DNSTrails v1.0 – DNS intelligence database

DNSTrails is an intelligence database, featuring IP and Domain related data such as current and historical DNS records, current and historical WHOIS, technologies used, subdomains and the ability to...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Network security simplified with Amazon VPC Ingress Routing and Trend Micro

Today, Amazon Web Services (AWS) announced the availability of a powerful new service, Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing. As a Launch Partner for Amazon VPC Ingress Routing, we at Trend Micro are proud to continue to innovate alongside AWS to provide solutions to customers—enabling new approaches to network security. Trend Micro TippingPoint and Trend Micro Cloud One integrate with Amazon VPC Ingress Routing deliver network security that allows customers to quickly obtain compliance by inspecting both ingress and egress traffic. This gives you a deployment experience designed to eliminate any disruption in your business.

Cloud network layer security by Trend Micro

A defense-in-depth or layered security approach is important to organizations, especially at the cloud network layer. That being said, customers need to be able to deploy a solution without re-architecting or slowing down their business, the problem is, previous solutions in the marketplace couldn’t meet both requirements.

So, when our customers asked us to bring TippingPoint intrusion prevention system (IPS) capabilities to the cloud, we responded with a solution. Backed by industry leading research from Trend Micro Research, including the Zero Day Initiative, we created a solution that includes cloud network IPS capabilities, incorporating detection, protection and threat disruption—without any disruption to the network.

At AWS re:Invent 2018, AWS announced the launch of Amazon Transit Gateway. This powerful architecture enables customers to route traffic through a hub and spoke topology. We leveraged this as a primary deployment model in our Cloud Network Protection, powered by TippingPoint, cloud IPS solution, announced in July 2019. This enabled our customers to quickly gain broad security and compliance, without re-architecting. Now, we’re adding a flexible new deployment model.

 

Enhancing security through partnered innovation

This year we are excited to be a Launch Partner for Amazon VPC Ingress Routing, a new service that allows for customers to gain additional flexibility and control in their network traffic routing. Learn more about this new feature here.

Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.

By enabling customers to redirect their north-south traffic flowing in and out of a VPC through internet gateway and virtual private gateway to the Trend Micro cloud network security solution. Not only does this enable customers to screen all external traffic before it reaches the subnet, but it also allows for the interception of traffic flowing into different subnets, using different instances of the Trend Micro solution.

Trend Micro customers now have the ability to have powerful cloud network layer security in AWS leveraging Amazon VPC Ingress Routing. With this enhancement, customers can now deploy in any VPC, without any disruptive re-architecture and without introducing any additional routing or proxies. Deploying directly inline is the ideal solution and enables simplified network security without disruption in the cloud.

 

What types of protection can customers expect?

When you think of classic IPS capabilities, of course you think of preventing inbound attacks. Now, with Amazon VPC Ingress Routing and Trend Micro, customers can protect their VPCs in even more scenarios. Here is what our customers are thinking about:

• Protecting physical and on-premises assets by routing that traffic to AWS via DirectConnect or VPN
• Detecting compromised cloud workloads (cloud native or otherwise) and disrupting those attacks, including DNS filters and geo-blocking capabilities
• Preventing lateral movement between multi-tiered applications or between connected partner ecosystems
• Prevention for cloud-native threats, including Kubernetes® and Docker® vulnerabilities, and container image and repository compromises occurring when pulled into VPCs

 

Trend Micro Cloud One ­– Network Security

Amazon VPC Ingress Ingress Routing will be available as a deployment option soon for Cloud Network Protection, powered by TippingPoint, available in AWS Marketplace. It will also be available upon release of our recently announced Trend Micro Cloud One – Network Security, a key service in Trend Micro’s new Cloud One, a cloud security services platform.

The post Network security simplified with Amazon VPC Ingress Routing and Trend Micro appeared first on .

You’re In Safe Hands with Trend Micro Home Network Security

A three-part series on using Home Network Security to protect your home

Your home should be a haven that protects you. In the cyber age, however, your router, computers, and TVs, your game consoles and smart devices, are continuously connected to the internet and run the risk of being hacked—usually when you least expect it and often without your knowledge. Not only can cybercriminals invade your privacy, they can steal your data, your money and even your identity—if you don’t put the appropriate security measures in place.

Trend Micro Home Network Security (HNS) is specifically designed to be that key security measure for your home network. Attach the HNS station to your router, download and install the management app, pair them up, and HNS immediately begins protecting all the connected devices in your home against a wide variety of threats. These include network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads.

Though setup, configuration, monitoring, and maintenance are pretty straightforward, to get the most out of HNS, we’ve written a three-part series to teach you how to maximize its use:

	Part 1 of the series centers on initial setup and configuration. Choose the right security settings in HNS to maximize its effectiveness in your network. Part 2 is devoted to configuring Parental Controls to best fit your family. Part 3 targets some best practices for daily and weekly monitoring and maintenance over time.

Sound good? Let’s get started with Part 1!

Part 1: Home Network Security: Setup and Configuration

Once you take the Home Network Security Station out of its box, setup and connection is quick and easy:

Plug the Power and the Ethernet cables provided into the station. Plug the Ethernet cable into your router and then the power adapter into an outlet. Watch for the green blinking light while you connect your smartphone to the same network via WiFi. This indicates it’s ready to activate. Download the Home Network Security app from Google Play or Apple App Store and install it. When prompted, enter your 16-character Pairing Code in the screen, provided in your box and on the back of your HNS Station. Upon the Connection Successful message, sign into your Trend Micro Account to complete activation. HNS will register to your Account and automatically scan your network for connected devices. You’re already protected!

Configuration Modes

Trend Micro’s Home Network Security station is designed to be a Plug-n-Protect device. Upon being connected to your router, it will attempt to automatically sense and enable the optimal Mode.

However, if you are experiencing network instability or connection issues, you can also choose the Mode manually from one of four Modes available for the best performance with your particular router. In order to select the correct Mode, you should first determine your router’s optimal Mode. Go to the HNS eSupport website to check the compatibility of your router or to search for its brand and model. The optimal Mode is indicated for tested routers.

While most routers support the default setting automatically, a small number may require manual setup. An even smaller number are not compatible with Trend Micro Home Network Security.

Some additional information about HNS’s station Modes:

	Modes 1-3 do not require any changes to your router. A 4th DHCP Mode allows you to configure Home Network Security as a DHCP Server (which assigns IP addresses to your devices on the network) but this requires you to first disable your router’s DHCP server. You can find details about it on the HNS DHCP eSupport page.

If you change the mode, run a Test Status check 5 minutes after changing the settings.

Off to a Good Start

As mentioned, after the initial setup, Trend Micro Home Network Security automatically does a network check to see what devices are on your network. (As part of its improved device recognition in version 2.5, released in November 2019, HNS offers more than 150 device icons to help make managing your devices even easier.) If you tap the View Devices button in the resulting popup, HNS provides you with a list of All Devices on the network. By default these online devices are Unassigned. You can create family member profiles, then assign specific devices to each family member later on. (Further information regarding Family Profiles will be discussed in Part 2 of this article series.)

At any time, tap Check Devices to initiate a manual security scan. Once the scan ends, you may see Action Required items displayed in the Dashboard indicator. Tap them to review them. The Action Required screen indicates any security issues that have been discovered. When you tap the panel, you will be able to obtain the Issue Details and read the Potential Risk description to better understand the issue and what you can do to resolve it—or you can also tap Skip for Now to skip the remediation process.

If you decide to proceed with remediation, the HNS App loads your mobile browser and takes you to the Trend Micro eSupport site, which provides more details on the issue. You can scroll through the page to learn more about the possible risks it poses, what you can do to prevent the problem from happening in the future, and places to go for more answers to any questions you may have.

Back in the Dashboard, you can review the HNS Summary protection results in the Security, Parental Controls, Family Members, Top Attacked Devices, and Network Usage panels. You can either tap individual items—e.g., Vulnerability Found, Network Attacks, Web Threats Blocked, etc.—to reveal information on the various threats by device; or you can tap individual panels to show additional details about particular attacks or threats. For a more detailed look, you can check the Timeline to review individual events, which can be filtered by type, such as Security, Parental Controls, Connections, Action Required and System.

Recommended Network and Security Settings

There are a number of useful features that are disabled by default. You can enable these features to heighten your home network protection and maximize user convenience.

New Device Approval asks for your permission to approve network access when a new device attempts to join your home network. This component gives you control over the devices that are allowed access to your home network. Remote Access Protection limits remote desktop programs from connecting to your devices. This feature prevents Tech support scams that usually begin with fraudulent phone calls, or infected websites with malicious and fake popups, which can lead to fraudsters installing remote access software on the victim’s computer to gain access to its content. Those working from home who need to use remote access programs need not worry because they can set exceptions for their specific device and app. Voice Control lets you issue voice commands to Alexa to perform specific functions on HNS. You can conduct a scan, obtain your home network’s security status, pause internet usage, disable internet access for a user, and so on. Router Access Protection prevents malicious router attacks by blocking unauthorized access to your Primary Router’s Admin Console. Ad Block lets you filter out unwanted ads on all your connected devices for privacy protection and a better web browsing experience. Early Access Program features let you try the latest protection from HNS, while providing feedback to Trend Micro to help these features improve and evolve. Cyberattack Shield proactively protects all the devices in your home network from threat outbreaks by remotely deploying firewall policies.

For now, this should be enough to get you off to a good start with Trend Micro Home Network Security. Watch for Part 2 of our HNS Series, where we help you create profiles for family members and set up Parental Controls.

For more information about HNS, go to Trend Micro Home Network Security. For more online support, go to Trend Micro Home Network Security eSupport.

The post You’re In Safe Hands with Trend Micro Home Network Security appeared first on .

Parental Controls – Trend Micro Home Network Security has got you covered

We continue our three-part series on protecting your home and family. If you missed our first part, you can find it here. 

Are your kids at that formative age when they’re beginning to use mobile devices? How about at that inquisitive age when they start to discover the wonders of the Internet? Or that age when they tend to be more carefree and self-indulgent?

The Internet and the digital devices our children use are valuable tools when used the right way. They give them access to a wide range of information, pave the way to explore worthwhile ideas, and keep them socially connected with family, relatives and friends. That said, though there are big advantages to kids’ use of the Internet, there are dangers as well. Part 2 of our 3-part series on home network security discusses those dangers to your children and what you can do to protect them, leveraging Trend Micro Home Network Security’s Parental Controls to help you do so.

Internet Access Threats are Real

Gone are the days when simple malware was the focal point for internet safety. Nowadays, children have so many devices giving them access to the internet, unknown dangerous situations have multiplied. As a parent, the challenges include the following:

Your children can come across unwanted or explicit content (such as porn), whether intentionally or unintentionally. Your children can become victims of cyber bullies or internet predators through messaging apps they use or websites they visit. Your kids could be concealing their delinquent online activities from you. There also may be apps your kids are using that you don’t approve of. Conversely, there may be apps you approve, but your kids are spending too much time on them. Your youngers could be consuming too much time with their digital devices, instead of studying or doing other productive activities.

Parental Controls: Your Silent Partner

Finding the right balance between parenting and controlling the child’s use or possible misuse of the internet is tricky. Here’s where Trend Micro Home Network’s (HNS) Parental Controls can come in. In addition to protecting your home network from security risks and attacks, HNS also provides a robust and flexible parental control system to keep internet usage safe for your children. Controls include:

Web Access Control and Monitoring, which gives parents the ability to allot Daily Time Quotas as well as to implement a Customizable Schedule for your child’s screen time. The controls include the means to Pause Internet Access by each Family Member’s Profile; and they also provide general Online Connectivity Monitoring for observing family members’ internet usage. Website and Content Filtering blocks inappropriate websites and content. It also enables parents to turn on Google Safe Search and YouTube Restricted Mode. App Controls manages YouTube Pause and Time Limits. In addition, App Detection alerts you if your children are detected using potentially inappropriate apps.

Parental Controls that Work for You

Protecting your family members online starts with Adding a Profile.

You can add a new Profile for each Family Member and assign to them the devices they control. To do this, you can just simply tap Family in the Command Menu and choose the family member by tapping Add Someone. This will let you provide the Profile Name and Profile Picture as well as Assign Devices to the person by tapping the device(s) in the Unassigned panel. The devices you select will then be automatically moved into the ownership panel for that person. Tap Done and you’ll be presented with the Settings screen for that child’s Profile, where you can configure Parental Controls as you see fit.

Website Filtering

Next, let’s proceed with the most common component: Website Filtering.

To set this up, tap Set Up Now for Filtering to block inappropriate websites and content for this family member. Once the Filtering screen appears, you can toggle on Get Notifications for this family member when selected websites are visited, and Block to block selected websites for this family member’s profile. You can also tap the appropriate pre-configured setting for the Age Level for this particular profile. You can choose from Child, Pre-Teen, and Teen; or tap Custom to manually select categories and subcategories to block. Filtered Categories include: Adult or Sexual (e.g. Pornography), Communication or Media (e.g. Social Networking), Controversial (e.g. Violence, Hate, Racism) and Shopping and Entertainment (e.g. Games, Gambling). There may be instances where you may want to set exceptions to allow specific websites to be accessed or blocked. To do so, tap Set Exceptions and then add the website URL to either the Allowed List or Denied List.

Content Filtering

Moving on, you can also set up Content Filtering.

	Setting up Content Filtering is quite straightforward. For example, you can toggle Turn On Google Safe Search to filter Google search results on your child’s phone, tablet or computer within your home network. Likewise, all you need to do to restrict mature, inappropriate and offensive content on YouTube search results on your child’s devices is to toggle Turn On YouTube Restricted Mode.

App Controls

To continue, there are apps that parents disapprove of, but there are always those instances when the children try to use them anyway against their parent’s wishes. That’s when you can choose to be informed of the Inappropriate Apps Used by your children.

	You can achieve this by tapping Set Up Now under Inappropriate App Used and then enabling Get Notifications. You can then choose from the App Categories such as Games, Adult, Social Network or Chat, Shopping or Advertisement, Media/Streaming, Dating and VPN, which will send an alert once those selected apps are used by your kids on their respective devices.

Time Limits and Notifications

Even when you try to teach your kids about being responsible about their online time, it’s easier said than done. Thus, parents or guardians can schedule the hours of screen time their children are allowed each day, along with the hours when screen time is available. HNS’s Parental Controls provide both of these features and more.

To set up Time Limits, just tap Set Up Now to bring up Add First Rule. You can select the days for this rule and the number of hours per day that your child can use the internet. You can indicate the Internet Time Limit and Time on YouTube by scrolling back and forth to see the limits available, then tap the total time per day you want to allow. Once you set the limits, you may want to toggle Get Notifications to tip you off when your child reaches the limit. Next, you’ll set the time period when your child can use the Internet by tapping the From and To fields, and moving the Time Wheelbar accordingly for the Beginning and Ending You can opt to be informed by selecting Get Notifications when your child attempts to use the internet outside the allowed time period, as well as Block Internet Access for the child when they do. Before tapping Done to finalize the rule(s), the Rule Complete screen shows a summary of the rule you’ve set, providing a clock to show the Allowed Time, the Days for which the rule is set, the Hours of Internet allowed, including any time allowed for YouTube viewing, and the Times

Connection Alerts

Last but not least, since it’s tough to keep monitoring when your child is online, tapping Trend Micro HNS’ Connection Alert to toggle it on makes it easier for parents to get notifications when their kid’s digital devices connect to the home network during a specified time period.

In the end, Trend Micro Home Network Security’s Parental Controls can assist parents in dealing with the online safety challenges all children are exposed to in the 21^st century. HNS’ flexible and intuitive feature set comprised of Filtering, Inappropriate App Used, Time Limits and Connection Alerts support every parent or guardian’s goal to ensure a safe and secure internet experience for their kids. Coupled with kind face-to-face conversations, where you let your children know your care for them extends to how they use the Internet, HNS becomes your silent partner when ensuring your family’s safety.

For more information, go to Trend Micro Home Network Security.

The post Parental Controls – Trend Micro Home Network Security has got you covered appeared first on .

The Everyday Cyber Threat Landscape: Trends from 2019 to 2020

The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.

To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.

As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.

Top five threats of 2019

Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:

Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.

Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.

Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.

Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.

Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.

What to look out for in 2020

Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.

Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.

Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.

All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts.  Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.

Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.

How to stay safe

Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:

Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.

Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).

Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.

Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.

Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.

How Trend Micro can help

Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.

Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.

Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.

Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.

Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.

Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.

Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.

The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.

Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.

We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.

1.   Threat Blocking

To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:

http://www.eicar.org/download/eicar.com

http://test-malware.hns.tm

When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.

2.   Access Control

Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.

Approving and Rejecting Devices

Device control is the first part of access control.

Navigate to Settings -> Access Control and enable New Device Approval, after completing setup and allowing HNS to scan the network for devices. Connect a device that has never been connected to the HNS-secured network. The phone that’s managing the HNS Station will receive a notification indicating, “Request from a new device to join the network”. Once you tap the notification, you’re given the option to either Allow Connection or Block the new device’s connection to your network.

Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.

Remote Access Protection

For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.

Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.

In this test, we will use the free version of TeamViewer.

Download the remote access software from https://www.teamviewer.com and install it on two devices—e.g., a laptop and desktop computer. (It’s available for phones and tablets too.) One will act as the source, the other the target. The target PC should be on the same home network where HNS is installed. The source PC should be on another network. Navigate to Settings -> Access Control -> Remote Access Protection in the HNS app and enable Block Remote Access. From the source PC outside of your network, attempt to establish a TeamViewer connection to the target PC and start a session.

HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.

Disconnecting Devices

Next, you should test Disconnecting Devices.

	To do this, navigate to the Devices page and choose a connected device (indicated by a green status indicator next to the device’s name). On the chosen device’s detail page, turn off the “Connect to the Network” switch to disconnect it from the network. Using the disconnected device, attempt to browse to a webpage or use an online application to verify that the device no longer has access.

3.   Parental Controls

As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.

Website Filtering

Testing Website Filtering is easy.

	For this test, under the Filtering sector, first assign a test PC with the Pre-Teen-Age Level default profile for Filtered Categories. Next, using the browser of your assigned test PC, attempt to go to a website that belongs to the default blocked categories in the Pre-Teen level, such as Personals or Dating.

The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.

Content Filtering

Moving forward, Content Filtering is next in our checklist.

Go to the HNS app, proceed to the test user’s profile Settings -> Filtering. Then scroll down to the Content Turn ON Google SafeSearch and YouTube Restricted Mode if they’re turned OFF, or vice-versa. The change in settings should be reflected on the browser. To verify this, open a new instance of the browser. From the Google Search results page go to Settings -> Search Settings and Turn On SafeSearch should have a check mark beside it if it’s turned ON by HNS, or it’s unchecked when turned OFF by HNS. For YouTube, go to https://www.youtube.com and locate the 3 vertical dots near the SIGN IN button. Scroll down and check whether Restricted Mode is turned ON or OFF, depending on the toggled setting made from the HNS app.

When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.

App Controls

To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.

	From the HNS app, toggle on Inappropriate App Used from the Settings of the same test user account profile of the assigned test mobile device. Enable Notifications and choose any or all that are listed in the App Category.

Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.

Time Limits

To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.

As an example:

	Monday, Tuesday, Wednesday, Thursday, Friday 30 minutes of Internet allowed, including 15 minutes of YouTube Times allowed: 6:00 PM to 10:00 PM

To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.

Connection Alert & Notification

Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.

To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.

And Now, the Answer to Your Question

Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.

Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.

Go here for Parts 1 and 2 of our series:

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .

COVID-19: How Do I Work from Home Securely?

The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can. The most recent data tells us that in 2017, eight million Americans worked from home at least some of the week — amounting to around 5% of US workers. However, the events of the past few weeks are driving what is being described in certain sectors as the biggest shift to home working since 9/11.

This will ensure that many companies can continue functioning while helping to achieve social distancing to minimise the spread of the virus. But there are challenges, particularly to smaller businesses who don’t have IT security teams to assist with the transition. Hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. There’s also a risk that workers are more distracted by current events when working at home, creating more opportunities for cyber-criminals to strike.

This isn’t just about hackers stealing your personal log-ins and information to sell on the dark web. In a home-working context, corporate data and systems may also be at risk. It takes just one unsecured remote worker to let the bad guys in. The damage they end up doing may be particularly difficult for employers to weather given the extreme economic pressures already on many firms.

With that in mind, therefore, let’s take a look at some of the major threats to home workers and their organizations, and what can be done to keep the hackers at bay.

The main threats

Phishing messages are by far the number one threat to home workers. Cyber-criminals are using widespread awareness of COVID-19, and a desire for more information on the outbreak, to trick users into clicking on malicious links or opening booby-trapped attachments. Many are spoofed to appear as if sent by trusted organizations such as the US Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). They may claim to offer more information on the spread of the outbreak, tips on staying safe, and even provide details of how to get a non-existent vaccine online.

If you click through on a malicious link, the next stage of the attack could:

Take you to a convincing-looking log-in page (e.g., for Microsoft Outlook, Office 365, or any popular cloud apps) where your username and password could be harvested by hackers. With these, they have a foothold in the organization which could provide the foundation for a serious information-stealing attack. Covertly initiate a malware download. This malware could exploit unpatched vulnerabilities on your computer to infect not just your machine but the entire corporate network it’s connected to, with ransomware, cryptojacking malware, banking trojans, information-stealing threats, and much more.

Brute forcing is another way for hackers to hijack your cloud accounts. They use previously breached username/password combos and run them through automation software to try them across billions of websites and apps. Because users reuse passwords across numerous accounts, the bad guys often get lucky and are able to unlock additional accounts in this way. Home workers using Microsoft Teams, Slack, Zoom and other cloud platforms for collaboration and productivity may be targeted.

Malicious smartphone apps are another threat to home workers. These may be disguised to trick the user into believing they’re downloading a COVID-19 tracker, for example. In reality, it could infect the device with ransomware, info-stealers, or other malware. That device could then spread the same malware to the corporate network, if it is connected to it via the home network.

Smart device threats are also a concern for home workers. More and more of us are investing in smart home devices. From voice assistants to smart speakers, connected refrigerators to smart TVs, it’s estimated that there’ll be as many as 128 million smart homes in the US by the end of this year. However, often these consumer-grade devices don’t have strong built-in protection. They may use weak, factory default passwords and/or contain multiple software vulnerabilities which are rarely patched by the manufacturer, if at all. The risk is that hackers could hijack one or more of these devices and use them as a stepping stone into the home and then corporate network – as we’ve demonstrated in previous research.

Friends and family could also introduce new cyber-threats, as they will also be confined largely to the home. That means they’ll be logging on to the home network with their own mobile devices, which may not be as well protected from threats as they should be. Once again, such threats could spread quickly from the home network to infect the enterprise network if it’s connected without adequate security controls. Another risk is of children using unsecured remote learning platforms, which may offer cybercriminals opportunities to hijack accounts, steal information and spread malware onto the network.

What are the hackers after?

Home workers represent an attractive target in their own right. After all, personal information and log-ins (home banking, Netflix, webmail etc) can be easily sold for a profit on dark web marketplaces. However, organizations represent a much bigger, potentially more lucrative pay day for cyber-criminals. While corporate PCs and networks might be fairly well secured, the rush to support home working may have left gaps the bad guys are keen to exploit.

By first compromising the home worker, and then pivoting through unsecured channels to the corporate network, hackers could spread ransomware, steal sensitive company IPs, infect work networks with crypto-mining malware, or steal large volumes of customer data. They may also look to hijack employees’ corporate email or other accounts as the first part of a multi-stage information-stealing attack. There have even been new warnings of Business Email Compromise (BEC) attacks in which employees (usually those working in the finance department) are contacted by someone posing as a senior exec and ordered to wire business funds to a new bank account.

Working safely at home

With so many techniques at their disposal, it’s easy to imagine that the bad guys have the upper hand. But by putting a few best practices in place, there are things businesses and employees can do today to reduce home working security risks.

Consider the following:

User awareness exercises to improve the ability of home workers to spot phishing attacks. Ensure all home workers are outfitted with anti-malware for any devices used for work. Trend Micro Maximum Security is an excellent place to start for PCs and Macs, while Trend Micro Mobile Security can help secure Android and Mobile devices. Require strong, unique passwords for all accounts, stored in a password manager, such as Trend Micro Password Manager. Enhance the above by switching on two-factor authentication for all enterprise accounts that have it (including any cloud platforms). Always use a VPN for communication between home and corporate networks. Ensure staff have a clear route to report any security incidents. Switch on automatic updates for all home computer systems (operating systems and software). Ensure smart home devices are on latest software version and have strong passwords or 2FA. Use a network security solution like Trend Micro Home Network Security to secure your home network. It not only provides a secure baseline for working at home, with its web and content threat protections; you can block your kids’ use of the internet and YouTube while you’re having conference calls or doing other bandwidth-intensive work on the remotely-accessed corporate network. Tightly enforce endpoint security policies: if possible, only allow work devices to connect to the corporate network, and/or employee devices that have been previously scanned for threats.

We don’t know how long COVID-19 will last. But by adapting to the new reality as quickly as possible, businesses and their home workers can at least close down any security gaps, enabling them to be as productive as possible — while most importantly, staying safe and healthy.

The post COVID-19: How Do I Work from Home Securely? appeared first on .

Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

We’re now done with familiarizing ourselves with the features of Trend Micro Home Network Security (HNS) It’s now time for you to get a bit more adept at regular monitoring and maintenance, to ensure you’re getting the best protection HNS can provide your connected home.

Keeping Tabs on Your Home Network

Once you’re tracking the various internet-capable devices in your home within HNS, as with any security-related device it’s essential to monitor the activities captured by it. In the same way that we need to periodically review the videos taken by our security cameras, to check for any unusual events in or around the home that need our attention; so too, do you need to keep abreast of the goings on in your home network, particularly those of an unusual or suspect nature, as revealed by HNS. This can easily be done in two ways: via Voice Control and Reports.

Voice Control. When you want just a quick overview of the status of your network, you can use HNS’s Voice Control. Voice Control is available as a skill for both Amazon Alexa and Google Home.

Once the skill has been enabled, you can ask Alexa or Google Assistant to control your Home Network Security (HNS) using the following voice commands:

Start a Check Devices Scan – To check your network and devices, say: “Alexa (or Ok, Google), tell Trend Micro to scan my network.” Get Your Security Status – To get a network security status update, say: “Alexa (Ok, Google), ask Trend Micro if my network is ok.” Get An Online Activity Summary – To get a summary of a profile’s online activity, say: “Alexa (Ok, Google), ask Trend Micro what Tom (or any member of your household) did today.” Pause the Internet for a Profile – To disconnect the devices assigned to a profile from the internet, say: “Alexa (Ok, Google), ask Trend Micro to pause the Internet for Tom (or any member of your household).” Pause YouTube for a Profile – To prevent the devices assigned to a profile from accessing YouTube, say: “Alexa (Ok, Google), ask Trend Micro to turn off YouTube for Tom (or any member of your household).” Use the Dashboard – Lastly, though not a voice command, checking out the Dashboard of the HNS app will give you a brief summary of the state of security of your home network, and will let you know if anything triggered any Parental Control rules that you’ve set.

Reports. On the other hand, if you have more time to spare, you can peruse the Reports for your devices, user profiles, and network usage.

Devices. On your HNS app, Tap Menu > Devices and select a device. Then, tap Report and choose the report you want to view in order to see more details. User Profiles. From your HNS app, Tap Menu > Family and select a user profile. Then, tap Report and choose an event card from the list to see more details. Network Usage. Besides knowing the status of your devices and users, it’s also necessary to know your network usage, especially when your home network relies on a metered connection. Having an idea which devices are hogs on the network will allow you to make proper adjustments, either to rules you implement for your youngsters and other members of your household; or to let you know that maybe you need to upgrade your internet plan to address the more intensive internet needs of your family. Network usage can be viewed by scrolling down to the bottom of the Dashboard and tapping the Network Usage graph; or you can just simply tap Menu > Network. Both will display more detailed network usage information.

Responding to Network Events

Now that you’re more acquainted with your home network through HNS, it’s vital that you know what to do when, for instance, you received a Smart Alert notification indicating an unusually high network activity detected on one of your connected devices.

A Range of Network Events. In brief, you’ll need to review the recent activities and perform the required actions to eliminate risks such as the following:

Check if there are any important security-related issues you need to resolve by checking if the ball at the top of the Dashboard says “Action Required”. Tap the ball to find out what you need to do to make sure your network and device security are optimal. Check detected network activities. Check if the device where the unusually high network activity was detected. Select the device where the unusual activity was detected to view the Summary Report for the past 7 days. You will see the unusual network traffic details, including the time range of the traffic and the amount of data used. Check if the top 3 activity destinations were done by you or your family member. If you are aware of the activities and not concerned about these events, tap Report > Not Unusual. If these unusually high traffic activities were not caused by you or your family member, you need to double-check that the Network and Security settings are still enabled, to keep your connected devices protected. Moreover, you should fix any vulnerabilities on your devices, usually resolved by a software or firmware update.

For more specific information regarding these types of incidents, you may refer to this Technical Support article.

Monitoring the Health of Your Home Network Security Station

The Home Network Security Station takes care of your home and your family’s security and safety. In return, you should know how to check if it’s in good working condition.

Physical Status. Check whether the physical components (LED, Reset button, Power, and Ethernet ports) of your Station are intact.

Power. Ensure that the Station is powered on. To check if the Station has power supply, just follow these simple steps:

	Connect the adapter to the outlet and the Station. Make sure power on the outlet is turned on. Change outlets to ensure power is on.

Offline Notifications. When the HNS Station is offline the user will receive a notification about it. In addition, the HNS app will indicate the Station is offline. This situation can be attributed to loss of either the internet or LAN connections.

Internet Connection. Make sure you have stable internet connection. Checking your internet connection is easy:

	Disconnect your Home Network Security Station from the router. Check if internet line is connected to the router’s WAN port. If there is no internet connection, do the following: Reboot your router Check the network status from your Internet Service Provider Check your router settings

If you are able to connect to the internet, just reconnect your Home Network Security Station to the router.

LAN Connection. Check the connection between the router and the HNS Station.

Ensure that the Ethernet cable provided is used to connect the HNS Station to any available LAN port of your router. Check if the two LED lights of the LAN port are turned on. The port on the right should be blinking green, while the other port should be a steady green or yellow. If the LED lights don’t light up as mentioned, move the Ethernet cable to another router LAN port. Once the LED lights become normal, your HNS Station should be connected to the network.

Updates. Make sure that you update the HNS App if you receive a notification that indicates, “Update Needed. Please click the button below to get the latest version.” This will guarantee that your HNS is up-to-date with app improvements.

Getting Help. Always remember, if you encounter any questions, issues or concerns that you’re unable to resolve, Help is just a click away.

Final Thoughts

Home networks are everywhere these days. However, the user knowledge required to secure and maintain our home networks spans from tech newbies to gurus and often seems to be a rather complicated or even confusing task.

To help you maintain and monitor your home network, Trend Micro offers a simple plug-and-protect home network device to protect your smart home and connected devices from being hacked, while keeping the internet safe for your kids on any device. But plug-and-protect doesn’t mean plug-and-forget. As with any security device, ongoing monitoring and maintenance is needed to provide the best protection your home network and family members need and deserve.

For more information, go to Trend Micro Home Network Security.

To read the rest of our series on HNS, go to

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

The post Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices appeared first on .

From Bugs to Zoombombing: How to Stay Safe in Online Meetings

The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.

The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).

Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.

What are the risks?

Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.

Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.

The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.

To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:

Exploiting vulnerabilities in the video conferencing software, particularly when it hasn’t been updated to fend off the latest threats Stealing your log-ins/meeting ID via malware or phishing attacks; or by obtaining a meeting ID or password shared on social media Hiding malware in legitimate-looking video apps, links and files Theft of sensitive data from meeting recordings stored locally or in the cloud.

Zooming in on trouble

Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.

And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.

More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.

Video conferencing alternatives

So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.

In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.

Some video conferencing options alongside Zoom, WebEx, and Teams include:

Signal which is end-to-end encrypted and highly secure, but only supports one-to-one calls. FaceTime, Apple’s video chat tool, is easy-to-use and end-to-end encrypted, but is only available to Mac and iOS users. Jitsi Meet is a free, open-source video conferencing app that works on Android, iOS, and desktop devices, with no limit on participants beyond your bandwidth. Skype Meet Now is Microsoft’s free, popular conferencing tool for up to 50 users that can be used without an account, (in contrast to Teams, which is a paid, more business-focused platform for Office 365 users). Google Duo is a free option for video calls only, while the firm’s Hangouts platform can also be used for messaging. Hangouts Meet is a more business-focused paid version. Doxy.me is a well-known telemedicine platform used by doctors and therapists that works through your browser—so it’s up to you to keep your browser updated and to ensure the appropriate security and privacy settings are in place. Secure medical consultation with your healthcare provider is of particular concern during the shelter- and work-from-home quarantine.

How do I stay safe?

Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.

Check for end-to-end encryption before getting onboard with the app. This includes encryption for data at rest. Ensure that you generate one-off meeting IDs and passwords automatically for recurring meetings (Zoom). Don’t share any meeting IDs online. Use the “waiting room” feature in Zoom (now fixed), so the host can only allow attendees from a pre-assigned list. Lock the meeting once it’s started to stop anyone new from joining. Allow the host to put attendees on hold, temporarily removing them from a meeting if necessary. Play a sound when someone enters or leaves the room. Set screen-sharing to “host only” to stop uninvited guests from sharing disruptive content. Disable “file transfers” to block possible malware. Keep your systems patched and up-to-date so there are no bugs that hackers can target. Only download conferencing apps from official iOS/Android stores and manufacturer websites. Never click on links or open attachments in unsolicited mail. Check the settings in your video conferencing account. Switch off camera access if you don’t want to appear on-screen. Use a password manager for video conferencing app log-ins. Enhance passwords with two-factor authentication (2FA) or Single-Sign-On (SSO) to protect access, if available. Install anti-malware software from a reputable vendor on all devices and PCs. And implement a network security solution if you can.

How Trend Micro can help

Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.

Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.

Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.

Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.

The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2)

The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.

Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.

How you can stay safe online

The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.

Protect your smart home and router

Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:

Regularly check for router firmware updates and apply as soon as they’re available. (If you’re using a home gateway (modem + router) firmware updates are done by your ISP, so you won’t have the option to do this.) Change factory default admin passwords and switch on two-factor authentication if available. Disable UPnP and any remote management features. Use WPA2 on your router for encrypted Wi-Fi. Pick passwords for access that aren’t easily guessed. Put the router in middle of house if possible, so the signal is not overly exposed to strangers outside. Likewise for extenders. Invest in security for the entire home network from a reputable provider like Trend Micro.

Secure your home office

Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:

Again, apply a home network security solution. This protects your work devices, while also protecting the devices you use for recreation. Apply any security updates to OS/software. Install/maintain endpoint security software on all machines/devices. Never use work laptops for personal use. Switch on 2FA for any work accounts. Use a VPN if applicable whenever connecting to the office. Stay alert to phishing/BEC attempts. Take advantage of any training courses to stay up-to-speed on the latest scams. Disable macros in Office files – these are often used by hackers to run malware.

Stay safe from phishing

Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:

Be cautious of any unsolicited emails/texts/messages even if they appear legitimate. Don’t click on any links/buttons in unsolicited messages, or download attachments. Check directly with the sender rather than clicking through links or buttons provided or entering any confidential details. Invest in cybersecurity tools from a trusted vendor like Trend Micro, to spot and block scam emails and malicious downloads/websites.

Use video conferencing safely

New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:

Check first for end-to-end encryption. Only download videoconferencing apps from official iOS/Android stores and manufacturer websites. Get familiar with privacy settings. Switch off camera access if you don’t want to appear on-screen. Ensure you’re always on the latest software version. Never click on links/open attachments in messages from unknown contacts. Use a password manager to store long and strong log-ins, and switch on two-factor authentication (2FA) if available.

Stay safe shopping and banking

Next, protect your financial information and stay safe from e-commerce fraud by doing the following:

Install AV on all PCs and devices. Always use the latest browser versions and HTTPS sites. Never click through on sensational promos or ads on social media/in emails. Always visit the site directly. Always be cautious: if special offers seem too good to be true, they usually are. Use a secure browser, password manager, and 2FA in your online accounts. Use a VPN app on any device you use to shop or bank.

Think about online safety for kids

They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:

Urge your kids to think before clicking, and before sharing on social media. Make sure you have installed anti-malware from a reputable vendor on all their devices. Look for security products that check/update their social media privacy settings. Discourage or block downloads from P2P sites. Set up parental controls to block inappropriate content and/or to regulate screen time and time on certain sites or with certain apps. Then set up admin protections, so they can’t change the settings. Share your concerns around sexting.

Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by

Sticking to the official Google Play and App Store marketplaces. Enforce this through smart settings on your children’s phones. Running anti-malware on your mobile device, from a reputable company like Trend Micro. Ensuring your family’s devices are using the latest OS version. Ensuring your family devices have remote lock and wipe feature switched on, in case they’re lost or stolen. Never brick or jailbreak the device, as this can expose it to security risks.

How Trend Micro can help

When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:

Trend Micro Home Network Security

Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution

Blocks dangerous file downloads during web browsing to stop ransomware, data theft, phishing, and other malware. Blocks remote access applications. Protects all smart devices, such as smart TVs, thermostats, security cameras, etc., that don’t have their own security solutions. Parental Controls and Guardian allow parents to track and restrict their children’s internet usage at home and on-the-go, which could free-up bandwidth for important conference calls.

Trend Micro Security (PC and Mac)

Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:

Web Threat Protection when browsing the internet, defending you against bad websites that can steal your data or download malicious files. Machine Learning, to protect you from new and unknown threats. Ransomware protection via Folder Shield, to stop unauthorized changes and back-up files encrypted by suspicious programs. Anti-phishing and anti-spam protection for Outlook clients, as well as Gmail and Outlook webmail on the PC, and Gmail webmail on the Mac. Privacy Scanner (for Facebook and Twitter), Social Networking Protection for protection against malicious links in social networks, Pay Guard for protecting your online banking and buying. Parental Controls to limit which software and websites you kids may use.

Trend Micro Mobile Security:

Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.

	Blocks dangerous websites and app downloads. Helps protects your privacy on Twitter and Facebook. Protects your kids’ devices. Guards against identity theft. Optimizes your device’s performance.

Additional Trend Micro Tools:

Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides

Wi-Fi Protection/VPN Proxy One Mac | iOS. VPNs with an emphasis on web threat protection or privacy, respectively. The first is available on all four platforms; the second is targeted for Apple devices. Password Manager. Manages and encrypts your passwords, and automates your logins, while ensuring you use unique, strong passwords across all of your online accounts. ID Security. Tracks your credentials, particularly the ones you use for buying and banking, to see if breaches of any of your identity data have led to their sale on the Dark Web. Notifies you when it has, so you can take steps to protect it. Premium Services. Parents working from home are not expected to be IT or Security experts, so now’s the time to ensure professional help is around when you need it by signing up for one of Trend Micro’s premium service packages for help configuring, troubleshooting, optimizing, and disinfecting your devices if they get infected.

Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1)

Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.

To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.

What’s going on?

In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.

This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include

Use of potentially insecure video conferencing applications. The number of daily meeting participants on Zoom surged from 10 million in December 2019 to roughly 200 million in March. Visits to P2P/torrent sites or platforms for adult content. In search of entertainment, bored kids or teens in your household may have more time and inclination to do this. Downloads of potentially malicious applications disguised as legitimate entertainment or gaming content. More online shopping and banking. June alone generated $73.2 billion in online spend, up 76.2% year-on-year. Whenever you shop or bank online, financial data is potentially exposed. Use of potentially insecure remote learning platforms. Educational mobile app downloads increased by a massive 1087% between March 2 and 16. The trend continues. Logging on to corporate cloud-based services. This includes Office 365, to do your job remotely, or using a VPN to connect directly into the office. For recreation, streaming and browsing on your smart TV. But even your smart TV is vulnerable to threats, as the FBI has warned.

Risky behavior

Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:

	80% have used their work laptop for personal browsing, with only 36% fully restricting the sites they visit. 56% of employees have used a non-work app on a corporate device, and 66% have uploaded corporate data to it. 39% often or always access corporate data from a personal device. 8% admit to watching adult content on their work laptop, and 7% access the dark web.

This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.

What are the bad guys doing?

Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.

There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.

It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.

Unsecured home routers and smart devices might be hijacked in more sophisticated attacks designed to steal data from corporate networks via the home worker. Phishing attacks spoofing well-known brands or using COVID-19 information/news as a lure. Google is blocking 18 million malicious pandemic-themed emails every day. The end goal may be to hijack your online consumer accounts (Netflix, banking, email, online shopping) or work accounts. Other phishing emails are designed to install data-stealing malware, ransomware and other threats. Attackers may target vulnerabilities in your home PCs and the apps you’re using (video conferencing etc) to gain remote access. Business Email Compromise (BEC) attackers may try to leverage the lack of internal communications between remote workers to impersonate senior execs via email, and trick finance team members into wiring corporate funds abroad. Kids exposing home networks and devices to malware on torrent sites, in mobile apps, on social media, and via phishing attacks potentially imitating remote learning/video conferencing platforms. Kids searching for adult/inappropriate content, and/or those that are bored and over-share on social media. Unicef has warned that millions of children are at increased of online harm as lockdown means they spend more of their days online. Mobile apps represent a potential source of malware, especially those found on unofficial app stores. There has also been a reported 51% rise in stalkerware – covert surveillance apps used by domestic abusers and stalkers to target victims. The pandemic has led to a surge in e-commerce fraud where consumers are tricked into buying non-existent products or counterfeit goods including medical items.

So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”

Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .

What is a VPN and How Does it Increase Your Online Security and Privacy?

The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?

What is a VPN?

A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.

How does a VPN work and why you need a VPN service?

Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.

	Safeguard personal information

This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.

	Access better streaming contents from other locations

One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.

	Enhance browsing privacy

Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.

Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.

	Save cost on communicating with family and friends abroad

Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.

	Escape content-based bandwidth-throttling

The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.

Choosing the right VPN for you

Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.

Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:

Faster and more data is better. Using a VPN can often decrease the speed of your internet connection, so you should pick a provider that has a good number of servers and locations and doesn’t pre-throttle your bandwidth. Some also have data limits, so you should opt for those with a higher data limit per month Provides the best encryption. Look for a VPN providing sophisticated ciphers such as 256-bit AES end-to-end encryption. Ensures safe browsing. Look for VPN that can filter and block malicious websites, online fraud, and internet scams and automatically safeguard your internet connection. Provides full anonymity. It is crucial that a VPN vendor has a clear privacy policy. Trusted VPNs will not track the user’s websites, payment information, or online transactions, and do not keep logs. Supports simultaneous devices. Select a VPN that is compatible with your devices and operating systems and can provide you a good number of simultaneous connections on your devices. Cost versus use case. Heavier business usage should be contrasted with everyday consumer use. To pay less for the service (VPNs typically cost from $5 to $12 per month per device, though multi-device bundles are less), you might accept some data limits, if your use case is lighter; sacrifice some speed, if you’re not streaming movies when you’re out and about, (unlikely during the coronavirus lockdown); or some cross-regional server-selection capability, if you’re not travelling in content-restricted regions (since out-of-country travel is also being hampered by the pandemic).

Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.

Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.

Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.

Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.

Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.

The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .

The Life Cycle of a Compromised (Cloud) Server

Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. Today we released the second in this three-part series of reports which detail the what, how, and why of cybercriminal hosting (see the first part here).

As part of this report, we dive into the common life cycle of a compromised server from initial compromise to the different stages of monetization preferred by criminals. It’s also important to note that regardless of whether a company’s server is on-premise or cloud-based, criminals don’t care what kind of server they compromise.

To a criminal, any server that is exposed or vulnerable is fair game.

Cloud vs. On-Premise Servers

Cybercriminals don’t care where servers are located. They can leverage the storage space, computation resources, or steal data no matter what type of server they access. Whatever is most exposed will most likely be abused.

As digital transformation continues and potentially picks up to allow for continued remote working, cloud servers are more likely to be exposed. Many enterprise IT teams, unfortunately, are not arranged to provide the same protection for cloud as on-premise servers.

As a side note, we want to emphasize that this scenario applies only to cloud instances replicating the storage or processing power of an on-premise server. Containers or serverless functions won’t fall victim to this same type of compromise. Additionally, if the attacker compromises the cloud account, as opposed to a single running instance, then there is an entirely different attack life cycle as they can spin up computing resources at will. Although this is possible, however, it is not our focus here.

Attack Red Flags

Many IT and security teams might not look for earlier stages of abuse. Before getting hit by ransomware, however, there are other red flags that could alert teams to the breach.

If a server is compromised and used for cryptocurrency mining (also known as cryptomining), this can be one of the biggest red flags for a security team. The discovery of cryptomining malware running on any server should result in the company taking immediate action and initiating an incident response to lock down that server.

This indicator of compromise (IOC) is significant because while cryptomining malware is often seen as less serious compared to other malware types, it is also used as a monetization tactic that can run in the background while server access is being sold for further malicious activity. For example, access could be sold for use as a server for underground hosting. Meanwhile, the data could be exfiltrated and sold as personally identifiable information (PII) or for industrial espionage, or it could be sold for a targeted ransomware attack. It’s possible to think of the presence of cryptomining malware as the proverbial canary in a coal mine: This is the case, at least, for several access-as-a-service (AaaS) criminals who use this as part of their business model.

Attack Life Cycle

Attacks on compromised servers follow a common path:

Initial compromise: At this stage, whether a cloud-based instance or an on-premise server, it is clear that a criminal has taken over. Asset categorization: This is the inventory stage. Here a criminal makes their assessment based on questions such as, what data is on that server? Is there an opportunity for lateral movement to something more lucrative? Who is the victim? Sensitive data exfiltration: At this stage, the criminal steals corporate emails, client databases, and confidential documents, among others. This stage can happen any time after asset categorization if criminals managed to find something valuable. Cryptocurrency mining: While the attacker looks for a customer for the server space, a target attack, or other means of monetization, cryptomining is used to covertly make money. Resale or use for targeted attack or further monetization: Based on what the criminal finds during asset categorization, they might plan their own targeted ransomware attack, sell server access for industrial espionage, or sell the access for someone else to monetize further.

 

Often, targeted ransomware is the final stage. In most cases, asset categorization reveals data that is valuable to the business but not necessarily valuable for espionage.

A deep understanding of the servers and network allows criminals behind a targeted ransomware attack to hit the company where it hurts the most. These criminals would know the dataset, where they live, whether there are backups of the data, and more. With such a detailed blueprint of the organization in their hands, cybercriminals can lock down critical systems and demand higher ransom, as we saw in our 2020 midyear security roundup report.

In addition, while a ransomware attack would be the visible urgent issue for the defender to solve in such an incident, the same attack could also indicate that something far more serious has likely already taken place: the theft of company data, which should be factored into the company’s response planning. More importantly, it should be noted that once a company finds an IOC for cryptocurrency, stopping the attacker right then and there could save them considerable time and money in the future.

Ultimately, no matter where a company’s data is stored, hybrid cloud security is critical to preventing this life cycle.

 

The post The Life Cycle of a Compromised (Cloud) Server appeared first on .

Ransom from Home – How to close the cyber front door to remote working ransomware attacks

Coronavirus has caused a major shift to our working patterns. In many cases these will long outlast the pandemic. But working from home has its own risks. One is that you may invite ransomware attacks from a new breed of cyber-criminal who has previously confined his efforts to directly targeting the corporate network. Why? Because as a remote worker, you’re increasingly viewed as a soft target—the open doorway to extorting money from your employer.

So how does ransomware land up on your front doorstep? And what can a home worker do to shut that door?

The new ransomware trends

Last year, Trend Micro detected over 61 million ransomware-related threats, a 10% increase from 2018 figures. But things have only gotten worse from there. There has been a 20% spike in ransomware detections globally in the first half of 2020, rising to 109% in the US. And why is that?

At a basic level, ransomware searches for and encrypts most of the files on a targeted computer, so as to make them unusable. Victims are then asked to pay a ransom within a set time frame in order to receive the decryption key they need to unlock their data. If they don’t, and they haven’t backed-up this data, it could be lost forever.

The trend of late, however, has been to focus on public and private sector organizations whose staff are working from home (WFH). The rationale is that remote workers are less likely to be able to defend themselves from ransomware attacks, while they also provide a useful stepping-stone into high-value corporate networks. Moreover, cybercriminals are increasingly looking to steal sensitive data before they encrypt it, even as they’re more likely to fetch a higher ransom for their efforts than they do from a typical consumer, especially if the remote employee’s data is covered by cyber-insurance.

Home workers are also being more targeted for a number of reasons:

They may be more distracted than those in the office. Home network and endpoint security may not be up to company levels. Home systems (routers, smart home devices, PCs, etc.,) may not be up-to-date and therefore are more easily exposed to exploits. Remote workers are more likely to visit insecure sites, download risky apps, or share machines/networks with those who do. Corporate IT security teams may be overwhelmed with other tasks and unable to provide prompt support to a remote worker. Security awareness programs may have been lacking in the past, perpetuating bad practice for workers at home.

What’s the attack profile of the remote working threat?

In short, the bad guys are now looking to gain entry to the corporate network you may be accessing from home via a VPN, or to the cloud-hosted systems you use for work or sharing files, in order to first steal and then encrypt company data with ransomware as far and wide as possible into your organization. But the methods are familiar. They’ll

Try to trick you into dangerous behavior through email phishing—the usual strategy of getting you to click links that redirect you to bad websites that house malware, or getting you to download a bad file, to start the infection process. Steal or guess your log-ins to work email accounts, remote desktop tools (i.e., Microsoft Remote Desktop or RDP), and cloud-based storage/networks, etc., before they deliver the full ransomware payload. This may happen via a phishing email spoofed to appear as if sent from a legitimate source, or they may scan for your use of specific tools and then try to guess the password (known as brute forcing). One new Mac ransomware, called EvilQuest, has a keylogger built into it, which could capture your company passwords as you type them in. It’s a one-two punch: steal the data first, then encrypt it. Target malware at your VPN or remote desktop software, if it’s vulnerable. Phishing is again a popular way to do this, or they may hide it in software on torrent sites or in app stores. This gives them a foothold into your employer’s systems and network. Target smart home devices/routers via vulnerabilities or their easy-to-guess/crack passwords, in order to use home networks as a stepping-stone into your corporate network.

How can I prevent ransomware when working from home?

The good news is that you, the remote worker, can take some relatively straightforward steps up front to help mitigate the cascading risks to your company posed by the new ransomware. Try the following:

Be cautious of phishing emails. Take advantage of company training and awareness courses if offered. Keep your home router firmware, PCs, Macs, mobile devices, software, browsers and operating systems up to date on the latest versions – including remote access tools and VPNs (your IT department may do some of this remotely). Ensure your home network, PCs, and mobile devices are protected with up-to-date with network and endpoint AV from a reputable vendor. (The solutions should include anti-intrusion, anti-web threat, anti-spam, anti-phishing, and of course, anti-ransomware features.) Ensure remote access tools and user accounts are protected with multi-factor authentication (MFA) if used and disable remote access to your home router. Disable Microsoft macros where possible. They’re a typical attack vector. Back-up important files regularly, according to 3-2-1 rule.

How Trend Micro can help

In short, to close the cyber front door to ransomware, you need to protect your home network and all your endpoints (laptops, PCs, mobile devices) to be safe. Trend Micro can help via

The Home Network: Home Network Security (HNS) connects to your router to protect any devices connected to the home network — including IoT gadgets, smartphones and laptops — from ransomware and other threats. Desktop endpoints: Trend Micro Security (TMS) offers advanced protection from ransomware-related threats. It includes Folder Shield to safeguard valuable files from ransomware encryption, which may be stored locally or synched to cloud services like Dropbox®, Google Drive® and Microsoft® OneDrive/OneDrive for Business. Mobile endpoints: Trend Micro Mobile Security (also included in TMS) protects Android and iOS devices from ransomware. Secure passwords: Trend Micro Password Manager enables users to securely store and recall strong, unique passwords for all their apps, websites and online accounts, across multiple devices. VPN Protection at home and on-the-go: Trend Micro’s VPN Proxy One (Mac | iOS) solution will help ensure your data privacy on Apple devices when working from home, while its cross-platform WiFi Protection solution will do the same across PCs, Macs, Android and iOS devices when working from home or when connecting to public/unsecured WiFi hotspots, as you venture out and about as the coronavirus lockdown eases in your area.

With these tools, you, the remote worker, can help shut the front door to ransomware, protecting your work, devices, and company from data theft and encryption for ransom.

The post Ransom from Home – How to close the cyber front door to remote working ransomware attacks appeared first on .

Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis

We’ve all been spending more of our time online since the crisis hit. Whether it’s ordering food for delivery, livestreaming concerts, holding virtual parties, or engaging in a little retail therapy, the digital interactions of many Americans are on the rise. This means we’re also sharing more of our personal and financial information online, with each other and the organizations we interact with. Unfortunately, as ever, there are bad guys around every digital corner looking for a piece of the action.

The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.

It therefore pays to be careful about how you use your data and how you protect it. Even more: it’s time to get proactive and monitor it—to try and spot early on if it has been stolen. Here’s what you need to know to protect your identity data.

How identity theft works

First, some data on the scope of the problem. In the second quarter of 2020 alone 349,641 identity theft reports were filed with the FTC. To put that in perspective, it’s over half of the number for the whole of 2019 (650,572), when consumers reported losing more than $1.9 billion to fraud. What’s driving this huge industry? A cybercrime economy estimated to be worth as much as $1.5 trillion annually.

Specialized online marketplaces and private forums provide a user-friendly way for cyber-criminals and fraudsters to easily buy and sell stolen identity data. Many are on the so-called dark web, which is hidden from search engines and requires a specialized anonymizing browser like Tor to access. However, plenty of this criminal activity also happens in plain sight, on social media sites and messaging platforms. This underground industry is an unstoppable force: as avenues are closed down by law enforcement or criminal in-fighting, other ones appear.

At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.

There are various ways for attackers to get your data. The main ones are:

Phishing: usually aimed at stealing your log-ins or tricking you into downloading keylogging or other info-stealing malware. Phishing mainly happens via email but could also occur via web, text, or phone. Around $667m was lost in imposter scams last year, according to the FTC. Malicious mobile apps disguised as legitimate software. Eavesdropping on social media: If you overshare even innocuous personal data (pet names, birth dates, etc.,) it could be used by fraudsters to access your accounts. Public Wi-Fi eavesdropping: If you’re using it, the bad guys may be too. Dumpster diving and shoulder surfing: Sometimes the old ways are still popular. Stealing devices or finding lost/misplaced devices in public places. Attacking the organizations you interact with: Unfortunately this is out of your control somewhat, but it’s no less serious. There were 1,473 reported corporate breaches in 2019, up 17% year-on-year. Harvesting card details covertly from the sites you shop with. Incidents involving this kind of “web skimming” increased 26% in March as more users flocked to e-commerce sites during lockdown.

 

The COVID-19 challenge

As if this weren’t enough, consumers are especially exposed to risk during the current pandemic. Hackers are using the COVID-19 threat as a lure to infect your PC or steal identity data via the phishing tactics described above. They often impersonate trustworthy institutions/officials and emails may claim to include new information on outbreaks, or vaccines. Clicking through or divulging your personal info will land you in trouble. Other fraud attempts will try to sell counterfeit or non-existent medical or other products to help combat infection, harvesting your card details in the process. In March, Interpol seized 34,000 counterfeit COVID goods like surgical masks and $14m worth of potentially dangerous pharmaceuticals.

Phone-based attacks are also on the rise, especially those impersonating government officials. The aim here is to steal your identity data and apply for government emergency stimulus funds in your name. Of the 349,641 identity theft reports filed with the FTC in Q2 2020, 77,684 were specific to government documents or benefits fraud.

What do cybercriminals do with my identity data?

Once your PII is stolen, it’s typically sold on the dark web to those who use it for malicious purposes. It could be used to:

Crack open other accounts that share the same log-ins (via credential stuffing). There were 30 billion such attempts in 2018. Log-in to your online bank accounts to drain it of funds. Open bank accounts/credit lines in your name (this can affect your credit rating). Order phones in your name or port your SIM to a new device (this impacts 7,000 Verizon customers per month). Purchase expensive items in your name, such as a new watch or television, for criminal resale. This is often done by hijacking your online accounts with e-tailers. E-commerce fraud is said to be worth around $12 billion per year. File fraudulent tax returns to collect refunds on your behalf. Claim medical care using your insurance details. Potentially crack work accounts to attack your employer.

How do I protect my identity online?

The good news among all this bad is that if you remain skeptical about what you see online, are cautious about what you share, and follow some other simple rules, you’ll stand a greater chance of keeping your PII under lock and key. Best practices include:

Using strong, long and unique passwords for all accounts, managed with a password manager. Enable two-factor authentication (2FA) if possible on all accounts. Don’t overshare on social media. Freeze credit immediately if you suspect data has been misused. Remember that if something looks too good to be true online it usually is. Don’t use public Wi-Fi when out-and-about, especially not for sensitive log-ins, without a VPN. Change your password immediately if a provider tells you your data may have been breached. Only visit/enter payment details into HTTPS sites. Don’t click on links or open attachments in unsolicited emails. Only download apps from official app stores. Invest in AV from a reputable vendor for all your desktop and mobile devices. Ensure all operating systems and applications are on the latest version (i.e., patch frequently). Keep an eye on your bank account/credit card for any unusual spending activity. Consider investing in a service to monitor the dark web for your personal data.

How Trend Micro can help

Trend Micro offers solutions that can help to protect your digital identity.

Trend Micro ID Security is the best way to get proactive about data protection. It works 24/7 to monitor dark web sites for your PII and will sound the alarm immediately if it finds any sign your accounts or personal data have been stolen. It features

Dark Web Personal Data Manager to scour underground sites and alert if it finds personal info like bank account numbers, driver’s license numbers, SSNs and passport information. Credit Card Checker will do the same as the above but for your credit card information. Email Checker will alert you if any email accounts have been compromised and end up for sale on the dark web, allowing you to immediately change the password. Password Checker will tell you if any passwords you’re using have appeared for sale on the dark web, enabling you to improve password security.

Trend Micro Password Manager enables you to manage all your website and app log-ins from one secure location. Because Password Manager remembers and recalls your credentials on-demand, you can create long, strong and unique passwords for each account. As you’re not sharing easy-to-remember passwords across multiple accounts, you’ll be protected from popular credential stuffing and similar attacks.

Finally, Trend Micro WiFi Protection will protect you if you’re out and about connecting to WiFi hotspots. It automatically detects when a WiFi connection isn’t secure and enables a VPN—making your connection safer and helping keep your identity data private.

In short, it’s time to take an active part in protecting your personal identity data—as if your digital life depended on it. In large part, it does.

 

The post Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis appeared first on .

Wireless Networks and Security

Introduction Wireless networks have become an inherent part of our life and we all use wireless networks in some form in our day to day life. Of all the utilities provided by wireless networks, we use wireless networks widely for connecting to the internet. We connect to the internet wirelessly either by router or using […]

The post Wireless Networks and Security appeared first on Infosec Resources.

---

Wireless Networks and Security was first posted on September 30, 2020 at 11:32 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Networking fundamentals (for Network security professionals)

Introduction To understand Network Security, it’s imperative that we understand networking fundamentals and networking basics. In this post, we will be learning about networking basics and fundamentals to get started with Network Security.  We cannot cover whole networking in a single post so we will be focusing only on core networking concepts needed for network […]

The post Networking fundamentals (for Network security professionals) appeared first on Infosec Resources.

---

Networking fundamentals (for Network security professionals) was first posted on September 30, 2020 at 12:03 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Average CCNA salary 2020

Introduction The CCNA (Cisco Certified Network Associate) is one of the most well-known entry-level certifications within the IT industry. Holding this credential proves your ability to install, configure, manage and support small- to medium-sized networks.  A study by CompTIA found that 47% of SMBs see the IT skills gap growing. This IT skills gap is […]

The post Average CCNA salary 2020 appeared first on Infosec Resources.

---

Average CCNA salary 2020 was first posted on September 30, 2020 at 9:12 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

CCNA certification prep: Network fundamentals [updated 2020]

What percentage of the exam focuses on network fundamentals? The network fundamentals section is 20% of the CCNA 200-301’s topics. It’s neither the largest nor the smallest. The fact that the percentage increased from 15% in the previous version indicates that Cisco has emphasized the importance of having a strong base in this topic, on […]

The post CCNA certification prep: Network fundamentals [updated 2020] appeared first on Infosec Resources.

---

CCNA certification prep: Network fundamentals [updated 2020] was first posted on September 29, 2020 at 8:33 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Average CCNP salary 2020

Introduction The CCNP, or Cisco Certified Network Professional, is a certification endorsing IT professionals who have the knowhow and skill to set up, configure and manage local and wide-area networks within an enterprise. CCNP certification takes you through video, voice, wireless and advanced security issues. Since the training module and examinations for the CCNP certification […]

The post Average CCNP salary 2020 appeared first on Infosec Resources.

---

Average CCNP salary 2020 was first posted on September 29, 2020 at 9:59 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Can You Decode Your Teen’s Texting Language?

It’s hard to believe, right, parents? In just a blink or two, you went from being the teenager dropping cool phrases like “rad” and “gnarly” to monitoring a teenager texting words like “lowkey,” “IRL” and “CD9” into her smartphone non-stop.*

For generations, teens have been crafting terms to differentiate themselves from other age groups. The difference today is that smartphone texting has multiplied the scope of that code to include words, emojis, numbers, and hashtags.

The times have changed, fo’ sho.’

Digital Deciphering

You don’t have to speak your child’s language (please don’t). However, with new terms and risks emerging online each day, it’s a good idea to at least understand what they are saying.

Since kids have been spending more time online due to the pandemic, we thought we might discover a few new and interesting terms. We were right. We found stories of teens referring to the Coronavirus as “Miss Rona” and “Rona,” and abbreviating quarantine to “Quar.” A “Corona Bae” is the person you would only plan to date during a lockdown.

Much of the coded language kids use is meant to be funny, sarcastic, or a quick abbreviation. However, there are times when a text exchange can slip into risky territory. Seemingly harmless, text exchanges can spark consequences such as bullying, sextortion, privacy violations, and emotional or physical harm.

Stay Connected

To help kids avoid dangerous digital situations, we recommend three things: 1) Talk early and often with your kids about digital risk and behavior expectations, 2) Explore and use parental monitoring software, and 3) Know your child’s friends and communities online and in real life.

Note: Context is everything. Many of these terms are used in jest or as casual banter. Be sure to understand the context in which a word is used.

A Few Terms You May See **

Flex. This term means showing off. For example, “Look at her trying to flex with her new car.”

Crashy. Description of a person who is thought to be both crazy and trashy.

Clap back. A comeback filled with attitude.

Cringey. Another word for embarrassing.

Hop off. Mind your own business.

Spill tea or Kiki. Dishing gossip.

Sip tea. Listening to gossip.

Salty. Mad, angry, jealous, bitter, upset, or irritated.

“She gave me a salty look in class.”

Extra. Over the top or unnecessarily dramatic.

Left on read. Not replying to someone’s message.

Ghosting. Ending a friendship or relationship online with no explanation.

Neglext. Abandon someone in the middle of a text conversation.

Ok, Boomer. Dismissing someone who is not up to date enough.

(Throw) shade. Insult or trash talk discreetly.

Receipts. Getting digital proof, usually in the form of screenshots.

THOT. Acronym for That H__ Over There.

Thirsty. A term describing a person as desperate or needy. “Look at her staring at him — she’s so thirsty.”

Thirst trap. A sexy photograph or message posted on social media.

Dis. Short for showing blatant disrespect.

Preeing. A word that describes stalking or being stalked on Facebook.

Basic. Referring to a person as mainstream, nothing special. Usually used in a negative connotation.

Chasing Clout. A negative term describing someone trying too hard to get followers on social media.

9, CD9, or Code9, PAW, POS. Parents are around, over the shoulder.

99. All clear, the parents are gone. Safe to resume texting or planning.

KPC. Keeping parents clueless.

Cheddar, Cheese, or Bread. These are all terms that mean money.

Cap. Means to lie as in “she’s capping.” Sending the baseball cap emoji expresses the same feeling. No capping means “I’m not lying.”

Hundo P. Term that is short for “hundred percent;” absolutely, for sure.

Woke. Aware of and outspoken on current on political and social issues.

And I oop. Lighthearted term to describe a silly mistake.

Big oof. A slightly bigger mistake.

Yeet. An expression of excitement. For example, “He kissed me. Yeeeet!”

Retweet. Instead of saying, “yes, I agree,” you say, “retweet.”

Canceled. Absurd or foolish behavior is “canceled.” For example, “He was too negative on our date, so I canceled him.”

Slap or Snatched. Terms that mean fashionable or on point. For instance, “Those shoes are slap” or “You look snatched.”

And just for fun, here’s a laugh out loud video from comedian Seth Meyer’s on teen Coronavirus slang you’ll enjoy on YouTube.

* lowkey (a feeling you want to keep secret), IRL (In Real Life), CD9 also Code9 (Adult Alert used to hide secretive activity). ** Terms collected from various sources, including NetLingo.com, UrbanDictionary.com, webopedia.com, and from tweets and posts from teens online.

The post Can You Decode Your Teen’s Texting Language? appeared first on McAfee Blogs.

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020

During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.

To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.

Thanks to her recent starring roles, American actress Anna Kendrick has found herself at the top of McAfee’s 2020 Most Dangerous Celebrities list.

The Top Ten Most Dangerous Celebrities

You probably know Anna Kendrick from her popular roles in films like “Twilight,” Pitch Perfect,” and “A Simple Favor.” She also recently starred in the HBO Max series “Love Life,” as well as the 2020 children’s film “Trolls World Tour.” Kendrick is joined in the top ten list by fellow actresses Blake Lively (No. 3), Julia Roberts (No. 8), and Jason Derulo (No. 10). Also included in the top ten list are American singers Mariah Carey (No. 4), Justin Timberlake (No. 5), and Taylor Swift (No. 6). Rounding out the rest of the top ten are American rapper Sean (Diddy) Combs (No. 2), Kate McKinnon (No. 9), and late-night talk show host Jimmy Kimmel (No. 7).

Lights, Camera, Security

Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.

With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows and movies to watch. However, people must understand that torrent or pirated downloads can lead to an abundance of cyberthreats. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.

Secure Yourself From Malicious Search Results

Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:

Be careful what you click

 Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.

Refrain from using illegal streaming sites

When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.

Protect your online safety with a cybersecurity solution

 Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.

Use a website reputation tool

 Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.

 Use parental control software

 Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

 

The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.

Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List

Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List

During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.

To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.

The Top Ten Most Dangerous Celebrities

Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).

 

Lights, Camera, Security

Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.

With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.

Secure Yourself From Malicious Search Results

Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:

Be careful what you click

Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.

Refrain from using illegal streaming sites

When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.

Protect your online safety with a cybersecurity solution

 Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.

Use a website reputation tool

Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.

Use parental control software

Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

 Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.

How Searching For Your Favourite Celebrity May Not End Well

How Searching For Your Favourite Celebrity May Not End Well

2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, many of us have devoured digital content to entertain ourselves. But our love affair with online entertainment certainly hasn’t gone unnoticed by cybercriminals who have ‘pivoted’ in response and cleverly adapted their scams to adjust to our insatiable desire for content.

Searching For Our Favourite Celebrities Can Be A Risky Business

Cybercriminals are fully aware that we love searching for online entertainment and celebrity news and so devise their plans accordingly. Many create fake websites that promise users free content from a celebrity of the moment to lure unsuspecting Aussies in. But these malicious websites are purpose-built to trick consumers into sharing their personal information in exchange for the promised free content – and this is where many come unstuck!

Who Are The Most Dangerous Celebrities of 2020?

McAfee, the world’s leading cybersecurity company, has researched which famous names generate the riskiest search results that could potentially trigger consumers to unknowingly install malware on their devices or unwillingly share their private information with cybercriminals.

And in 2020, English singer-songwriter Adele takes out the top honours as her name generates the most harmful links online. Adele is best known for smashing the music charts since 2008 with hit songs including ‘Rolling in the Deep’ and ‘Someone Like You’. In addition to her award-winning music, Adele is also loved for her funny and relatable personality, as seen on her talk show appearances (such as her viral ‘Carpool Karaoke’ segment) and concert footage. Most recently, her weight-loss and fitness journey have received mass media attention, with many trying to get to the bottom of her ‘weight-loss’ secrets.

Trailing Adele as the second most dangerous celebrity is actress and star of the 2020 hit show Stan ‘Love Life’ Anna Kendrick, followed by rapper Drake (no. 3), model and actress Cara Delevingne (no. 4), US TikTok star Charli D’Amelio (no. 5) and singer-songwriter Alicia Keys (no. 6). Rounding out the top ten are ‘Sk8r Boi’ singer Avril Lavigne (No. 7), New Zealand rising music star, Benee (no. 8), songstress Camila Cabello (no. 9), and global superstar, singer and actress Beyonce (no. 10).

Aussies Love Celebrity Gossip

Whether it was boredom or the fact that we just love a stickybeak, our love of celebrity news reached new heights this year with our many of us ‘needing’ to stay up to date with the latest gossip from our favourite public figures. Adele’s weight-loss journey (no.1), Drake’s first photos of ‘secret son’ Adonis (no. 4), and Cara Delevingne’s breakup with US actress Ashley Benson (no. 5), all had us Aussie fans flocking to the internet to search for the latest developments on these celebrity stories.

We’ve Loved New Releases in 2020

With many of us burning through catalogues of available movies and TV shows amid advice to stay at home, new release titles have definitely been the hottest ticket in town to stay entertained.

Rising to fame following her roles in ‘Twilight’ and musical comedy ‘Pitch Perfect’, Anna Kendrick (no. 2) starred in HBO Max series ‘Love Life’ which was released during the peak of COVID-19 in Australia, as well as the 2020 children’s film ‘Trolls World Tour’. R&B and pop megastar Beyonce (no. 10) starred in the 2019 remake of Disney cult classic ‘The Lion King’ and released a visual album ‘Black Is King’ in 2020.

Music Has Soothed Our Souls This Year 

While live concerts and festivals came to a halt earlier this year, many of us are still seeking music – both old and new – to help us navigate these unprecedented times. In fact, musicians make up 50% of the top 10 most dangerous celebrities – hailing from all genres, backgrounds and generations.

Canadian rapper Drake (No. 2) sparked fan interest by dropping his ‘Dark Lanes Demo Tapes’ album including hit songs ‘Chicago Freestyle’ and ‘Tootsie Slide’ that went massively viral on TikTok. New Zealand singer Benee also came out of the woodwork with viral sensations Supalonely and Glitter topping charts and reaching global popularity on TikTok.

Known for her enormously successful R&B/Soul music in the early 2000s, Alicia Keys (no. 6) released a string of new singles in 2020. Camila Cabello’s ‘Senorita’ duet with Canadian singer and now boyfriend Shawn Mendes, was Spotify’s most streamed song of 2019. The couple continued to attract copious attention as fans followed stories reporting on the lovebirds self-isolating together in Miami earlier this year.

How to Avoid Getting Caught In An Online Celebrity Scam

Please don’t feel that getting caught by an ill-intentioned cybercrime is inevitable. If you follow these few simple tips, you can absolutely continue your love of online entertainment and all things celebrity:

1. Be Careful What You Click

If you are looking for new release music, movies or TV shows or even an update on your favourite celebrity then ALWAYS be cautious and only click on links to reliable sources. Avoid ‘dodgy’ looking websites that promise free content – I guarantee these sites will gift you a big dose of malware. The safest thing is to wait for official releases, use only legitimate streaming sites and visit reputable news sites.

2. Say NO to Illegal Streaming and Downloading Suspicious Files

Yes, illegal downloads are free but they are usually riddled with malware or adware disguised as mp3 files. Be safe and use only legitimate music streaming platforms – even if it costs a few bucks! Imagine how devastating it would be to lose access to everything on your computer thanks to a nasty piece of malware?

3. Protect Your Online Safety With A CyberSecurity Solution

One of the best ways of safeguarding yourself (and your family) from cybercriminals is by investing in an  comprehensive cybersecurity solution like McAfee’s Total Protection. This Rolls Royce cybersecurity package will protect you from malware, spyware, ransomware and phishing attacks. An absolute no brainer!

4. Get Parental Controls Working For You

Kids love celebrities too! Parental control software allows you to introduce limits to your kids’ viewing which will help minimise their exposure to potentially malicious or inappropriate websites when they are searching for the latest new on TikTok star Charlie D’Amelio or go to download the latest Benee track.

I don’t know how my family of 6 would have survived this year without online entertainment. We’ve devoured the content from three different streaming services, listened to a record number of hours on Spotify and filled our heads with news courtesy of online news sites. And while things are looking up, it will be a while before life returns to normal. So, please take a little time to educate your family on the importance of ‘thinking before you click’ and the perils of illegal downloading. Let’s not make 2020 any more complicated!!

Stay safe everyone!

 

Alex x

The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.

What You Need to Know About Among Us

Among Us – one of the Most Popular Online Game of 2020

(pictured credit: axel 795, Pixabay)

If you have teens and you haven’t yet heard of ‘Among Us’ then I guarantee it won’t be long. Among Us is an online deception and strategy game that is having a real moment worldwide. Over the last six months, it has amassed 85 million players on both PC and mobile. In September, it broke the all-time record-setting peak player ceiling on Steam when nearly 400,000 people played it simultaneously and, Google Trends reports that there were 50 times more Google searches for it at the beginning of October, as compared to the beginning of August.

What’s The Game About?

Among Us is an online multi-player game that is set on a failing spaceship. Suitable for up to 10 players, it has been compared to ‘Murder in the Dark’ or ‘Murder Wink’ – the old-school party game you may have played as children.

At the start of the game, you’re advised whether you are a regular crew member or an imposter. Crew mates are tasked with completing small tasks that benefit the spaceship eg cleaning our air-conditioning ducts whereas imposters (between 1-3 players) create havoc on the spaceship and seek out victims to kill – without letting anyone know.

Every time a dead body is found, a crewmember will call a meeting to workshop who they think the imposter is. This is one of the few times players can talk to each other. As you can imagine, this can get very heated (and entertaining) as players try to implicate others and remove themselves from focus. All players then vote on who they think the imposter is – and the player with the most votes is ejected from the spaceship’s airlock.

Crewmates win by managing to repair the ship and eject all the imposters while the imposter wins by killing all the crewmates before they complete their jobs.

Why Has It Become So Popular?

Among Us was actually launched in 2018 but to little fanfare. But the planets have aligned for the developers at InnerSloth and it has become one of the biggest online games ever. In fact, it’s so successful that the developers have abandoned plans for a sequel and are instead, investing their resources into perfecting the original.

There’s no doubt that pandemic life has contributed to the popularity of Among Us with many touting it as the ultimate group party game. In fact, some believe it brings all the energy and pizazz of board game night – just virtually.

It is extremely easy to learn. So, if you aren’t a gamer with years of experience (that’s me) you can absolutely play. This concept has been described by popular YouTube gamer Pegasus as ‘ingenious’ for its simplicity, and praised for its ‘extremely social’ nature.

The game is also very well priced. In fact, it’s free on mobile – but you will have to view some ads. And it’s only around $7 on a PC – so much cheaper than anything my kids have played in years!

What Parents Are Asking

Is it Suitable?

The Classification Board here is Australia gives Among Us a PG rating which means the content is mild in impact. But they do state that PG rated content is ‘not recommended for viewing by people under the age of 15 without guidance from parents, teachers or guardians.’

In Australia, the game is rated as suitable for 9+ on the App Store. On Google Play it is nominated as suitable for ages 10+.

The role of the imposter in the game to hunt and murder players is aggressive and violent. Yes, it is a cartoon-like visual which does reduce the impact but there are still bodies left lying around after the deed is done.

Parents know their children the best. Absolutely take heed of the advice, but ultimately, you need to decide what’s suitable for them. If you do decide to let your younger children play – or they’ve already discovered it – please talk about violence in video games. Does watching violent images make them feel scared or more aggressive? Do they feel better if they talk about it or, in fact, choose to watch something less violent?

Can They Chat With Strangers During The Game?

There is opportunity to chat with strangers in the game but it is less than most online games. Players can chat in the online waiting room before a game starts and of course, there is also interaction in the meetings during which the group tries to work out who the imposter is. Enabling the censor chat mode is a good option here – this limits word and aims to block out expletives however I understand that isn’t completely fool proof.

But you can choose to play the game offline, locally, which means you play only with people you know. You simply share a generated code with the players you want to join the game. I highly recommend this for younger children and teens or if you want to play the game as a family. The game can be played with as few as four players which makes an offline game far easier to get happening.

Does It Share A Positive Message?

Both trust and deceit are at the core of this game. Learning who to place your trust in is part of being a successful crewmember in Among Us whilst being a master of deceit will win you the game as an imposter.

You could argue that these themes are no different to playing Murder in the Dark or even the old classic Cluedo. However, I would absolutely have a conversation with your kids about the difference between real life and online (or gaming) life. Why not weave it into your dinnertime conversation?

My boys are really enjoying playing Among Us, in fact – we have earmarked this weekend for a family game. But please ensure you are comfortable with the game before you give your kids the green light. And if you do, be assured that one of the reasons this game is so popular is because players feel like they are part of a community – and isn’t that what we all need at the moment?

‘till next time.

Alex xx

The post What You Need to Know About Among Us appeared first on McAfee Blogs.

Here’s What I’m Doing to Avoid Being Caught Up in A Puppy Scam

In November last year, we lost our much-loved family dog. We were all so devasted. Harley was a very handsome black and white Cavoodle who died from a paralysis tick bite after giving us 12 years of love. After lots of tears and weeks of sadness, we have decided it’s time to start our search for another fur baby.

But it seems we are not the only ones in the market for a new puppy. Thanks to COVID and our new very home focussed lives, puppies have been in hot demand since early 2020 and they still are. What better way to deal with lockdown loneliness and a home-based existence than a brand-new ball of fluff!

Over the last few weeks, I’ve spoken to multiple breeders from all around Australia who have over 50 families waiting for a puppy! A Portuguese Water Dog breeder told me yesterday that it would be 2023 before she could offer me a puppy!! So,

And this trend hasn’t gone unnoticed by cybercriminals with the Australian Competition and Consumer Commission (ACCC) reporting a four-fold increase in puppy scams in 2020!! In fact, a whopping $1.6 million was scammed from unsuspecting Aussies simply looking for a ball of fur to love between January and October 2020.

So, how do you avoid being caught up in a puppy scam and losing money? Here’s what I’m doing to ensure we don’t get swindled while we search for our new puppy:

1. Take Your Time

Cybercriminals rely on us being in a rush and not doing our homework. A quick google search for popular dog breeds such as Cavoodles, Labradors or Dachshunds will yield pages of results, not all of them legit!

Scammers are very talented at making their sites look genuine. They will copy photos of puppies and breeders from legitimate sites and will even use certificates and identification numbers from these legitimate breeders too. Quite often the only detail that differs is the contact telephone number and email address.

Facebook and Instagram ads are also created using these details too making it very hard to identify what is legitimate and what isn’t.

2. Do Your Homework

Doing your due diligence is the best way to prevent becoming a victim of a puppy scam. Even if the person on the end of the phone sounds delightful and the pictures are gorgeous, you owe it to yourself – and your bank account – to ensure you are dealing with a legitimate breeder. Here’s what I recommend you do:

• Google the name of the breeder to ascertain whether they have NOT been caught up in a scam.
• Always ring the association that the breeder says they are registered with and crosscheck all the information you have been given.
• As most puppies come vaccinated and microchipped, ask the breeder to share contact details of the veterinary clinic the puppy has been to.

3. Photos and Video Chat

If you are not able to pick up your pet in person, requesting photos and even a video call with the breeder and your potential puppy is essential.

Ask the breeder for multiple photos of the pet with specific items – this help you ascertain that the pet is real and not photoshopped. A recent newspaper is a great item to suggest.

However, a video call is probably the best way of giving you total piece of mind. Yes, it maybe crazy and noisy but there’s nothing like seeing something with your own eyes to satisfy yourself that it is real and not photoshopped!

4. Trust Your Gut

We all have a 6^th sense and now is the time to use it:

• If the breeder is trying to push for the sale as they are moving to a new house or are unwell, be suspicious.
• If the breeder is putting pressure on you to deposit funds to secure your puppy ASAP, be suspicious.
• If the breeder is asking an inflated price for the pet, be suspicious. Do your research so you know what an average asking price would be.
• If email communication with breeder has signs of broken English or poor grammar, be very suspicious.

I can’t imagine our family without pets. They play such an important, cohesive role and we take such joy in sharing photos of our crazy cats and their weird antics on our family group chat.

Next week, we are going to pickup our new puppy. After much debate about breeds, we have chosen a tri coloured beaglier – male of course! The breeder sounds delightful over the phone and the pictures are gorgeous. But just to ensure total piece of mind, I am driving nearly 7 hours to pick up our new fur baby in person. I’ll be sure to share some photos!

Happy pet shopping!

Alex xx

The post Here’s What I’m Doing to Avoid Being Caught Up in A Puppy Scam appeared first on McAfee Blogs.

How 2020 Has Shaped The Way We Live Our Lives

How 2020 Has Shaped The Way We Live Our Lives

I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left my study – or changed out of my pyjamas!! Ssshhh!! Because it’s all happened online…

Are our 2020 Habits Here to Stay?

Of course, some of us embraced the benefits of the online world long before 2020 but the Pandemic forced almost everyone to replace our in-person activities and routines with online ones. New research from McAfee in their 2021 Consumer Security Mindset Report shows that 72% of Aussies made changes in their online activities last year out of convenience which makes complete sense!

But what’s so interesting is that now we have these super handy new online routines in place – we aren’t that keen to give them up! McAfee’s report shows that 76% of Aussies are planning on continuing with online banking, 59% of us want to keep connecting with friends and family online and 55% of us remain totally committed to online shopping! Hear, hear, I say! I am absolutely staying that course too!!

But What About The Risks?

There’s no doubt that there is a lot of upside to managing our lives online but unfortunately there is also a downside – increased risk! The more time spent online, the greater the chance that we will be exposed to potential risks and threats such as phishing attacks, entering details into malicious websites or even becoming a victim of fraud.

McAfee’s research shows that we are aware of the risks of being online. In fact, 66% of us are concerned about the potential dangers of living our lives online with losing control of our financial data top of the list for the majority of us. And almost 2/3 (65%) of us are also worried about having our social media accounts hacked.

But pandemic life has meant that we are now a lot more comfortable with sharing information online. Whether it’s paperless transaction records, text and email notifications, opting to stay logged in or auto-populating forms with our credit card, this level of online sharing does make life so convenient but it can be a risky business! Why, I hear you ask? Because these conveniences usually only work when you share multiple pieces of your contact details. And the more you share, the greater your chance of being hacked or compromised. But the report was very clear – if we can make our online life more seamless then we are only too happy to share our key contact information! Oh dear!!

‘Why Would Hackers Want My Data?’

In addition to confessing that they don’t always take the necessary security precautions, Aussie consumers in McAfee’s report also admitted that they haven’t thought about why hackers might want their data. I don’t know how many people tell me that they don’t need to really bother with a lot of online precautions because they live a pretty boring life and don’t spend that much time online.

But this is a very dangerous way to think. Your online data is like a pot of gold to hackers. Not only can they use it to possibly steal your identity and try to empty your bank accounts but they can also on-sell it for a profit. But the majority of Aussies don’t stop to consider this with the research showing that 64% of Aussies have never considered just how valuable their online data is worth.

Hackers are ALWAYS on the lookout for new ‘up-to-date’ ways to exploit others for money. Don’t forget how quick they were to conjure up scams around COVID in early 2020 – it was just a matter of weeks before Aussies received phishing emails and malicious text messages with the aim of extracting personal information from vulnerable consumers.

But, encouragingly, 85% of Aussies said they would be far more proactive about managing their data if it could be traded as a currency.

How To Protect Your Digital Life

The good news is that there are ways to secure your online life and minimise the risk of being hacked. Here are my top tips:

1.Always Use Multi-Factor Authentication

Yes, it might take a minute or 2 more, but using multi-factor authentication is an easy way to add an additional layer of security to protect your personal data and information. Commit to using it wherever it is offered!

2.Use a VPN

If you live your life out & about like I do then you’ll be very tempted to use Wi-Fi. Using public Wi-Fi to conduct transactions, particularly financial ones is a big no-no! It takes keen hackers minimal effort to set up a fraudulent wi-fi service which could easily fool a busy person into connecting. Using a Virtual Private Network (or VPN) like McAfee® Safe Connect, is the best way of ensuring everything you share over Wi-Fi is safe and secure.

3.Sign Up For A Site Advisor

Browsing the internet with a tool like the McAfee WebAdvisor is a great way of ensuring dangerous malware is blocked if you click on a malicious link in a phishing email. You’ll have real peace of mind knowing you can manage your online life while someone looks out for you!

With 4 kids, 3 pets, 2 jobs – I know I could never get to the bottom of my ‘to-do’ lists without managing the bulk of it online. I often think I should send the internet an e-card at Christmas!! Of course, I understand why corners are cut and precautions are overlooked when we all feel so stretched for time. But just think about how much more time it would take if you were hacked and had to spend hours on the phone to your bank or if you had to reconfigure all your online accounts and social media platforms!!

So, you know what you need to do! Stay safe online everyone!

 

The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.

Are You Still on the Fence About a Family VPN?

Chances are, you’ve heard the term VPN more and more lately but still can’t figure out exactly what it does or if your family needs one. You aren’t alone. The short answer is yes—you need a VPN on your family devices—and here’s why.  

One of the main reasons you’re hearing more about VPNs is that cybercrime and data breaches are skyrocketing—especially since the pandemic. Cybercriminals are devising more inventive ways to grab and misuse your data. Subscribing to a VPN service is one of the most practical and powerful ways consumers can fight back.  

What’s a VPN? 

VPN is an acronym for Virtual Private Network. And while it sounds complicated, it’s not. A VPN is an app you install on family devices to help keep data and online activity secure while using public Wi-Fi. Pretty simple, right? 

How does it work? 

When you connect your computer or phone to a VPN, the service sends your network traffic through the VPN server before going to the public Wi-Fi server. Because a VPN scrambles data, should a bad actor try to access your activity, all they will see is gibberish.  

 A VPN encrypts internet traffic and then bounces it around until it becomes scrambled, helping block geolocation-based tracking and offering more protection than an open network. Encryption makes it harder for cyber crooks to decipher your location, data, and online activity for malicious purposes.  

Benefits of a VPN 

1. Reduces risk on the go. 

Anytime you or another family member uses public Wi-Fi—to stream, shop, or game—it’s possible that others can see your traffic. However, a VPN will encrypt your activity so that all a potential hacker will see is gibberish. 

2. Gives kids extra protection. 

A VPN is a safeguard if your kids forget to turn off the Wi-Fi auto-connect feature on their phones. This can be a powerful feature if your kids connect to social networks, shopping, banking, or gaming sites throughout the day from locations outside the home.  

3. Restricts data mining. 

A VPN configured correctly can also keep companies from sharing your browsing habits and information with third parties. 

4. Multiple device security. 

If everyone in your family has two devices and you have five family members, a bad actor has up to 10 potential entry points to steal your data or instigate a scam. With cybersecurity threats on the rise, a VPN provides security for all users on multiple devices, regardless of their safety habits. 

Top VPN Features 

When shopping for the best VPN for your family, it’s easy to get lost in an ocean of features. Here’s a shortcut to help you with the VPN features best for your family. Look for: 

1. Bank-grade encryption. 

A quick search will render dozens of VPN options and not all protect consumers. Approximately 38% of Android VPN apps in the Google Play Store (some free) install malware rather than block it. Another study found that of 283 free VPN providers, 72% included trackers. Because of this standard practice, it’s essential to do your research and choose a VPN that delivers bank-grade encryption. Note: Many free VPNs make their money by sharing your data with third parties.  

2. Unlimited bandwidth. 

Choose a VPN that allows you to maintain a secure network connection no matter how much time you spend online. 

3. Efficient speed. 

With more work and school now remote, consider choosing a high-speed VPN that improves privacy without sacrificing the quality of your connection. 

4. Access to virtual locations. 

Consider a VPN server that shows a different location than your point of entry, a feature that enhances anonymity, location, and browsing history. For example, you may be getting online in the United States, but your VPN server might show you are connected in Italy.  

What’s your digital defense? 

It’s important to note that a VPN does not provide 100% protection from cyber threats. However, to date, it is one of the safest ways your family can simultaneously enjoy the convenience of the internet and reduce risk on public Wi-Fi.

McAfee Total Protection subscribers already have access to unlimited VPN usage. If you haven’t already signed up, now’s a perfect time. McAfee Total Protection provides security for all your devices while your family shops, banks, games, and browses online. 

The post Are You Still on the Fence About a Family VPN? appeared first on McAfee Blog.

“To the moon!” Cryptocurrency hamster Mr Goxx trades online 24/7

Here's a happy cryptocurrency story for once, with not a cybercrook in sight.

Teen Slang and Texting Acronyms Parents Should Know

If you pick up your teen’s phone on any given day, chances are the next stop you make will be Google. That’s because, if you’re like most parents, you’re beyond baffled by texting language kids use.  

It’s okay, you are not alone if you feel out of the loop. As parents, we’re not invited to the party—and that’s okay. Slag belongs to the generation that coined it. And few of us are aching to use words like “sus” and “simp,” right? The goal of these updates isn’t to decode or invade.  It’s digital parenting 101. The more we know about what’s going on in our child’s world, the better we can parent. It’s our job to know.  

So once a year we do our best to decipher some of the more common terms you may hear or see your kids use. Keep in mind: Slang isn’t universal. It changes from city to city and culture to culture. Terms and meanings may vary. Many of the words are fun and harmless, while others are specifically meant to mask risky behavior.  Remember, McAfee frees you to live your connected life safe from threats like viruses, malware, phishing, and more. Download award-winning antivirus that protects your data and devices today.

Here are a sampling of terms, acronyms, and phrases we came across this year*. 

Terms, Phrases & Acronyms

A real one. A person who is being authentic, genuine, trusted. 

And I oop. A phrase used after a funny mistake or accident.  

Awks. Short for awkward.  

Baddie. Name for an independent female who is tough and beautiful. 

Bands. Refers to bands around cash or a wealthy person. No doubt, the dude’s got bands.  

Bet. A willingness to do something; means “yes” or “okay.”  

Big yikes. When you see something, that is a huge embarrassment.  

Booed up. To be in a romantic relationship. 

Bop. A really good song. That song is such a bop! 

Bread or Cheddar. Terms that refer to money.  

Breadcrumbing. Sending flirtatious text messages to another person to get their attention but remain non-committal. 

Bussin. Something is awesome. Her new hair color is bussin’. 

Cake. When someone’s body looks good. The girl in my science class has cake.  

Cancel. Reject or stop supporting a group or idea.  

Cap. A term that means “lie” or “false.” He said we were a couple. Cap! 

No cap. A phrase that means “no lie” or “for real” emphasizes telling the truth. I just saw him eat a bug. No cap! 

CEO. A term used to describe something that you’re very good at, making you the CEO of it. I’m the CEO of being late to class.  

Cheug. This term describes a person, idea, or situation that is outdated or inauthentic.  

Clout. A term that relates to a person’s follower count, fame, or influencer status. Sometimes an expression for an extravagant way of living.  

Chasing Clout. A term that describes a person who does and says things for the sole purpose of becoming more popular. 

Curve. To reject someone romantically. 

Cuffing. Wanting to date or cuff yourself to someone temporarily—at least until summer break.  

Do it for the gram. A phrase that describes someone doing something for the sole purpose of posting online. 

Drip. A term that describes someone’s style as sexy or cool. Zayne has some serious drip.  

Facts. When you agree with someone.  

Finsta. A second Instagram account used for sharing with a smaller circle of friends and followers.  

Fish. Fishing for compliments. 

Fit. Short for outfit. 

Flex. To show off or show something off.  

Get after it. Start with something with intensity. 

Ghost. Suddenly stop all contact with someone online and in person. 

Hundo P. Being 100% certain.  

Hypebeast. A term that describes someone who cares too much about popular things rather than being self-aware and genuine. 

I’m dead. Describes how you feel when something is hilarious. 

I’m weak. Like, dead, describes how you feel when something is hilarious. 

I can’t even. An expression used when you’ve had enough of someone or a situation.  

Keep it 100. Stay true to yourself and stick to your values. 

Lewk. Look.  

Left on read. When someone does not respond to your text. He left me on read! 

Lit. Cool or awesome. 

Mood. A term used to express a relatable feeling or experience. Seeing that kid by himself kicking a can is such a mood. 

Mutuals. People who follow and support one another on social media.  

Oof. An expression used when something bad happens, and you don’t know how to respond.  

Periodt. A term used to emphasize what you just said.  

Purr. Expressing approval. I’ve got nothing but purr for my friends.  

Receipts. Evidence to prove someone is either lying. Often in the form of screenshots, videos, or images.  

Savage. A cool person or someone overly direct or candid. 

Sketch. A sketchy or ominous situation, place, or person.  

Skrrt. To leave quickly or get away from someone (the sound a car makes).   

Ship. Short for relationship.  

Simp. Used to describe a guy who is seen as being too attentive and submissive to a girl.  

Sheesh. A term used to compliment someone when they look good or do something good.  

Suh. A combination of “sup” and “huh” used as a greeting. 

Sus. Short for suspect describing a situation, a person, or a claim. That guy is sus. Let’s get out of here.  

Shawty. An attractive female. Sometimes a short, attractive female.  

Sheee. An expression of disappointment, annoyance, or surprise. 

Slaps. A term used when something is awesome. The DJ slaps. 

Snatched. Describing a person or a thing that looks great. I’m jealous her makeup is so snatched.  

Stan. A combination of “stalker” and “fan” refers to an overly obsessed fan of a celebrity.  

Straight Fire or Fire. Describes something amazing. His new truck is straight fire. 

Thumpin’. Word to describe someone going very. I didn’t even see him leave. He was thumpin’. 

Vaguebooking. The act of posting vague Facebook or other social status updates for attention or as a cry for help. Wondering what the point of it all is anyway. 

Whip. A word that means car. Have you seen his new whip? 

Wig. When something has you so excited, your wig might come off; mind-blowing. The new Adele song!! WIIIIGGG! 

Yeet. Throwing something out of rage. Also used as an exclamation for being excited.  

NGL. Not Gonna Lie. 

NMH. Nodding My Head; an expression of agreement.  

NSA. No Strings Attached.  

HWU. Hey, what’s up? 

IYKWIM. If You Know What I Mean.  

RLY. Really? 

OG.Short for Original Gangster;a compliment for someone who is exceptional or authentic. 

ORLY. Oh really?

SMH. Shaking My Head. 

TFW. That Feeling When 

TT2T. Too Tired to Talk.  

L. Short for loose or loss. 

V. Short for very. 

W. Short for win. Their loss is our w.   

WYA. Where are you at? 

WYD. What are you doing? 

YK. You’re Kidding.

YKTS. You Know the Score. 

YKTV. You know the vibe.
 

(Potentially) Risky Terms & Acronyms

Addy/Study Buddy. Terms used in place of the medication Adderal.

Break Green. A term that means to share marijuana with others. 

Crashy. Combo of “crazy” and “trashy.”  

Daddy. An attractive man, usually older, who conveys a sense of power and dominance.

Faded/Cooked. Terms used to describe being high on drugs.  

Lit/Turnt Up. It can mean party or get drunk.  

MOS/POS. Mom Over Shoulder; Parent Over Shoulder.

Kush/Flower/Gas. Terms used in place of marijuana. 

Smash. To hook up for casual sex. Is he a smash or a pass? 

Thirsty. Adjective for a person desperate for attention or sex. 

Xan/Xans. Terms short for Xanax, a sedative used to treat anxiety. Also called xanny, beans, bars, and footballs. 

ASL. Age/sex/location. 

CD9. Can’t talk parents are here. 

CU46. See You For Sex. 

GALMA. Go Away Leave Me Alone.  

GOMB. Get Off My Back.  

GSW. Get Some Weed.  

LMIRL. Let’s meet in Real Life. 

KMS/KYS. Kill myself, Kill Yourself. 

ONG. On God; a term that implies a person is serious enough to swear “on god.” 

ONS. One Night Stand. 

Spice or K2. Code for synthetic marijuana, which can be more harmful than actual cannabis.  

URAL. You’re A Loser. 

WWTP. Want to Trade Pics? 

X or E. Letters that stand for ecstasy, otherwise known as “molly” or MDMA.  

Zaddy. A well-dressed, attractive man of any age. 

Zerg. A term that originated in the gaming community for gamers using the many against one strategy to win a game. A Zerg is a person who employs the same bullying tactics in real life. Stay away from him. He’s such a Zerg! Or Stay off that site. There’s too much zerging.  

Protect your connected life today with McAfee Total Protection

*Content collected from various sources, including NetLingo.com, slangit.com, cyberdefinitions.com, UrbanDictionary.com, webopedia.com, and conversations on TikTok, Reddit, and YouTube.  

The post Teen Slang and Texting Acronyms Parents Should Know appeared first on McAfee Blog.

Clearview AI face-matching service set to be fined over $20m

Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.

Cyberbullying: Words do Hurt When it Comes to Social Media

Most parents may find it difficult to relate to today’s form of cyberbullying. That’s because, for many of us, bullying might have come in a series of isolated, fleeting moments such as an overheard rumor, a nasty note passed in class, or a few brief hallway confrontations. 

Fast forward a few dozen decades, and the picture is spectacularly different and a world few adults today would eagerly step into.  

Cyberbullying includes targeting that is non-stop. It’s delivered digitally in an environment that is often anonymous. It’s a far-reaching, esteem-shattering, emotional assault. And the most traumatic component? The perpetual nature of the internet adds the ever-present threat of unlimited accessibility—kids know bullying can happen to anyone, at any time, and spread like wildfire.   

The nature of cyberbullying can make a young victim feel hopeless and powerless. Skipping school doesn’t stop it. Summer vacation doesn’t diminish it. That’s because the internet is ever-present.   

According to a 2020 Ditch the Label Cyberbullying Study, youth today reveal that carrying the emotional weight of being “connected all the time” is anything but fun and games. Here’s a snapshot. 

• Bullying has increased by 25% each year since the survey’s inception in 2006.   
• 46 % of the respondents reported being bullied more than once, and 20% reported bullying others on social networking sites. 
• 33% of young people surveyed said that they believe the behavior of politicians influences how people treat each other at school. 
• 25% of those surveyed say they feel “lonely all of the time.” (Executive commentary added that since the onset of the pandemic onset, those numbers have increased).  
• 50% of those bullied felt targeted because of attitudes towards their physical appearance.  
• 14% of respondents said they never like themselves; 24% said they do but rarely. 
• 42% of youth respondents revealed they have battled with anxiety. 
• 25% said they deal with depression; 21% with suicidal thoughts. 
• Leading mental health stressors include school pressures, exams, body image, feelings of loneliness, and grief.  

Who Is Most Vulnerable? 

While all kids are at risk for cyberbullying, studies reveal that some are more vulnerable than others.  

According to the Pew Research Center, females experience more cyberbullying than their male counterparts; 38% of girls compared to 26% of boys. Those most likely to receive a threatening or aggressive text, IM, or email: Girls ages 15-17.  

More data from the CDC and American University reveals that more than 28.1 % of LGBTQ teens were cyberbullied in 2019, compared to 14.1% of their heterosexual peers. In addition, Black LGTBQ youth are more likely to face mental health issues linked to cyberbullying and other forms of bullying as compared to non-Black LGTBQ and heterosexual youth.  

Another community that can experience high cyberbullying is gamers. If your child spends a lot of time playing online games, consider paying close attention to the tone of conversations, the language used, your child’s demeanor during and after gaming, and, as always, stay aware of the risks. In a competitive gaming environment that often includes a variety of age groups, cyberbullying can quickly get out of control.  

Lastly, the reality no parent wants to confront—but one that is critical to the conversation—is that cyberbullying and suicide may be linked in some ways. According to JAMA Pediatrics, approximately 80% of young people who commit suicide have depressive thoughts, and in today’s online environment, cyberbullying often leads to more suicidal thoughts than traditional bullying.  

5 Things Parents Can Do 

1. Be a Plugged-In Parent. If you haven’t already, make 2022 the year you double up your attention to your kids’ online activities and how they might be impacting them emotionally. Kids connect with new people online all the time through gaming platforms, group chats, and apps. Engage them. Understand what they like to do online and why. Be aware of shifts in behavior, grades, and sleeping patterns. Know the signs that they may be experiencing online bullying.   
2. Layer Up Your Power. Kids need help with limits in a world of unlimited content and parents get busy. One remedy for that? Consider allowing technology to be your parenting partner—additional eyes and ears if your will—to help reduce the risk your kids face online. Parental controls on family devices can help you pay closer attention to your child’s social media use and assist you in filtering the content that’s rolling across their screens. Having the insight to connect your child’s mood to the time they spend on specific apps may provide a critical shortcut to improving their overall wellbeing.  
3. Prioritize Community. Feeling supported and part of a solid offline community can make a significant difference in a child’s life. One survey of teens aged 12-17 found that social connectedness played a substantial role in reducing the impact of cyberbullying. 
4. Don’t prohibit, limit. If you know your child is having a tough time online, it’s important not to overreact and restrict device use. They need peer connection. It’s their culture. Consider helping them balance their time and content online. Please talk about the pros and cons of specific apps, role play, teach them how to handle conflict, and encourage hobbies and meetups that are not technology dependent.  
5. Provide Mental Health Support. We are living in unique times. The digital, cultural, social, political, and health concerns encircling our kids remain unmatched. Not all signs of emotional distress will be outward; some will be subtle, and some, even non-existent. That’s why it’s essential to consistently take the time to assess how your child is doing. Talk with your kids daily, and when you notice they may need additional help, be prepared to find resources to help.  

Conclusion 

Each new year represents 365 new days and 365 new chances to do things a little bit better than we’ve done them in the past. And while it’s impossible to stop our kids from wandering into the crossfire of hurtful words online, we can do everything possible to reduce their vulnerability and protect their self-esteem.  

The post Cyberbullying: Words do Hurt When it Comes to Social Media appeared first on McAfee Blog.

ISE business value and ROI uncovered in Forrester study

Forrester Consulting recently conducted an independent analysis of five organizations using Cisco Identity Services Engine (ISE), the industry-leading network access control solution, to uncover the business value of ISE. The commissioned study conducted by Forrester Consulting on behalf of Cisco, “The Total Economic Impact of Cisco Identity Services Engine (ISE),” published in March 2022, highlighted a total payback period of only 11 months within a composite organization that was built from data compiled across the participants in the research. The study showed that the composite organization received a 191% ROI over the first three years use of use, with a current returned value of $1.03 million across many categories, including:  

• Improved security impact from breaches: 44% of total  
• Reduced IT costs with automation: 33% of total  
• Improved business outcomes, such as employee productivity: 23% of total  

The research by Forrester into customer utilization and the related business value comes at a time when organizations are looking to gain a more strategic focus on resources amidst unprecedented global uncertainty. In a world where everything is connected and boundaries are blurred, the report highlights how ISE is improving organizational resilience across three areas related to maintaining business continuity and securing network access: improved security, reduced IT costs, and improved business outcomes.  

NAC and security resilience  

The Forrester study states that, “Cisco Identity Services Engine (ISE) is a network access control (NAC) solution that streamlines secure network management and gives users and devices segmented access to corporate resources.” Having the level of visibility and control that ISE supplies has allowed organizations to be resilient and withstand change. One of the five organizations that were studied to compile the singular composite used in determining the final ROI is a media company in Europe with 7000 users. The director interviewed stated that, “The greatest challenge we faced during the pandemic was having 7000 people start working from home the next day. What we had in place was not good enough. We needed to add ISE, and we needed to add Software-Defined Access to handle the changes.” In an ever-changing world, ISE is providing the access controls needed to respond to change with confidence and limit organizational risk.  

Improved security  

The Forrester study noted that cost savings from improved security were the single greatest factor in the overall 191% return on investment. This was due not only to a reduction in the number of security incidents, which was 50%, but also to the business impact of the staff resources needed to respond to access-related security events, which would have required increasing security personnel by 25%. The study stated that, “Together, these benefits are worth $442,000 over three years. This benefit does not include other potential costs of a breach such as lost revenue, fines, and brand reputation damage because it varies greatly depending on the size and nature of a breach and on company specifics such as industry and size.”   

Reduced IT costs 

In addition to improved security, the study by Forrester found that, “Cisco ISE streamlined and automated activities related to network management and user and device access.” This helped IT avoid hiring additional full-time staff and equated to considerable direct savings, 34% of the total ROI. To achieve the same level of value with manual methods, the study noted that the organization would have had to increase staffing by 66%. The study stated, “Contributing factors to the time savings include better automation, less time to diagnose potential problems, fewer user-access help desk tickets, and fewer security false alerts.”  

“Without ISE, we would be spending a lot more time helping people connect. Now, we can diagnose 90% of the problems in 10 minutes. Doing it the old-school way would have taken a lot more time.” —Network engineering services assistant director, higher education organization  

From the commissioned study conducted by Forrester Consulting on behalf of Cisco, “The Total Economic Impact of Cisco Identity Services Engine (ISE),” March 2022  

Improved business outcomes 

Organizations need to supply fast, secure access to network resources. When they do, end users are more productive, and they can also increase collaboration with customers, partners, and suppliers. Forrester noted in the study that aligning to these business-driven outcomes created $236,000 in value, or 23% of total ROI. Forrester also noted that the increase in innovation and speed can deliver “improved business outcomes such as faster time to market, increased revenues, and higher customer satisfaction.” The value was achieved at scale across the different organizations included in the study. The director at the European media organization said that its “7000 employees were all more productive, which ‛is extremely important because TV productions are on a tight timeline.’” And an enterprise architect at the European higher education organization said it “onboards 45,000 to 55,000 devices per year and that 96% of the time it is a fully self-service and near-instantaneous experience.” ISE is increasing business value for organizations of all sizes and across all industries.  

Flexibility and SD-Access 

Companies are also looking to increase the value of existing solutions. A few of the organizations included in the report have matured their secure network access strategies by layering on Cisco DNA Center to deploy Software-Defined Access (SD-Access). SD-Access brings additional savings through improved policy creation and enforcement. The study cited benefits across all categories, including reducing applicable threats by 40%, reducing business user downtime, and avoiding hiring additional full-time employees. SD-Access, layered onto ISE, completes zero trust within the self-managed infrastructure, adding an additional 88% uplift and boosting a 3-year present value of $906,205.   

ISE: Trusted – Proven – Resilient  

Two things have remained constant in a world of uncertainty. The first is that change is constant, and the second is that controlling access to ensure that only trusted users and devices can gain access to trusted network resources is and will remain a top concern as organizations look to be resilient and protect the integrity of their business. Cisco Identity Services Engine (ISE) has been providing this trusted service with mature technology for over 10 years. The independent review of ISE has quantified this benefit, aligning secure network access to business outcomes and risk reduction. To learn more, download and read the entire study.   

ISE social media kit for Forrester TEI study  

Use this go-to-market kit, and study to help move your Cisco Identity Services Engine (ISE) Network Access Control discussions toward the quantitative benefits and ROI of deploying ISE for secure network access control. 

Use this kit and study to help move your Cisco Identity Services Engine (ISE) network access and control conversations toward a more strategic one focused on zero trust for the self-managed infrastructure, or Workplace. 

Forrester Consulting conducted an analysis of five organizations to uncover the business value and ROI of Cisco Identity Services Engine (ISE), the industry-leading network access control solution.  

Looking to deploy ISE? Forrester conducted a study to uncover the business value and ROI of Cisco Identity Services Engine (ISE) and revealed a 191% return.  

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Detecting Targeted Attacks on Public Cloud Services with Cisco Secure Cloud Analytics

The Public Cloud and Security Responsibility

Across many businesses, leveraging services offered and hosted by public cloud providers such as AWS proves to be extremely advantageous for both improving operational efficiencies, cost savings, scaling, and for security.

For AWS customers, Lambda functions are a great example of this advantage in providing a useful way to execute only the code you need to execute when you need to execute it, saving businesses money on hosting costs and reducing operational overhead.  This allows customers to scale to their needs and only pay for what they need to run their tasks and applications that drive their business.

Another business benefit is with security.  The infrastructure security for running these services is covered by the cloud provider, which means less overhead and worry for the business using these services.  However, this does not mean customers of public cloud providers have zero security responsibility.  Per the shared responsibility model from AWS, customers are still responsible for security in the cloud.

Enter Denonia

Denonia is a cryptocurrency mining software that is specifically designed to run on AWS Lambda, recently discovered by Cado Security on April 6th, 2022. It is likely that Denonia has been running prior to this date, so adjust your investigations accordingly.

According to Cado, the software could be delivered by leveraging DNS over HTTPS to avoid detection at the network access layer and using compromised credentials to execute the software designed for Lambda environments.

In the case of this software targeting AWS Lambda, customers are responsible for securing the functions themselves including who and what has access, network connections, and securing the code that runs on the functions.

Analyzing Denonia

Our research team at Cisco Talos tested the Denonia package using a Lambda Function in our lab. Upon executing we monitored AWS CloudWatch Logs and behavior in Secure Cloud Analytics, we noticed several interesting insights about how it functions:

• Several console log messages that resembled HTTP GET requests were logged to various domains with spoofed user agents including that of the Baidu web spider, Archive.org bot, and Android 4.1.2 browser.
• Running the strings command on the malware binary shows that these system log messages are hard coded in the binary, including the HTTP response codes, and are apparently printed to the console upon execution.
• We found console log messages printed by XMRig, an example of which would be time=”2022-04-13T16:20:44Z” level=info msg=”User [14.705882], System [0.000000], Idle [85.294118]”

• Once we updated the Lambda to use a VPC in our test lab, the function exited with status 1, and the logs showed an error “panic: doh: all query failed”. This potentially indicates that DNS over HTTPS was not supported either by the Lambda or the VPC.
• We found similar results to above when tested on EC2 with root privileges and using lamb-ci’s Docker Lambda project to run the Lambda environment locally in Docker containers, Denonia was successfully executed.

So far, there have not been any known successful deployments, but they key takeaway is attackers are targeting specific resources from cloud providers and becoming increasing sophisticated in the public cloud, so this just may be the start of targeted attacks on serverless functions and other public cloud services

Continuous Monitoring and Threat Detection in the Public Cloud using Cisco Secure Cloud Analytics

Cisco Secure Cloud Analytics is a SaaS based security product that provides broad visibility and detection within public cloud services across AWS, Azure, and GCP leveraging APIs and logs from the providers, all without deployment of agents.

When looking at Denonia as a potential attack targeting services and applications running in the public cloud, Secure Cloud Analytics provides a wide array of detection capabilities to see an attack at many stages of its lifecycle.

Working with our research team at Cisco Talos, we have identified several methods for detecting Denonia and attacks like it in the public cloud using Secure Cloud Analytics.

With Secure Cloud Analytics deep ability to baseline normal behavior, behavior seen by Denonia or other software or malware that triggers an unusually large number of Lambda functions will trigger the alert “AWS Lambda Invocation Spike” due to the typically short default timeouts of a Lambda function and the need for many of those resources to leverage the functions to execute the attack and leverage the resources for the goal.

Additionally, if devices connect with a known bad domain or IP from Denonia, Secure Cloud Analytics will trigger a ““Talos Intelligence Watchlist Hits” alert which indicates a device on the network communicated with a known bad domain or IP from Cisco Talos.  Domain or IP matching is not always guaranteed in cases like Denonia where DNS over HTTPS is used, therefore it’s important to look at malicious behavior in conjunction with known IOCs for complete visibility and detection capability.

Domains:

• denonia[.]xyz
• ctrl.denonia[.]xyz
• gw.denonia[.]xyz
• 1.gw.denonia[.]xyz
• www.denonia[.]xyz
• xyz.denonia[.]xyz
• mlcpugw.denonia[.]xyz

IP Addresses:

• 116.203.4[.]0
• 162.55.241[.]99
• 148.251.77[.]55

Further our researchers indicated other common attacker techniques may be seen with the rich behavioral visibility of Secure Cloud Analytics in the public cloud that may be correlated with the above finding for Denonia or other like threats.

“New AWS Region” alert which can be used to detect defense evasion targeting unused regions.

“Geographically Unusual AWS API Usage” alert which can highlight initial access through valid identity and access management accounts.

“AWS Mulifactor Authentication Change” alert which can identify disabling MFA.

“AWS Temporary Token Persistence” alert which identifies temporary tokens created by other temporary credentials.

Although the above alerts are specific to AWS, we have expanded our coverage to other common cloud providers such as Azure and GCP as customer utilization has grown for similar detection outcomes.

In addition to public cloud specific detection, Secure Cloud Analytics offers a wide range of threat detection across an organization’s private network, all within a single pane of glass.

Protect Your Public Cloud Today

To learn more, go to https://www.cisco.com/go/secure-cloud-analytics and start a free risk free 60 day trial.

For more up to date threat information, follow the Cisco Talos blog, including other recent threats targeting the public cloud by TeamTNT.

References

https://aws.amazon.com/compliance/shared-responsibility-model/

https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Cisco StarOS Forensic Guide Published

Cisco is pleased to announce a new addition to the Forensic Investigation Procedures for First Responders series of documents that will help customers and partners triage Cisco products that are suspected of being tampered with or compromised. These guides provide step-by-step instructions for first responders that can be used to assess platform integrity and collect information that can be used for forensic analysis.

This new document is available on the Cisco.com Security Portal under Tactical Resources, Responding to a Security Incident.

The following is a summary of the new document just released, along with a brief description.

Cisco StarOS Software Forensic Investigation Procedures for First Responders

This document provides steps for assessing the integrity of and collecting forensic information from the Cisco ASR5000 and ASR5500 family of platforms, and Quantum Virtual Packet Core (QVPC) virtual machines running Cisco StarOS Software.

This document contains procedures for collecting platform configuration and runtime state, verifying the hash value of the StarOS system image file, gathering core files from critical system processes, and collecting non-volatile system information and artifacts, including process lists, installed kernel modules, IP tables, and the system startup script.

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Researchers Find Potential Way to Run Malware on iPhone Even When it's OFF

A first-of-its-kind security analysis of iOS Find My function has identified a novel attack surface that makes it possible to tamper with the firmware and load malware onto a Bluetooth chip that's executed while an iPhone is "off." The mechanism takes advantage of the fact that wireless chips related to Bluetooth, Near-field communication (NFC), and ultra-wideband (UWB) continue to operate while

Your employees are everywhere. Is your security?

Embracing security resilience for the hybrid work era

Hybrid work is here to stay. According to our survey, only 9 percent of the global workforce plans to return to the office full time. Employees have become accustomed to working from home and on-the-go, and modern organizations will need to keep up with this shift to retain much-needed talent.

While flexibility has become king, many people may also miss in-person collaboration, and will want to meet with others in the office on an ad hoc basis. Businesses will need to be ready for this future of work, and empower their employees to easily conduct their roles from the office, home, coffee shop, or anywhere in between.

While it may sound daunting, it doesn’t have to be. With the right strategies and technologies in place, hybrid work can afford an organization many opportunities. It can introduce enhanced levels of agility and resilience for better company performance. It can help businesses attract skilled professionals in a competitive market. And it can also lead to cost savings, greater operational efficiencies, and improved environmental sustainability.

Of course there will always be challenges. One such challenge is cybersecurity, and hence, security resilience. With more assets to keep track of in more places, hybrid work can lead to gaps in visibility and control, providing attackers with additional ways to get in. But while attackers work hard to get into your network, Cisco continues to innovate to keep them out, no matter where your devices or users may go.

Key security architectures for safeguarding hybrid work  

Many of the core security architectures we have been building and offering for the past several years will help to ensure a smoother transition to hybrid work, as well as greater security resilience:

• Cisco Zero Trust delivers a comprehensive solution to secure all access across your applications and infrastructure, from any user, device, and location. Having visibility and control over who and what is accessing your environment — and what they are doing once inside — is a critical component of a successful hybrid work strategy. Unlike traditional security, the protection offered by zero trust is not based solely on location. That way, you can make sure that only the right people and devices have permissions to access specific data at specified times.
• Cisco Secure Access Service Edge (SASE) leverages the cloud to enable seamless, secure access to applications from anywhere users work. By converging security and networking functionality into a single, cloud-delivered service, SASE improves operational efficiency and performance while also strengthening threat protection for the hybrid workforce.
• The Cisco SecureX platform harnesses the power of integration to automate and accelerate threat detection and response for a distributed environment. SecureX provides extended detection and response (XDR) capabilities and more. It brings together technologies from both Cisco and third parties for a unified view and defense across the network, endpoints, cloud, and applications.

Just as the workplace has evolved, so has the threat landscape. To make things even easier, we have put together the Cisco Secure Hybrid Work solution to provide exactly what you need to keep your business safe in this new work environment. All of our security technologies are backed by the superior threat intelligence of Cisco Talos, so customers can quickly adapt to detect and combat the latest risks. Talos also offers robust incident response services to help companies prepare for, respond to, and rapidly recover from attacks.

Learn how Mediapro used Cisco technologies to transition to hybrid work.

New hybrid work innovations  

We continue to innovate to make sure our customers are prepared for what’s next. Most recently, we launched the Cisco Secure Firewall 3100 Series, which is specifically designed for hybrid work. The new firewall supports more remote workers with up to six times faster VPN performance, and also delivers a strong video conferencing experience. Cisco Secure Firewall enhances visibility and threat detection even in encrypted traffic, and helps strengthen your zero trust security posture. It also integrates with Cisco SecureX for rapid incident response.

Additionally, we recently unveiled the Cisco SecureX device insights feature. Device insights allows organizations to collect and correlate data from multiple sources to determine which devices are in an environment, where they are located, who is accessing them, their security status, and more. With so many new machines connecting to corporate infrastructure, this level of information is crucial for safeguarding the future of work.

Powering the future of work with Cisco  

In addition to security, Cisco’s broad hybrid work portfolio spans collaboration, networking, and IoT. With a nearly 40-year history of providing secure connectivity around the globe, we are well-equipped to empower workers to perform their best from anywhere.

“Security has always been a high priority with our extensive and intricate network but was even more critical once the pandemic began,” said Lukene Berrosteguieta, head of security operations at energy company, Repsol. “[Cisco] Business Critical Services has supported our efforts every step of the way to enhance and maintain network security across our entire infrastructure to ensure the safety of our customers and workers.”

According to Dan Turner, CIO at Per Mar Security Services, “Once COVID-19 hit the United States…we leveraged our existing infrastructure to spin up virtual workspaces for all our employees within a week so that they could work from home…. Our Cisco systems and security frameworks allowed Per Mar to move quickly and safely to support our employees.”

The way we work has forever changed, and will continue to evolve. We must enable our teams to be productive and competitive no matter what comes next. Learn how you can boost your organization’s security resilience for the years ahead.

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Introducing new cloud resources page for Cisco Secure Firewall

The last two years have created a lot of pressure on us all. The pandemic has forced us to adapt to new ways of working and has presented many technological challenges, one of which is multi-cloud transformation.

As we can see, these challenges are not going away soon and the need for agile adaptation is critical. Whilst most teams have adapted already, it has taken a toll on them.  IT, Security, and Networking teams are finding it hard to fit everything in and they are becoming exhausted with the myriad of configuration requirements from each of the cloud and solution providers.

So, how do we tackle these challenges and provide support with transformation efforts in hybrid cloud?  

To help our customers and partners, we have centralized all our cloud & automation resources for Secure Firewall into a single page: https://developer.cisco.com/secure-firewall/cloud-resources/

What can you find on the page?

• A centralized place for cloud templates, automation scripts, and learning materials
• Support for 7 Cloud or Solution providers: Cisco, AWS, Azure, GCP, OCI, OpenStack, VMware
• More than 70 scripts, videos, blogs and documentation are available

How to navigate the resources?

Our new page is organized by cloud provider and specific use case to easily deploy Secure Firewall. It provides flexibility in choosing the most appropriate automation tools, such as Terraform, ARM Templates, Cloud formation, or Ansible. In addition to common use case scenarios, templates and scripts, you also have direct access to learning resources. This includes demo videos, webinars, and sessions where Cisco engineers demonstrate the implementation of the solution in a particular cloud environment.

We know these changes can be complex and demanding. Therefore, we would like to invite you to visit our upcoming live events and seminars covering: Automation & Infrastructure as a Cloud for Cisco Secure Firewall.

Cisco Live 2022 Las Vegas & sessions focused on Secure Firewall and IaC

Learn how to secure your OpenStack using Cisco Secure Firewall – BRK-SEC-1775

This session will walk participants through the deployment model, its relation to the OpenStack resources, and arrive with a complete FTDv configuration that fully protects our workloads. It will include a demo that showcases the final state of the server along FMCv and FTDv. Attendees will have access to the publicly available GitHub repository for these tasks.

Deploying Cisco Firewalls in the Azure Public Cloud – LTRSEC-2735

In this lab, the student will deploy and configure a scalable security solution for the Azure public cloud using Cisco firewalls. The student will use ARM templates and the Azure CLI to automate deployment.

Cisco Secure Firewall Cloud Native on AWS  – BRK-SEC-1775

Today, industry is focused on building a scalable infrastructure that can provide security at scale. This session covers building a scalable architecture for workload security using Cisco Secure Firewall Cloud Native.

And many more here: Session catalog

Related resources:

Training session: https://www.youtube.com/watch?v=fM21m3su2uk

Blog post: https://blogs.cisco.com/security/network-security-automation-using-cisco-secure-firewall-and-hashicorps-consul

YouTube channel: https://www.youtube.com/cisco-netsec

GitHub Repository: https://github.com/CiscoDevNet/secure-firewall

The Cisco Secure Firewall Essentials Hub: https://secure.cisco.com/secure-firewall

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

What & Who You Know: How to get a job in cybersecurity with no experience

When contemplating a career change within a different industry, it can be challenging to know where to start. As the world continues to change, many people are wondering how to transition into cybersecurity without experience. Business leaders at Cisco Secure and Duo Security who changed careers, along with recruiting professionals, provided insights for prospective candidates curious about the cybersecurity and tech industries. Learn their top 10 tips for getting a job in cybersecurity.

1. Discern what drives you professionally.

If passion, innovation, kindness and growth are on your list, Cisco Secure is worth checking out. When Kelly Davenport, manager of the Global Knowledge and Communities team, first connected with folks at Duo, she was “amazed at how nice and excited everyone seemed. I almost thought it seemed too good to be true. But then, when I started working here I realized everyone here really is that nice and smart and good at what they do. I was waiting for that to change, but it’s for real.”

Cisco Secure Talent Acquisition Lead Jeff Edwards shares, “Our senior level folks want fulfilling work. The work we’re doing and products we’re putting out are exciting, new and cutting edge. This is the stuff that’s going to change how we work in the future.”

2. Develop a game plan.

For those looking to get into cybersecurity with no experience, Edwards suggests, “Pay attention to the jobs posted on cybersecurity career pages and the skills they’re asking for. That lets you know how long a process your career change may take. If you’re switching careers into tech it’s all out there to be able to discern, “Hey, where do I need to focus my efforts to put me in contention for these roles?”’

3. Identify how your skills transfer to cybersecurity.

Cisco Women in Cybersecurity recently hosted a virtual session, Career Journeys Are Not Always a Straight Road – Your Journey Is Your Story, featuring CX Cloud Compliance Leader Deborah Sparma.

Sparma shared, “No matter where you are and have a new goal to break into, see what can transfer. Who knew that theater could transfer to working in a tech company? Who knew that working as a vet tech could lead me into corporate America? The variety of expertise has taught me that there is always room to grow and skills that can be transferred from one role to the next no matter how disparate they may be. For example, my experience in theater has made me a better speaker and presenter.”

Davenport, who was a journalist and librarian before making the switch to health care IT and then Duo, advises, “Figure out the core skills that you have and what job titles and words are used in other industries. Talk about the things you already know how to do, because every industry has its own jargon and that can feel like a barrier until you figure out how to translate it.” Cisco provides a list of common job titles and the experience and certifications needed for key cybersecurity roles.

She continues, “I had no idea what customer enablement was before I joined Duo. I did not know that was a job, and no one would’ve told me that. But it turns out that being a librarian, knowing how to organize things, having worked with the public, being a journalist who can write and create accurate, complex information on a deadline, and then understanding the technology of making something user centered and how people want to consume that information in different formats in different points in time, based on their needs, all of those were things that I knew and had experience in. And so, it was just discovering the opportunities that were already out there but were called something different than I knew about.”

4. Take stock of what you already know.

Davenport’s advice for those wanting to enter cybersecurity: “A lot of professions want that super specialist, and we definitely have people who are those people, but I’ve seen Duo hire people from a lot of different backgrounds, and the additional perspective that they come in with and the fresh ideas is what keeps us innovative and what makes it a really fun and interesting place to work.”

She elaborates: “From a journalism background, the level of responsibility that you have as a journalist to be fair and accurate, and the ethics that you learn that are integral to that profession, were super helpful and important coming into any kind of customer-facing role where you’re used to being accountable. You have really high standards for yourself, and that translates into being able to hold those high standards for what customers expect, too.”

For journalists in particular, she says, “I would just like to give a shout out to folks in journalism who are wondering, maybe their career path is taking them in a different direction. (…) you have so many valuable skills that, if you are interested in a career in tech, there’s a lot of opportunities because of some of those things like I talked about earlier. The experience of working on deadline, that accountability and responsibility that you take and the ethics of what you do, those all translate. And so, those are all totally portable to a new context.”

5. Determine if you need additional cybersecurity training or certification.

Edwards states, “Start researching all the top cybersecurity companies and what products they offer and then take it another level down: What programs and software are they using? Are there different classes I need to take or certifications I need to get?”

Cisco offers top-notch cybersecurity training and security certifications. Also available are Cisco Certified CyberOps training videos and connection with those learning new cybersecurity skills through the Security Certifications Community and CyberOps Certifications Community.

6. Seek out companies that recognize the importance of having different backgrounds.

Sparma highlights, “I believe a lot in teams. We all have skill sets that can complement each other no matter where we are in our career. I know I don’t know it all. I lean on the teams and people around me.”

Davenport reports, “Your experiences are going to give you a fresh perspective that’s actually really valued by the people who maybe came from that industry. Having that diversity of experiences and viewpoints is really celebrated more so here than pretty much any other place I’ve worked. My advice would be to trust that you can learn a totally new industry, and that the experiences that you’re coming with are really valuable.”

Duo Security Lead Recruiter Shannon Curran affirms, “We’ve spoken with many candidates who don’t come from the cybersecurity space.” She says that telling that story in your resume and throughout the application, interview and hiring process allows recruiters to understand why you’d be a match and that kindness goes a long way.

7. Recognize what you can learn.

When starting at Duo Security, Davenport shares, “I came in pretty fresh. I knew that I was going to be doing this intensive onboarding program. We have technical trainers who we work with, so that we’re customer-ready. And so, I knew coming in that I would have a lot of support. I felt like, ‘Okay, I’m embracing the unknown and I’m going to learn a bunch of new things, but I’m going to have this great team that’s going to help me learn, is going to teach me.’ And that worked out pretty well.”

“Trust that you can learn, trust that the experiences you’re coming in with are valuable and are going to give you a fresh perspective, and that you will have the support to learn and grow, even if you’re changing industries.” —Manager of Duo Global Knowledge and Communities team Kelly Davenport

A culture of learning helps. Sparma says, “I’m always learning. Cisco especially has all the trainings out there that we can take. Invest in yourself, in learning, and don’t be afraid to ask.”

8. Use previous skills to learn in a new environment.

Davenport took this approach: “Because I’m a writer, I would go to our classes where we’re learning about the product. And then I would write my own summary in my own words, to describe what I was learning. I’d run that by my teacher and say, ‘Okay, am I on the right track?’ And that really helped me metabolize what I was learning and get that feedback in a way that worked for me as a learner.”

9. Get the inside scoop and through the door with a referral.

Maintaining a strong network can ease the career change process in terms of learning about the cybersecurity industry from people working in it and in terms of referrals. Marketing Specialist Julie Kramer says, “Try to find a networking partner in the company and ask for references for networking purposes. For example, if I have a friend who knows me that works at Cisco and they’re like, ‘Hey, do you mind referring me?’ I’d be happy to give them a referral.”

Sparma said, “Working in technology wasn’t even an option I considered when I started college…I broke into a new career but I had my background working in hospitals, working at the insurance company…someone knew me, knew my personality, helped me get that role… At Cisco, I had applied at other roles where I had a one-to-one fit. This one stretches me, but I could bring a lot to the table at the same time and still grow. That’s what energizes me.”

You never know how your network may come in handy throughout your career. In 2012, Edwards’ very first manager called him with one question: “Hey, do you want to come work at Cisco?”

10. Find and keep mentors.

Sparma’s first mentor “shepherded me. She took me under her wing, supported my wish to go back to school, encouraged me to get certification in something I didn’t know existed. I didn’t know what a mentor was at first, and it didn’t dawn on me until after I’d moved on in my career and traveled around the world that I realized I got there because of my first mentor. What does get difficult is everyday meetings, deliverables, timeframes — sometimes you just have to make it a point to make sure that you invest in yourself and keep that promise to yourself and keep your mentoring relationships going. I’ve had different mentors at Cisco and you can have multiple mentors along the way.” Employee Resource Organizations are another great place to find those mentors or mentor others.

“Find a mentor for support, guidance, knowledge, and motivation. Then pay it forward and mentor others. You can always bring something to the table.” —CX Cloud Compliance Leader Deborah Sparma

Sparma continues, “One of the first things they asked me to do when I started at Cisco was find a mentor. Cisco also allows people to shadow colleagues to learn what they do, network, and for knowledge transfer. We all can benefit from each other.”

Join us      

To learn more about Cisco Secure and Duo Security and how you can apply your skills, passion, and experience to cybersecurity, check out our open roles.

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

How Secure Is Video Conferencing?

As millions of people around the world practice social distancing and work their office jobs from home, video conferencing has quickly become the new norm. Whether you’re attending regular work meetings, partaking in a virtual happy hour with friends, or catching up with extended family across the globe, video conferencing is a convenient alternative to many of the activities we can no longer do in real life. But as the rapid adoption of video conferencing tools and apps occurs, is security falling by the wayside?

Avoid Virtual Party Crashers

One security vulnerability that has recently made headlines is the ability for uninvited attendees to bombard users’ virtual meetings. How? According to Forbes, many users have posted their meeting invite links on social media sites like Twitter. An attacker can simply click on one of these links and interrupt an important conference call or meeting with inappropriate content.  

Ensure Data is in the Right Hands

Online conferencing tools allow users to hold virtual meetings and share files via chat. But according to Security Boulevard, communicating confidential business information quickly and privately can be challenging with these tools. For example, users are not always immediately available, even when working from home. In fact, many parents are simultaneously doubling as working parents and teachers with the recent closure of schools and childcare providers. If a user needs to share private information with a coworker but they are unable to connect by video or phone, they might revert to using a messaging platform that lacks end-to-end encryption, a feature that prevents third-party recipients from seeing private messages. This could lead to leaks or unintended sharing of confidential data, whether personal or corporate. What’s more, the lack of using a secure messaging platform could present a hacker with an opportunity to breach a victim’s data or device. Depending on the severity of this type of breach, a victim could be at risk of identity theft.  

Pay Attention to Privacy Policies

With the recent surge of new video conferencing users, privacy policies have been placed under a microscope. According to WIRED, some online conferencing tools have had to update their policies to reflect the collection of user information and meeting content used for advertising or other marketing efforts. Another privacy concern was brought to light by a video conferencing tool’s attention-tracking feature. This alerts the virtual meeting host when an attendee hasn’t had the meeting window in their device foreground for 30 seconds, resulting in users feeling that their privacy has been compromised.  

How to Secure Video Conferences

As users become accustomed to working from home, video conferencing tools will continue to become a necessary avenue for virtual communication. But how can users do so while putting their online security first? Follow these tips to help ensure that your virtual meetings are safeguarded:  

Do your research

There are plenty of video conferencing tools available online. Before downloading the first one you see, do your research and check for possible security vulnerabilities around the tools. Does the video conferencing tool you’re considering use end-to-end encryption? This ensures that only meeting participants have the ability to decrypt secure meeting content. Additionally, be sure to read the privacy policies listed by the video conferencing programs to find the one that is the most secure and fits your needs.  

Make your meetings password protected

To ensure that only invited attendees can access your meeting, make sure they are password protected. For maximum safety, activate passwords for new meetings, instant meetings, personal meetings, and people joining by phone. 

Block users from taking control of the screen

To keep users (either welcome or unwelcome) from taking control of your screen while you’re video conferencing, select the option to block everyone except the host (you) from screen sharing.  

Turn on automatic updates

By turning on automatic updates, you are guaranteed to have all the latest security patches and enhancements for your video conferencing tool as soon as they become available.  

The post How Secure Is Video Conferencing? appeared first on McAfee Blog.

SecureX and Secure Firewall: Integration and Automation to Simplify Security

Cisco Secure Firewall stops threats faster, empowers collaboration between teams, and enables consistency across your on-premises, hybrid, and multi-cloud environments. With an included entitlement for Cisco SecureX, our XDR and orchestration platform, you’ll experience efficiency at scale and maximize your productivity. New streamlined Secure Firewall integrations make it easier to use SecureX capabilities to increase threat detection, save time and provide the rapid and deeper investigations you require. These new features and workflows provide the integration and automation to simplify your security.

 

Move to the Cloud

The entire suite of Firewall Management Center APIs is now available in the cloud. This means that existing APIs can now be executed from the cloud. Cisco makes this even easier for you by delivering fully operational workflows as well as pre-built drag-n-drop code blocks that you can use to craft your own custom workflows. SecureX is able to proxy API calls from the cloud to the SSE connector embedded in the FMC codebase. This integration between Firewall 7.2 and SecureX provides your Firewall with modern cloud-based automation.

 

Expedited Integration

We’ve dramatically reduced the amount of time needed to fully integrate Firewall into Securex. Even existing Firewall customers who use on-premises Firewall Management Center will be able to upgrade to version 7.2 and start automating/orchestrating in under 15 minutes — a huge time savings! The 7.2 release makes the opportunities for automating your Firewall deployment limitless with our built-in low code orchestration engine.

Previously Firewall admins had to jump through hoops to link their smart licensing account with SecureX which resulted in a very complicated integration process. With the new one-click integration, simply click “Enable SecureX” in your Firewall Management Center and log into SecureX. That’s it! Your Firewalls will automatically be onboarded to SecureX.

 

 

Built In Orchestration

Cisco Secure Firewall users now get immense value from SecureX with the orchestration capability built natively into the Firewall. Previously Firewall admins would have to deploy an on-premises virtual machine in vCenter to take advantage of Firewall APIs in the cloud which was a major hurdle to overcome. With the 7.2 release, orchestration is built right into your existing Firewall Management Center. There is no on-premises connector required; SecureX orchestration is able to communicate directly with Firewall APIs highlighting the power of Cisco-on-Cisco integrations.

 

Customizable Workflows

PSIRT Impact monitoring  

The PSIRT impact monitoring workflows helps customers streamline their patch management process to ensure their network is always up to date and not vulnerable to CVE’s. This workflow will check for new PSIRTs, determine if device versions are impacted, and suggest a fixed version to upgrade to. By scheduling this workflow to run once a week customers can be notified via email if there is any potential impact from a PSIRT.

Firewall device health monitoring  

This workflow will run every 15 minutes to pull a health report from FMC and proactively notify customers via email if any devices are unhealthy. This means customers can rest assured that their fleet of devices is operating as expected or be notified of things like high CPU usage, low disk space, or interfaces going down.

Expiry notification for time-based objects 

This workflow highlights the power of automation and showcases what is possible by using the orchestration proxy to use FMC API’s. Managing policy is always an on-going effort but can be made easier by introducing automation. This workflow can be run once a week to search through Firewall policies and determine if any rules are going to expire soon. This makes managing policy much easier because customers will be notified before rules expire and can make changes accordingly.

Response Action: Block URL in access control policy 

This workflow is a one-click response action available from the threat response pivot menu. With the click of a button a URL is added to an object in a block rule of your access control policy. This action can be invoked during an investigation in SecureX or from any browser page using the SecureX browser extension. Reducing time to remediation is a critical aspect of keeping your business secure. This workflow turns a multi-step policy change into a single click by taking advantage of Secure Firewall’s integration with SecureX.

 

Proven Results

A recent Forrester Economic Impact Study of Secure Firewall show that deploying these types of workflows in SecureX with Secure Firewall increased operational efficiency.

In fact, SecureX in combination with Secure Firewall helped to dramatically reduce the risk of a material breach. It’s clear that the integration of the two meant a significant time savings for already overburdened teams.

We continue to innovate new features and workflows that prioritize the efficacy of your teams and help drive the security resilience of your organization.

Ready to add SecureX capabilities to your Firewall environment? Start here.

 

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it's removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). "Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located

Lower costs with Cloud-delivered Firewall Management Center

Security that is hard to deploy and complex to manage needs to become a distant memory if businesses are to be resilient through times of uncertainty. Even something as critical as a firewall, the sentinel in the security stack, can often require a lengthy setup, ongoing maintenance, and disjointed management. Over the long run, these additional costs accrue and can have a negative impact on security programs. When budgets are constrained, these effects can be exacerbated and become a barrier to providing the level of security organizations need to protect the integrity of their business.

At Cisco we have a rich history overcoming this challenge with Cisco Secure Firewall. Forrester Consulting recently conducted an independent analysis of organizations using Secure Firewall. The study showed that customers realized a 195% in total ROI when managing their firewall fleet through Cisco Secure Firewall Management Center (FMC). Improvements to security workflows through the FMC, which include deploying, managing, and updating policy, were the largest contributing factor to the tune of $18.6 million in total benefits achieved. The Forrester study states that “organizations reduced network operation work streams by up to 95%. Thanks to the latest features of Cisco Secure Firewall and the ease of management via Firewall Management Center.”

We are not done. Today we boost productivity even further, with the new cloud-delivered version of FMC within the Cisco Defense Orchestrator (CDO) platform. This leap brings all the features from FMC into the cloud and consolidates firewall management. Organizations save time, increase security, and gain a positive ROI. With cloud-delivered FMC, manually managing updates is a thing of the past. An agile delivery of updates is built in to ensure uptime, so you can focus on your most important priorities — protecting the integrity of the business with increased firewall capabilities. The CDO platform unifies the lifecycle of policy management across multiple Cisco security solutions in our cloud. By bringing the FMC experience directly into CDO, end users enjoy the same look, functionality, and workflow as on-premises and virtual versions of Firewall Management Center. Without the usual learning curve within a new “experience,” migration to the cloud is simplified. Organizations can now propel cloud-first strategies and enable the rapid delivery of firewall services no matter where your network may roam.

“Moving FMC into CDO isn’t just about cost savings for today and powering security resilience with flexibility and choice. We are also putting a firm foot into the near future for SASE and achieving unified policy across the multienvironment IT.”– Justin Buchanan, Sr. Director Product Management, Cisco Secure

Traditionally, customers have deployed FMC as a physical or virtual appliance. Now in addition to cost savings, security resilience is driving an increased need for hybrid multicloud deployments. Leveraging public cloud infrastructures, organizations are becoming more cost efficient — cloud-delivered applications reduce change management and operational overhead. But they are also ensuring organizations have the agility required to deploy network security workloads where and how they want to remain agile and adapt to uncertainty.

Hybrid work and business continuity is made possible within the CDO platform. A cloud-based and centralized platform unifies firewall management across the Cisco Secure and Meraki portfolio and provides the foundation to unify policy across the distributed network all within a platform that is built to drive increased ROI and preserve the user experience. IT can control and manage firewall policy from anywhere along with a low-touch provisioning and onboarding process for branch and firewall deployments. The cloud-delivered FMC integrates with Cisco Secure Analytics & Logging, and, as a result, enhanced data retention and meeting stringent compliance requirements has never been easier. Whether you are part of a smaller organization or a larger enterprise, you control how many Cisco Secure Firewalls are managed through the cloud-delivered FMC, and easily scale that number. So, when it comes to simplicity at scale, CDO is your answer.

To learn more about Cisco Secure Firewall Management Center, visit our product page and read the entire Forrester report here.

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Instagram credentials Stealer: Disguised as Mod App

Authored by Dexter Shin 

McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are not satisfied with the default functions provided by Instagram. Various Instagram modification application already exists for those users on the Internet. The new malware we found pretends to be a popular mod app and steals Instagram credentials. 

Behavior analysis 

Instander is one of the famous Instagram modification applications available for Android devices to help Instagram users access extra helpful features. The mod app supports uploading high-quality images and downloading posted photos and videos. 

The initial screens of this malware and Instander are similar, as shown below. 

Figure 1. Instander legitimate app(Left) and Mmalware(Right) 

Next, this malware requests an account (username or email) and password. Finally, this malware displays an error message regardless of whether the login information is correct. 

Figure 2. Malware requests account and password 

The malware steals the user’s username and password in a very unique way. The main trick is to use the Firebase API. First, the user input value is combined with l@gmail.com. This value and static password(=kamalw20051) are then sent via the Firebase API, createUserWithEmailAndPassword. And next, the password process is the same. After receiving the user’s account and password input, this malware will request it twice. 

Since we cannot see the dashboard of the malware author, we tested it using the same API. As a result, we checked the user input value in plain text on the dashboard. 

According to the Firebase document, createUserWithEmailAndPassword API is to create a new user account associated with the specified email address and password. Because the first parameter is defined as email patterns, the malware author uses the above code to create email patterns regardless of user input values. 

It is an API for creating accounts in the Firebase so that the administrator can check the account name in the Firebase dashboard. The victim’s account and password have been requested as Firebase account name, so it should be seen as plain text without hashing or masking. 

Network traffic 

As an interesting point on the network traffic of the malware, this malware communicates with the Firebase server in Protobuf format in the network. The initial configuration of this Firebase API uses the JSON format. Although the Protobuf format is readable enough, it can be assumed that this malware author intentionally attempts to obfuscate the network traffic through the additional settings. Also, the domain used for data transfer(=www.googleapis.com) is managed by Google. Because it is a domain that is too common and not dangerous, many network filtering and firewall solutions do not detect it. 

Conclusion 

As mentioned, users should always be careful about installing 3rd party apps. Aside from the types of malware we’ve introduced so far, attackers are trying to steal users’ credentials in a variety of ways. Therefore, you should employ security software on your mobile devices and always keep up to date. 

Fortunately, McAfee Mobile Security is able to detect this as Android/InstaStealer and protect you from similar threats. For more information visit  McAfee Mobile Security 

Indicators of Compromise 

SHA256: 

• 238a040fc53ba1f27c77943be88167d23ed502495fd83f501004356efdc22a39 

The post Instagram credentials Stealer: Disguised as Mod App appeared first on McAfee Blog.

Adconion Execs Plead Guilty in Federal Anti-Spam Case

At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.

In October 2018, prosecutors in the Southern District of California named four Adconion employees — Jacob Bychak, Mark Manoogian, Petr Pacas, and Mohammed Abdul Qayyum —  in a ten-count indictment (PDF) on felony charges of conspiracy, wire fraud, and electronic mail fraud.

The government alleged that between December 2010 and September 2014, the defendants engaged in a conspiracy to identify or pay to identify blocks of Internet Protocol (IP) addresses that were registered to others but which were otherwise inactive.

Prosecutors said the men also sent forged letters to an Internet hosting firm claiming they had been authorized by the registrants of the inactive IP addresses to use that space for their own purposes.

All four defendants pleaded not guilty when they were charged back in 2018, but this week Bychak, Manoogian and Qayyum each entered a plea deal.

“The defendants’ jobs with Adconion were to acquire fresh IP addresses and employ other measures to circumvent the spam filters,” reads a statement released today by the U.S. Attorney for the Southern District of California, which said the defendants would pay $100,000 in fines each and perform 100 hours of community service.

“To conceal Adconion’s ties to the stolen IP addresses and the spam sent from these IP addresses, the defendants used a host of DBAs, virtual addresses, and fake names provided by the company,” the statement continues. “While defendants touted ties to well-known name brands, the email marketing campaigns associated with the hijacked IP addresses included advertisements such as ‘BigBeautifulWomen,’ ‘iPhone4S Promos,’ and ‘LatinLove[Cost-per-Click].'”

None of the three plea agreements are currently available on PACER, the online federal court document clearinghouse. However, PACER does show that on June 7 — the same day the pleas were entered by the defendants —  the government submitted to the court a superseding set of just two misdemeanor charges (PDF) of fraud in connection with email.

Another document filed in the case says the fourth defendant — Pacas — accepted a deferred prosecution deal, which includes a probationary period and a required $50,000 “donation” to a federal “crime victims fund.”

There are fewer than four billion so-called “Internet Protocol version 4” or IPv4 addresses available for use, but the vast majority of them have already been allocated. The global dearth of available IP addresses has turned them into a commodity wherein each IP can fetch between $15-$25 on the open market.

This has led to boom times for those engaged in the acquisition and sale of IP address blocks, but it has likewise emboldened those who specialize in absconding with and spamming from dormant IP address blocks without permission from the rightful owners.

In May, prosecutors published information about the source of some IP address ranges from which the Adconion employees allegedly spammed. For example, the government found the men leased some of their IP address ranges from a Dutch company that’s been tied to a scandal involving more than four million addresses siphoned from the African Network Information Centre (AFRINIC), the nonprofit responsible for overseeing IP address allocation for African organizations.

In 2019, AFRINIC fired a top employee after it emerged that in 2013 he quietly commandeered millions of IPs from defunct African entities or from those that were long ago acquired by other firms, and then conspired to sell an estimated $50 million worth of the IPs to marketers based outside Africa.

“Exhibit A” in a recent government court filing shows that in 2013 Adconion leased more than 65,000 IP addresses from Inspiring Networks, a Dutch network services company. In 2020, Inspiring Networks and its director Maikel Uerlings were named in a dogged, multi-part investigation by South African news outlet MyBroadband.co.za and researcher Ron Guilmette as one of two major beneficiaries of the four million IP addresses looted from AFRINIC by its former employee.

The address block in the above image — 196.246.0.0/16 — was reportedly later reclaimed by AFRINIC following an investigation. Inspiring Networks has not responded to requests for comment.

Prosecutors allege the Adconion employees also obtained hijacked IP address blocks from Daniel Dye, another man tied to this case who was charged separately. For many years, Dye was a system administrator for Optinrealbig, a Colorado company that relentlessly pimped all manner of junk email, from mortgage leads and adult-related services to counterfeit products and Viagra. In 2018, Dye pleaded guilty to violations of the CAN-SPAM Act.

Optinrealbig’s CEO was the spam king Scott Richter, who changed the name of the company to Media Breakaway after being successfully sued for spamming by AOL, Microsoft, MySpace, and the New York Attorney General Office, among others. In 2008, this author penned a column for The Washington Post detailing how Media Breakaway had hijacked tens of thousands of IP addresses from a defunct San Francisco company for use in its spamming operations.

The last-minute plea deals by the Adconion employees were reminiscent of another recent federal criminal prosecution for IP address sleight-of-hand. In November 2021, the CEO of South Carolina technology firm Micfo pleaded guilty just two days into his trial, admitting 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 700,000 IPs from the American Registry for Internet Numbers (ARIN) — AFRINIC’s counterpart in North America.

Adconion was acquired in June 2014 by Amobee, a Redwood City, Calif. online ad platform that has catered to some of the world’s biggest brands. Amobee’s parent firm — Singapore-based communications giant Singtel — bought Amobee for $321 million in March 2012.

But as Reuters reported in 2021, Amobee cost Singtel nearly twice as much in the last year alone — $589 million — in a “non-cash impairment charge” Singtel disclosed to investors. Marketing industry blog Digiday.com reported in February that Singtel was seeking to part ways with its ad tech subsidiary.

One final note about Amobee: In response to my 2019 story on the criminal charges against the Adconion executives, Amobee issued a statement saying “Amobee has fully cooperated with the government’s investigation of this 2017 matter which pertains to alleged activities that occurred years prior to Amobee’s acquisition of the company.”

Yet as the government’s indictment points out, the alleged hijacking activities took place up until September 2014, which was after Amobee’s acquisition of Adconion Direct in June 2014. Also, the IP address ranges that the Adconion executives were prosecuted for hijacking were all related to incidents in 2013 and 2014, which is hardly “years prior to Amobee’s acquisition of the company.”

Amobee has not yet responded to requests for comment.

A compelling story

This article is part of a series in which we will explore several features, principles, and the building blocks of a security detection engine within an extended detection and response (XDR) solution.

In this second installment, we will look at ways of structuring the presentation of machine-generated alerts, so that each alert offers a cohesive and compelling narrative, as if written by a human analyst, at scale and in realtime.

The challenge

In cyber security, we are used to two types of stories.

The first story is common for reports written by humans. It contains sections such as “impact,” “reproduction,” and “remediation” to help us understand what is at stake and what we need to fix. For example:

IMPACT: An SSH server which supports password authentication is susceptible to brute-forcing attacks.

REPRODUCTION: Use the `ssh` command in verbose mode (`ssh -v`) to determine supported authentication methods. Look for “keyboard-interactive” and “password” methods.

REMEDIATION: Disable unneeded authentication methods.

The second story comes from machine detections. It is much terser in content and sometimes leaves us scratching our heads. “Malware,” the machine says with little explanation, followed by a horde of gibberish-looking data of network flows, executable traces, and so on.

 

The challenge is now to get the best of both worlds: to enhance machine-generated alerts with the richness of human-written reports. The following sections explain how this can be approached.

How was it detected?

In our example of a report written by a human, the “reproduction” section would help us understand, from a factual perspective, how exactly the conclusions were derived.

On the other hand, the machine-generated horde of data provides evidence in a very nondescript way. We would need to be smart enough to spot or reverse-engineer what algorithm the machine was following on said data. Most security analysts do not wish to do this. Instead, they attempt to seek the first story type. “Surely, someone must have written a blog or something more descriptive about this already,” they would say. Then, they would copy-paste anything that looks like a searchable term – an IP address, domain, SHA checksum – and start searching it, either on a threat intelligence search site or even a general-purpose search engine.

Having such cryptic machine-generated alerts is leading us to our first two issues: first, when the story is incomplete or misunderstood, it may lead the analyst astray. For example, the security event might involve requests to communicate with an IP address, and the analyst would say, “This IP address belongs to my DNS server, so the traffic is legitimate.” However, the detection engine was really saying, “I suspect there is DNS tunnelling activity happening through your DNS server—just look at the volume.”

Second, when an analyst seeks explanations from elsewhere, the main function of an advanced detection engine — finding novel, localized, and targeted attacks — cannot work. Information on attacks is generally available only after they have been discovered and analyzed, not when they happen initially.

A common approach to remedy this situation is to include a short description of the algorithm. “This detector works by maintaining a baseline of when during the day a user is active and then reports any deviations,” a help dialog would say. “Okay, that’s clever,” an analyst would reply. But this is not enough. “Wait, what is the baseline, and how was it violated in this particular security event?” To find the answer, we need to go back to the horde of data.

Annotated security events

To mimic the “reproduction” section of the human-written report, our security events are enriched with an annotation—a short summary of the behavior described by the event. Here are a few examples of such annotated events:

 

In the first and second cases, the story is relatively straightforward: in the horde of data, successful communication with said hostnames was observed. An inference through threat intelligence associates these hostnames to the Sality malware.

The third line informs us that, on a factual basis, only a communication with an IP address was observed. Further chain of inferences is that this IP address was associated by a passive DNS mechanism to a hostname which is in turn associated to the Sality malware.

In the fourth event, we have an observation of full HTTP URL requests, and inference through a pattern matcher associates this URL to the Sality malware. In this case, neither the hostname nor the IP address is important to the detector.

In all these annotated events, an analyst can easily grasp the factual circumstances and what the detection engine infers and thinks about the observations. Note that whether these events describe benign, malicious, relevant, or irrelevant behavior, or whether they lead to true or false positives, is not necessarily the concern. The concern is to be specific about the circumstances of the observed behavior and to be transparent about the inferences.

What was detected?

When we eventually succeed in explaining the security events, we might not be finished with the storytelling yet. The analyst would face another dilemma. They would ask: “What relevance does this event have in my environment? Is it part of an attack, an attack technique perhaps? What should I look for next?”

In the human-written report, the “impact” section provides a translation between the fact-based technical language of “how” and the business language of “what.” In this business language, we talk about threats, risks, attacker objectives, their progress, and so on.

This translation is an important part of the story. In our previous example about DNS tunnelling, we might want to express that “an anomaly in DNS traffic is a sign of an attacker communicating with their command-and-control infrastructure,” or that “it is a sign of exfiltration,” or perhaps both. The connotation is that both techniques are post-infection, and that there is probably already a foothold that the attacker has established. Perhaps other security events point to this, or perhaps it needs to be sought after by the analyst.

When it is not explicit, the analyst needs to mentally perform the translation. Again, an analyst might look up some intelligence in external sources and incorrectly interpret the detection engine’s message. Instead, they might conclude that “an anomaly in DNS traffic is a policy violation, user error, or reconnaissance activity,” leading them astray from pivoting and searching for the endpoint foothold that performs the command-and-control activity.

What versus How

We take special attention not to mix these two different dictionaries. Rather, we express separately the factual observations versus the conclusions in the form of threats and risks. Inbetween, there are the various chains of inferences. Based on the complexity, the depth of the story varies, but the beginning and the end will always be there: facts versus conclusions.

This is very similar to how an analyst would set up their investigation board to organize what they know about the case. Here is an elaborate example:

 

In this case, from top to bottom:

• Use of a domain generation algorithms (DGA) technique was inferred by observing communication to hostnames with random names.
• Malicious advertising (malvertising) was inferred by observing communication with hostnames and by observing communication with IP addresses that have passive DNS associations with (the same) hostnames.
• Presence of an ad injector was inferred by observing communication to specific URLs and inferred by a pattern matcher, as well as communication to specific hostnames.

In all points, the “what” and “how” languages are distinguished from each other. Finally, the whole story is stitched together into one alert by using the alert fusion algorithm described in the Intelligent alert management blog post.

Wrap-up

Have we bridged the storytelling gap between machine-generated and human-generated reports?

Threat detections need to be narrated in sufficient detail, so that our users can understand them. Previously, we relied on the human aspect—we would need to document, provide support, and even reverse-engineer what the detection algorithms said.

The two solutions, distinguishing the “what/how” languages and the annotated events, provide the bandwidth to transmit the details and the expert knowledge directly from the detection algorithms. Our stories are now rich with detail and are built automatically in real time.

The result allows for quick orientation in complex detections and lowers the time to triage. It also helps to correctly convey the message, from our team, through the detection engine, and towards the analyst, lowering the possibility of misinterpretation.

This capability is part of Cisco Global Threat Alerts, currently available within Cisco Secure Network Analytics and Cisco Secure Endpoint, and has been continually improved based on customer feedback. In the future, it will also be available in Cisco SecureX XDR.

Follow the series on Security detection with XDR

 

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Chinese Hackers Distribute Backdoored Web3 Wallets for iOS and Android Users

A technically sophisticated threat actor known as SeaFlower has been targeting Android and iOS users as part of an extensive campaign that mimics official cryptocurrency wallet websites intending to distribute backdoored apps that drain victims' funds. Said to be first discovered in March 2022, the cluster of activity "hint[s] to a strong relationship with a Chinese-speaking entity yet to be

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second

Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date. The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a "powerful" botnet of

Panchan: A New Golang-based Peer-To-Peer Botnet Targeting Linux Servers

A new Golang-based peer-to-peer (P2P) botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "harvests SSH keys to perform lateral movement." <!--adsense--> The feature-packed

Learn Cybersecurity with Palo Alto Networks Through this PCCSA Course @ 93% OFF

In the world of cybersecurity, reputation is everything. Most business owners have little understanding of the technical side, so they have to rely on credibility. Founded back in 2005, Palo Alto Networks is a cybersecurity giant that has earned the trust of the business community thanks to its impressive track record. The company now provides services to over 70,000 organizations in 150

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks

QNAP, Taiwanese maker of network-attached storage (NAS) devices, on Wednesday said it's in the process of fixing a critical three-year-old PHP vulnerability that could be abused to achieve remote code execution. "A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with improper nginx config," the hardware vendor said in an

Simplified SaaS Security for MSPs – Cisco Secure is now open in Canada

Managed services are an essential and fast-growing part of the security market, growing 14% annually. This opportunity presents new challenges MSPs must juggle day to day, including onboarding vendors and driving customer acquisition, all while making sure to provide robust IT solutions for your diverse set of clients. Clients are demanding more security and capabilities for a hybrid workforce, which provides a great opportunity for MSPs like you to grow your business.

We love our MSP community and want to help you deliver great security solutions to your clients. After speaking with many of you to understand how Cisco can help unlock growth for your businesses today, we developed a simplified buying model that delivers faster time to value. Cisco Secure MSP was born.

Secure MSP center was launched in the US market in November 2021 and MSPs across America have been rapidly transacting their business on MSP Center. We are excited to announce we are expanding this direct buying experience to Canadian MSPs in local Canadian Dollars for faster time to value and better ROI for your business.

Here’s a refresher of Secure MSP Center – 

It is a lightning fast and direct buying experience of SaaS security- No invoicing. Straightforward market pricing. And easy click-to-accept agreements. Cisco Umbrella’s market-leading DNS security is currently available with more SaaS security products coming soon.

So, how does Cisco Secure MSP work? 

It’s a simple three-step process that takes just minutes, from signup to deployment.  

Step 1 – You can sign up here and login with your Cisco ID (or create one)  

Step 2 – Provide billing and credit card information and sign a click-to-accept agreement 

Step 3 – Get access to our world class Cisco Umbrella DNS security offer 

From here, you can onboard your clients and start providing the first line of defense through Umbrella DNS Security product instantly. Sign up to deployment takes minutes – not hours or days.  

From here, you can onboard your clients and start providing the first line of defense through Umbrella DNS Security product instantly. Sign up to deployment takes minutes – not hours or days.

There are no minimums or upfront fees. Your credit card will be charged on the first of the month and you’ll receive a detailed invoice. This is a simple, no hassle, and post-paid consumption-based model.

Other perks include a dedicated partner account manager alongside our sales engineer, who will help you not only with product deployments but also work with you to grow your business. We also have an MSP specialist team to answer your questions.

Partners currently using Secure MSP Center have had great things to say –

“Wow, this was a much easier process than I thought it would be”

“I’m glad Cisco created a program and process that was this simple”

“I thought this would be more complicated”

“That’s all there is to it?”

So, what are you waiting for? Come and take the first step in simplifying security offers for your clients. Sign up here: cisco.com/go/securemsp.

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Why 8kun Went Offline During the January 6 Hearings

The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump’s invitation to “be wild” in Washington, D.C. on that chaotic day. At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline. Watkins suggested the outage was somehow related to the work of the committee, but the truth is KrebsOnSecurity was responsible and the timing was pure coincidence.

In a follow-up video address to his followers, Watkins said the outage happened shortly after the Jan. 6 committee aired his brief video testimony.

“Then everything that I have anything to do with seemed to crash, so that there was no way for me to go out and talk to anybody,” Watkins said. “The whole network seemed to go offline at the same time, and that affected a lot of people.”

8kun and many other sites that continue to push the false narrative that the 2020 election was stolen from the 45th president have long been connected to the Internet via VanwaTech, a hosting firm based in Vancouver, Wash. In late October 2020, a phone call to VanwaTech’s sole provider of connectivity to the Internet resulted in a similar outage for 8kun.

Following that 2020 outage, 8kun and a large number of QAnon conspiracy sites found refuge in a Russian hosting provider. But when the anonymous “Q” leader of QAnon suddenly began posting on 8kun again earlier this month, KrebsOnSecurity received a tip that 8kun was once again connected to the larger Internet via a single upstream provider based in the United States.

On Sunday, July 10, KrebsOnSecurity contacted Psychz Networks, a hosting provider in Los Angeles, to see if they were aware that they were the sole Internet lifeline for 8kun et. al.  Psychz confirmed that in response to a report from KrebsOnSecurity, VanwaTech was removed from its network around the time of the Jan. 6 hearing on Tuesday.

8kun and its archipelago of conspiracy theory communities have once again drifted back into the arms of a Russian hosting provider (AS207651), which is connected to the larger Internet via two providers. Those include AS31500 — which appears to be owned by Russians but is making a fair pretense at being located in the Caribbean; and AS28917, in Vilnius, Lithuania.

8kun’s newfound Russian connections will likely hold, but Lithuania may be a different story. Late last month, pro-Russian hackers claimed responsibility for an extensive distributed denial-of-service (DDoS) attack against Lithuanian state and private websites, which reportedly was in response to Vilnius’s decision to cease the transit of some goods under European Union sanctions to Russia’s Kaliningrad exclave.

Many have speculated that Jim Watkins and/or his son Ron are in fact “Q,” the anonymous persona behind the QAnon conspiracy theory, which held that Former President Trump was secretly working to save the world from a satanic cult of pedophiles and cannibals.

8chan/8kun has been linked to white supremacism, neo-Nazism, antisemitism, multiple mass shootings, and is known for hosting child pornography. After three mass shootings in 2019 revealed the perpetrators had spread their manifestos on 8chan and even streamed their killings live there, 8chan was ostracized by one Internet provider after another.

In 2019, the FBI identified QAnon as a potential domestic terror threat, noting that some of its followers have been linked to violent incidents motivated by fringe beliefs.

The Jan. 6 hearing referenced in this story is available via CSPAN.

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.  "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an

Hackers Targeting VoIP Servers By Exploiting Digium Phone Software

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo

Russian Hackers Using DropBox and Google Drive to Drop Malicious Payloads

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems. "These campaigns are believed to have targeted several Western diplomatic missions between May and June 2022," Palo Alto Networks Unit 42 said in a Tuesday

Cisco Releases Patches for Critical Flaws Impacting Nexus Dashboard for Data Centers

Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary actions with elevated permissions on affected systems. Of the 45 bugs, one security vulnerability is rated Critical, three are rated High, and 41 are rated Medium in severity.  The most severe of the issues are CVE-2022-20857, CVE-2022-20858,

Cisco and AWS: Securing your resilience in a hybrid cloud world

We’ve all seen the headlines like “race to the cloud” and “cloud-first.” These articles and publications are true, more and more customers have adopted cloud strategies, but there is more to the story. In these customer conversations, cloud security and network security are often discussed in unison. Why is that?   

Customers desire freedom and choice when establishing resilience across every aspect of their business, and this requires both the ability to remain agile, and maintain control of their organization’s most sensitive data. Neither of these can be achieved with just the cloud, or private data center. Organizations are investing in hybrid-multicloud environments to ensure continuity amidst unpredictable threats and change. But these investments will fall short if they do not include security. 

The modern enterprise relies on the network more than ever before, and it looks a lot different than it did 10 years ago. According to our 2022 Global Hybrid Cloud Trends Report, where 2,500 global IT leaders were interviewed across 13 countries, 82% said they have adopted hybrid cloud architectures, and 47% of organizations use between two and three public IaaS clouds1. As organizations have grown more dependent on the network, the more complex it has become, making firewall capabilities the most critical element of the hybrid-multicloud security strategy. And Cisco has a firewall capability for every strategy, protecting your most important assets no matter where you choose to deploy it.  

In May, Cisco brought offerings from Umbrella and Duo to the AWS Marketplace. Today at AWS Re:Inforce, Cisco Secure announced furthering its partnership with AWS to drive innovation with the goal to protect the integrity of your business. Validating our commitment to hybrid-multicloud security, Cisco has received the AWS Security Competency Partner designation for Network and Infrastructure Security. This designation was awarded through our demonstrated success with customer engagements and rigorous technical validations of Secure Firewall.  

Now demoing at AWS Re:Inforce: Cisco Secure Firewall as-a-service on AWS 

This week at AWS Re:Inforce, customers can stop by our booth to see our latest firewall innovation. Cisco Secure Firewall as-a-service on AWS builds on our existing portfolio, giving organizations greater flexibility and choice with a radically simplified SaaS offering. If organizations are truly to embrace security across the multi-environment IT, customers demand simplification without compromising security. With a SaaS-based form factor, management and deployment complexity is reduced. NetOps and SecOps teams will enjoy a simplified security architecture where provisioning of firewalls and control plane infrastructure are managed by Cisco. This will save your teams time by removing the need to rearchitect the network, freeing them to focus on protecting the integrity of your business. 

As organizations continue to move more of their day-to-day operations to the cloud, Cisco and AWS are committed to ensure that security is an integral part of their hybrid multi-cloud strategy. We all have seen the impact of security that is bolted on, or too complex. If we are truly to find that balance between agility and protection to ensure business continuity, we need to ensure the same protections we have in the private infrastructure are easily consumed no matter where your data may roam.  

Additional Resources 

Product page: Cisco Secure Firewall for Public Cloud 

Partner page: Cisco solutions on AWS 

Blog: Securing cloud is everyone’s responsibility 

Quick Start page: Cisco solutions on AWS 

Amazon Partner Network page: Cisco solutions on AWS  

2022 Global Hybrid Cloud Trends Report 

References 

1 Henderson, N. & Hanselman, E. (2022, May 25). 2022 Global Hybrid Cloud Trends Report. 

S&P Global Market Intelligence, commissioned by Cisco Systems. 

https://www.cisco.com/c/en/us/solutions/hybrid-cloud/2022-trends.html ‘

---

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

A Growing Number of Malware Attacks Leveraging Dark Utilities 'C2-as-a-Service'

A nascent service called Dark Utilities has already attracted 3,000 users for its ability to provide command-and-control (C2) services with the goal of commandeering compromised systems. "It is marketed as a means to enable remote access, command execution, distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations on infected systems," Cisco Talos said in a report shared