture Management: McAfee MVISION Cloud provide a continuous monitoring for multi cloud IaaS / PaaS environments to identify gaps between their stated security policy and the actual security posture. At the heart of CSPM is the detection of cloud misconfiguration vulnerabilities that can lead to compliance violations and data breaches.
3. Deep discovery and risk based application:You can’t protect what you can’t see. Discovering all cloud resources and prioritise them based on the risk. MVISION CNAPP uniquely provided deep discovery of all workloads, data, and infrastructure across endpoint, networks, and cloud. If you can quickly understand those risks relative to each other, you can quickly prioritize your remediation reducing overall riskMas quickly as possible.
4. Shift Left posture and vulnerability:By moving security into the CI/CD pipeline and make it easy for developers to incorporate into their normal application development processes and ensuring that applications are secure before they are ever published reduces the chance of introducing new vulnerabilities and minimizing threats to the organization.
5. Zero Trust policy control: McAfee’s CNAPP solution supported by CWPP focus on Zero Trust network and workload policies. This approach not only allows you to gain analytics about who is accessing your environment and how an important component of your SOC strategy but it also ensures that people and services have appropriate permissions to perform necessary tasks.
6. Unified Threat Protection:CWPP unifies threat protection across workloads in the cloud and on-premise. Including OS Hardening, Configuration and Vulnerability Management, Application Control/Allow-Listing and File Integrity control. It also synthesizes workload protections and account permissions into the same motion. Finally, by connecting cloud-native application protection to XDR, you are able to have full visibility, risk management, and remediation across your on-premise and cloud infrastructures.
7. Governance and Compliance:The ideal solution for protecting cloud-native applications includes the ability to manage privileged access and address threat protection for both workloads and sensitive data, regardless of where they reside
https://www.idc.com/research/viewtoc.jsp?containerId=US45599219
The post New Security Approach to Cloud-Native Applications appeared first on McAfee Blogs.
If you’re like me, you love a good heist film. Movies like The Italian Job, Inception, and Ocean’s 11 are riveting, but outside of cinema these types of heists don’t really happen anymore, right? Think again. In 2019, the Green Vault Museum in Dresden, Germany reported a jewel burglary worthy of its own film.
On November 25, 2019 at 4am, the Berlin Clan Network started a fire that destroyed the museum’s power box, disabling some of the alarm systems. The clan then cut through iron bars and broke into the vault. Security camera footage published online shows two suspects entering the room with flashlights, across a black-and-white-tiled floor. After grabbing 37 sets of stolen jewelry in a couple of minutes, the thieves exited through the same window, replacing the bars in order to delay detection. Then they fled in a car which was later found torched.[1]
Since then, there’s been numerous police raids and a couple of arrests, but an international manhunt is still underway and none of the stolen jewels have been recovered. What’s worse is that the museum didn’t insure the jewelry, resulting in a $1.2 billion-dollar loss. Again, this is a story ripe for Hollywood.
Although we may not read about jewelry heists like this one every day, we do see daily headlines about security breaches resulting in companies losing their own crown jewels – customer data. In fact, the concept of protecting crown jewels is so well known in the cybersecurity industry, that MITRE has created a process called Crown Jewels Analysis (CJA), which helps organizations identify the most important cyber assets and create mitigation processes for protecting those assets.[2] Today exposed sensitive data has become synonymous with cloud storage breaches and there is no shortage of victims.
To be fair all of these breaches have a common factor – the human element in charge of managing cloud storage misconfigured or didn’t enable the correct settings. However, at the same time we can’t always blame people when security fails. If robbers can so easily access multiple crown jewels again and again, you can’t keep blaming the security guards. Something is wrong with the system.
Some of the most well-versed cloud native companies like Netflix, Twilio, and Uber have suffered security breaches with sensitive data stored in cloud storage.[3] This has gotten to the point that in 2020, the Verizon Data Breach Report listed Errors as the second highest cause for data breaches due “in large part, associated with internet-exposed storage.”[4]
So why is securing cloud storage services so hard? Why do so many different companies struggle with this concept? As we’ve talked to our customers and asked what makes protecting sensitive data in the cloud so challenging, many simply don’t know if they had sensitive data in the cloud or struggle with handling the countless permissions and available overrides for each service.[5] Most of them have taken the approach that someone – whether that be an internal employee, a third-party contractor, or a technology partner – will eventually fail in setting the right permissions for their data, and they need a solution that will continuously check for sensitive data and prevent it from being accessed regardless of the location or service-level permissions.
Enter in Cloud Native Application Protection Platform (CNAPP). Last month our new CNAPP service dedicated to securing hybrid cloud infrastructure and cloud native applications became generally available. One of the core pillars behind CNAPP is Apps & Data – meaning that along with Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP), CNAPP provides a cohesive Data Loss Prevention (DLP) service.
Figure 1: CNAPP Pillars
Typically, the way security vendors perform DLP scans for cloud storage is by copying down customer data to their platform. They do this because in order to scan for sensitive data, the vendor needs access to your data from a platform that can run their DLP engine. However, this solution presents some challenges:
This is where we came up with the concept of in-tenant DLP scanning. In-tenant DLP scanning works by launching a small software stack inside the customers’ AWS, Azure, or GCP account. The stack is a headless, microservice (called a Micro Point of Presence or Micro PoP) that pushes out workload protection policies to compute and storage services. The Micro PoP connects to the CNAPP console for management purposes but allows customers to perform local DLP scans within each virtual network segment using direct access. No customer data ever leaves the customers’ tenant.
Figure 2: In-tenant DLP Scanning
Customers can also choose to connect multiple virtual network segments to a single Micro PoP using services like AWS PrivateLink if they want to consolidate DLP scans for multiple S3 buckets. There’s no capacity limit or license limitation to how many Micro PoPs customers can deploy. CNAPP supports in-tenant DLP scanning for Amazon S3, Azure Blob, and GCP storage today with on-prem storage coming soon. Lastly, customers don’t have to pick and choose only one deployment model – they can use our traditional DLP scans (called API scans) over network connections or select our in-tenant DLP scans for more sensitive workloads.
In-tenant DLP scanning is just one of the many innovate features we’ve launched with CNAPP. I invite you to check out the solution for yourself. Visit https://mcafee.com/CNAPP for more information or request a demo at https://mcafee.com/demo. We’d love to get your feedback and see how MVISION CNAPP can help your company stay out of the headlines and make sure your crown jewels are right where they should be.
Disclaimer: this blog post contains information on products, services and/or processes in development. All information provided here is subject to change without notice at McAfee’s sole discretion. Contact your McAfee representative to obtain the latest forecast, schedule, specifications, and roadmaps.
[1] https://www.dw.com/en/germanys-heist-that-shocked-the-museum-world-the-green-vault-theft/a-55702898
[2] https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/systems-engineering-for-mission-assurance/crown-jewels-analysis
[3] https://www.darkreading.com/cloud/twilio-security-incident-shows-danger-of-misconfigured-s3-buckets/d/d-id/1338447
[4] https://enterprise.verizon.com/resources/reports/dbir/
[5] https://www.upguard.com/blog/s3-security-is-flawed-by-design
The post You Don’t Have to Give Up Your Crown Jewels in Hopes of Better Cloud Security appeared first on McAfee Blogs.
Most of us don’t have responsibility for airports, but thinking about airport security can teach us lessons about how we consider, design and execute IT security in our enterprise. Airports have to be constantly vigilant from a multitude of threats; terrorists, criminals, rogue employees and their security defenses need to combat major attacks, individual threats, stowaways, smuggling as well as considering the safety of passengers and none of this can stop the smooth flow of travelers as every delay has business knock on effects. Whew! And this is just the start.
The airport operators are a lesson in supply-chain and 3rd party communications. They cooperate with airlines, retailers and government agencies, and their threats can be catastrophic. They also need to consider mundane problems like how do you move a large number of people around quickly, what to do when someone leaves a bag to go shopping and how to balance risk reduction with traveler comfort – many needs to be considered, planned for and the execution when a risk is identified needs to be immediate. All this before thinking about IT-related issues, thefts from retailers, employee assessments and training, building safety, people tracking and … the list seems almost endless.
Our business IT security needs might not seem so complex; however every enterprise has its external and internal attackers; hackers, ransomware, DDoS attacks to take down your systems and rogue employees or inadvertent actions by good employees who don’t realize what link they are clicking on or data they are over-sharing. At the same time, the business needs to be able to enable the newest and most effective apps and systems and employees hate anything that appears to get in their way.
So, let’s see what airports can teach us about thinking about possible threats and appropriate safeguards to deploy a layered approach that protects your data, users and infrastructure.
If you take just one threat; terrorism as – this image shows that US airports have more than 20 layers of security – a mixture of human and technological measures.
There’s no silver bullet, there’s not one piece of security awareness or technology that will solve all problems – but if integrated, they can all build together to draw a picture of the possible threat. Our defenses shouldn’t rely on just one technology either, but when we have multiple capabilities working together, we can evaluate, identify and address our security needs.
Here’s my table of some of the needs of an airport and equivalent areas in general IT security. Just as in an airport, individual pieces are of limited benefit unless they are brought together. Even though each item improves overall security, a single management console that can correlate all these pieces of knowledge and suggest or make policy decisions is crucial to ensure you get maximum benefit.
| Airport | Enterprise IT |
| Check ticket against passport | Global SSO and multi-factor authentication for every app (including cloud) |
| X-ray baggage | Scan attachments for malware |
| Security gates and handbaggage check | DLP for confidential data loss control |
| Facial recognition comparing security gate and plane gate with ticket | Zero trust – keep checking at all times |
| Baggage weight check | Review email attachments – treat previously unseen executables as suspect |
| CCTV as passengers move around airport | User behavior analytics for risky behavior |
| Database of travellers, prior travel, destination information | Logging / analytics |
| Temperature tests for COVID | Block surfing to high risk web sites |
| Visa requirements | Access control to sensitive areas or sensitive data |
| Check expiry date on passport | Reconfirm credentials after a period |
| History of prior travel | User behavior analytics to understand “normal traffic” for each individual user and alert on unusual patterns. |
| Open Skies Initative – sharing data with destination – allowing arrest on landing | Insights to check and implement defences before attacks based on other organization’s threats |
| Landing card (where staying, reason etc.) | Employee justification for actions – feedback loops when challenged |
| Finger prints on landing – check against previous travel history | Insights |
| Security guards, customs agents, check in staff, people monitoring CCTV | The personal touch – the SOC team investigating threats and defining and implementing policies |
| Different security lines for additional checks | Remote Browser Isolation |
| Overall SOC center to correlate all inputs | Global management |
What have we learned?
Firstly, the job of securing an airport is complex and involves a lot of planning, cooperation with 3rd parties and a vast mixture of people and technology-based security.
Secondly, we cannot rely on one defense, just like airports.
Thirdly, concepts like zero trust, MITRE ATT&CK framework, Cyber Kill Chain are all aiming to look at threats in the round – we need look at threats from every angle we can and implement the best technology we can.
The best solutions will be integrated, you need to be able to collate activity patterns to evaluate risks and define defenses. McAfee’s Device to Cloud Suites are designed to bring together multiple systems all under one umbrella and let you accelerate cloud adoption, improve productivity and bring together more than ten different security technologies all managed by McAfee ePO.
Easy, comprehensive protection that spans endpoints, web, and cloud
The post Lessons We Can Learn From Airport Security appeared first on McAfee Blogs.
Cybercriminals go to great lengths to hack personal devices to gather sensitive information about online users. To be more effective, they make significant investments in their technology. Also, cybercriminals are relying on a tactic called social engineering, where they capitalize upon fear and urgency to manipulate unsuspecting device users to hand over their passwords, banking information, or other critical credentials.
One evolving mobile device threat that combines malware and social engineering tactics is called BRATA. BRATA has been recently upgraded by its malicious creators and several strains have already been downloaded thousands of times, according to a McAfee Mobile Research Team report.
Here’s how you can outsmart social engineering mind games and protect your devices and personal information from BRATA and other phishing and malware attacks.
BRATA stands for Brazilian Remote Access Tool Android and is a member of an Android malware family. The malware initially targeted users in Brazil via Google Play and is now making its way through Spain and the United States. BRATA masquerades as an app security scanner that urges users to install fake critical updates to other apps. The apps BRATA prompts the user to update depends on the device’s configured language: Chrome for English speakers, WhatsApp for Spanish speakers, and a non-existent PDF reader for Portuguese speakers.
Once BRATA infects a mobile device, it combines full device control capabilities with the ability to capture screen lock credentials (PIN, password, or pattern), capture keystrokes (keylogger functionality), and record the screen of the compromised device to monitor a user’s actions without their consent.
BRATA can take over certain controls on mobile phones, such as:
BRATA is like a nosy eavesdropper that steals keystrokes and an invisible hand that presses buttons at will on affected devices.
BRATA’s latest update added new phishing and banking Trojan capabilities that make the malware even more dangerous. Once the malware is installed on a mobile device, it displays phishing URLs from financial institutions that trick users into divulging their sensitive financial information. What makes BRATA’s banking impersonations especially effective is that the phishing URLs do not open into a web browser, which makes it difficult for a mobile user to pinpoint it as fraudulent. The phishing URLs instead redirect to fake banking log-in pages that look legitimate.
The choice to impersonate banks is a strategic one. Phishers often impersonate authoritative institutions, such as banks and credit card companies, because they instill fear and urgency.
Social engineering methods work because they capitalize on the fact that people want to trust others. In successful phishing attacks, people hand cybercriminals the keys instead of the cybercriminal having to steal the keys themselves.
Awareness is the best defense against social engineering hacks. When you’re on alert and know what to look for, you will be able to identify and avoid most attempts, and antivirus tools can catch the lures that fall through the cracks.
Here are three tell-tale signs of a social engineering attack and what you should do to avoid it.
Just because an app appears on Google Play or the App Store does not mean it is legitimate. Before downloading any app, check out the number of reviews it has and the quality of the reviews. If it only has a few reviews with vague comments, it could either be because the app is new or it is fake. Also, search the app’s developer and make sure they have a clean history.
Never click on links if you are not sure where they redirect or who sent it. Be especially wary if the message surrounding the link is riddled with typos and grammar mistakes. Phishing attempts often convey urgency and use fear to pressure recipients to panic and respond too quickly to properly inspect the sender’s address or request. If you receive an urgent email or text request concerning your financial or personal information, take a deep breath and investigate if the claim is legitimate. This may require calling the customer service phone number of the institution.
Just like computers, mobile devices can be infected with viruses and malware. Protect your mobile device by subscribing to a mobile antivirus product, such as McAfee Mobile Security. McAfee Mobile Security is an app that is compatible with Android devices and iPhones, and it protects you in various ways, including safe surfing, scanning for malicious apps, and locating your device if it is lost or stolen.
The post Beware of BRATA: How to Avoid Android Malware Attack appeared first on McAfee Blogs.
Each year, MITRE Engenuity conducts independent evaluations of cybersecurity products to help government and industry make better decisions to combat security threats and improve industry’s threat detection capabilities. These evaluations are based on MITRE ATT&CK®, which is widely recognized as the de facto framework for tracking adversarial tactics and techniques. At McAfee we know that cybercriminals are always evolving their tradecraft, and we are committed to providing blue teams (cyber defenders) the capabilities needed to win the game. To do so, we believe in the importance of putting our security solutions through rigorous testing. To demonstrate our commitment, McAfee has participated in all MITRE Engenuity Enterprise Evaluations to date, including the previous round 1 (APT3 emulation) and round 2 (APT29 emulation).
Today, MITRE Engenuity released the results of the Carbanak and FIN7 evaluations (round 3) that were conducted over the last few months. McAfee participated in this evaluation, along with 28 other vendors, which tested the capabilities of their cybersecurity solutions, in what has been the most comprehensive ATT&CK Evaluation to date, covering 20 major steps and 174 sub-steps.
For the first time ever, MITRE Engenuity offered an optional extension to the detection evaluations to examine a vendor’s ability to protect against specific adversary techniques utilized by these groups. This was also the first time that the evaluations went beyond Windows systems and addressed techniques aimed at the Linux devices that are often used on networks as file servers or domain controllers.
While it’s important to note that the goal of these ATT&CK Evaluations is not to rank or score products, our analysis of the results found that McAfee’s blue team was able to use MVISION EDR, complemented by McAfee’s portfolio, to obtain a significant advantage over the adversary, achieving:
While prior emulated groups were more focused on espionage, the ATT&CK Evaluations team chose to emulate Carbanak and FIN7 due to the wide range of industries these groups target for financial gain. Both groups carry a firm reputation of using innovative tradecraft. Efficient espionage and stealth are at the forefront of their strategy, as they often rely heavily on scripting, obfuscation, “hiding in plain sight,” and fully exploiting the users behind the machine while pillaging an environment. They also leverage a unique spectrum of operational utilities, spanning both sophisticated malware as well as legitimate administration tools capable of interacting with various platforms.
The ATT&CK Evaluation was conducted over a total of 4 days, including the protection testing. On each day a different version of the attack comprised of 10 steps was executed. On Day 1, MITRE Engenuity emulated an attack carried out by the Carbanak group to a financial institution that starts with the breach of the HR Manager’s workstation, and includes elevation of privileges, credential theft, lateral movement to the CFO’s system, collection of sensitive data on both Windows and Linux systems, and the spoofing of money transfers. On Day 2, MITRE Engenuity emulated an attack carried out by the FIN7 group against a hotel, involving the breach of the hotel manager’s system, persistence, credential theft, discovery, lateral movement to an accounting system and the skim of customer payment data.
The McAfee blue team successfully defended against these two advanced adversaries, demonstrating the power of the McAfee portfolio, including MVISION EDR, complemented by MVISION Endpoint Security (ENS), Advanced Threat Detection (ATD), Network Security Platform (NSP), Data Loss Prevention (DLP), and Enterprise Security Manager (ESM). These products were configured following MITRE Engenuity’s standards:
During these 4 days of extensive purple teaming, McAfee demonstrated that its portfolio provides solid cyber defense across the top 5 capabilities that matter the most to any security operations team: time-based security, alert actionability, detection in depth, protection, and visibility.
Time-Based Security (TBS) is one of the most relevant, effective, and simple security models a defender can apply. It provides a mechanism to determine if a blue teamer would have the necessary, timely, and actionable information to effectively defend against adversarial attacks.
Using the results of the ATT&CK Evaluation, we modeled the data following an attack timeline, grouping the techniques executed by the ATT&CK red team for Days 1 (Carbanak) and 2 (FIN7) into each of the steps (attack milestones) they employed. To represent the data for each evaluation day, we list the detection categories used by MITRE Engenuity. As Figures 1 and 2 show, during the evaluation, McAfee provided the maximum level of visibility, detection and context for every major step in the attack. An analyst that used McAfee’s products would have received a correlated and enriched threat alert for each of the steps of these advanced attacks, including references to MITRE Engenuity’s ATT&CK framework and pivoting points to enriched telemetry, enabling faster detection, investigation and reaction, and therefore resulting in reduced exposure.
Figure 1. Time Based Security for Carbanak (Day 1)
Figure 2. Time Based Security for FIN7 (Day 2)
To be successful as a defender, it is essential to react in the fastest possible way, raising an alarm as early as possible on the attack chain, while correlating, aggregating and summarizing all subsequent activity to preserve actionability. McAfee’s MVISION EDR preserved actionability and reduced alert fatigue during the evaluation providing context and enrichment, resulting in a ratio of 62%1 analytic detections (non-telemetry detections) out of the 274-total count of detections. This was possible due to McAfee’s strong correlation and having all telemetry tagged and labeled as close to the source as possible.
Effective attack technique detection requires certain vantage points. Additional perspective improves context, correlation, and subsequently fidelity. Having diverse data sources for every technique enables coverage quantity and quality.
McAfee demonstrated coverage across a dozen of different data sources during the evaluation with 72% of detections utilizing two or more data sources.
Figure 3. McAfee data source diversity across 274 detections
For the first time in an ATT&CK Evaluation, MITRE Engenuity exercised 10 protection scenarios; a subset of the attack sequences used during the detection assessment. McAfee demonstrated its superior protection efficacy by successfully disrupting all 10 attacks, early in the chain, before any impact occurred. Before the disruption, high context detections and telemetry was produced to alert the analyst.
Figure 4. 100% blocking at every protection test
Many organizations live in an alert driven world where there is not enough data to support key security operations activities, including investigations or threat hunting. During the Carbanak+FIN7 evaluation, McAfee provided visibility across all major steps of the attack, and 87% visibility of the total count of sub-steps across both days. It is worth noting that the remaining 13% does not necessarily represent blind spots, but rather that the minimum criteria selected by MITRE Engenuity was not met, according to the evaluation rules. For example, more visibility was obtained through the automated detonation of samples in our ATD sandbox, which provides additional data context to security analysts during a real attack.
At McAfee, we know how security operations work, and that’s why we designed our detection and response platform with ‘Human Machine Teaming’ in mind. For this latest round of the MITRE Engenuity ATT&CK Evaluation, our Threat Detection Engineering and Applied Countermeasures (AC3) team have delivered 85% more visibility and over 22% more analytic detections than in the previous APT29 evaluation.
During this evaluation, we demonstrated that McAfee delivers best-balanced defense across the top 5 capabilities that matter the most to any security operations team: time-based security, alert actionability, detection in depth, protection, and visibility. Our McAfee detection and response platform offered enhanced meaningful context across the entire attack chain, allowing cyber defenders to disrupt attacks early, before damage occurs.
Stay tuned for upcoming details on how each of these security capabilities played a key role in the Carbanak+FIN7 evaluation as part of our ATT&CK Evaluation blog series.
MITRE ATT&CK and ATT&CK are registered trademarks of the MITRE Corporation.
The post McAfee Provides Max Cyber Defense Capabilities in MITRE’s Carbanak+FIN7 ATT&CK® Evaluation appeared first on McAfee Blogs.
Something you’ll want to know about all those movies, mp3s, eBooks, air miles, and hotel points you’ve accrued over the years: they’re digital assets that can factor into a divorce settlement.
Understandably, several factors determine the distribution of assets in a divorce. However, when it comes to dividing digital assets, divorce settlements and proceedings are charting new territory. The rate of digital innovation and adoption in recent years has filled our phones, tablets, and computers with all manner of digital assets. What’s more, there are also the funds sitting in our payment apps or possibly further monies kept in the form of cryptocurrencies like bitcoin. Put plainly, the law is catching up with regards to the distribution of these and other digital assets like them.
Yet one thing that the law recognizes is that digital assets can have value and thus can be considered property subject to distribution in a divorce.
In light of this, the following is a checklist of considerations that can help prepare you or someone you know for the distribution of digital assets in a fair and just way.
Nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your legal professional for counsel on the best approach for you and the laws in your area.
For starters, let’s get an understanding as to what actually constitutes a digital asset.
Because laws regarding digital assets vary (and continue to evolve), the best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer the right to use it.
To put that in practical terms, let’s look at some real-world examples of what could constitute a digital asset. That list includes, but is not limited to:
However, digital assets can readily expand to further include:
And like any other asset in the case of a divorce, a value will be ascribed to each digital asset and then distributed per the conditions or orders of the settlement.
Arriving at the value of specific digital assets begins with an inventory—listing all the digital assets and accounts you own, just as you would with any other monetary or physical assets like bank accounts, properties, and cars. When you go through this process, chances are you’ll quickly find that you have hundreds if not thousands of dollars of digital assets.
For example, we can look at the research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past ten years, that figure feels conservative.
Above and beyond preparing for a divorce settlement, taking such an inventory of your digital assets is a wise move. One, it provides you with a clearer vision of the things you own and their worth; two, maintaining such a list gives you a basis for estate planning and determining who you would like to see receive those assets. Likewise, maintain that list on a regular basis and keep it safe. It’s good digital hygiene to do so.
With this inventory, each asset can then have an assessed value ascribed to it. In some instances, a value will easily present itself, such as the cost of a subscription or how much money is sitting in a PayPal account. In other cases, the value will be sentimental, such as the case is with digital photos and videos. Ideally, you and your spouse will simply be able to duplicate and share those photos and videos amicably, yet it is important that you articulate any such agreement to do so. This way, a settlement can call out what is to be shared, how it will be shared, and when.
Not all digital assets are transferrable. Certain digital assets are owned solely in your name. In other words, you may have access to certain digital assets that cannot transfer to someone else because you do not have the rights to do so per your user agreement. This can be the case with things such as digital books, digital music, and digital shows and movies.
In such circumstances, there may be grounds for negotiation and a “limited transfer” in the settlement, where one party exchanges one asset for another rather than splitting it equally. A case in point might be a sizeable eBook library on a device that’s in the name of one spouse. While that library can’t be split or transferred, one spouse may keep the eBook library while another spouse keeps a similarly valued asset or group of assets in return—like say a collection of physical books.
Streaming services will need to be addressed too. Be prepared to either terminate your accounts or simply have them assigned to the person in whose name they are kept. In the case of family accounts, the settlement should determine how that is handled, whether it gets terminated or similarly turned over to one spouse or the other. In all, your settlement will want to specify who takes over what streaming service and when that must occur.
Like dividing up investment accounts where the value of the account can vary daily, digital currencies can present challenges when spouses look to divide the holdings. Cryptocurrency valuation can be quite volatile, thus it can be a challenging asset to settle from a strict dollar standpoint.
What’s more, given the nature of digital currencies, there are instances where an unscrupulous spouse may seek to hide worth in such currency—which is an evolving issue in of itself. This recent article, “Cryptocurrency: What to Know Before and During Divorce,” covers the additional challenges of cryptocurrency in detail, along with an excellent primer on what cryptocurrency is and how it works.
Ultimately, cryptocurrency is indeed an asset, one that your attorney and settlement process will need to address, specifically so that there are no complications later with the transfer or valuation of the awarded currency.
With accounts changing hands, now’s the time to start fresh with a new set of passwords. What’s more, we have a tendency to reuse the same passwords over and over again, which may be known to an ex-spouse and is an inherent security risk in of itself. Change them. Even better, take this opportunity to use a password manager. A password manager can create and securely store strong, unique passwords for you, thus saving you the headache of maintaining dozens of them yourself—not to mention making you far more secure than before.
Again, keep in mind that nothing here is legal advice. Yet, do keep these things in mind when consulting with an attorney. The reality is that we likely have thousands of dollars of what could be considered digital assets. Inventorying them and ascribing a fair market value to them along with your legal professional is the first step in a fair and just settlement.
The post Digital Divorce: Who Gets the Airline Miles and Music Files? appeared first on McAfee Blogs.
In a recent episode of McAfee’s SOCwise Series, guest security expert Chris Crowley revealed findings of his recent survey of security efforts within SOCs. His questions were designed to gain insight into all things SOC, including how SOCs can accomplish their full potential and how they assess their ability to keep up with security technology.
Hosts Ismael Valenzuela and Michael Leland tapped into Chris’ security operations expertise as he told “A Tale of Two SOCs.”
“Chris has a tremendous experience in security operations,” Ismael said. “I always like people who have experience both in the offensive side and the defensive side. Think red, act blue, right? . . . but I think that’s very important for SOCs. Where does ‘A Tale of Two SOCs’ come from?”
In reference to the Charles Dickens’ classic, Chris explained how survey responses fell into two categories: SOCs that had management support or those that did not.
“It’s not just this idea of does management support us. It’s are we effectively aligned with the organization?” Chris said. “And I think that is manifest in the perception of management support of not management support, right? So, I think when people working in a SOC have the sense that they’re doing good things for the organization, their perceptions is that the management is supporting them.”
In this case, Chris explains “A Tale of Two SOCs” also relates to the compliance SOC versus the real security SOC.
“A lot of it has to do with what are the goals when management set up to fund the SOC, right? Maybe the compliance SOC versus the SOC that’s focused on the security outcomes on defending, right? There are some organizations that are funding for basic compliance,” Chris said. [If the] law says we have to do this, we’re doing that. We’re not really going to invest in your training and your understanding and your comprehension. We’re not going to hire really great analysts. We’re just going to buy the tools that we need to buy. We’re going to buy some people to look at monitors and that’s kind of the end of it.”
One of the easiest and telling methods of assessing where an SOC sees itself in this tale is having conversations with staff. Chris recommends asking staff if they feel aligned with management and do they feel empowered?
“If you feel like you’re being turned into a robot and you pick stuff from here and drop it over there, you’re probably in a place where management doesn’t really support you. Because they’re not using the human being’s capability of synthesis of information and that notion of driving consensus and making things work,” Chris said. “They’re looking more for people who are replaceable to put the bits in the bucket and move through.”
Chris shared other survey takeaways including how SOCs gauge their value, metrics and tools.
The survey included hypotheses designed to measure how organizations classify the value of a SOC:
“This showed that as SOC teams met the challenge of skilled staffing, they moved on to their next order of task: Let’s make the computers compute well,” Chris said.
Ismael asked about the tendency for some SOC management not to report any metrics, and those that simply reported number of incidents not reporting the right metrics. Chris reported that most people said they do provide metrics, but a still–surprising number of people said that they don’t provide metrics at all.
Here’s the breakdown of how respondents answered, “Do you provide metrics to your management?”
That roughly a third of respondents either do not report metrics or don’t know if they report metrics was telling to the survey’s author.
“In which case [metrics] obviously don’t have a central place of importance for your SOC,” Chris said.
Regarding the most frequently used metric – number of incidents – Chris speculated that several SOCs he surveyed are attempting to meet a metric goal of zero incidents, even if it means they’re likely not getting a true reading of their cyber security effectiveness.
“You’re allowed to have zero incidents in the environment. And if you consistently meet that then you’re consistently doing a great job,” Chris said. “Which is insane to me, right? Because we want to have the right number of incidents. If you actually have a cyber security problem … you should want to know about it, okay?
Among the group of respondents who said their most common metric is informational, the desired information from their “zero incidents” metrics doesn’t actually have much bearing on the performance or the value of what the SOC is doing.
“The metrics tend to be focused on what can we easily show as opposed to what truly depicts the value that the SOC has been providing for the org,” Chris said. “And at that point you have something you can show to get more funding and more support right over time.”
Chris suggests better use of metrics can truly depict the value that the SOC is providing the organization and justify the desired support it seeks.
“One which I like, which is not an easy metric to develop is actually loss prevention. If I can actually depict quantitatively, which it will not be precise, there will be some speculation in that,” Chris said. “But if I can depict quantitatively what the SOC did this month, or quarter where our efforts actually prevented or intervened in things which were going wrong and we stopped damage that’s loss prevention, right? That’s what the SOC is there for, right? If I just report, we had 13 incidents there’s not a lot of demonstration of value in that. And so always the metrics tend to be focused on what can we easily show as opposed to what truly depicts the value that the SOC has been providing for the org. “
Michael steered the discussion to the value discussion around incident metrics and their relationship with SOC capacity. How many incidents can you handle? Is it a tools issue or a people issue or a combination of both? Chris’ study also revealed a subset of tools that respondents more frequently leveraged and added value to delivery of higher capacity of incident closure.
One question on the survey asked, “Do you use it?
“Not whether you like it or not, but do you use it? And do you use it in a way where you have full coverage or partial coverage? Because another thing about technology, and this is kind of a dirty secret in technology applications, is a lot of people buy it but actually never get it deployed fully,” Chris said.
His survey allowed respondents to reveal their most-used technologies and to grade tools.
The most common used technologies reported in the survey were:
Tools receiving the most A grades:
Tools receiving the most F grades:
Chris pointed out that the reasoning behind the F grades may be less a case of failing and more a case of not meeting their full potential.
“Some of these are newer in this space and some of them just feel like they’re failures for people” Chris said. “Now, whether they’re technology failures or not this is what people are reporting that they don’t like in terms of the tech.”
For more findings read or download Chris Crowley’s 2020 survey here.
Watch this entire episode of SOCwise below.
The post SOCwise Series: A Tale of Two SOCs with Chris Crowley appeared first on McAfee Blogs.
In a year where people relied on their digital lives more than ever before and a dramatic uptick in attacks quickly followed, McAfee’s protection stood strong.
We’re proud to announce several awards from independent third-party labs, which recognized our products, protection, and the people behind them over the course of last year.
The Cybersecurity Excellence Awards is an annual competition honoring individuals and companies that demonstrate excellence, innovation, and leadership in information security. We were honored with four awards:
Further recognition came by way of three independent labs known for their testing and evaluation of security products. Once more, this garnered several honors:
As the threat landscape continues to evolve, our products do as well. We’re continually updating them with new features and enhancements, which our subscribers receive as part of automatic product updates. So, if you bought your product one or two years ago, know that you’re still getting the latest award-winning protection with your subscription.
We’d like to acknowledge your part in these awards as well. None of this is possible without the trust you place in us and our products. With the changes in our work, lifestyles, and learning that beset millions of us this past year, your protection and your feeling of security remain our top priority.
With that, as always, thank you for selecting us.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post McAfee Awarded “Cybersecurity Excellence Awards” appeared first on McAfee Blogs.
Throw open the windows and let in some fresh air. It’s time for spring cleaning.
And that goes for your digital stuff too.
Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and your identity, because when there’s less lying about, there’s less for hackers to scoop up and exploit.
The reality is that we accumulate plenty of digital clutter that needs cleaning up from time to time. Think about it:
Together, these things take up space on your devices and, in some cases, can open you up to security hazards. Let’s take a look at how you can clean up in a few steps.
1. Review your accounts and delete the ones you don’t use. Look through your bookmarks, your password manager, or the other places where you store your passwords and usernames. Review the sites and services associated with them critically. If you haven’t used an account in some time, log in one last time, remove all personal info, and deactivate it.
Doing so can keep your email address, usernames, and passwords out of unnecessary circulation. Major breaches like this one happen with unfortunate regularity, and the sad thing is that you may not even be aware that a site you’ve used has been hit. Meanwhile, your name, password, and info associated with that account (such as your credit card) are in the hands of hackers. Limit your exposure. Close those old accounts.
2. Get organized, and safer too, with a password manager. While creating strong, unique passwords for each of our accounts is a must nowadays, it can be quite the feat, given all of the accounts in our lives. Here’s where a password manager comes in. It can create those strong, unique passwords for you. Not only that, but it also stores your passwords on secure servers, away from hackers and thieves.
Along those lines, never store your passwords on your computer or device, like a text document or spreadsheet. Should your device ever get compromised, lost, or stolen, having passwords stored on them are like handing over the keys to your digital life.
3. Clean your PC to improve your performance (and your security). Let’s face it, so many of us are so busy with the day-to-day that cleaning up our computers and laptops is way down the list. However, doing so once a month can keep our devices running stronger for longer and even give you that “new computer feeling,” particularly if you haven’t cleaned it up for some time. Check out or guide for improving PC performance. It’ll walk you through some straightforward steps that can make a marked difference.
Moreover, part of this process should entail bolstering your operating system and apps with the latest updates. Such updates can not only improve speed and functionality, but they also often include security upgrades as well that can make you safer in the long run. If your operating system and apps feature automatic updates, enable them, and they’ll do the work for you.
4. Organize and store your photos. Photos. Now there’s a topic all unto itself. Here’s the thing: Estimates show that worldwide we took somewhere around 1.2 trillion photos in 2018. And you certainly have your share.
However, your photos may be just sitting there, taking up storage space on your computer or phone, instead of becoming something special like an album, greeting cards, a wall hanging, or popping them into a digital picture frame for your kitchen or living room. And this is where a little spring cleaning can be a bit of fun. For tips on cleaning up your photos, backing them up, and making something special with them, check out my earlier blog.
5. Delete old apps and the data associated with them. Let’s say you have a couple of apps on your phone for tracking your walks, runs, and exercise. You’ve since stopped using one altogether. Go ahead and delete the old one. But before you do, go in and delete your account associated with the app to ensure that any data stored off your phone, along with your password and user id are deleted as well.
For your computers and laptops, follow the same procedure, recognizing that they also may have account data stored elsewhere other than on your device.
In short, many apps today store information that’s stored and maintained by the app provider. Make sure you close your accounts so that data and information is taken out of circulation as well.
6. Shred your old files and encrypt the important files you’re holding on to. This bit of advice calls for using comprehensive security software on your devices. In addition to protecting you from viruses, malware, and other cyberattacks on your privacy and identity, it can help you protect your sensitive information as well. Such security software can offer:
7. Throwing away old computers and tech—dispose of properly. When it comes time to say goodbye to an old friend, whether that’s a computer, laptop, phone, or tablet, do so in a way that’s friendly to the environment and your security.
Consider this … what’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Same thing goes for your tablets and phones. The Federal Trade Commission (FTC) offers some straightforward advice in their article about protecting your data before you get rid of your computer. You don’t want those old tax returns ending up in the trash unprotected.
When it comes time for disposal, you have a few options:
Enjoying the benefits of your work—that’s what spring cleaning is all about, right? With this little list, you can end up with a digital life that’s safer and faster than before.
The post Digital Spring Cleaning: Seven Steps for Faster, Safer Devices appeared first on McAfee Blog.
Cryptocurrency enthusiasts are flocking to the Wild West of Bitcoin and Monero to cash in on the recent gold rush. Bitcoin’s meteoric rise in value is making coin mining an appealing hobby or even a whole new career. Coin mining software is the main tool in a prospector’s belt.
Some coin miners, also known as cryptocurrency miners, are tempted by the dark side of the industry and resort to nefarious means to harness the immense computing power needed for cryptocurrency profits. Greedy cryptocurrency criminals employ a practice called cryptojacking, stealing the computer power of unsuspecting devices to help them mine faster. Your device could be at risk at being recruited to their efforts.
Let’s dig into how coin mining programs work, why they turn malicious, and how you can stay safe from cryptojackers.
Mining cryptocurrency takes a lot of time and computer processing power. A coin mining home setup requires a graphics processing unit (GPU) or an application-specific integrated circuit (ASIC). Coin mining software then runs off the GPU or ASIC. Each central processing unit (CPU), or the brain of the computer, plus the GPU or ASIC is referred to as a mining rig.
Once the software is installed, the rig is ready to mine, running mathematical calculations to verify and collect new cryptocurrency transactions. Each calculation is known as a hash, and hash rates are the number of calculations that can be run per second.
From there, casual miners may choose to join a mining pool, which is a club of miners who agree to consolidate their computing power and split the profits based on how much work each miner contributed to the output.
Bitcoin rewards miners every 10 minutes for their efforts. Each time miners solve a string of mathematical puzzles, they validate a chain of transactions, thus helping make the entire Bitcoin system more secure. Miners are paid in bitcoin and they also receive a transactional fee.
While coin mining typically starts off as a casual hobby, coin mining programs can turn malicious when cryptocurrency miners want to earn more without investing in boosting their own computing power. Instead, they reroute their targets’ computing power without asking. This is called cryptojacking.
Mining requires incredible amounts of electricity and the more rigs involved; the more cryptocurrency can be mined. Usually, the utility bills and the cost of running coin mining software negates any profit. For example, a casual miner may have one rig devoted to mining. An average rig processes approximately 500 hashes per second on the Monero network (a type of cryptocurrency). However, 500 hashes per second translates to less than a dollar per week in traditional, or fiat, currency.
Greedy cryptocurrency criminals recruit CPU soldiers to their mining army to improve their hash rate. To do so, criminals download coin mining software to a device and then program it to report back to their server. The device’s thinking power is diverted from the owner and funneled straight to the criminal’s server that now controls it. Compromised devices run considerably slower and can overheat, and the strain on the device can eventually destroy it.
Cryptojackers are not your everyday thieves. Their target is your CPU power, and they employ devious methods to funnel it for their own use. Luckily, there are a few easy ways to thwart their efforts:
Personal devices are often infected through phishing within emails and texts. There are many tell-tale signs of a phishing message. For example, they are often poorly written and use language that indicates that the sender wants a hasty response. Also, phishing attempts often charade as official organizations, like banks and credit card companies. If you are ever suspicious of an email or text, do not open any of the links and do not reply. Instead, contact the organization’s customer support to verify the legitimacy of the message.
Another way miners gain access to personal devices is by camouflaging malicious code in pop-up ads. An easy way to avoid being cryptojacked is to simply never click on these ads. Or even better, install an ad blocker to help eliminate the risk.
Public wi-fi and poorly protected networks present a vulnerable entry point for cybercriminals to hack into your devices. Cybercriminals often attempt to download software remotely to your laptop, desktop, or mobile device to reroute its computing power for their own selfish gains. Always connect to a VPN like McAfee Safe Connect VPN to safely surf unsecure networks.
Cryptojacking code is inconspicuous and generally hidden in legitimate code. Antivirus software, such as McAfee Total Protection, is a recommended way to proactively scan for malware and even identify fraudulent websites. McAfee WebAdvisor has a Chrome extension that specifically blocks cryptojackers.
Be aware of the signs your devices have been cryptojacked. For example, monitor any changes in the speed of your devices and check out your utility bills for dramatic spikes. By remaining vigilant with these tips, you will keep your devices safe from cryptocurrency miners gone rogue.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Why Coin Miners Go Bad & How to Protect Your Tech When They Do appeared first on McAfee Blogs.
You flick through some reels and an ad for “a more private phone” crops up. You scroll through your news feed and catch wind of yet another data breach at a major retailer. You see a post from a friend who says their social media account was hacked. Maybe you don’t think about security every day, but when you do, it can feel … overwhelming. We’re here to solve that. We’re here to make security easy.
As security providers, we have to offer protection against a wide variety of threats without adding more complexity to your already busy life. Managing your security should be easy, and even enjoyable.
Enjoyable?
Yes. We want you to have a sense of accomplishment, both knowledge and a feeling that you’re safer than you were before.
With these things in mind, we set out to make your security software work better for you. We streamlined the experience to simplify what you see, while still offering robust protection. After all, true security is the security that you benefit from every day, and it’s up to us as providers to make it smooth and easy as possible.
Our new setup process now includes easier navigation, fewer screens, and clearer action items and alerts. It smoothly moves you through setting up protection across all the ways you interact online and your compatible devices. This way, you know that we’re helping to keep you safe whether you’re messaging, browsing, or shopping and banking online.
Another area where we put a lot of focus is the new home screen. This is your home base, where we clearly show you what your current protection status is in the areas that matter the most to you. This includes making it easier to monitor your personal information and strengthen protections you already use, like passwords.
The home screen is also where you come to perform essential tasks, such as running an antivirus scan. It guides you to take actions when needed, giving you proactive protection, and a clear view of your overall security in one convenient place. From here you can access details on the status of your PC, web, and identity protection.
While we’re always focused on helping you feel confident and protected online, we realize that making our tools easy to use is just as important. The digital security landscape will continue to be a complicated one, with more than a million new and unique threats cropping up each day, but we can and are making security simpler, and therefore, more effective.
With easier setup and protection that turns on automatically at the right moments, we want to make security easier for you so that you can feel safer online. We’ve heard your feedback about how we can improve, and we’ll bring all that goodness in a product that you can use every day.
You’ll find this interface across our McAfee+ family of products, along with continual upgrades and improvements as we roll out more features that will keep you safer online.
The post Let’s Make Security Easy appeared first on McAfee Blog.
After much anticipation, you finally get a notification that you’re eligible to receive your COVID-19 vaccine. Upon getting your first dose, you may be eager to celebrate by sharing a picture of your vaccination card on social media. After all, many of your peers have been doing the same. However, these posts could actually put your online privacy and personal information at risk. While you want to share the good news, experts warn that scammers could potentially exploit the information on your card.
With more people becoming eligible to receive the COVID-19 vaccine, there has been a surge in social media posts featuring peoples’ vaccine cards. However, the Better Business Bureau stated that posting photos of your card can give criminals the data they need to create and sell fake vaccination cards. Not only do vaccine cards remind you of when your next appointment is, but they also contain important personal information such as your name, date of birth, and when and where you were vaccinated.
Currently, these cards are the only proof that people have that they’ve been vaccinated. While there is still uncertainty around the next phase of the pandemic and when life will return to “normal,” it’s possible these cards could be what gets you into a restaurant or on an airplane. If you post your vaccination card on social media, scammers could potentially forge your card and use it as their own pass into public places or use it to receive a second dose. Publicly posting medical information could also void your HIPAA protections. Furthermore, cybercriminals could significantly profit from your personal information since health care records sell for more than Social Security and credit card numbers on the dark web.
Your digital wellness is just as important as your physical wellness, so protecting your online data is crucial. It’s a good rule of thumb not to post photos with your name and other identifiable information on the internet. Although it may be tempting to post your vaccination card on social media, consider these tips to help protect your online security:
Think about who you want to share the good news with and what social media platform would be best for this. Create private groups or carefully select which followers can see your posts. Then, verify that you’ve updated your privacy settings accordingly. This will prevent scammers from lurking on your posts and extracting your personal information.
Instead of posting a photo of your vaccine card, share a picture of yourself outside the vaccination center. If your vaccination center provides “I got vaccinated” stickers, you can post a picture of that as well.
Taking steps towards protecting your digital well-being is just as important as taking steps towards protecting your physical health. By following these steps, you can help ensure that your online security will not be jeopardized by celebrating your vaccination.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Protect Your Digital Wellness: Don’t Post Your Vaccination Card Online appeared first on McAfee Blogs.
The number of new viruses grows every day. In fact, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. While there is no way to know when or how cyberattacks will occur, it’s clear that antivirus software is one of the best ways to ensure you, and your devices, are safe.
Despite its proven strengths, some long-standing myths question the effectiveness of antivirus. To set the record straight, we’ve debunked five of the most common antivirus software myths, so you can rest assured that you are safely navigating the evolving cyber landscape.
We expect a lot from our devices—faster performance every time the latest model is released. As a result, many are reluctant to install apps or software that may jeopardize device performance, including antivirus software.
Many believe that antivirus software will slow down your devices. However, contrary to popular belief, quality antivirus software can improve device performance by using advanced optimizations. It’s this simple: antivirus software conducts regular system-wide scans to identify and prevent viruses and improve performance without compromising efficacy.
To run these scans, antivirus software requires system resources, which is where this myth originates. If you download or operate more than one antivirus program or download the wrong version for your system, then yes, your device will slow to a crawl. That is why it is essential to install one high-quality antivirus software that meets all your devices’ system requirements. Additionally, best-in-class antivirus software can be set to run during specific hours to avoid delays during the busiest times of your day.
The number of malware strains and potentially unwanted applications (PUA) increases every year. It is understandable why people might think that antivirus software cannot protect against them all.
However, antivirus software can provide extensive protection against the majority of malicious programs. It does so in two ways:
Taken together, a known list of threats paired with the unique capabilities of machine learning, data science, and AI for advanced threat detection enable antivirus software to protect against a wide range of existing and evolving threats.
Can you imagine grading your own driving test? You could omit the dreaded three-point turn and pass with flying colors, but the result wouldn’t be as accurate as that of an unbiased evaluator. This same concept applies to evaluating the efficacy of computer security.
It’s easy for a company to set up a test environment where they highlight all the excellent capabilities of their antivirus software and gloss over its shortcomings. It’s equally as easy for a company to commission a third-party to conduct a custom test painting the company in a good light. However, the results will not be as comprehensive or accurate as those from an independent third-party. Additionally, they also will not provide a comparative analysis with other company offerings to help users draw their own conclusions.
Independent third-party test results offer a more thorough evaluation of antivirus software. They also do a better job at evaluating security features. Furthermore, ISO-certified independent third parties lend transparency and credibility to the techniques used and ensure that evaluations align with industry standards.
There is a common belief that Apple products are protected against viruses because cybercriminals often target Windows and Android operating systems. However, Apple devices are just as vulnerable to viruses as any other computer or smartphone. Regardless of your device or operating system—macOS, iOS, Windows, or Android—if it connects to a network, it’s susceptible to viruses.
Windows and Android have long been the dominant operating systems for computers and smartphones. That’s why macOS and iOS have, up until recently, been the lesser focus for cybercriminals. The problem is that cybercriminals want to spread their viruses to the platforms with the largest customer base which just so happens to be Windows and Android. As Apple products continue to grow in popularity, cybercriminals will continue coming out with more viruses specifically targeting Macs, iPhones, and other iOS devices.
Antivirus software is not a guarantee of protection against all viruses. Some malware can and will slip through. This is where antivirus software’s ability to detect and remove malware comes in. Ours comes with a Virus Protection Pledge, which provides a 100% guarantee we’ll remove viruses on your devices, or we’ll give you your money back, all as part of your automatically renewable subscription.
However, viruses and malware are just one form of attack that hackers and bad actors will wage on their victims. They’ll also make attempts at identity theft or likewise try to invade your privacy—with the intent of stealing passwords, account information, and personal information, which could drain your debit cards, damage your credit, or otherwise impersonate you for their financial gain.
In this way, antivirus is just one form of protection. To truly stay safe as possible online, you need online protection software that looks after your identity and privacy as well. McAfee+ Ultimate offers our most comprehensive coverage, with
It is necessary to bust common myths about antivirus software to protect yourself and your family from cyberthreats. By educating yourself and selecting a best-in-class antivirus software that’s further bolstered by identity and privacy protection, you will be well on your way to implementing an effective protection strategy.
The post Myth-busting Antivirus Software Assumptions appeared first on McAfee Blog.
The MITRE ATT&CK® Framework proves that authority requires constant learning and the actionable information it contains has never held greater currency. Likewise, XDR, the category of extended detection and response applications, is quickly becoming accepted by enterprises and embraced by Gartner analysts, because they “improve security operations productivity and enhance detection and response capabilities.”
It is less well known how these tools align to improve the efficacy of your cybersecurity defenses leveraging key active cyber security industry frameworks. In MVISION XDR there’s a dynamic synergy between the MITRE ATT@CK Framework and XDR. Let’s consider how and why this matters.
One of the biggest issues with XDR platforms, according to Gartner, is a “lack of diversity in threat intel and defensive techniques.” By aligning our XDR with MITRE, we greatly expand the depth of our investigation, threat detection, and prevention capabilities while driving confidence in preventing the attack chain with relevant insights.
With MITRE ATT&CK Framework in the hands of your incident response teams, you’re utilizing a definitive and progressive playbook that articulates adversarial behaviors in a standard and authoritative way.
The Framework is a valuable resource that contains a knowledge base of adversarial techniques that security defenders can reference to make sense of the behaviors (techniques) leading to system intrusions on enterprise networks.
In MVISION XDR, this synergy results in a shared source of truth. Adding MITRE ATT&CK into your SOC workflow is essential for analysts who need to conduct a thorough impact analysis and decide how to defend against or mitigate attacks.
Here are five powerful ways that XDR applies MITRE ATT&CK and helps operationalize the framework:
At first glance, the MITRE ATT&CK framework matrix, with its myriad of sub-techniques, reads like a checklist of concerns for your SOC analysts to evaluate. But approaching threat analysis or investigations that way may lead to a form of tunnel vision. Knowing that an attacker is not just limited to one set of techniques, MVISION XDR boosts your team’s efficacy by covering the entirety of the matrix including device, network, and cloud detection vectors.
MVISION XDR also increases your team’s situational awareness by making it easy to map and correlate tactics, techniques and procedures (TTPs) directly to MITRE ATT&CK information. XDR supplies visualizations that reduce the burden on analysts to identify patterns and assess the recommended prevention guidance.
As we’ve pointed out on other occasions, MVISION XDR can chain MITRE ATT&CK techniques into complex queries that describe behaviors, instead of individual events. MVISION XDR is hypothesis driven, utilizing Machine Learning and Artificial Intelligence to analyze threat data from multiple sources and map it to the MITRE ATT&CK framework.
Increasing the efficacy of your SOC team analysts, incident responders and other members of your team is obviously critical to producing smarter and better security outcomes including faster time to detect (MTTD) or remediate (MTTR). MVISION XDR also boosts team productivity and drives more accurate prevention by automating security functions like detection or response.
Armed with actionable intelligence your team can proactively harden the enterprise before an attack. When Gartner states that “The goal of XDR is improved detection accuracy and security operations center (SOC) productivity” we tend to think that integrating MITRE ATT&CK framework sets the standard in our competitive set.
At the end of the day, this winning combination of MITRE ATT&CK and MVISION XDR offers the C-level and Board sufficient level of evidence of resilience. A vibrant information exchange must be a two-way street. We work closely with the MITRE team and actively contributes to the development of new matrices to empower the broader MITRE ATT&CK community.
Hear more from a SOCwise expert on why MITRE matters.
The post 5 Ways MVISION XDR Innovates with MITRE ATT&CK appeared first on McAfee Blogs.
Over the last 12 months, technology has featured in our lives in a way I don’t think any of us would have predicted. Whether you were in lockdown, choosing to stay home to stay well or quite simply, out of other option – technology saved the day. It helped us work and learn from home, stay connected with friends and family, entertain ourselves, shop and essentially, live our lives.
For many parents, this was a real ‘aha’ moment. A moment when technology went from being an annoying distraction to incredibly critical to the functioning of our day to day lives. Of course, many of us had always considered technology to be useful to help us order groceries and check Facebook but to experience first-hand that technology meant life could go on during a worldwide pandemic was a real game changer.
Whether it was downloading video calling apps like Zoom or Facetime, setting up a Twitter account to get updates from the Health Department, using Google Doc to work collaboratively or experiencing what online gaming really is via a few sessions on the Xbox, 2020 means many parents had to get up to date, real fast! And you know what – that’s a good thing! I’ve had so many parents remark to me that they know finally understand why their kids are so enamoured with technology. There really is nothing like walking in someone’s shoes to experience their world!
I’m a big believer in parents taking the time to truly understand the world in which their kids exist. For years, I’ve advised parents to download and use the apps and games their kids play so they can understand the attraction and complexity of their kids’ digital life. Well, it may have taken a global pandemic, but I am delighted to report that, anecdotally at this stage, more parents are now embracing their kids’ online world.
When we first become enamoured with something, we often enter the ‘honeymoon’ phase. As a married woman of 28 years, this was many years ago for me!! The honeymoon phase is when everything is wonderful and rosy, and negatives are not always considered. And our relationship with technology can be much the same. And I’ve been there – there’s nothing quite so wonderful as discovering a new app or piece of software and almost being joyous at just how transformational it could be for your life. And this often means we gloss over or even ignore the risks because we are in love!!!
So, as Cybermum, I’m here to cheer you on and pat you on the back for embracing and using new apps and software. Yes, I’m very proud! But I also want to share with you just a few steps that you need to take to ensure you are not taking on any unnecessary risks with your new favourite app. Here are my top tips:
1. Passwords
Every app, online account or piece of software needs it own individual password. Yes, I know that it is a real pain, but it is one of the most important things you will do to protect yourself online. I’m a big fan of password managers that not only generate the most incredibly complex passwords for each of your accounts but remember them for you. McAfee’s password manager, True Key, is a free option which has completely helped me manage my 80 plus collection of passwords!! Very grateful!
2. Software Updates
The main purpose of a software update is to protect the user from security threats. Yes, you may also get some new features and possibly have a glitch or 2 removed but it is all about the user’s safety. So, if you don’t update your software, it’s a little like leaving windows open when you go out. And the longer you leave between updates – the more windows you leave open!
So, automate these updates if you can or schedule them in your diary. Why not earmark the first day of the month to check and see what you need to download to protect yourself? And don’t forget about your operating system on your phone or laptop too!
3. Be Wi-Fi Wary
Dodgy wi-fi is where so many people come unstuck. Regardless of what app or software you are using, anything you share via unsecured wi-fi could be intercepted by a hacker. So, if you find yourself using wi-fi regularly, you might want to consider a Virtual Private Network or VPN. A VPN creates an encrypted tunnel so anything you share via Wi-Fi cannot be intercepted. Genius, really! Check out McAfee’s Safe Connect for peace of mind.
So, please keep going! Keep exploring new ways technology can work for you in our new COVID world. But remember to take a break too. There is no doubt that technology has saved the day and has ensure we can all still function but there must be a balance too. So, walk the dog, play a board game or having a cuppa outside. Remember you manage the technology; it doesn’t manage you!
Till next time
Stay safe online.
Alex xx
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How 2020 Helped Parents Understand Their Kids’ Digital Lives appeared first on McAfee Blogs.
In the eyes of hackers, scammers, and thieves, your online privacy and identity look like a giant jigsaw puzzle. One that they don’t need every piece to solve. They only need a few bits to do their dirty work, which means protecting every piece you put out there—a sort of holistic view on your personal security. One that protects you, not just your devices.
Here’s what’s at stake: we create and share loads of personal information simply by going about our day online, where each bit of information makes up a piece of that giant jigsaw puzzle. Some pieces directly identify us, like our tax returns, bank account information, or driver’s licenses. Other pieces of information indirectly identify us, like the IP addresses assigned to our computers, tablets, and phones—or device ID numbers, location information, and browsing history. And bad actors only need a few key pieces to do you harm, such as committing identity crime in your name or selling your personal information on sketchy websites or the dark web.
While people show great concern about their personal information, who has it and what’s done with it, our research shows that 70% of people feel like they have little or no control over the data that’s collected about them. However, you have plenty of ways that you can indeed take control—ways that can prevent, detect, and correct attacks on your privacy and identity. That’s where holistic protection comes in.
You can think of holistic protection as layers of shields that protect you and the devices you use. It gives you three layers in all—a Prevention Layer, Detection Layer, and a Correction Layer.
A holistic and comprehensive security solution like McAfee+ combines those three layers in a way that protects your personal information and keep your identity private, showing you how it does it along the way, so you can see exactly how safe you are. Let’s take a quick look of some of the protections you’ll find in each layer …
In the Prevention Layer, you’ll see:
In the Detection Layer, you have …
In the Correction Layer, several other protections have your back …
These are just a few examples of the protections in each layer. And you’ll find our most comprehensive holistic protection in McAfee+ Ultimate, covering your privacy, identity, and devices.
While your online privacy and identity may look a jigsaw puzzle, protecting it shouldn’t be as complicated. With a holistic security solution for your personal protection, you can minimize your exposure with layers of security that do much of the work for you.
Antivirus on your PC is not enough. It has not been enough for many decades now. And this becomes more evident as we continue to spend more time online, with the average person spending 6 hours and 54 minutes online each day, leaving clouds of personal information in their wake.
While standalone apps like a password manager, a VPN app, and an identity solution from different vendors can be piecemealed together with your device security, these are difficult to keep track of and burdensome to maintain.
We have combined the important tools you need into a seamless and comprehensive experience because good security software is something that you use daily to feel safer online. This is why we are working on your behalf to redefine security, so you can enjoy your connected life with confidence.
The post True Security Requires a Holistic Approach appeared first on McAfee Blog.
Technological advancements continually emerge that make our lives easier. Right? As beneficial and convenient as emerging tech is, it can pose serious risks to our online safety and privacy—risks that you might find yourself ill-prepared to handle. In fact, according to our 2021 Consumer Security Mindset research, 45% of Canadian respondents don’t feel very confident about their ability to prevent a cyberattack and believe that they don’t have what they need to ward one off.
With many of us turning to online platforms for things we used to do in-person, activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. As we continue to integrate technology into our everyday lives, we must learn to recognize the risks they pose and understand how to safeguard our online security.
Telehealth visits have opened the door for many to get the medical care they need when visiting the doctor or going to the hospital isn’t feasible. Digital health platforms have demonstrated many benefits for optimizing time and cost efficiencies for both patients and providers, but at what cost?
Despite efforts to address barriers to virtual healthcare adoption, Canada currently lacks a national framework for governing virtual care. As a result, many healthcare providers are left to act on their best judgements regarding patient data interoperability across provinces and providers. The lack of a pan-Canadian governance framework also makes it difficult for digital health platforms to operate with the assurance of certain security protocols, leaving many of us to wonder how to best protect our data in the face of an ambiguous virtual healthcare system. The risk is made all the more severe when factoring in sensitive biometric data from monitoring devices that can be used for malicious purposes when in the hands of cyber attackers. Those of us who take advantage of digital health devices must understand how to secure our data privacy and control its usage to mitigate further risks.
The first line of defense to ensure your data remains protected is to understand the security policies put in place by your healthcare provider and any third-party digital platforms that they leverage. Additionally, you’ll want to ensure that your healthcare provider uses a telehealth platform that integrates data encryption. Take matters into your own hands by enabling two-factor authentication and use strong passwords across all devices and accounts. Using a VPN and running anti-malware and anti-virus scans can also mitigate the risk of security threats during telehealth visits and while using integrated medical devices.
Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk.
We’re almost a year into distance learning and schools have now adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more.
For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments.
Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. Given the abrupt shift to remote workplaces in the past year, companies have found themselves severely unprepared to handle the security and logistical concerns that accompany a distributed remote workforce.
In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. A lack of proper employee security training opens additional opportunities for online threats to take advantage of unsuspecting victims through common phishing scams.
Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security trainings. Additionally, we can promote a safer remote working environment by practicing basic digital hygiene like keeping all devices and software up to date, using a VPN and a strong password across devices.
With the limited availability of in-person exercise classes, many of us have turned to virtual fitness experiences to augment our personal health regimens. Some have even taken their fitness routines one step further to include and high-tech equipment like at-home spin bikes or other wearable devices to track and monitor progress.
Although these devices create a more engaging experience and connect users across the globe through online sharing, there are risks, too. Wearables and other devices embedded with sensors and software that collect and share data across an interconnected network are considered Internet of Things (IoT) technology. IoT devices don’t have the same stringent security protocols as laptops and mobile devices, making them more susceptible to cyberthreats.
To prevent cyber attackers from infiltrating IoT devices connected to your home network, start by securing your network router. Change the default name and password of your router so hackers can’t identify the make and model. Create an additional layer of security by enabling the highest level of encryption to secure your Wi-Fi network. We also suggest creating a guest network for your IoT devices so that even if someone does infiltrate your IoT device, they won’t be able to access other devices like laptops and mobile devices.
Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions.
While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place. If you receive a call regarding your taxes, make sure the caller is a CRA employee before handing over money or personal information on the phone. You can also double-check your tax account status and make sure the CRA has your current address and email. This will also show whether you owe a balance if a hacker does try to trick you into paying up. By being mindful of how cybercriminals take advantage of the platforms we use out of convenience, we can better protect against threats to our personal privacy.
Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, fitness, you name it, is the first step to ensuring our private information remains just that—private.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Privacy in Practice: Securing Your Data in 2021 and Beyond appeared first on McAfee Blogs.
MITRE ATT&CK enterprise is a “knowledge base of adversarial techniques”. In a Security Operations Center (SOC) this resource is serving as a progressive framework for practitioners to make sense of the behaviors (techniques) leading to system intrusions on enterprise networks. This resource is centered at how SOC practitioners of all levels can craft purposeful defense strategies to assess the efficacy of their security investments against that knowledge base.
To enable practitioners in operationalizing these strategies, the knowledge base provides the “why” and the “what” with comprehensive documentation that includes the descriptions and relational mappings of the behaviors observed by the execution of malware, or even when those weapons were used by known adversaries in their targeting of different victims as reported by security vendors. It goes a step further by introducing the “how” in the form of adversary emulation plans which streamline both the design of threat-models and the necessary technical resources to test those models – i.e., emulating the behavior of the adversary
For scenarios where SOCs may not have the capacity to do this testing themselves, the MITRE Corporation conducts annual evaluations of security vendors and their products against a carefully crafted adversary emulation plan, and it publishes the results for public consumption. The evaluations can help SOC teams assess both strategy concerns and tactical effectiveness for their defensive needs as they explore market solutions.
This approach is transformative for cyber security, it provides an effective way to evolve from constraints of being solely dependent on IOC-centric or signature-driven defense models to now having a behavior-driven capability for SOCs to tailor their strategic objectives into realistic security outcomes measured through defensive efficacy goals. With a behavior-driven paradigm, the emphasis is on the value of visibility surrounding the events of a detection or prevention action taken by a security sensor – this effectively places context as the essential resource a defender must have available to pursue actionable outcomes.
I believe that to achieve meaningful security outcomes our products (defenses) must demonstrate how effective they are (efficacy) at enabling or preserving the security mission we are pursuing in our organizations. For example, to view efficacy in a SOC, let’s see it as a foundation of 5 dimensions:
| Detection | Gives SOC Analysts higher event actionability and alert handling efficiencies with a focus on most prevalent adversarial behaviors – i.e., let’s tackle the alert-fatigue constraint! |
| Prevention | Gives SOC Leaders/Sponsors confidence to show risk reduction with minimized impact/severity from incidents with credible concerns – e.g., ransomware or destructive threats. |
| Response | Gives SOC Responders a capacity to shorten the time between detection and activating the relevant response actions – i.e., knowing when and how to start containing, mitigating or eradicating. |
| Investigative | Gives SOC Managers a capability to improve quality and speed of investigations by correlating low signal clues for TIER 1 staff and streamlining escalation processes to limited but advanced resources. |
| Hunting | Enables SOC Hunters a capacity to rewind-the-clock as much as possible and expand the discovery across environments for high value indicators stemming from anomalous security events. |
Efficacy at the Security and Technical Leadership levels confirms how the portfolio investments are expected to yield the defensive posture of our security strategy, for example, compare your investments today to any of the following:
Strategy (Investment) |
Portfolio Focus |
Efficacy Goals |
|
Balanced Security |
Ability to:
Caveats:
|
|
Detection Focus |
Ability to:
Caveats:
|
|
Prevention Focus |
Ability to:
Caveats:
|
|
Response Focus |
Ability to:
Caveats:
|
MITRE ATT&CK matters as it introduces the practical sense-making SOC professionals need so they can discern attack chains versus security events through visibility of the most prevalent behaviors.
Consequently, it allows practitioners to overcome crucial limitations from the reliance on indicator-driven defense models that skew realistic efficacy goals, thereby maximizing the value of a security portfolio investment.
The post Why MITRE ATT&CK Matters? appeared first on McAfee Blogs.
Shortcuts aren’t always the fastest or safest route from Point A to Point B. Providing faster “direct to cloud” access for your users to critical applications and cloud services can certainly improve productivity and reduce costs, but cutting corners on security can come with huge consequences. The Secure Access Service Edge (SASE) framework shows how to achieve digital transformation without compromising security, but organizations still face a number of difficult choices in how they go about it. Now, McAfee can help your organization take the shortest, fastest, and most secure path to SASE with its MVISION Unified Cloud Edge solution delivered alongside SD-WAN.
Decision makers seek a faster, more efficient high road to cloud and network transformation without compromising security. The need for speed and scalability is crucial, but corners cannot be cut when it comes to maintaining data and threat protection. Safety and security cannot be left behind in a cloud of transformation dust. This blog will look at the major trends driving SASE adoption, and will then discuss how a complete SASE deployment can deliver improved performance, superior threat & data security, lower complexity, and cost savings. We’ll then explain why fast AND secure cloud transformation requires an intelligent, hyperscale platform to accelerate SASE adoption.
While digital transformation promises substantial gains in productivity and efficiencies, the journey is littered with security and efficiency challenges that can detour your organization from its desired upgrades and safe destination.
Digital transformation challenges that must be addressed include:
The increasingly difficult challenge of providing a fast and safe cloud environment to an increasingly distributed workforce has become a major detour in the drive to transform from traditional enterprise networks and local data centers. Companies have had to meet the challenge to “adapt or die” in connecting their employees and devices to corporate resources, but many have generally needed to choose between two unsatisfactory compromises: secure but slow and expensive, or fast and affordable but not secure. Adopting a SASE framework is the way to achieve all of the benefits of cloud transformation without compromise:
When network and security decision makers come to the proverbial fork in the road to network transformation, what is the best path that enables fast and affordable access without leading to unacceptable security risk? A recent blog by McAfee detailed four architectural approaches based on the willingness to embrace new technologies and bring them together. After examining the pros and cons of these four paths, the ideal solution to achieve fast, secure, and cost-effective access to web and cloud resources is a SASE model that brings together a ubiquitous, tightly integrated security stack with a robust, direct-to-cloud SD-WAN integrated networking solution. This combination provides a secure network express lane to the cloud, cruising around the latency challenges of slow, expensive MPLS links for connectivity to your applications and resources.
Fast Network. Data Protection. Threat Protection. Speed, security and safety turbocharged connectivity throughout a hyperscale cloud network without compromise.
MVISION UCE is the best framework for implementing a SASE architecture to accelerate digital transformation with cloud services, enabling cloud and internet access from any device while empowering ultimate workforce productivity. MVISION UCE brings SASE’s most important security technologies – Cloud Access Security Broker (CASB), Next-gen Secure Web Gateway (SWG), Data Loss Prevention (DLP), and Remote Browser Isolation (RBI) – together in a single cloud-native hyperscale service edge that delivers single-pass security inspection with ultra-low latency and 99.999% availability.
With MVISION Unified Cloud Edge and our SD-WAN integration partners, you can lead a network transformation that reduces costs and speeds up the user experience by using fast, affordable broadband connections instead of expensive MPLS.
MVISION UCE and SD-WAN transforms your network architecture by enabling users to directly access cloud resources without having to go back through their corporate network through MLPS or VPN connection. Now users can directly access cloud resources, and the McAfee cloud infrastructure is so well-optimized that they can often access resources even FASTER than if there was no intervening security stack! Read how Peering POPs make negative latency possible in this McAfee White Paper.
Because of the way we’ve delivered our product, MVISION UCE + SD-WAN unleashes SASE’s benefits, with data and threat protection that other vendors can’t match.
If you are looking for improved productivity and lower costs of cloud transformation without cutting corners, McAfee MVISION UCE offers the fastest route to SASE — without compromising your data and threat security.
The post The Fastest Route to SASE appeared first on McAfee Blogs.
How our new identity & privacy app can help
By this point in the year you may have already broken some of your New Year’s resolutions, but here’s one to keep: better protecting your online privacy.
After all, we are likely to continue to spend more time online in 2021, whether it be for working, learning, or shopping. This makes taking some preventative steps to shield our identity information more important than ever.
That’s why McAfee has been working on a new identity and privacy app for safeguarding your personal information, and we’d love for you to try it if you’re in the U.S.
Here’s a little bit about our approach. We looked at some of the key areas where users’ private information can be vulnerable, and designed a tool that offers easy-to-use, proactive protection for Windows, Android, and iOS devices, with consistent, familiar experiences regardless of the platform.
We know, for instance, that users are vulnerable when using unsecured networks, like public Wi-Fi. This is where a cybercriminal can potentially capture your login credentials and other personal information as it flows over the network, from your laptop to your bank’s website, for example.
So, we made sure to include a Virtual Private Network (VPN) to keep your information protected from prying eyes. It does this easily, and even automatically, by detecting when you’re on a public network and prompting you to turn on your VPN. The VPN then scrambles, or encrypts, your data as it flows over the network. Unlike some VPNs that require advanced settings to shield your data, our app offers seamless security.
Another area of high risk that we want to address is data breaches. Whether one of your personal accounts is hacked–or worse–another website somehow gets ahold of your data and subsequently gets breached, your data may end up on the dark web. This is where cybercriminals buy and sell information.
To detect these dangerous leaks, we included dark web monitoring, which alerts you if your login credentials have been exposed. It can even provide you with a link to the site that uses those credentials when the information is available. This allows you to swiftly reset your passwords, mitigating the risk.
Given that we saw a spike in corporate data breaches in 2020, where 58% of victims had their personal data compromised, I believe this kind of always-on monitoring of your private information is key.
Most importantly, we wanted to make this personal protection app easy to use and available across all your compatible devices. So, whether you’re out with just your phone, or home working at your PC, you have access to your protection, and can even pick up where you left off on a different device.
I know that organizing my digital life gives me one less thing to worry about, and I hope it’s the same for you. Give the app a try, and please let us know what you think since we are always open to your feedback.
Here’s to a happy and secure year!
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Let’s Commit To Protect Our Privacy This Year appeared first on McAfee Blogs.
It’s tax time in the United States, and even if you’re pretty sure you did everything right, you’re worried. Did I file correctly? Did I claim the right deductions? Will I get audited? Unfortunately, tax season brings out scammers eager to take advantage of your anxiety.
First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly.
Still, wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time. With the information they get from you, hackers can take things a step further by stealing your identity and filing tax claims in your name.
As if we didn’t have enough to worry about at tax time.
The good news is that you have plenty of ways to protect yourself from hackers. Check out these tips to stay safe this tax season.
Straight from the authority itself, the IRS has published its top 12 tax season scams with new warnings brought on by the events of 2020.
For example, new to this year are scams associated with stimulus checks sent out by the government. The IRS says they have seen “… a tremendous increase in phishing schemes utilizing emails, letters, texts and links. These phishing schemes are using keywords such as “coronavirus,” “COVID-19” and “Stimulus” in various ways.”
This is very important: The IRS does not use email. If you get an email from someone saying they are the IRS and they want to talk with you about a problem, it is a scam.
Here’s what the IRS has to say:
The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or Economic Impact Payments. Don’t click on links claiming to be from the IRS. Be wary of emails and websites − they may be nothing more than scams to steal personal information.
Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles. Hackers use the information to gain access to your online accounts in social media and beyond, like your bank account. Make it hard for them. Make your social media profiles private so that only friends and family can see them. Also consider so you can be safer from these kinds of crimes.
When a hacker poses as an IRS agent, they try to get personal information from you, like your social security number. They might demand payment, sometimes under the threat of penalties or even jail time. These strong-arm tactics are a dead giveaway that the email or phone call is fake.
What will the IRS do? Usually, the IRS will first mail a bill to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require a payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you.
And remember: the IRS does not use email to contact you about tax problems.
A good defense is a good offense. File early. Protect yourself by filing your claim before they have a chance to file one as you. You don’t want to be one of those identity theft victims who finds out you’ve been scammed when you file your taxes only to get a notice in the mail saying your tax claim has already been filed.
Here’s other tool that can help you fight identity theft. And get this: it’s not only helpful, it’s free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.
Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread you free credit report coverage across the whole year.
The idea is that, just like with your physical wellness, there are lots of steps you can take to protect your digital wellness. We’ve covered some of those steps in this blog. Consider one more: protect your digital life with a holistic security solution like McAfee Total Protection so you can enjoy life online knowing your precious data is protected. Tax time or otherwise, security software is always a smart move.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Who loves tax season besides accountants? Hackers appeared first on McAfee Blogs.
The human race commonly fears what it doesn’t understand. In a time of war, this fear is even greater if one side understands a weapon or technology that the other side does not. There is a constant war which plagues cybersecurity; perhaps not only in cybersecurity, but in the world all around us is a battle between good and evil. In cyber security if the “evil” side understands or pays more attention to a technology than the “good” side, we see a spike in cyber-attacks.
This course of events demands that both offensively and defensively minded “good guys” band together to remove the unknown from as much technology as possible. One of the most common unknown pieces of technology in cybersecurity that professionals see on a regular basis are proprietary protocols running across their networks. By using both the tactics and perspectives from red and blue teams it is possible to conquer and understand these previously unknown packets. This strategy is exactly what we, Douglas McKee and Ismael Valenzuela, hoped to communicate in our webinar ‘Thinking Red, Acting Blue: Hacking Proprietary Protocols”.
Proprietary protocols are typically a mystery to many practitioners. Vendors across many industries develop them for very specific purposes and technologies. We see them in everything from the Internet of Things (IOT), to Industrial Controls Systems (ICS), to medical devices and more. Since by its nature “proprietary” technology is not shared, there is generally no public Request for Comments (RFC) or public disclosure on how they work. This provides an opportunity for attackers and a challenge for defenders. Attackers are aware these networking protocols are less reviewed and therefore more susceptible to vulnerabilities, while defenders have a hard time understanding what valid or benign traffic looks like. Unfortunately, attackers are generally more financially motivated to spend the time reversing these protocols than defenders, since the rewards can be very substantial.
During the webinar we discussed a two-prong approach to tackling these unknown protocols with the goal of a deeper understanding of this data. A red team’s purpose may be to look for vulnerabilities, while a blue team may be more interested in detecting or flagging unusual behavior in this traffic. We discuss how this can be accomplished through visual inspection using Wireshark to compare the traffic across multiple conversations, and we complemented this analysis with python libraries like pandas, numpy and matplotlib, for data exploration and visualization.
For example, consider the packets in the Wireshark captures side-by-side in Figure 1. An astute reader may notice that the UDP packets are evenly spaced between each other within the same PCAP, yet differently spaced between pcaps.
In protocol analysis this can indicate the use of a status or “heartbeat” packet, which may contain some type of data where the interval it is sent is negotiated for each conversation. We have seen this as a common trait in proprietary protocols. This can be difficult for a cybersecurity professional to discern with a small amount of data, but could be very helpful for further analysis. If we import the same data into pandas dataframes and we add matplotlib visualizations to our analysis, the behavior becomes much clearer as seen in Figure 2.
By using the reverse engineering perspective of a vulnerability researcher combined with the data analysis insight of a defender, we can strengthen and more quickly understand the unknown. If this type of deep technical analysis of proprietary protocols interests you, we encourage you to check out the recording of our presentation below. We have made all of our resources public on this topic, including pcaps and python code in a Jupyter Notebook, which can be found on Github and Binder. It is important as an industry that we don’t give into fear of the unknown or just ignore these odd looking packets on our network, but instead lean in to understand the security challenges proprietary protocols can present and how to protect against them.
The post Hacking Proprietary Protocols with Sharks and Pandas appeared first on McAfee Blogs.
Only 57% of women in the U.S. are working or looking for work right now—the lowest rate since 1988.
That telling data point is just one of several that illustrate a stark contrast in these stark times: of the millions who’ve seen their employment affected by the pandemic, women have been hardest hit.
According to the U.S. Bureau of Labor Statistics (BLS), some 2.3 million women left the workforce between the start of the pandemic and January 2021. Meanwhile, the BLS statistic for the number of men who left the U.S. workforce in that same period was 1.8 million. With International Women’s Day here, it’s time we ask ourselves how we can stem this inordinately sized tide of hard-working and talented women from leaving the workforce.
A broader BLS statistic provides a further perspective: a total of 4,637,000 payroll jobs for women have been lost in total since the pandemic began in the U.S. alone. That ranges from executive roles, jobs in retail, and educators, to work in public service and more. Of those jobs lost, about one third of women aged 25-44 cited that childcare was the reason for that unemployment.
Combine that with the fact that globally women carry out at least two and a half times more unpaid household and care work than men, and a global gender pay gap of 23%, it’s easy to see why millions of women have simply dropped out of the workforce to manage children and home schooling—even in the instances where employment is available.
Not that this should surprise us. For example, just a few years before the pandemic, research showed that few Americans wanted to revert to the traditional roles of women at home and men in the workplace. However, when push came to shove, the Pew Research showed that women most often made compromises when needs at home conflicted with work. And now we’ve seen that sentiment come home to roost. On a massive scale.
Put plainly, when the pandemic pushed, women’s working lives predominantly went over the edge.
Within these facts and figures, I’d like to focus on the women who are working remotely while caring for their families, whether that’s their children, elders in their lives, or even a mix of both. What can we do, as employers, leaders, and co-workers in our businesses to better support them?
As early as June, Forbes reported that women were reducing their working hours at a rate four to five times greater than men, ostensibly to manage a household where everything from daycare, school, elder care, and work all take place under the same roof. The article went on to cite ripple-effect concerns in the wake of such reductions like the tendency to pursue less-demanding work, greater vulnerability to layoffs, and reduced likelihood for promotion. In fact, one study conducted in the U.S. last summer found that 34% of men with children at home say they’ve received a promotion while working remotely, while only 9% of women with children at home say the same.
In an interview with the BBC, Melinda Gates, the Co-Chair of the Bill and Melinda Gates Foundation, stated her views on the situation succinctly: “I hope Covid-19 forces us to confront how unsustainable the current arrangement is—and how much we all miss out on when women’s responsibilities at home limit their ability to contribute beyond it. The solutions lie with governments, employers, and families committed to doing things more equitably.” I agree. This is a problem for us to solve together.
As for the role of employers and leaders in the solution, some thinking presented in The Harvard Business Review caught my eye. The article, “3 Ways Companies Can Retain Working Moms Right Now” focuses on what employers can do to better support the women in their workforce. The three ingredients the authors propose are:
If we think about the stressors we all face, this simple recipe actually reveals some depth. It takes knowing, and engaging with, employees perhaps more greatly than before. One sentence in the conclusion struck me in particular:
“It is no longer an option for managers to pretend that their employees do not have lives outside of their jobs, as these evaporated boundaries between home and work are not going away anytime soon.”
I see this every practically every day when I meet with my team. I’m sure you’ve seen it as well. With our laptop cameras on for sometimes hours a day, we’ve all caught glimpses into our coworker’s lives outside the office, seen that 7am meeting rescheduled for 8am to accommodate a busy breakfast rush with the family, or even kiddos pop into the frame during a call to say “hi.” What we may not see is just how much of a struggle that could be for some in the long haul.
Enter again those notions of providing certainty and clarity, rightsizing job expectations, and showing empathy. While not the end-all-be-all answers, they provide a starting point. As employers and leaders, if we can minimize the x-factors, adapt the workloads, and show compassion as we navigate the road to recovery, we can retain employees—and at least mitigate some of the stressors that are pushing women out of their jobs and careers during this pandemic. Exceptional employers and leaders have always done this. And now, in exceptional times, I believe it must become the norm.
Likewise, for co-workers, it’s absolutely okay to check in with people on your team, your vendors, your clients, and other people in your network and simply ask how they’re doing. I’ve had many meetings where we informally go around the horn and talk about what’s going on outside of work. The shared experience of working remotely has a way of creating new norms, and perhaps starting a meeting with an informal check-in way on occasion is one of them.
This is an opportunity to listen, simply so someone can feel better by being heard, and so that we can pinpoint places where we can come in and offer some support.
Some challenges women are facing are beyond our capacity to help firsthand, yet we can identify them when we see them. If you or someone you know is struggling, here are a few resources in the U.S. that can help:
The Office on Women’s Health, part of the U.S. Department of Health & Human services, offers a wealth of resources on its website, along with a help line that can provide further resources as well.
The National Institute of Mental Health has an extended list of articles, resources, and links to services that can provide immediate help for people who are struggling to cope or who are in crisis.
A Better Balance is a nonprofit legal advocacy group that “uses the power of the law to advance justice for workers, so they can care for themselves and their loved ones without jeopardizing their economic security.” They offer a confidential help line that can provide people with information about their workplace rights.
The National Women’s Law Center offers complementary legal consultations and with questions about accessing paid sick leave and paid leave to care for a child whose school or childcare provider is closed because of COVID-19.
As women leave the workforce worldwide, we’ve seen organizations lose precious talent, and we’ve seen women sacrifice their livelihoods and career paths. As such, the pandemic has exacted hard and human costs, ones that have fallen on women in outsized ways.
A problem of this scope is one for us to solve collectively. Apart from the bigger, broader solutions that may be forthcoming, as the employers and co-workers of women, there’s something we can do right now: reach out, listen, and act. These days call for more empathy and adaptation than ever before, particularly for the hard-working women who are doing it all—and then some.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Supporting the Women Most Affected by the Pandemic appeared first on McAfee Blogs.
Editor’s Note: This is part II in a series on helping families protect their mental and digital health in times of chronic stress. The content is not intended to be a substitute for professional advice or treatment.
Over the past year of remote life, technology has become both a lifeline and a life sucker. We’ve witnessed technology author amazing moments of human connection impossible just a few decades ago. At the same time, we’ve also seen isolation and disconnection quietly settle in alongside those wins.
As discussed in our last blog, studies now confirm living under ongoing pandemic stress has triggered a growing mental health crisis across age groups. While experts debate the degree technology contributes to that crisis, all agree the increase in digital connection over the past decade has diminished important forms of human connection considered essential to mental health.
While device use has spiked during the pandemic, the rise in tech dependence is nothing new. Our digital immersion over time has generated terms such as “phubbing,” aka phone snubbing, now known as looking at your phone over the person in front of you. It’s also why doctors now treat excessive online gaming a legitimate addiction. We also know that social media companies intentionally design apps to keep us logging on, tagging, scrolling, and, most importantly sharing our data.
With more parents and kids now working and learning from home — which has only amplified time online — successfully balancing our tech feels even more impossible.
A big struggle for many parents continues to be: How much tech is too much and how can we strike a healthy balance?
The answer to that question will look different for every family. And frankly, the answer continues to evolve almost daily. The more we know, the more we can respond and recalibrate (as well as equip our kids) to move toward that healthy balance. Here are just a few of the best practices to inspire you forward.
Start over right now. Sure, you should start establishing digital habits when your kids are young. But, life. Things happen. Pandemics hit. Rules go out the window. So, start right now, right here, knowing better and doing better. Consider parental controls that will help you set healthy screen limits for kids (and yourself) and monitor the content coming into your home.
Do it together. A healthy digital balance is an all-in, family huddle, team endeavor kind of thing. No edicts or mandates tend to work here. Explain the “why” behind needed changes to your digital routines and the physical, social, and emotional reasons why balance is so important.
Separate home and work. Because so many parents are working from home, the temptation to overwork is very real. Home and work life can easily fuse together. This fusion makes it impossible to model a balanced digital life for your kids. Consider drawing thick lines between work and home. A few ideas: Maintain a separate office in the home. At close of business, shut off all devices. Create media free zones for your family after 5 p.m. such as the dinner table, homework time, friend time, and family time.
Just say “no” to notifications. Pause to examine: What unacceptable digital distractions have I accepted? Are things like email, push notifications, and alerts on my phone interrupting important conversations and time with friends and family? Flip those switches.
Ask yourself what’s missing. Technology isn’t “bad” and a lot of the time we spend online is either essential to our livelihood or a healthy social life (this especially applies tweens, teens, and young adults). Even so, when we step over that line of healthy digital behavior, do we have the courage to ask ourselves what healthy activity am I sacrificing right now? Have I put an important relationship on the back burner? Do I have an important deadline I’m ignoring? Have I let a hobby, sport, or physical exercise go? Have I sidelined outdoor activities for screen time? All of these are important, honest questions to ask yourself (and pose to your kids) to move closer to a healthy digital balance.
Put technology in its place. Stop to evaluate the role you’ve given technology in your life personally and in your home. Do you need to dust off your tech ground rules? Consider putting screens down when others are talking, being intentional about making eye contact, and listening in a way that requires your full attention. Make family mealtimes, outings, and game nights phone free.
Balance increases over time and establishing smarter, healthier family habits is a marathon, not a sprint. Every step is big so celebrate your milestones and give yourself grace to make this not-so-easy trek back to a balanced digital life. As Nike says about getting physically fit, we can say about getting back our digital health, “No one has ever regretted it.”
The post 6 Steps to Help Your Family Restore Digital Balance in Stressful Times appeared first on McAfee Blogs.
It is near-certain the need for security across the enterprise will never cease – only increase if year-over-year trends are any indication. We constantly see headlines with repetitive buzzwords and phrases calling attention to the complexity of today’s security operations center (SOC) with calls to action to reimagine and modernize the SOC. We’re no different here at McAfee in believing this to be true.
In order for this to happen, however, we need to update our thinking when it comes to the SOC.
Today’s SOC truly serves as an organization’s cybersecurity brain. Breaking it down, the brain and SOC are both the ultimate central nervous system and are extremely complex. While the brain fires neurons, connects synapses, and constantly communicates in order for the body to function, the SOC similarly works as a centralized system where people, processes, and technology must be in-sync to function. The unfortunate reality is though, SOC analysts and staff do not feel empowered to act in this manner. According to the 2021 SANS Cyber Threat Intelligence Report, respondents cited several reasons for not being able to implement cybersecurity holistically across their organization, including lack of trained staff, time, funding, management buy-in, technical capabilities, and more.
The technology that has the power to enable this synchronicity and further modernize enterprise security by taking SOC functionality to the next level is already here – Extended Detection and Response (XDR). It has the ability to provide prevention, detection, analysis, and response in a purposefully orchestrated and cooperative way, with its components operating as a whole. Think of it this way: XDR mimics the brain’s seamlessness in operation, with every element working toward the same goal of maintaining sound security posture across an entire organization.
Put another way, the human brain has approximately 100 trillion synapses, synchronizing and directing to make it possible to walk and chew bubble gum at the very same time with seemingly no effort on the human’s end. However, if one synapse misfires or becomes compromised due to an unknown element – you might end up on the ground.
Similarly, we’re already seeing many enterprises falter, trip, and fall. According to Ernst & Young, 59% of companies experienced a significant breach in the last twelve months – and only 26% of respondents say the SOC identified that event. These statistics show the case for XDR is clear – and that it is time to learn and reap the benefits of taking a proactive approach.
Organizations are still vulnerable to malicious actors attempting to take advantage of disparate remote workforces – and we’re seeing them get craftier, acting faster and more frequently. This is where XDR offers a pivotal differentiator by providing actionable intelligence and integrated functionality across control vectors, resulting in more proactive investigation cycles.
When it comes to analysis, data can quickly become overwhelming, introducing an opportunity to miss critical threats or malicious intent with more manual or siloed processes. Meaningful context is crucial and no industry is exempt from needing it.
This is where McAfee is providing the advantage with MVISION XDR powered MVISION Insights. The ability to know likely and prioritized threat campaigns based on geographical and industry prevalence – and have them correlated and assessed across your local environment – provides the situational awareness and analysis that can allow SOC teams to act before threats occur. Additionally, as endpoints only promise to increase, MVISION XDR works in conjunction with McAfee’s endpoint protection platform (EPP), increasing effectiveness with added safeguards including antivirus, encryption, data loss prevention technologies and more at the endpoint.
Think of the impact and damage that can happen without this crucial and context MVISION Insights can provide. The consequences can be dire when looking at industries that have faced extreme upheaval.
For example, in keeping with our theme, we know the importance of essential healthcare workers and cannot be grateful enough for their contributions. But as the industry faces extreme challenges and an increase in both patient load and data, we also need to be paying close attention to how this data is being managed, who has privilege to it, and what threats exist as even this typical in-person industry shifts virtual due to our updated circumstances. Having meaningful context on potential threats will help this industry avoid added challenges so focus can remain steadfast on creating impact and positive results.
Outside of the tremendous advantage of being less vulnerable to threats and breaches due to proactivity, incredible efficiencies can be gained by freeing cybersecurity staff from those previously manual tasks and management of multiple silos of solutions. The time is definitely now too – according to (ISC)², 65% of organizations already report a shortage of cybersecurity staff.
Coupled with staff shortages and lack of skilled workers, an IBM report also found that the average time to detect and contain a data breach is 280 days. Going back to the view that the SOC serves as an organization’s cybersecurity brain – 280 days can cause massive amounts of damage if an anomaly in the brain were to occur unnoticed or unaddressed.
For the SOC, the longer a breach goes undetected, the more information and data becomes vulnerable or leaked – leading not only to a disruption in business, but ultimately financial losses as well.
XDR is the future of the SOC. We know that simplified, cohesive visualization and control across the entire infrastructure leads the SOC to better situational awareness – the catalyst for faster time to remediation. The improved, holistic viewpoint XDR provides across all vectors from endpoint, network, and cloud helps to eliminate mistakes and isolated endeavors across an organization’s entire IT framework.
With AI-guided investigation, analysts have an automatic exchange of data and information to move faster from validation to decision when it comes to threats. This is promising as organizations not only tackle a shortage in cybersecurity staff, but skilled workers as well. According to the same (ISC)² survey as above, 36% of those polled cite lack of skilled or experienced staff being a top concern.
Knowing the power of data and information, we can confidently assume that malicious actors will never stop their quest to infiltrate and extort enterprises. True to the well-known anecdote, this knowledge brings about great responsibility. Enterprises will face challenges as threats increase while talent and staff decrease – all while dealing with vendor sprawl and choice-overload across the market.
SOC Assessment Tool
Time to schedule a check-up for your SOC. It may not be as healthy as you think and true to both the medical and security industries, proactivity and prevention can lead to optimized functionality.
Want to learn more about McAfee’s investment in XDR and explore its approach? Check out McAfee MVISION XDR.
The post SOC Health Check: Prescribing XDR for Enterprises appeared first on McAfee Blogs.
I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left my study – or changed out of my pyjamas!! Ssshhh!! Because it’s all happened online…
Of course, some of us embraced the benefits of the online world long before 2020 but the Pandemic forced almost everyone to replace our in-person activities and routines with online ones. New research from McAfee in their 2021 Consumer Security Mindset Report shows that 72% of Aussies made changes in their online activities last year out of convenience which makes complete sense!
But what’s so interesting is that now we have these super handy new online routines in place – we aren’t that keen to give them up! McAfee’s report shows that 76% of Aussies are planning on continuing with online banking, 59% of us want to keep connecting with friends and family online and 55% of us remain totally committed to online shopping! Hear, hear, I say! I am absolutely staying that course too!!
There’s no doubt that there is a lot of upside to managing our lives online but unfortunately there is also a downside – increased risk! The more time spent online, the greater the chance that we will be exposed to potential risks and threats such as phishing attacks, entering details into malicious websites or even becoming a victim of fraud.
McAfee’s research shows that we are aware of the risks of being online. In fact, 66% of us are concerned about the potential dangers of living our lives online with losing control of our financial data top of the list for the majority of us. And almost 2/3 (65%) of us are also worried about having our social media accounts hacked.
But pandemic life has meant that we are now a lot more comfortable with sharing information online. Whether it’s paperless transaction records, text and email notifications, opting to stay logged in or auto-populating forms with our credit card, this level of online sharing does make life so convenient but it can be a risky business! Why, I hear you ask? Because these conveniences usually only work when you share multiple pieces of your contact details. And the more you share, the greater your chance of being hacked or compromised. But the report was very clear – if we can make our online life more seamless then we are only too happy to share our key contact information! Oh dear!!
In addition to confessing that they don’t always take the necessary security precautions, Aussie consumers in McAfee’s report also admitted that they haven’t thought about why hackers might want their data. I don’t know how many people tell me that they don’t need to really bother with a lot of online precautions because they live a pretty boring life and don’t spend that much time online.
But this is a very dangerous way to think. Your online data is like a pot of gold to hackers. Not only can they use it to possibly steal your identity and try to empty your bank accounts but they can also on-sell it for a profit. But the majority of Aussies don’t stop to consider this with the research showing that 64% of Aussies have never considered just how valuable their online data is worth.
Hackers are ALWAYS on the lookout for new ‘up-to-date’ ways to exploit others for money. Don’t forget how quick they were to conjure up scams around COVID in early 2020 – it was just a matter of weeks before Aussies received phishing emails and malicious text messages with the aim of extracting personal information from vulnerable consumers.
But, encouragingly, 85% of Aussies said they would be far more proactive about managing their data if it could be traded as a currency.
The good news is that there are ways to secure your online life and minimise the risk of being hacked. Here are my top tips:
Yes, it might take a minute or 2 more, but using multi-factor authentication is an easy way to add an additional layer of security to protect your personal data and information. Commit to using it wherever it is offered!
If you live your life out & about like I do then you’ll be very tempted to use Wi-Fi. Using public Wi-Fi to conduct transactions, particularly financial ones is a big no-no! It takes keen hackers minimal effort to set up a fraudulent wi-fi service which could easily fool a busy person into connecting. Using a Virtual Private Network (or VPN) like McAfee® Safe Connect, is the best way of ensuring everything you share over Wi-Fi is safe and secure.
Browsing the internet with a tool like the McAfee WebAdvisor is a great way of ensuring dangerous malware is blocked if you click on a malicious link in a phishing email. You’ll have real peace of mind knowing you can manage your online life while someone looks out for you!
With 4 kids, 3 pets, 2 jobs – I know I could never get to the bottom of my ‘to-do’ lists without managing the bulk of it online. I often think I should send the internet an e-card at Christmas!! Of course, I understand why corners are cut and precautions are overlooked when we all feel so stretched for time. But just think about how much more time it would take if you were hacked and had to spend hours on the phone to your bank or if you had to reconfigure all your online accounts and social media platforms!!
So, you know what you need to do! Stay safe online everyone!
The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.
We’ve all come to a realization that we don’t go anywhere without our phone. It’s a utility that helps us navigate our daily lives: directions, schedules, shopping, discounts, banking, and so on. And as our reliance on our smartphone continues to grow, it’s no wonder that hackers have taken notice. This time, it’s another case of an app gone rogue.
With over 10 million downloads, the Barcode Scanner app provided users with a basic QR code reader and barcode generator, useful for things like making purchases and redeeming discounts. Then, most likely in a recent update, the app began to deliver ad-producing malware onto users’ phones – with the malware being traced back to the Android Barcode Scanner app. While Barcode Scanner was previously benign, it is believed that a hacker injected malicious code into the app before the latest update, pushing malware onto Android devices. Once installed, the malware hijacks your default web browsers and redirects you to random advertisements.
In a typical case of malvertising, or malicious advertising, fraudsters submit infected graphic or text ads to legitimate advertisement networks, which often can’t distinguish harmful ads from trustworthy ones. Under the guise of everyday pop-ups, these malicious ads push fake browser updates, free utilities, or antivirus programs in the hope that unsuspecting users will click. Depending on what kind of programs the malicious ads succeed in downloading, hackers might steal your data, encrypt or delete your information, or hijack your computer functions – as is the case with the Barcode Scanner’s malware.
While Google has taken down the Barcode Scanner from its store, it has not been deleted from infected devices. So, if you have the app on your phone, it’s time to uninstall it from your device manually…ASAP.
We all need to reflect on the state of our digital health, especially as hackers continue to target us through the device we use most – our phones. To help protect your data, family, and friends, check out these security tactics to keep sneaky mobile threats out:
While some malicious apps do make it through the app store screening process, most attack downloads appear to stem from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the origin and developer.
Reviews and rankings are still a suitable method of determining whether an app is legitimate. However, watch out for assessments that reuse repetitive or straightforward phrases, as this could be a sign of a fraudulent review.
Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
Holistic security solutions across all devices continues to be a strong defensive measure to protect your data and privacy from online threats like malware.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Millions Affected by Malware Attributed to Android Barcode-Scanning App appeared first on McAfee Blogs.
Use of “domain age” is a feature being promoted by various firewall and web security vendors as a method to protect users and systems from accessing malicious internet destinations. The concept is to use domain age as a generic traffic filtering parameter. The thought is that hosts associated with newly registered domains should be either completely blocked, isolated, or treated with high suspicion. This blog will describe what domain age is, how domains are created and registered, domain age value, and how domain age can be used most effectively as a compliment to other web security tools.
The sites and domains of the internet are constantly changing and evolving. In the first quarter of 2020 an average of over 40,000 domains were registered per day. If the domain of a target host is known that domain has a registration date available for lookup from various sources. Domain age is a simple calculation of the time between initial domain registration and the current date.
A domain age feature is designed for use in policy control, where an administrator can set a minimum domain age that should be necessary to allow access to a given internet destination. The idea is that since domains are so easy and cheap to establish, new domains should be treated with great care, if not blocked outright. Unfortunately, with most protocols and implementations, domain age policy selection is a binary decision to allow or block. This is not very useful when the ultimate destinations are hosts, subdomains, and destination addresses that can be rapidly activated, changed, and deactivated without ever changing the domain age. As a result, binary security decisions based solely on domain name or domain age will naturally result in both false positives and false negatives that are detrimental to security, user experience, and productivity.
IANA (Internet Assigned Numbers Authority) is the department of ICANN (Internet Corporation for Assigned Names and Numbers) responsible for managing the registries of, protocol parameters, domain names, IP addresses, and Autonomous System Numbers.
IANA manages the DNS root zone and TLDs (Top Level Domains like .com, .org, .edu, etc.) and registrars are responsible for working with the Internet Registry and IANA to register individual subdomains within the top-level domains.
Details of the registration process and definitions can be found on the IANA site (iana.org). Additional details can be found here: https://whois.icann.org/en/domain-name-registration-process This location includes the following statement:
“In some cases, a person or organization who does not wish to have their information listed in WHOIS may contract with a proxy service provider to register domain names on their behalf. In this case, the service provider is the domain name registrant, not the end customer.”
This means that service providers, and end customers are free to register a domain once and reuse, reassign or sell that domain without changing the registration date or changing any other registration information. Registrars can and do auction addresses creating a vast market for domain “squatters and trolls.” An attacker can cheaply purchase an established domain of a defunct business or register a completely new legitimate sounding domain and leave it unused for weeks, months or years. For example, as of this writing airnigeria.com is up for sale on godaddy.com for just $65 USD. The domain airnigeria.com was originally registered in 2003. IANA and the registrars have no responsibility or control over usage of domains.
Domain age is determined from the domain record in the Internet Registry managed by the registry operator for a TLD (Top Level Domain). Ultimately the registrar is responsible for the establishment of a domain registration and updating related data. The record in the registry will have an original creation date but that date doesn’t change unless the registration for a specific domain expires and the domain name is re-registered. Because of this, domain age is an extremely inaccurate measure of when an individual destination became active.
And what if only the destination IP address is known at the time of the filtering decision? This could be the case for filtering the first packet sent to a specific destination (TCP SYN or first UDP packet of some other network or transport level protocol). One way to get the domain for the destination would be a reverse DNS lookup, but the domain for the host may not match the domain that was originally submitted for resolution, so what value is domain age there?
For example, www.mcafee.com can currently resolve to 172.224.15.98 which reverse resolves to a172-224-15-98.deploy.static.akamaitechnologies.com. While the mcafee.com domain was registered on 1992-08-05, akamaitechnologies.com was registered on 1998-08-18. Both are long established domains, but just because this destination, in the well-established mcafee.com domain, is hosted on the well-established akamaitechnologies.com domain, this doesn’t provide any indication of when the www.mcafee.com, or 172.224.15.98 destination became active, or the risk of communicating with that IP address. Domain age becomes even less useful when we consider destinations hosted in the public cloud (IaaS and SaaS) using the providers’ domains.
Obtaining the wrong domain and therefore wrong domain age from reverse lookup could be somewhat mitigated by tracking the DNS queries of the client and attempting to map those domains back to the requested destination IP. However, doing this would also be dependent on having full visibility into all DNS requests from the client, and assumes that the destination IP address was determined using standard DNS or by the system providing the domain age filtering.
Even if the correct domain for the transmission can be established, and the domain age can be accurately retrieved, there are still issues that should be considered.
Registrars are free to maintain, change, and reassign established domains to any customer, and resellers can do the same. This greatly diminishes the usefulness of domain age as a stand-alone filtering parameter because a malicious actor can easily acquire an existing well-established domain with a neutral or even positive reputation. A malicious actor can also register a new domain long before it is put into use as a command and control or attack domain.
Legitimate and perfectly safe sites are constantly being registered and established in many cases within days or even hours of being put into use. When using domain age as filter criteria there will always be a tradeoff between false positive and false negative rates.
It should also be noted that domain age provides little value relative to when an individual hostname record was created within a domain. Well established domains can have an infinite number of subdomains and individual hosts within those domains, and there is no way to accurately determine hostname age or even when the name was associated with an active IP. All that could possibly be determined is that the destination hostname is part of a domain that was registered at some earlier date.
The bottom line is that domain age is not nearly granular or substantive enough to make a useful filtering decision on its own. However, domain age could provide some limited security value in the complete absence of more specific criteria, provided the false positive rate and false negative rate associated with the selected recency threshold can be tolerated. Domain age can provide supplemental value when combined with other more definitive filter criteria for example protocol, content type, host category, host reputation, host first seen, frequency of host access, web service attributes, and others.
More specific criteria are always available when the HTTP protocol is in use. HTTP and HTTPS filtering is most effectively handled via explicit or transparent proxy. If the protocol is followed (enforced by the device or service), information cannot be transferred, and a compromise or attack cannot be initiated, until after TCP connection establishment.
Given that the traffic is being proxied, and HTTPS can be decrypted, accurate Fully Qualified Domain Name (FQDNs) for the host, URL path, and URL parameters can be identified and verified by the proxy for use in filtering decisions. The ability to lookup information on the FQDN, full URL path, and URL parameters provides much more valuable information relative to the history, risk level, and usage of the specific site, destination, and service independent of the domain or the domain’s date of registration Such contextual data can be further enhanced when the proxy associates the request with a specific service and its data security attributes (such as type of service, intellectual property ownership, breach history, etc.).
Industry leading web proxy vendors maintain extensive and comprehensive databases of the most frequently used sites, domains, applications, services, and URLs. The McAfee Global Threat Intelligence and Cloud Registry databases associate sites, domains, and URLs with geolocation, category, service, service attributes, applications, data risk reputations, threat reputations and more. As a side benefit, lack of an entry in the databases for a specific host, domain, service, or URL is an extremely strong, and much more accurate, indication that the site is newly established or little used and therefore should not be inherently trusted. Such sites should be treated with caution and blocked or coached or isolated (the latter two options are uniquely available with proxied HTTP/S) based on that criteria alone, regardless of domain age.
McAfee’s Unified Cloud Edge provides all of the above functionality and includes remote browser isolation (RBI) for uncategorized, unverified, and otherwise risky sites. This virtually eliminates the risks of browsers or other applications accessing uncategorized sites, without adding the complications of false positives and false negatives from a domain age filter.
When using HTTP/S, hostname age, or even first and/or last hostname seen date could provide additional value, but domain age is pretty much useless when the FQDN and more specific site or service related information is available. Best practice is to block, isolate, or at a minimum, coach unverified sites and services without regard to domain age. Allowing unverified sites or services based on domain age adds significant risk of false negatives (risky sites and services being allowed simply because the domain was not recently registered). Generically blocking sites and services based on domain age alone would lead to over-blocking sites that have established good reputations and should not be blocked.
Domain age can be somewhat useful for supplementing filter decisions in situations where no other more accurate and specific information is available about the destination of a network packet. When considering use of domain age for HTTP/S filtering, it is an extremely poor substitute for a more comprehensive threat intelligence and service database. If the decision is made to deviate from best practice and allow HTTP/S connections to unverified sites, without isolation, then domain age can provide limited supplemental value by blocking unverified sites that are in newly registered domains. This comes at the expense of a false sense of security and much greater risk of false negatives when compared to the best practice of using comprehensive web threat intelligence, performing thorough request and response analysis, and simply blocking, isolating, or coaching unverified sites.
The post Domain Age as an Internet Filter Criteria appeared first on McAfee Blogs.
Whether they’re attending regular work meetings or catching up with extended family across the globe, many people leverage video conferencing to better connect with others – a process that will likely continue as our world only becomes more digital. But as the rapid adoption of video conferencing tools and apps occurs, potential threats to online safety emerge.
Agora is one of these tools for connection. The company’s video conferencing software is included in apps like MeetMe, Skout, Nimo TV, temi, Dr. First Backline, and Talkspace, across more than 1.7 billion devices globally. According to McAfee Advanced Threat Research (ATR), Agora’s video software development kit (SDK) until recently included a vulnerability that could have allowed an attacker to spy on ongoing video and audio calls.
In accordance with McAfee’s safe vulnerability disclosure policy, ATR provided Agora with details of its thorough research into the issue so that the software developer could take action to address it with a software update.
But let’s take a look at what a vulnerability like this could mean for users.
So, how exactly could this vulnerability allow others to spy on private calls?
The McAfee ATR team discovered that the Agora vulnerability stemmed from an error of incomplete encryption – the process of converting information or data into seemingly random output to prevent unauthorized access. Agora’s SDK implementation did not allow applications to securely configure the setup of video/audio encryption, thereby leaving a potential for hackers to snoop on them.
Therefore, if exploited, this particular vulnerability could’ve allowed a criminal to launch man-in-the-middle attacks, which occur when a hacker secretly intercepts and possibly alters the communications between two unsuspecting users. Aka, they could spy on users’ private video calls.
The vulnerability discovery and mitigation cooperation between McAfee and Agora illustrates why it’s so important for threat researchers to work closely and constructively with app developers to make our digital lives as safe as possible.
As a consumer, however, it’s important to realize what exactly you’re getting into when downloading applications for video conferencing and other tools that help you stay connected.
While the security community encourages developers to write software code with security in mind, software apps tend to struggle with bugs and vulnerabilities in their early days. Consumers should by all means download and enjoy the hottest new apps, but they should also take steps to protect themselves from any undiscovered issues that might threaten them.
Here are a few tips that can help ensure your safety while connecting with others online:
It’s easy to click “Install later” when software updates pop up on your screen. However, these updates often come with security patches for vulnerabilities like the ones mentioned above. To ensure that your software and apps have the latest security fixes, update them immediately or select the option update automatically if available.
Until a patch is created, you should operate under the assumption that a hacker could compromise your video calls. Avoid using vulnerable apps until developers make a software security update available to help protect your calls from being infiltrated.
In order to protect yourself and your loved ones from potential risks, make sure you have a holistic security solution in place, such as McAfee Total Protection, which can help block risky downloads with McAfee WebAdvisor, protect you from malicious mobile apps, and help update Windows and your apps all in one place with Vulnerability Scanner.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities appeared first on McAfee Blogs.
Editor’s Note: This is part I in a series on helping families protect their mental and digital health in times of chronic stress. The content is not intended to be a substitute for professional advice or treatment.
The data continues to confirm that living with the stress of a prolonged pandemic is taking a toll on the mental health of both the young and old. Add increased technology use to this state of chronic stress and there’s no doubt that families everywhere sit in the crosshairs of any number of mental health risks.
After nearly a year of isolation, stop-and-start school days, restricted travel, and the added layer of political tension, many are experiencing feelings of hopelessness that pandemic circumstances only magnify.
According to a nationwide survey by researchers from Rutgers and Harvard, more than one-third of young adults in the U.S. report having thoughts of hopelessness, while nearly half show symptoms of depression.
These numbers are ten times higher than what was exhibited in the general population before the COVID-19 pandemic, say researchers.
Pandemic stress is also impacting younger children. The Centers for Disease Control (CDC) reports mental health visits have spiked for young children and adolescents since the pandemic started.
A 2016 Time cover story offers critical insight into why anxiety and depression have continued to rise among young people and the role technology plays in that equation.
Time writer Susanna Schrobsdorff describes the crisis this way: “They are the post-9/11 generation, raised in an era of economic and national insecurity. They’ve never known a time when terrorism and school shootings weren’t the norm. They grew up watching their parents weather a severe recession, and, perhaps most important, they hit puberty at a time when technology and social media were transforming society.”
Janis Whitlock, director of the Cornell Research Program on Self-Injury, added that technology is the primary driver feeding young people’s anxiety and depression. “It’s that they’re in a cauldron of stimulus they can’t get away from, or don’t want to get away from, or don’t know how to get away from.”
Steve Schneider, a high school counselor, likened the constant pressure many teens feel from their phones to a scab that’s constantly being picked. “At no point do you get to remove yourself from it and get perspective.”
Even with a vaccine signaling an end in sight to a degree of our stress, other tensions are proving to be relentless, causing what some doctors are calling “headline stress disorder,” a condition in which non-stop news cycles trigger intense feelings of worry and helplessness.
So how can we help our kids bear up under the weight of it all?
Staying especially connected to one another during this time and alert to the signs of emotional distress is one way parents can help kids balance their digital and mental health. Here are a few other ways to consider.
The silent storms beneath this pandemic will continue to surface and teach us for years to come. Until then, be encouraged that no one has the “what to do,” figured out or the parental superpower to control the uncontrollable. We’re all in this together and, together, hopefully soon, we’ll be enjoying the light of better days.
Family Mental Health Resources |
For resources related to mental health, suicide prevention, crisis intervention, and COVID-19, visit the Pandemic Crisis Services Response Coalition. If you or a family member is in immediate crisis, visit the emergency room or call National Suicide Prevention Lifeline at (800) 273-8255.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Balancing Digital: Helping Your Family Manage Ongoing Stress appeared first on McAfee Blogs.
What is your organization’s readiness for the emerging eXtended Detection Response (XDR) technology? McAfee just released the first iteration of this technology, MVISION XDR. As XDR capabilities become available, organizations need to think through how to embrace the new security operations technology destined to empower detection and response capabilities. XDR is a journey for people and organizations.
The cool thing about McAfee’s offering is the XDR capabilities is built on the McAfee platform of MVISION EDR, MVISION Insights and is extended to other McAfee products and third-party offerings. This means –— as a McAfee customer — your XDR journey has already begun.
The core value prop behind XDR is to empower the SecOps function which is still heavily burdened with limited staff and resources while the threat landscape roars. This cry is not new. As duly noted in the book, Ten Strategies of World-class Cybersecurity Operations Center, written quite a few moons ago: “With the right tools, one good analyst can do the job of 100 mediocre ones.” XDR is the right tool.
SecOps empowerment means impacting and changing people and process in a positive manner resulting in better security outcomes. Organizations must consider and prepare for this helpful shift. Here are three key considerations organizations need to be aware of and ready for:
A baseline requirement for XDR is to unify and aggregate security controls and data to elevate situation awareness. Now consider what does this mean to certain siloed functions like endpoint, network and web. Let’s say you are analyst who typically pulls telemetry from separate control points (endpoint, network, web) moving from each tool with a login, to another tool with another login and so on. Or maybe you only have access to the endpoint tool. To gain insight into the network you emailed the network folks with artifacts you are seeing on the endpoint and ask if these is anything similar, they have seen on the edge and what they make of it. Often there is a delayed response from network folks given their priorities. And you call the web folks for their input on what they are seeing. Enter XDR. What if this information and insights was automatically given to you on a unified dashboard where situation awareness analysis has already begun. This reduces the manual pivoting of copy and pasting, emailing, and phone calls. It removes the multiple data sets to manage and the cognitive strain to make sense of it. The collection, triaging, and initial investigative analysis are automated and streamlined. This empowers the analysts to get to a quicker validation and assessment. The skilled analyst will also use experience and human intuition to respond to the adversary, but the initial triaging, investigation, and analysis has already been done. In addition, XDR fosters the critical collaboration between the network operations and security operations since adversary movement is erratic across the entire infrastructure.
Imagine if your SecOps gained high priority threat intelligence before the adversary hits and enters your environment. What does it mean to your daily SecOps processes and policy? It removes a significant amount to of hunting, triaging and investigation cycles. It simply prioritizes and accelerates the investigation. It answers the questions that matter. Any associated campaign is bubbled up immediately. You are getting over a hundred high alerts, but one is related to a threat campaign that is likely to hit. It removes the guess work and prioritizes SecOps efforts. It assesses your environment and the likely impact—what is vulnerable. More importantly it suggests counter measures you can take. It moves you from swimming in context to action in minutes.
This brings the SecOps to a decision moment faster—do they have the authority to respond? Are they a participant in prevention efforts? Note this topic is Strategy Three in the Ten Strategies of World-class Cybersecurity Operations Center where it is highly encouraged to empower SecOps to make and/or participate in such decisions. Policies for response decisions and actions vary by organizations, the takeaway here is decision moments come faster and more often with significant research and credible context from MVISION XDR.
XDR is an open, integrated platform. So, what does it mean to people and process if all the pieces are integrated and security functions coordinate efforts? It depends on the pieces that are connected. For example, if SecOps can place a recommendation to update certain systems on the IT service system automatically it removes the necessity to login into the IT system and place a request or in some cases call or email IT (eliminating a time-consuming step.) There is a heightened need for what–if scenario policies driven by Secure Orchestration Automation Response (SOAR) solutions. These policies are typically reflected in a manual playbook or SOAR playbook.
Let’s consider an example, when an email phishing alert is offered the SOAR automatically (by policy/play required) compares the alert against others to see if there are commonalties worth noting. If so, the common artifacts are assigned to one analyst versus distributing separate alerts to many analysts. This streamlines the investigation and response to be more effective and less consuming. There are many more examples, but the point is when you coordinate security functions organization must think through how they want each function to act under specific circumstances—what is your policy for these circumstances.
These are just a few areas to consider when you embrace XDR. I hope this initial discussion started you thinking about what to consider when embracing XDR. We have an online SOC audit where you can assess your SOC maturity and plan where you want to go. Join us for a webinar on XDR readiness where experts will examine how to prepare to optimize XDR capabilities. We also have a SOC best practices series, SOCwise that offers regular advice and tips for your SOC efforts!
The post Are You Ready for XDR? appeared first on McAfee Blogs.
In November last year, we lost our much-loved family dog. We were all so devasted. Harley was a very handsome black and white Cavoodle who died from a paralysis tick bite after giving us 12 years of love. After lots of tears and weeks of sadness, we have decided it’s time to start our search for another fur baby.
But it seems we are not the only ones in the market for a new puppy. Thanks to COVID and our new very home focussed lives, puppies have been in hot demand since early 2020 and they still are. What better way to deal with lockdown loneliness and a home-based existence than a brand-new ball of fluff!
Over the last few weeks, I’ve spoken to multiple breeders from all around Australia who have over 50 families waiting for a puppy! A Portuguese Water Dog breeder told me yesterday that it would be 2023 before she could offer me a puppy!! So,
And this trend hasn’t gone unnoticed by cybercriminals with the Australian Competition and Consumer Commission (ACCC) reporting a four-fold increase in puppy scams in 2020!! In fact, a whopping $1.6 million was scammed from unsuspecting Aussies simply looking for a ball of fur to love between January and October 2020.
So, how do you avoid being caught up in a puppy scam and losing money? Here’s what I’m doing to ensure we don’t get swindled while we search for our new puppy:
Cybercriminals rely on us being in a rush and not doing our homework. A quick google search for popular dog breeds such as Cavoodles, Labradors or Dachshunds will yield pages of results, not all of them legit!
Scammers are very talented at making their sites look genuine. They will copy photos of puppies and breeders from legitimate sites and will even use certificates and identification numbers from these legitimate breeders too. Quite often the only detail that differs is the contact telephone number and email address.
Facebook and Instagram ads are also created using these details too making it very hard to identify what is legitimate and what isn’t.
Doing your due diligence is the best way to prevent becoming a victim of a puppy scam. Even if the person on the end of the phone sounds delightful and the pictures are gorgeous, you owe it to yourself – and your bank account – to ensure you are dealing with a legitimate breeder. Here’s what I recommend you do:
If you are not able to pick up your pet in person, requesting photos and even a video call with the breeder and your potential puppy is essential.
Ask the breeder for multiple photos of the pet with specific items – this help you ascertain that the pet is real and not photoshopped. A recent newspaper is a great item to suggest.
However, a video call is probably the best way of giving you total piece of mind. Yes, it maybe crazy and noisy but there’s nothing like seeing something with your own eyes to satisfy yourself that it is real and not photoshopped!
We all have a 6th sense and now is the time to use it:
I can’t imagine our family without pets. They play such an important, cohesive role and we take such joy in sharing photos of our crazy cats and their weird antics on our family group chat.
Next week, we are going to pickup our new puppy. After much debate about breeds, we have chosen a tri coloured beaglier – male of course! The breeder sounds delightful over the phone and the pictures are gorgeous. But just to ensure total piece of mind, I am driving nearly 7 hours to pick up our new fur baby in person. I’ll be sure to share some photos!
Happy pet shopping!
Alex xx
The post Here’s What I’m Doing to Avoid Being Caught Up in A Puppy Scam appeared first on McAfee Blogs.
Albert Einstein once said, “We cannot solve our problems with the same thinking we used when we created them”.
Security vendors have spent the last two decades providing more of the same orchestration, detection, and response capabilities, while promising different results. And as the old adage goes, doing the same thing over and over again whilst expecting different results is…? I’ll let you fill in the blank yourself.
SIEM! SOAR! Next Generation SIEM! The names changed, while the same fundamental challenges remained: they all required heavy lifting and ongoing manual maintenance. As noted by ESG Research, SIEM – being a baseline capability within SOC environments – continues to present challenges to organisations by being either too costly, exceedingly resource intensive, requiring far too much expertise, and various other concerns. A common example of this is how SOC teams still must create manual correlation rules to find the “bad” connections between logs from different products, applications and networks. Too often, these rules flooded analysts with information and false alerts and render the product too noisy to effective.
The expanding attack surface, which now spans Web, Cloud, Data, Network and more, has also added a layer of complexity. The security industry cannot only rely on its customers’ analysts to properly configure a security solution with such a wide scope. Implementing only the correct configurations, fine-tuning hundreds of custom log parsers and interpreters, defining very specific correlation rules, developing necessary remediation workflows, and so much more – it’s all a bit too much.
Detections now bubble up from many siloed tools, too, including Intrusion Prevention Systems (IPS) for network protection, Endpoint Protection Platforms (EPP) deployed across managed systems, and Cloud Application Security Broker (CASB) solutions for your SaaS applications. Correlating those detections to paint a complete picture is now an even bigger challenge.
There is also no ‘R’ in SIEM – that is, there is no inherent response built into SIEM. You can almost liken it to a fire alarm that isn’t connected to the sprinklers.
SIEMs have been the foundation of security operations for decades, and that should be acknowledged. Thankfully, they’re now being used more appropriately, i.e. for logging, aggregation, and archiving.
Now, Endpoint Detection and Response (EDR) solutions are absolutely on the right track – enabling analysts to sharpen their skills through guided investigations and streamline remediation efforts – but it ultimately suffers from a network blind spot. Similarly, network security solutions don’t offer the necessary telemetry and visibility across your endpoint assets.
Of Gartner’s Top 9 Security and Risk Trends for 2020, “Extended detection and response capabilities emerge to improve accuracy and productivity” ranked as their #1 trend. They noted, “Extended detection and response (XDR) solutions are emerging that automatically collect and correlate data from multiple security products to improve threat detection and provide an incident response capability…The primary goals of an XDR solution are to increase detection accuracy and improve security operations efficiency and productivity.”
That sounds awfully similar to SIEM, so how is an XDR any different from all the previous security orchestration, detection, and response solutions?
The answer is: An XDR is a converged platform leveraging a common ontology and unifying language. An effective XDR must bring together numerous heterogeneous signals, and return a homogenous visual and analytical representation.. XDR must clearly show the potential security correlations (or in other words, “attack stories”) that the SOC should focus on. Such a solution would de-duplicate information on one hand, but would emphasize the truly high-risk attacks, while filtering out the mountains of noise. The desired outcome would not require exceeding amounts of manual work; allowing SOC analysts to stop serving as an army of “translators” and focus on the real work – leading investigations and mitigating attacks. This normalized presentation of data would be aware of context and content, be advanced technologically, but simple for analysts to understand and act upon.
SIEMs are data-driven, meaning they need data definitions, custom parsing rules and pre-baked content packs to retrospectively provide context. In contrast, XDR is hypothesis driven, harnessing the power of Machine Learning and Artificial Intelligence engines to analyse high-fidelity threat data from a multitude of sources across the environment to support specific lines of investigation mapped to the MITRE ATT&CK framework.
The MITRE ATT&CK framework is effective at highlighting “how bad guys do what they do, and how they do it.” While traditional prevention measures are great at “spot it and stop it” protections, MITRE ATT&CK demonstrates there are many steps taking place in the attack lifecycle that aren’t obvious. These actions don’t trigger sufficient alerting to generate the confidence required to support a reaction.
XDR isn’t a single product. Rather, it refers to an assembly of multiple security products (and services) that comprise a unified platform. An XDR approach will shift processes and likely merge and encourage tighter coordination between different functions like SOC analysts, hunters, incident responders and IT administrators.
The ideal XDR solution must provide enhanced detection and response capabilities across endpoints, networks, and cloud infrastructures. It needs to prioritise and predict threats that matter BEFORE the attack and prescribe necessary countermeasures allowing the organisation to proactively harden their environment.
McAfee’s MVISION XDR solution does just that, by empowering the SOC to do more with unified visibility and control across endpoints, network, and cloud. McAfee XDR orchestrates both McAfee and non-McAfee security assets to deliver actionable cyber threat management and support both guided and automated investigations.
What if you could find out if you’re in the crosshairs of a top threat campaign, by using global telemetry from over 1 billion sensors that automatically tracks new campaigns according to geography and industry vertical? Wouldn’t that be insightful?
“Many firms want to be more proactive but do not have the resources or talent to execute. McAfee can help bridge this gap by offering organisations a global outlook across the entire threat landscape with local context to respond appropriately. In this way, McAfee can support a CISO-level strategy that combines risk and threat operations.”
– Jon Oltsik, ESG Senior Principal Analyst and Fellow
But, hang on… Is this all just another ‘platform’ play?
Take a moment to consider how ‘platform’ offerings have evolved over the years. Initially designed to compensate for the heterogeneity and volume of internal data sources and external threat intelligence feeds, the core objective has predominantly been to manifest data centrally from across a range of vectors in order to streamline security operations efforts. We then saw the introduction of case management capabilities.
Over the past decade, the security industry proposed solving many of the challenges presented in SOC contexts through integrations. You would buy products from a few different vendors, who promised it would all work together through API integration, and basically give you some form of pseudo-XDR outcomes we’re exploring here.
Frankly, there are significant limitations in that approach. There is no data persistence; you basically make requests to the lowest API denominator on a one-to-one basis. The information sharing model was a one-way ‘question and answer’ leveraging a scheduled push-pull methodology. The other big issue was the inability to pull information in whatever form – you were limited to the API available between the participating parties, with the result ultimately only as good as the ‘dumbest’ API.
And what about the lack of any shared ontology, meaning little to no common objects or attributes? There were no shared components, such as UI/UX, incident management, logging, dashboards, policy definitions, user authentication, etc.
What’s desperately been needed is an open underlying platform – essentially like a universal API gateway scaled across the cloud that leverages messaging fabrics like DXL that facilitate easy bi-lateral exchange between many security functions – where vendors and partner technologies create tight integrations and synergies to support specific use cases benefitting SOC ecosystems.
Is XDR, then, a solution or product to be procured? Or just a security strategy to be adopted? Potentially, it’s both. Some vendors are releasing XDR solutions that complement their portfolio strengths, and others are just flaunting XDR-like capabilities.
SIEMs still deliver specific outcomes to organisations and SOCs, which cannot be replaced by XDR. In fact, with XDR, a SIEM can be even more valuable.
For most organisations, XDR will be a journey, not a destination. Their ability to become more effective through XDR will depend on their maturity and readiness to embrace all the required processes. In terms of cybersecurity maturity, if you’d rate your organisation at a medium to high level, the question becomes how and when.
Most organisations using an Endpoint Detection and Response (EDR) solution are likely quite ready to embrace XDR’s capabilities. They are already investigating and resolving endpoint threats and they’re ready to expand this effort to understand how their adversaries move across their infrastructure, too.
If you’d like to know more about how McAfee addresses these challenges with MVISION XDR, feel free to reach out!
The post XDR – Please Explain? appeared first on McAfee Blogs.
With Safer Internet Day upon us, it’s time to have “The Talk.” The internet talk, that is.
What’s the internet talk? It’s a candid conversation about how safe we’re really being when we go online, as opposed to how safe we think we’re being. Indeed, there can be a sizable gap between the two, and our 2021 Consumer Security Mindset Report shows us just how significant it is:
I don’t know about you, but I was struck by the fact that only 50% of people are purchasing security software when they buy a new device. If that’s so, then it’s indeed time for the talk.
Whether we have the talk with our kids, our parents, or even have it with ourselves, this is a chance to make sure we’re protecting the things that matter when we go online—our families, our privacy, our finances, our data, and, of course, our stuff too—like our computers, tablets, smartphones, and other connected things too.
Plenty. However, let’s look at Safer Internet Day as a way to take some important first steps by asking a handful of questions that can lead to a much safer you online.
Given that security software statistic mentioned above, let’s start at square one. Holistic security solutions will provide you with strong antivirus protection and much more on top of that. It can steer you clear of malicious downloads and links, intercept phishing emails before they hit your inbox, and protect your privacy as well—just to name a few. Additionally, it can protect your smartphones and tablets too, whether you have an Android or iOS devices. Don’t forget to cover those things too, as chances are you do about half of your browsing on them.
If you’re using simple passwords or repeating the use of the same password with little or no variation, it’s time to make a change. Strong, unique passwords protect you in this age of data breaches and hacks, where passwords are stolen and then sold on the black market. If creating strong and unique passwords for each of your accounts sounds like a lot of work, consider using a password manager to create and securely store passwords for you.
A firewall acts as a digital barrier that blocks unauthorized access to your computers and devices, which is a must these days (and has been for some time now). It’s often included with comprehensive security software (one more reason why having comprehensive security software is far superior to having “just” antivirus).
A virtual private network (VPN) is software that creates a secure connection over the internet, so you can safely connect from anywhere. You may want to use it at home when you’re looking for extra protection while banking or handling finances. And you’ll most certainly want to use it when logged into public Wi-Fi at places like airports, hotels, and cafes because so-called “free Wi-Fi” is often unsecured, making it easier for hackers to access your device or the information you’re sending and receiving.
It may come as surprising, but hackers can piece together a great deal of information about you from social media and use it as the means for all manner of attacks. That includes identity theft, social engineering attacks where they impersonate you or someone you know, and even password theft. Avoid oversharing on social media by keeping details like addresses, school names, and other personally identifying information to yourself. Also, set you profiles to private so that only friends and family can see them.
When you’re shopping, banking, or passing along any sort of sensitive information, make sure the site address starts with “https” instead of “http.” The “s” stands for secure, and many browsers will represent that with a little padlock icon to indicate use of https, which uses encryption to scramble and help secure data from prying eyes.
Another form of protection from malicious sites is McAfee Web Advisor, which can help you steer you clear of adware, spyware, viruses, phishing scams, and sketchy downloads.
Updates do more than keep your apps and software current with the latest features, they often include security improvements as well. When and where possible, set your devices and software to update automatically. And when prompted to update, say yes. The few moments you spend here can prevent major headaches down the road should your app or software open an avenue to an attack.
Now that’s the $50,000 question. And I say that only half-jokingly. Where would you be without your photos, files, tax records, finances, projects, and so on? The answer is probably “a world of hurt.” Losing it could set you back personally and financially. Back up your data. I suggest doing so with a combination of a reputable cloud storage service and a local physical device like an external hard drive that you store in a safe location.
Another option for particularly sensitive data and files is use encrypted storage. For example, our File Lock feature allows you to create password-protected encrypted drives on your PC that only appear when you’ve unlocked them, perfect for storing sensitive files like tax returns and financial documents.
Sometimes asking the right question can set things in motion, and I hope that’s what this little talk does by helping you identify and patch up any gaps you find in your security. Go ahead and set aside some time to have “The Talk.” You and anyone you have it with will be safer for it.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Lets Have “The Talk” About the Internet: 7 Conversation-Starters for Staying Safer Online appeared first on McAfee Blogs.
FreshRSS 