Login
If we run a contest for Mr. Popular of Amazon Web Services (AWS), without a doubt Amazon Simple Storage Service (S3) has ‘winner’ written all over it. However, what’s popular is not always what is critical for your business to focus on. There is popularity and then there is dependability. Let’s acknowledge how reliant we are on Amazon Elastic Cloud Computing (EC2) as AWS infrastructure led-organizations.
We reflected upon our in-house findings for the AWS ‘Security’ pillar in our last blog, Four Reasons Your Cloud Security is Keeping You Up at Night, explicitly leaving out over caffeination and excessive screen time!
Drilling further down to the most affected AWS Services, Amazon EC2 related issues topped the list with 32% of all issues. Whereas Mr. Popular – Amazon S3 contributed to 12% of all issues. While cloud providers, like AWS, offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. The results showing the number of issues impacting Amazon EC2 customers demonstrates the security gap that can happen when the customer part of the shared responsibility model is not well understood.
While these AWS services and infrastructure are secure, customers also have a responsibility to secure their data and to configure environments according to AWS best practices. So how do we ensure that we keep our focus on this crucial service and ensure the flexibility, scalability, and security of a growing infrastructure?
Introducing Rules
If you thought you were done with rules after passing high school and moving out of your parent’s house, you would have soon realized that you were living a dream. Rules seem to be everywhere! Rules are important, they keep us safe and secure. While some may still say ‘rules are made to be broken’, you will go into a slump if your cloud infrastructure breaks the rules of the industry and gets exposed to security vulnerabilities.
It is great if you are already following the Best Practices for Amazon EC2, but if not, how do you monitor the performance of your services day in and day out to ensure their adherence to these best practices? How can you track if all your services and resources are running as per the recommended standards?
We’re here to help with that. Trend Micro Cloud One – Conformity ‘Rules’ provide you with that visibility for some of the most critical services like Amazon EC2.
What is the Rule?
A ‘Rule’ is the definition of the best practice used as a basis for an assessment that is run by Conformity on a particular piece of your Cloud infrastructure. When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an Amazon EC2 may have 60 Rules (Checks) scanning for various risks/vulnerabilities. Checks are either a SUCCESS or a FAILURE.
Conformity has about 540 Rules and 60 of them are for monitoring your Amazon EC2 services best practices. Conformity Bot scans your cloud accounts for these Rules and presents you with the ‘Checks’ to prioritize and remediate the issues keeping your services healthy and prevent security breaches.
Amazon EC2 Best Practices and Rules
Here are just a few examples of how Conformity Rules have got you covered for some of the most critical Amazon EC2 best practices:
|
|
See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.
Stay Safe!
The post The AWS Service to Focus On – Amazon EC2 appeared first on .
If the past couple of months have taught us anything, it’s that partnerships matter in times of crisis. We’re better, stronger and more resilient when we work together. Specifically, public-private partnerships matter in cybersecurity, which is why Trend Micro is always happy to reach out across industry, academia and law enforcement to offer its expertise.
We are again delighted to be working with long-time partner INTERPOL over the coming weeks on a new awareness campaign to help businesses and remote workers stay safe from a deluge of COVID-19 threats.
The new normal
All over the world, organizations have been forced to rapidly adjust to the new normal: social distancing, government lockdowns and mass remote working. While most have responded superbly to the challenge, there’s no denying that IT security teams and remote access infrastructure are being stretched to the limit. There are understandable concerns that home workers may be more distracted, and therefore likely to click on phishing links, and that their PCs and devices may not be as well protected as corporate equivalents.
At the same time, the bad guys have also reacted quickly to take advantage of the pandemic. Phishing campaigns using COVID as a lure have surged, spoofing health authorities, government departments and corporate senders. BEC attacks try to leverage the fact that home workers may not have colleagues around to check wire transfer requests. And remote infrastructure like RDP endpoints and VPNs are being targeted by ransomware attackers — even healthcare organizations that are simultaneously trying to treat critical patients infected with the virus.
Getting the basics right
That’s why Trend Micro has been pushing out regular updates — not only on the latest scams and threats we’re picking up around the globe, but also with advice on how to secure the newly distributed workforce. Things like improved password security, 2FA for work accounts, automatic software updates, regular back-ups, remote user training, and restricted use of VPNs can all help. We’re also offering six months free use of our flagship Trend Micro Maximum Security product to home workers.
Yet there’s always more to do. Getting the message across as far and wide as possible is where organizations like INTERPOL come in. That’s why we’re delighted to be teaming up with the global policing organization to run a new public awareness campaign throughout May. It builds on highly successful previous recent campaigns we’ve collaborated on, to tackle BEC and crypto-jacking.
This time, we’ll be resharing some key resources on social media to alert users to the range of threats out there, and what businesses and home workers can do to stay safe. And we’ll help to develop infographics and other new messages on how to combat ransomware, online scams, phishing and other threats.
We’re all doing what we can during these difficult days. But if some good can come from a truly terrible event like this, then it’s that we show our strength in the face of adversity. And by following best practices, we can make life much tougher for the cybercriminals looking to profit from tragedy.
The post Teaming up with INTERPOL to combat COVID-19 threats appeared first on .
Introduction: This article provides an overview of various techniques that can be used to mitigate Format String vulnerabilities. In addition to the mitigations that are offered by the compilers & operating systems, we will also discuss preventive measures that can be used while writing programs in languages susceptible to Format String vulnerabilities. Techniques to prevent […]
The post How to mitigate Format String Vulnerabilities appeared first on Infosec Resources.
Introduction In the previous articles, we discussed printing functions, format strings and format string vulnerabilities. This article provides an overview of how Format String vulnerabilities can be exploited. In this article, we will begin by solving a simple challenge to leak a secret from memory. In the next article, we will discuss another example, where […]
The post How to exploit Format String Vulnerabilities appeared first on Infosec Resources.
Introduction In the previous article, we understood how print functions like printf work. This article provides further definition of Format String vulnerabilities. We will begin by discussing how Format Strings can be used in an unusual way, which is a starting point to understanding Format String exploits. Next, we will understand what kind of mistakes […]
The post Format String Vulnerabilities: Use and Definitions appeared first on Infosec Resources.
Introduction This article provides an overview of how printing functions work and how format strings are used to format the data being printed. Developers often use print functions for a variety of reasons such as displaying data to the users and printing debug messages. While these print functions appear to be innocent, they can cause […]
The post Introduction to Printing and Format Strings appeared first on Infosec Resources.
Introduction To understand Network Security, it’s imperative that we understand networking fundamentals and networking basics. In this post, we will be learning about networking basics and fundamentals to get started with Network Security. We cannot cover whole networking in a single post so we will be focusing only on core networking concepts needed for network […]
The post Networking fundamentals (for Network security professionals) appeared first on Infosec Resources.
Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have […]
The post Browser Forensics: IE 11 appeared first on Infosec Resources.
Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have […]
The post Browser Forensics: Firefox appeared first on Infosec Resources.
Introduction Browsers have become an inherent part of our virtual life and we all make use of browsers for surfing the internet in some or the other way. Also, browsers can be used not only for surfing, we can make use of browsers for navigating through the file system of the OS. You might have […]
The post Browser Forensics: Google Chrome appeared first on Infosec Resources.
In the early days of the COVID-19 pandemic, another pandemic of sorts took root—this one an “infodemic.” Whether designed to mislead, instill fear, capitalize on crank remedies, or push phony cures that caused harm or worse, millions of outright false stories about COVID-19 proliferated across the internet. And continue to do so.
Now, with our upcoming election in the U.S., there’s concern that this infodemic of misinformation about COVID-19 will keep people away from the polls or from working at them. Particularly elders.
With this blog, my aim is to point you toward trustworthy resources online that can help you get your vote cast and counted safely.
First, a word about COVID-19 misinformation in general.
Since the initial outbreak, we’ve monitored online threats and scams related to COVID-19. As shown in our July 2020 Threat Report, the first three months saw the number of malicious and scam websites related to COVID-19 jump from 1,600 to more than 39,000, along with a wave of spam emails and posts that peddled bogus sites for protective gear, masks, and cures. Now, in mid-September, our threat detection team has uncovered three million online threats related to COVID-19 and counting. (See the daily tally here for the latest figures.)
Elsewhere, global and national public health officials have worked diligently to counter these waves of misinformation, such as the World Health Organization’s COVID-19 “mythbuster” site, in addition to further mythbusting from major news outlets around the world and yet more mythbusting from respected science publications. However, instances of misinformation, both big and small, persist and can lead to negative health consequences for those who buy into such misinformation.
Whether you’ll vote in person or by mail, these links provide a mix of trustworthy information about voting and the latest verified information about the virus:
Be aware that our collective understanding of COVID-19 continues to evolve. The pandemic isn’t even a year old at this time, and new research continues to reveal more about its nature. Be sure to check with these resources along with your local public health resources for the latest on the virus and how to stay safe.
If you’re considering voting by mail, the following is for you. Published by U.S. News and World Report, this article breaks down how you can vote by mail in your state. While all 50 states allow for mail-in voting in some form or fashion, specifics vary, and some states make it easier to do than others. (For example, a handful of states like Texas, Indiana, and Louisiana currently do not allow COVID-19 concerns as a valid reason for requesting a mail-in ballot.)
Note that this article was published at the end of August, so be sure to follow the links for your state as published in the article for the absolute latest information. Yet don’t wait to look into your absentee or mail-in options. As noted above, each state has its terms and deadlines, so it’s best to review your options now.
Meanwhile, five states— Colorado, Hawaii, Oregon, Washington state, and Utah already conduct their elections entirely by mail. Such practices have proven to be successful alternatives to voting in person, they have slightly increased voter turnout while minimizing the risks of voter fraud.
Get your vote out safely. Whether it’s by visiting the polls following the safety guidelines or by way of mail as also allowed by your state, it can be done—particularly when you have trusted information sources at hand.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post U.S. Election 2020 – Don’t Let COVID-19 Misinformation Suppress Your Vote appeared first on McAfee Blogs.
Where do you get your news? There’s a good chance much of it comes from social media.
In 2019, Pew Research found that 55% of American adults said they get their news from social media either “often” or “sometimes,” which is an 8% rise over the previous year. We can visualize what that mix might look like. Some of their news on social media may come from information sources they’ve subscribed to and yet more news may appear via articles reposted or retweeted by friends.
So, as we scroll through our feeds and quickly find ourselves awash in a cascade of news and comments on the news, we also find ourselves wondering: what’s true and false here?
And that’s the right question to ask. With the advent of the internet, anyone can become a publisher. That’s one of the internet’s greatest strengths—we can all have a voice. Publishing is no longer limited to newspaper, TV, and radio ownership bodies. Yet it’s one of the internet’s greatest challenges as well—with millions of publishers out there, not everyone is posting the truth. And sometimes, people aren’t doing the posting at all.
For example, last May, researchers at Carnegie Melon University studied more than 200 million tweets about the current virus. Of the top 50 most influential retweeters, 82% of them were bots. Some 62% of the top 1,000 retweeters were bots as well. What were they retweeting? Researchers said the tweets revolved around more than 100 types of inaccurate stories that included unfounded conspiracy theories and phony cures. Researchers cited two reasons for this surge: “First, more individuals have time on their hands to create do-it-yourself bots. But the number of sophisticated groups that hire firms to run bot accounts also has increased.”
With the sheer volume of news and information we wade through each day, you can be assured that degrees of false and misleading information make their way into people’s social media mix. And that calls for all of us to build up our media literacy—which is our ability to critically analyze the media we consume for bias and accuracy.
What follows are a few basics of media literacy that can help you to discern what’s fact and what’s fiction as you scroll through your social media feed for news.
When talking about spotting truth from falsehood on social media, it helps to first define two types of falsehood: unintentional and the deliberate.
First off, there’s unintentional misinformation. We’re only human, and sometimes that means we get things wrong. We forget details, recall things incorrectly, or we pass along unverified accounts that we mistakenly take for fact. Thus, misinformation is wrong information that you don’t know is wrong. An innocent everyday example of this is when someone on your neighborhood Facebook group posts that the drug store closes at 8pm on weeknights when in fact it really closes at 7pm. They believe it closes at 8pm, but they’re simply mistaken.
That differs entirely from deliberate disinformation. This is intentionally misleading information or facts that have been manipulated to create a false narrative—typically with an ulterior motive in mind. The readiest example of this is propaganda, yet other examples also extend to deliberate untruths engineered to discredit a person, group, or institution. In other words, disinformation can take forms both large and small. It can apply to a person just as easily as it can to a major news story.
Now, let’s take a look at some habits and tactics designed to help you get a better grasp on the truth in your social media feed.
Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts? Likewise, that source has sources too. Consider them in the same way as well.
Now, what’s the best way to go about that? For one, social media platforms are starting to embed information about publications into posts where their content is shared. For example, if a friend shares an article from The Economist, Facebook now includes a small link in the form of an “i” in a circle. Clicking on this presents information about the publication, which can give you a quick overview of its ownership, when it was founded, and so forth.
Another fact-finding trick comes by way of Michael Caufield, the Director of Blended and Networked Learning at Washington State University. He calls it: “Just Add Wikipedia.” It entails doing a search for a Wikipedia page by using the URL of an information source. For example, if you saw an article published on Vox.com, you’d simply search “Wikipedia www.vox.com.” The Wikipedia entry will give you an overview of the information source, its track record, its ownership, and if it has fired reporters or staff for false reporting. Of course, be aware that Wikipedia entries are written by public editors and contributors. These articles will only be as accurate as the source material that they are drawn from, so be sure to reference the footnotes that are cited in the entry. Reading those will let you know if the entry is informed by facts from reputable sources as well. They may open up other avenues of fact-finding as well!
A single information source or story won’t provide a complete picture. It may only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of which have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broader range information sources is so important.
So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and have the ability to compare and contrast different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet.
Additionally, for a list of reputable information sources, along with the reasons why they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point.
Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check could be in order.
There’s a good reason for that. Bad actors who wish to foment unrest, unease, or simply spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to actually get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information is completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all.
Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact check and confirm what you’ve read. This leads us right back to our earlier points about considering the source and cross-checking against other sources of information as well.
You’ve probably seen headlines similar to this before: THIS FAT-BURNING TRICK HAS DOCTORS BAFFLED! You’ll usually spot them in big blocks laden with catchy photos and illustrations, almost to the point that they look like they’re links to other news stories. They’re not. They’re ads, which often strike a sensationalistic tone.
The next time you spot one of these, look around the area of the web page where they’re placed. You should find a little graphic or snippet of text that says “Advertisement,” “Paid Sponsor,” or something similar. And there you go. You spotted some sponsored content. These so-called articles aren’t intentionally developed to misinform you. They are likely trying to bait you into buying something.
However, in some less reputable corners of the web ads like these can take you to malicious sites that install malware or expose you to other threats. Always surf with web browser protection. Good browser protection will either identify such links as malicious right away or prevent your browser from proceeding to the malicious site if you click on such a link.
So, let’s say you’ve been following these practices of media literacy for a while. What do you do when you see a friend posting what appears to be misinformation on their social media account? If you’re inclined to step in and comment, try to be helpful, not right.
We can only imagine how many spoiled relationships and “unfriendings” have occurred thanks to moments where one person comments on a post with the best intentions of “setting the record straight,” only to see tempers flare. We’ve all seen it happen. The original poster, instead of being open to the new information, digs in their heels and becomes that much more convinced of being right on the topic.
One way to keep your friendships and good feelings intact is this: instead of entering the conversation with the intention of being “right,” help people discover the facts for themselves. You can present your information as part of a discussion on the topic. So while you shouldn’t expect this to act like a magic wand that whisks away misinformation, what you can do is provide a path toward a reputable source of information that the original poster, and their friends, can follow if they wish.
Wherever your online travels take you as you read and research the news, be sure to go out there with a complete security suite. In addition to providing virus protection, it will also help protect your identity and privacy as you do anything online. Also look for an option that will protect your mobile devices too, as we spend plenty of time scrolling through our social media feeds on our smartphones.
If you’re interested in learning more about savvy media consumption, pop open a tab and give these articles a read—they’ll give you a great start:
Bots in the Twittersphere: Pew Research
How to Spot Fake News: FactCheck.org
Likewise, keep an eye on your own habits. We forward news in our social media feeds too—so follow these same good habits when you feel like it’s time to post. Make sure that what you share is truthful too.
Be safe, be well-read, and be helpful!
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Spot Fake News and Misinformation in Your Social Media Feed appeared first on McAfee Blogs.
On September 22nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the potential threat from foreign actors and cybercriminals attempting to spread false information. Their joint public service announcement makes a direct statement regarding how this could affect our election:
“Foreign actors and cybercriminals could create new websites, change existing websites, and create or share corresponding social media content to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions.”
Their call to action is clear—critically evaluate the content you consume and to seek out reliable and verified information from trusted sources, such as state and local election officials. Not just leading up to Election Day, but during and after as well.
Here’s why: it’s estimated that roughly 75% of American voters will be eligible to vote by mail, potentially leading to some 80 million mail-in ballots being cast. That’s twice the number from the 2016 presidential election, which could prolong the normal certification process. Election results will likely take days, even weeks, to ensure every legally cast ballot is counted accurately so that the election results can ultimately get certified.
That extended stretch of time is where the concerns come in. Per the FBI and CISA:
“Foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy.”
In short, bad actors may attempt to undermine people’s confidence in our election as the results come in.
Our moment to act as smart consumers, and sharers, of online news has never been more immediate.
Before we look at how we can combat the spread of false information this election, let’s see how it cascades across the internet.
It’s been found that false political news traveled deeper and more broadly, reached more people, and was more viral than any other category of false information, according to a Massachusetts Institute of Technology study on the spread of true and false news online, which was published by Science in 2018.
Why’s that so? In a word: people. According to the research findings,
“We found that false news was more novel than true news, which suggests that people were more likely to share novel information … Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”
Thus, bad actors pick their topics, pumps false information about them into social media channels, and then lets people spread it by way of shares, retweets, and the like—thanks to “novel” and click-baity headlines for content people may not even read or watch, let alone fact check.
Done on a large scale, false information thus can hit millions of feeds, which is what the FBI and CISA is warning us about.
The FBI and CISA recommend the following:
If there’s a common theme across our election blogs so far, it’s trustworthiness.
Knowing which sources are deserving of our trust and being able to spot the ones that are not takes effort—such as fact-checking from reputable sources like FactCheck.org, the Associated Press, and Reuters or researching the publisher of the content in question to review their credentials. Yet that effort it worthwhile, even necessary today. The resources listed in my recent blogs can help:
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020 – Keep Misinformation from Undermining the Vote appeared first on McAfee Blogs.
Election 2020: Make Sure Your Voice is Heard with These Tips & Best Practices
Last year, India exercised one of the greatest feats of democracy, trying to enable over 900 million people to vote in their general election. My mom lives in India, and I remember talking with her about their ambitious plans to reach every voter, no matter how remote their location. They sent poll workers deep into the jungle, and across rivers, to reach just a handful of voters. The result: a record turnout at over 67%.
In the United States, we too have an opportunity to fulfill our civic duties, with various options available to us to make sure our votes are heard. While many people choosing to mail in their votes for the very first time, there’s also a lot of confusion around election rules and security, not to mention a flood of misinformation online to be wary of.
Here at McAfee, we want to help you vote with confidence in this critical election. That’s why we’ve put together a number of tools, resources, and best practices to empower voters. Our hope is that every voice can be heard.
Demystifying Mail-In Voting
Let’s start with some questions you may have around mail-in voting, since twice as many people plan to mail in their ballots this year, compared to 2016. Of course, with the COVID-19 pandemic still active, it’s understandable that many people, especially the vulnerable, would prefer to mail their ballot, rather than go to a polling station. I personally got my mail-in ballot and am ready to mail it this week. If you haven’t decided on how to vote, you still have time to decide.
To get accurate information on mail-in voting, go directly to your state and local websites for guidance, including how to fill out your ballot, and when to turn it in. Rules vary state to state, but one thing we do know is that mail-in voting has proven to be a reliable and secure way to have your voice heard.
It’s great to see long lines to vote in some states already. If you are still concerned about election security and online scams, my colleague Judith Bitterli has written a great guide for locating reliable sources and protecting your vote (Key tip: always look for a .gov domain name).
She also has advice for making sure that your mail-in ballot counts.
Safe Election Surfing
When looking online for election resources, be aware that scammers and cybercriminals are always trying to take advantage of trending topics to misdirect users to dangerous websites and links. In fact, the FBI recently warned that bad actors have been setting up fake election websites, in an attempt to steal voters’ personal information, or get them to download dangerous files.
The Bureau suggests that you visit the U.S. Election Assistance Commission website for accurate information in a variety of languages. If you are concerned about clicking on risky links during the election or year-round, one smart action you can take is to install McAfee WebAdvisor, which warns you of risky sites before you click on them.
Although it can be tempting to believe election information posted on social media, especially by friends and family members, know that business school MIT Sloan says “fake news is at its peak” during online presidential years, and even your loved ones can be fooled.
But whether information is clickbait, or legitimate, it can still be posted to risky websites designed to steal your information, or download malware. That’s why McAfee released a new social media protection tool as part of WebAdvisor. Using color codes, the tool shows you which links are safe or risky right in your social feed, and can be used across all six major social media platforms. This makes it easier to avoid dangerous links posted on social channels. Given the increase in phishing we’ve observed in the last few months across PC and mobile platforms, a comprehensive security solution like McAfee® Total Protection can help keep your personal information and devices safe.
In-Person Voting
If you still plan to vote in person, or even better, volunteer as a poll worker, make sure that you have reliable information on voting times and locations. You’ll probably also want to look into local rules on health and safety precautions, so you are well prepared.
False and misleading information about COVID 19 has been swirling since the start of the pandemic, so it’s important that you seek verified information about the virus. Here again are some great tips from Judith on how to keep COVID misinformation from suppressing your vote.
Exercise Your Right
Now that you know how to sidestep misinformation, find trusted resources, and plan your vote — either through the mail or in person— I hope that you will exercise your right, with confidence.
The post Election 2020: Make Sure Your Voice is Heard with These Tips appeared first on McAfee Blogs.
If 2020 has taught us anything, it’s that our ability to think critically about the information we encounter online is now a fundamental life skill we need to learn, practice, and pass on to our offspring. But the actual task of teaching kids how to discern real and fabricated information online these days is easier said than done.
How did the truth get so hard to pin down? In the documentary The Social Dilemma, the answer to that question comes down to two things: Our growing reliance on social media for both human connection and information and the data-based algorithms social networks use to mine and sell data, nurture device dependence, and influence our behavior.
A 2019 Pew Study reveals that 55 percent of US adults get their news from social media either “often” or “sometimes.” A July 2020 Pew Study shows that people who rely on social media for news are less likely to get the facts right about the coronavirus and politics and more likely to hear some unproven claims.
The power of algorithms to deliver customized, manipulative content to a person’s screen is alarming, says Tristan Harris, a former design ethicist at Google, who is featured in The Social Dilemma, adding, “Never before in history have 50 designers made decisions that would have an impact on two billion people.”
On the heels of the recent election, Media Literacy skills will make a difference as false reports are likely to surface in our social feeds in the foreseeable future. For many, the willpower to shut down their social feeds altogether isn’t a viable option. So how do we wade through the veiled forms of manipulation and misinformation taking place all around us online?
One approach is to make a personal commitment to stay alert, slow down, and carefully vet the content you consume, create, or share.
One thing you might consider is making 2021 the year your family masters Media Literacy, a topic we’ve written extensively about on this blog. In short, Media Literacy is the ability to identify different types of content and understand the messages each is sending. Content includes texts, social media memes or posts, videos, television, movies, video games, music, and various other digital content. Reminder: Someone creates each piece of content and that person, group, or company has an agenda or message.
Do I understand all the points of view of this story?
What do I think about this topic or idea?
Am I overly emotional and eager to share this?
Am I being manipulated by this content?
What if I’m wrong?
Lastly, consume all media with thoughtful intention — avoid mindless scrolling and liking. A few other practical ways to fight back against the algorithms we drew from The Social Dilemma: Don’t click on video or content recommendations. Fight back against algorithms by choosing your content. Uninstall social media apps that are not useful and waste your time. Turn off notifications or any other alert that interferes with living life. If an issue has you angry or emotional, stop, breathe, and research the facts before sharing.
The post Helping Your Family Combat Digital Misinformation appeared first on McAfee Blogs.
Seems like the internet follows us wherever we go nowadays, whether it tags along via a smartphone, laptop, tablet, a wearable, or some combination of them all. Yet there’s something else that follows us around as well—our PII, a growing body of “personally identifiable information” that we create while banking, shopping, and simply browsing the internet. And no doubt about it, our PII is terrifically valuable.
What makes it so valuable? It’s no exaggeration to say that your PII is the key to your digital life, along with your financial and civic life as well. Aside from using it to create accounts and logins, it’s further tied to everything from your bank accounts and credit cards to your driver’s license and your tax refund.
Needless to say, your PII is something that needs protecting, so let’s take a look at several ways you can do just that.
What is PII? It’s information about you that others can use to identify you either directly or indirectly. Thus, that info could identify you on its own, or it could identify you when it’s linked to other identifiers, like the ones associated with the devices, apps, tools, and protocols you use.
A prime example of direct PII is your tax ID number because it’s unique and directly associated with your name. Further instances include your facial image to unlock your smartphone, your medical records, your finances, and your phone number because each of these can be easily linked back to you.
Then there are those indirect pieces of PII that act as helpers. While they may not identify you on their own, a few of them can when they’re added together. These helpers include things like internet protocol addresses, the unique device ID of your smartphone, or other identifiers such as radio frequency identification tags.
You can also find pieces of your PII in the accounts you use, like your Google to Apple IDs, which can be linked to your name, your email address, and the apps you have. You’ll also find it in the apps you use. For example, there’s PII in the app you use to map your walks and runs, because the combination of your smartphone’s unique device ID and GPS tracking can be used in conjunction with other information to identify who you are, not to mention where you typically like to do your 5k hill days. The same goes for messenger apps, which can collect how you interact with others, how often you use the app and your location information based on your IP address, GPS information, or both.
In all, there’s a cloud of PII that follows us around as we go about our day online. Some wisps of that cloud are more personally identifying than others. Yet gather enough of it and PII can create a high-resolution snapshot of you—who you are, what you’re doing when you’re doing it, and even where you’re doing it too—particularly if it gets into the wrong hands.
Remember Pig-Pen, the character straight from the old funny pages of Charles Schultz’s Charlie Brown? He’s hard to forget with that ever-present cloud of dust following him around. Charlie Brown once said, “He may be carrying the soil that trod upon by Solomon or Nebuchadnezzar or Genghis Khan!” It’s the same with us and our PII, except the cloud surrounding us, isn’t the dust of kings and conquerors, they’re motes of digital information that are of tremendously high value to crooks and bad actors—whether for purposes of identity theft or invasion of privacy.
With all PII we create and share on the internet, that calls for protecting it. Otherwise, our PII could fall into the hands of a hacker or identity thief and end up getting abused, in potentially painful and costly ways.
Here are several things you can do to help ensure that what’s private stays that way:
Square One is to protect your devices with comprehensive online protection software. This will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts.
Further, security software can also include a firewall that blocks unwanted traffic from entering your home network, such as an attacker poking around for network vulnerabilities so that they can “break-in” to your computer and steal information.
Also known as a virtual private network, a VPN helps protect your vital PII and other data with bank-grade encryption. The VPN encrypts your internet connection to keep your online activity private on any network, even public networks. Using a public network without a VPN can increase your cybersecurity risk because others on the network can potentially spy on your browsing and activity.
If you’re new to the notion of using a VPN, check out this article on VPNs and how to choose one so that you can get the best protection and privacy possible.
In the U.S., the Social Security Number (SSN) is one of the most prized pieces of PII as it unlocks the door to employment, finances, and much more. First up, keep a close grip on it. Literally. Store your card in a secure location. Not your purse or wallet.
Certain businesses and medical practices may ask you for your SSN for billing purposes and the like. You don’t have to provide it (although some businesses could refuse service if you don’t), and you can always ask if they will accept some alternative form of information. However, there are a handful of instances where an SSN is a requirement. These include:
Be aware that hackers often get a hold of SSNs because the organization holding that information gets hacked or compromised itself. Minimizing how often you provide your SSN can offer an extra degree of protection.
Protecting your files with encryption is a core concept in data and information security, and thus it’s a powerful way to protect your PII. It involves transforming data or information into code that requires a digital key to access it in its original, unencrypted format. For example, McAfee Total Protection includes File Lock, which is our file encryption feature that lets you lock important files in secure digital vaults on your device.
Additionally, you can also delete sensitive files with an application such as McAfee Shredder, which securely deletes files so that thieves can’t access them. (Quick fact: deleting files in your trash doesn’t actually delete them in the truest sense. They’re still there until they’re “shredded” or otherwise overwritten such that they can’t be restored.)
Which Marvel Universe superhero are you? Does it really matter? After all, such quizzes and social media posts are often grifting pieces of your PII in a seemingly playful way. While you’re not giving up your SSN, you may be giving up things like your birthday, your pet’s name, your first car … things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites. The one way to pass this kind of quiz is not to take it!
A far more direct form of separating you from your PII are phishing attacks. Posing as emails from known or trusted brands, financial institutions, or even a friend or family member a cybercrook’s phishing attack will attempt to trick you into sharing important information like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service.
How do you spot such emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated and can make their phishing emails look nearly legitimate. However, there are several ways you can spot a phishing email and phony web pages as outlined here.
Comprehensive security offers another layer of prevention, in this case by offering browser protection like our own Web Advisor, which will alert you in the event you come across suspicious links and downloads that can steal your PII or otherwise expose you to attacks.
With social engineering attacks that deceive victims by posing as people the victim knows and the way we can sometimes overshare a little too much about our lives, you can see why a social media profile is a potential goldmine for cybercriminals.
Two things you can do to help protect your PII from being at risk via social media: one, think twice about what PII you might be sharing in that post or photo—like the location of your child’s school or the license plate on your car; two, set your profile to private so that only friends can see it. Review your privacy settings regularly to keep your profile information out of the public eye. And remember, nothing is 100% private on the internet. Never post anything you wouldn’t want to see shared.
The “S” stands for secure. Any time you are shopping, banking, or sharing any kind of PII, look for “https” at the start of the web address. Some browsers will also indicate HTTP by showing a small “lock” icon. Doing otherwise on plain HTTP sites exposes your PII for anyone who cares to monitor that site for unsecured connections.
By locking your devices, you protect yourself that much better from PII and data theft in the event your device is lost, stolen, or even left unattended for a short stretch. Use your password, PIN, facial recognition, thumbprint ID, what have you. Just lock your stuff. In the case of your smartphones, read up on how you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Theft of your PII can of course lead to credit cards and other accounts being opened falsely in your name. What’s more, it can sometimes be some time before you even become aware of it, until perhaps your credit score takes a hit or a bill collector comes calling. By checking your credit, you can address any issues that come up, as companies typically have a clear-cut process for contesting any fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and likewise, other nations like the UK have similar free offerings as well.
Consider identity theft protection as well. A strong identity theft protection package pairs well with keeping track of your credit and offers cyber monitoring that scans the dark web to detect for misuse of your PII. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
The post Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII) appeared first on McAfee Blog.
It’s easy to imagine where we would be without women in technology.
We’d be poorer for it.
With Mother’s Day upon us, I couldn’t help but think once more about the stark employment figures I shared in my International Women’s Day blog just a few weeks ago. Millions of women have involuntarily left the workforce at a much higher rate than men during the pandemic—with roughly one third of women in the U.S. aged 25-44 citing that childcare was the reason for that unemployment.
Reflecting on this further, I thought about the women in technology who’ve left their positions during this past year. It’s a loss of talent and capability that’s set back decades of advances by trailblazing women who not only shine in their field yet also do so in male-dominated realms of study, research, and employment.
So as we look ahead to recovery, we should also look back. By celebrating just a few of the women in technology who shaped our world today, women who truly are “mothers of invention,” perhaps we can remember just how vital women are in our field—and how we should double down on our efforts to welcome them back.
Imagine a time when the term “software engineering” wasn’t recognized, even though it was crucial to us landing on the moon.
Such were the days when Margaret Hamilton began her work at Massachusetts Institute of Technology (MIT) as a job to support her family while her husband went to law school at Harvard. This was in 1959 and would introduce her to Edward Lorenz, the father of chaos theory, and put her on the path to help humanity set its first footsteps on the moon.
It was her work and her code that developed a software-driven system that warned astronauts of in-flight emergencies, an advance she credits her young daughter for inspiring, as recounted in this interview:
Often in the evening or at weekends I would bring my young daughter, Lauren, into work with me. One day, she was with me when I was doing a simulation of a mission to the moon. She liked to imitate me – playing astronaut. She started hitting keys and all of a sudden, the simulation started. Then she pressed other keys and the simulation crashed … I thought: my God – this could inadvertently happen in a real mission.
I suggested a program change to prevent a prelaunch program being selected during flight. But the higher-ups at MIT and NASA said the astronauts were too well trained to make such a mistake. Midcourse on the very next mission, Apollo 8, one of the astronauts on board accidentally did exactly what Lauren had done. The Lauren bug! It created much havoc and required the mission to be reconfigured. After that, they let me put the program change in, all right.
When you search online, you have this woman to thank.
A true pioneer, Karen Spärck Jones worked at Cambridge, during which time she developed the algorithm for deriving a statistic known as “term frequency–inverse document frequency” (TFIDF). In lay terms, TFIDF determines how important a word is relative to the document or collection of terms in which it is found. Sound familiar? It should, as her work forms the basis of practically every search engine today.
Spärck Jones remained outspoken with regards to what she referred to as “professionalism” in technology. This had two layers: the first being the technical efficacy of a solution, the second being the rationale for even doing it in the first place. In her words,
“[T]o be a proper professional you need to think about the context and motivation and justifications of what you’re doing … You don’t need a fundamental philosophical discussion every time you put finger to keyboard, but as computing is spreading so far into people’s lives you need to think about these things.”
Her vision for computing and her hands-on work led to development of COBOL, a programming language still in use today. Driving that vision was the belief that human language could be used as the basis for a programming language, making it more accessible, particularly for business use. The result was the FLOW-MATIC programming language, which was later developed into COBOL, a language that is estimated to be used in 95% of ATM card swipes.
During her time as a naval officer, she helped transform centralized Defense Department systems into smaller, distributed networks akin to the internet we now know and use. At her retirement near the age of 80, she went to work in the private sector where she held the role of full-time senior consultant until her passing at age 85. This 1983 profile of her, aired when she was 76, is certainly worth a watch.
Quite plainly, Perlman’s work paved the way for the routing protocols that underpin the modern internet.
Prior to Perlman’s work, as networks grew and accordingly became more complex, data would often flow into loops that prevented them from reaching their intended destination. Enter her creation of the Spanning Tree Protocol (STP), which can handle large clouds of computers and network devices. While its since evolved, the concept of an adaptive network remains squarely in place.
Another advance of hers was introducing computer programming to young children aged 3 to 5 back in the 1970s. While working at MIT’s LOGO Lab, she created TORTIS (Toddler’s Own Recursive Turtle Interpreter System), which used buttons from programming and allowed for experimentation with a robotic turtle that would follow a toddler’s commands. In the abstract for her paper that documented the work, she emphasized what she felt was a vital point, “Most important of all, it should teach that learning is fun.”
These women have led and inspired, and likewise it’s on all of us in technology to build on the advances they made possible through both our work and the workplace cultures we foster—particularly as we begin our recovery from this pandemic.
One of the many reasons I’m proud to be a part of McAfee is our Women in Security (WISE) community. It’s truly a forward-thinking program, which we introduced to enrich and support women in the tech sector through mentorship programs and professional development conferences. It’s one of the several, tangible ways we actively strive for a vibrant and diverse culture at McAfee.
Another powerful voice for women in tech is AnitaB.org, which supports women in technical fields, as well as the organizations that employ them and the academic institutions training the next generation. A full roster of programs help women grow, learn, and develop their highest potential.
And for looking forward yet further, there’s Girls Who Code, which is building the next generation of female engineers and technologists. Their data shows why this is so vital. They found that 66 percent of girls aged six to 12 show interest in computing, but that drops to 32 percent for girls aged 13 to 17, and then plummets to only 4 percent for college freshmen. Accordingly, they support several programs for school-aged girls from third grade up through senior year of high school, help educators and communities launch clubs, and advocate for women in their field through their work in public policy and research.
And that’s just for starters. For an overview of yet more organizations where you can get involved, check out this list of 16 organizations for women in tech—all of which help us realize a better world with women in technology.
The post The Mothers of Invention: Women Who Blazed the Trail in Technology appeared first on McAfee Blogs.
Of all the pastimes that took off during the pandemic, it’s not surprising that online gaming was one of them. After all, gaming offers excitement, new experiences, and social interaction, all from the comfort of home. It’s no wonder then that the gaming industry saw a 20% increase in revenue in 2020, as new and previously-retired gamers returned to this pastime.
But while the gaming industry was finding a lot of new allies, the players themselves faced growing exposure to malware and threats. Our 2020 Mobile Threat Report found that gamers are being targeted with phishing attacks and malicious apps, aimed at stealing usernames and passwords. With this information, hackers could potentially steal hard-earned in-game collectibles, as well as real-world money and personal information. And PC gamers face similar threats, from viruses and spyware to network attacks that could potentially put their personal information and property at risk.
While 75% of gamers surveyed worry about their security while gaming in the future, some worry they’ll have to compromise performance to be protected. That’s why McAfee® Gamer Security offers robust protection to PC gamers with one of the lowest impacts on system performance in the industry.
To protect the growing number of gamers against increasing threats, we are offering one free year of McAfee Gamer Security for one gaming PC to multi-device McAfee ® Total Protection and McAfee® Live Safe users in the U.S. This powerful software was built from the ground up to address the challenges gamers face, with speedy performance, system optimization, uninterrupted gaming, and no pop-up apps.
But don’t just take it from me. This is what one of our users have to say: “I believe [McAfee Gamer Security] had a positive impact … because it increased the speed of my game as well as gave me peace of mind that I was protected during my gameplay.”
We know that gamers are some of the most tech-savvy and connected users out there, so it’s important that we meet them where they are by giving them the performance and security they need to play at full throttle. After all, many users are seeking stress relief through gaming, not the extra worry over their online security.
With McAfee Gamer Security we made security for players more fun, by including a gamer-centric interface that was inspired by familiar apps like game launchers — you can check the current status of your system and key resources that impact in-game performance, like GPU, CPU, and memory, as well as perform real-time optimization. And of course, we’ve also included monitoring for your all-important FPS (frames per second). You can even access past performance data to better understand your game-by-game trends.
Let’s keep the excitement of gaming while adding the extra confidence of knowing that your digital life is protected. Whether you are new to McAfee or already enjoying our personal protection, you can download McAfee Gamer Security for free in under one minute with a qualifying subscription! In our mission to provide users with personal protection, we are welcoming PC gamers with open arms.
The post PC Gamers (and Parents of Gamers) Rejoice! appeared first on McAfee Blogs.
Summer is here, which means more sun and more fun for everyone. It also means more streaming, gaming, and downloading. This seasonal reality reminds us that to enjoy the best of summer, it’s important to stay aware of the digital risks that could sink the fun faster than you can say, “it’s hammock time!”
Emerging from the pandemic, we’re familiar with the increase in online time that came with remote learning. However, shift into summer means the remote learning hours will quickly turn into hours spent gaming, TikTok scrolling, and social networking. If you add summer travel plans to those activities, your family also becomes vulnerable to Wi-Fi breaches, viruses, sketchy apps, and device theft.
Suppose your family’s screen time rules became laxer this year. In that case, summer is the perfect time to start re-establishing healthy digital habits for gamer security, app security, and Wi-Fi security, be it at home or while traveling. Here are just a few tips to get you rolling.
According to a recent McAfee study 2021 Consumer Security Mindset: Travel Edition, 2 out of 3 Americans plan to travel this summer. However, the study also highlighted a troubling discrepancy: while 68% of Americans confirm they are more digitally connected since the onset of COVID-19, only about half of them have implemented additional levels of internet security.
Chances are someone in your immediate family — perhaps an elderly relative or a younger child — is among those who are more connected since COVID-19 but less secure as they head into the summer months. One way to close that gap is to educate and share family internet security tips. Here are just a few.
This summer can unfold seamlessly and be packed with unforgettable family memories. Or, it could be a season you’d rather forget if you wander into a digital danger zone. Remember: Your family’s privacy is as strong as your weakest family member’s security IQ. One vulnerable person exposes the data and security of everyone under your roof. So, taking the time to build up your family’s internet security is a big step in bummer-proofing your summer. Here’s to fun, sunny, safe days ahead!
The post At Home or On-the-Go: Boost Your Internet Safety this Summer appeared first on McAfee Blogs.
In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth when compared to Q1 2020, putting Apple in fourth place in the global PC market share. It is safe to say that Macs are well-loved and trusted devices by a significant portion of the population — but just how safe are they from a security perspective?
Many users have historically believed that Macs are untouchable by hackers, giving Apple devices a reputation for being more “secure” than other PCs. However, recent attacks show that this is not the case. According to TechCrunch, a new malware called XCSSET was recently found exploiting a vulnerability that allowed it to access parts of macOS, including the microphone, webcam, and screen recorder — all without consent from the user.
Let’s dive deeper into how XCSSET works.
Researchers first discovered XCSSET in 2020. The malware targeted Apple developers and the projects they use to build and code apps. By targeting app development projects, hackers infiltrated apps early in their production, causing developers to unknowingly distribute the malware to their users.
Once the malware is running on a user’s device, it uses multiple zero-day attacks to alter the machine and spy on the user. These attacks allow the hacker to:
While macOS is supposed to ask users for permission before allowing any app to record the screen, access the microphone or webcam, or open the user’s storage, XCSSET can bypass all of these permissions. This allows the malware to sneak in under the radar and inject malicious code into legitimate apps that commonly ask for screen-sharing permissions such as Zoom, WhatsApp, and Slack. By disguising itself among these legitimate apps, XCSSET inherits their permissions across the computer and avoids getting flagged by macOS’s built-in security defenses. As a result, the bug could allow hackers to access the victim’s microphone, webcam, or capture their keystrokes for login credentials or credit card information.
It is unclear how many devices were affected by XCSSET. Regardless, it is crucial for consumers to understand that Mac’s historical security reputation does not replace the need for users to take online safety precautions. The following tips can help macOS users protect themselves from malware:
Software developers are continuously working to identify and address security issues. Frequently updating your devices’ operating systems, browsers, and apps is the easiest way to have the latest fixes and security protections. For example, Apple confirmed that it addressed the bug exploited by XCSSET in macOS 11.4, which was made available on May 24th, 2021.
Hackers often use phishing emails or text messages as a means to distribute malware by disguising their malicious code in links and attachments. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message. This will allow you to confirm the sender’s legitimacy.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool to help identify malicious websites.
Regardless of whether you are Team PC or Team Mac, it is important to realize that both platforms are susceptible to cyberthreats that are constantly changing. Doing your research on prevalent threats and software bugs puts you in a better position to protect your online safety.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blogs.
If only more things in life came with training wheels; a child’s first smartphone could certainly use some.
Like taking off the training wheels and riding out into the neighborhood for the first time, a smartphone opens an entirely new world for children. There are apps, social media, group chats with friends, TikTok stars, and the joy of simply being “in” with their classmates and friends through the shared experience of the internet.
For parents, the similarities between first bike rides and first phones continue. You love the growing independence that this moment brings, yet you also wonder what your child will encounter out there when you’re not around. The good and the bad. How have you prepared them for this? Are they really ready?
That’s the question, isn’t it—when is my child ready for that first smartphone?
For years, your child has dabbled on the internet, whether that was playing on your phone while they were little, letting them spend time on a tablet, or using a computer for school. Along the way, there have been teaching moments, little lessons you’ve imparted about staying safe, how to treat others online, and so forth. In other words, you’ve introduced the internet to your child in steps. Giving them their own phone is yet another step, but a big one.
Yet those teaching moments and little lessons are things that they’ll lean on when they’re on their own phone—whether those were about “stranger dangers” online, proper online etiquette, and the difference between safe and unsafe websites. Understanding if your child has a firm foundation for navigating all the highs and lows of the internet is a strong indication of their readiness. After all, safely entering the always-online world of having a smartphone demands a level of intellectual and emotional maturity.
Good question. We do know that smartphone usage by children is on the rise. For example, research from Common Sense Media indicates that 53% of 11-year-olds have a smartphone, a number that jumps to 69% at age 12. That’s quite a bit of smartphone use by tweens, use which may be lightly monitored or not monitored at all. Note the percentage of ownership by age and the volume of screen time that follows in the infographic below:
Source: Common Sense Media
Why the rise, particularly in very young owners? However, does that mean 26% of nine-year-olds should have unfettered and all-day access to the internet in the palm of their hands? That’s a topic for you to decide for yourself and for the good of your family. However, if the notion of a third grader with a smartphone seems a little on the young side to you, there are alternatives to smartphones.
If keeping in touch is the primary reason for considering a smartphone, you have internet-free options that you can consider:
In all, for a younger child, one of these options may be your best bet. They’ll help you and your child keep in touch, develop good habits, and simply learn the basic responsibilities and behaviors that come with using a device to communicate with others.
Now’s a perfect time to prepare yourself for the day when your child indeed gets that first proper smartphone. That entails a little research and a little conversation on your part. Topics such as cyberbullying, digital literacy, social media etiquette, and so on will be important to get an understanding on. And those are just the first few.
A good place to start is your circle of family and friends. There, you can find out how they handled smartphone ownership with their children. You’ll likely hear a range of strategies and approaches, along with a few stories too, all of which can prepare you and your child.
I also suggest carving out a few minutes a week to read up on our McAfee blog safety topics so that you can have all the knowledge and tools you need. We blog on topics related to parenting and children quite regularly, and you can get a quick view of them here:
Having a smartphone will change not only their life, but yours as well. Relationships will evolve as your child navigates their new online life with their middle school and high school peers. (Remember those days? They weren’t always easy. Now throw smartphones into the mix.)
With that, give you and your child one last checkpoint. The following family talking points for owning a smartphone offer a solid framework for conversation and a way to assess if your child, and you, are truly ready for what’s ahead.
Once smartphone day arrives, it’s time to put two things in place—mobile security and parental controls:
Plenty. And as a mom myself, I rely heavily on those parental controls I put into place, but I also stay close to what they are doing online. It’s a bit of a mix. I simply ask them what’s going on and do a little, monitoring too. That could be asking them what their favorite games and apps are right now or talking about what playlists they’re listening to. This keeps communication open and normalizes talking about the phone/ their internet usage and what’s happening on it. Communication like this can come in handy later on should they need your help with something that’s occurred online. By talking now, the both of you will have an established place to start.
In all, take children’s smartphone ownership in steps and prepare them for the day those training wheels come off so the both of you can fully enjoy that newfound independence of life with a smartphone.
The post How to Prepare for Your Child’s First Smartphone appeared first on McAfee Blogs.
If you have a tween or teen, you’ve likely heard a lot of excited chatter about Roblox. With a reported 150 million users, there’s a good chance your child has the Roblox site on their phone, tablet, PC, or Xbox. In fact, in 2020, Roblox estimated that over half of kids in the U.S. under 16 had used the forum. However, as with all digital destinations, the fun of Roblox is not without some safety concerns.
Roblox is an online gaming forum (not an app or game as one might assume) where users can create and share games or just play games. Kids can play Roblox games with friends they know or join games with unknown players. Roblox hosts an infinite number of games (about 20 million), which makes it a fun place to build and share creations, chat, and make friends. Game creators can also make significant money if their games take off.
A huge component of Roblox is its social network element that allows users to chat and have meetups. During quarantine, Roblox added its own private space for users to host virtual private birthday parties and social gatherings.
Like any site or app, Roblox is safe if you take the time to optimize parental controls (both in-forum and personal software), monitor your child’s use, and taking basic precautions you’re your child starts using the forum. Especially with kids drawn to gaming communities, it’s important to monitor conversations they can be having with anyone, anywhere.
Roblox security tip: Adjust settings to prohibit strangers’ from friending an account. Consider watching your child play a few games and how he or she interacts or wanders through the app. Pay close attention to the chat feature. Keep the conversation open, so your child feels comfortable sharing online concerns with you.
If you have your child’s login information, you can easily view their activity history in a few vulnerable areas including private and group chats, friends list, games played, games created, and items purchased. It’s also a good idea to make sure their birthdate is correct since Roblox automatically filters chats and game content for users under 13. Roblox has a separate login for parents of younger kids that allows you to go in and view all activities.
As always, the best way to keep your child safe on Roblox or any other site or app is to take every opportunity for open, honest conversation about personal choices and potential risks online. Oh, and sitting down to play their favorite games with them — is always the best seat in the house.
The post What is Roblox and is It Safe for Kids? appeared first on McAfee Blogs.
I’m about to tell you an extraordinary fact about cybercrime. Some of the most significant data breaches in internet history weren’t after bank account numbers, cryptocurrency, or even credit card numbers. They were, in fact, after YOU. That’s right, the most valuable data on the internet is the data that comprises your identity. Let’s take a look at what that data is, how it gets leveraged by cybercriminals, and how you can get the online identity monitoring you deserve.
1 billion is a big number. In the case of a recent CVS database leak, that’s how many user records were accidentally released online, including details like email addresses and even searches about Covid vaccines. This is just one of the dozens of breaches that have occurred recently and will continue to happen as personally, identifiable information becomes more valuable to cybercriminals. Just as remarkable as the huge volume of user data being exposed online is the speed with which compromised data is used by hackers online. Cybersecurity researchers recently discovered that cybercriminals access leaked or stolen credentials within 12 hours to exploit them as soon as possible. These circumstances beg the question, why has your personally identifiable information has become so valuable lately?
While the value of some information, like a credit card number, is obvious, you may think your name and date of birth aren’t that big of a deal. After all, it wasn’t so long ago that you could find all that information in a phone book. In fact, personally identifiable information (PII), also known as data used to identify a specific individual, is what many data breaches are after.
Armed with just a mailing address, a phone number, and a date of birth, a cybercriminal can begin constructing a fake identity to take out loans and disguise many kinds of criminal activities. With a social security number and a few personal details from a social media account, they could take over a bank account. When it comes to your PII, any information is as good as gold to cybercriminals.
If our PII were treated like actual gold and held in a safe location like Fort Knox, I wouldn’t be writing this post. But in fact, it’s the currency we use to obtain many services in our connected lives. Social media sites are massive repositories of PII, and their access to our most personal details and the ability to sell it to marketers is the reason the service remains free. Free email services are the same. Now consider all the other accounts we may have created to, say, try out a streaming service for free, or even old accounts we no longer use. From that perspective, you can see how much of your data is being used by companies, may not be very well protected, and is a tempting target for cybercriminals. Fortunately, there are many things you can do to keep your identity safer online.
When it comes to protecting your PII, knowledge is power. Let’s start by identifying if you’ve been the target of a data breach. Here are a few tell-tale signs:
Okay, now that you know the signs of a data breach, let’s look at how you can take action to protect yourself. The best way to avoid being the victim of identity theft is by limiting the amount of PII you provide. There are some easy ways to do this.
Only a few types of organizations legitimately need your social security number. These include employers or when contracting with a business, group health insurance, financial and real estate transactions, applying for credit cards, car loans, and so forth.
Quizzes, social media games, and other kinds of interactive clickbait are often grifting pieces of your PII in a seemingly playful way. While you’re not giving up your SSN, you may be giving up things like your birthday, your pet’s name, your first car … things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites.
A phishing email poses as a real email from known or trusted brands and financial institutions. These emails attempt to trick you into sharing important information like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service. Here are some more ways to spot a phishing email.
Clearly, we’re in a new era when it comes to securing our identities online. In response, McAfee has created a new kind of identity monitoring.
We knew from the outset Identity monitoring had to be proactive, holistic, and accessible. We also wanted it to follow the timeline for how cybercrime actually affects your identity. When it comes to PII, the breach is just the first step for cybercriminals. The 10 months following a breach is when cybercriminals will use your PII to commit fraudulent acts using your data.
To address this, your identity monitoring looks after more personally identifiable information than other leading competitors. It will also alert you of stolen personal info an average of 10 months ahead of other monitoring services. And it’s accessible anywhere via mobile app, browser, and the web.
In practice, McAfee’s identity monitoring protects all your online accounts by doing the following:
As we spend more of our lives online, we need an approach to security that reflects this new reality. Identity monitoring is part of it. VPN is part of it. Antivirus is part of it. They are all pieces of a puzzle that we solve with products like McAfee Total Protection. Our premier security service is comprehensive, affordable, and, with identity monitoring, an indispensable part of your life online.
The post Identity Protection Service: The Best Solution to a Growing Problem appeared first on McAfee Blog.
For some, vanquishing aliens, building virtual amusement parks, and online battles royale are an excellent stress reliever. As we all know, over the past year there’s been plenty of stress to relieve and more spare time on our hands in which to revel in our hobbies. There was a 30% jump in online gaming traffic from the first to the second quarter of 2020.
Hackers are taking advantage of highly trafficked online gaming portals to make a profit on the dark web. The next time you log on to your virtual world of choice, consider these recent video game breaches and up your gamer security, which could include an antivirus for gaming.
Between 2019 and 2020, web attacks on gaming companies rocketed up 340%, according to Akamai. Hackers have targeted several high-profile gaming companies recently with various motives. First, game source code was stolen from Electronic Arts to sell on the dark web. Developers shopping the dark web use stolen source codes to reverse-engineer popular games or copy the code into their own game. Capcom and CD Projekt Red were hit by ransomware attacks only a few months apart from each other, one attack focused on company financial information and the other on source code.
“Titan Fall” and “Apex Legends” have both been hacked to the point where the former is unplayable, according to many gamers. To protest “Titanfall’s” developers’ inaction, gamers took to “Apex Legends,” altering in-game messages. The apparent ease with which hackers can walk into online gaming portals requires that game developers and gamers themselves pay more attention to their security.
Online PC gaming allows players to use real-world money to purchase valuable upgrades to their characters. These characters receive admiration from some fellow players. Others feel greed. Advanced characters can fetch a lot of money on the dark web, so some cybercriminals practice credential stuffing to force their way into player accounts and steal ownership. Credential stuffing is a type of brute force attack where hackers take informed guesses at username and password combinations. A strong password or passphrase is essential to keeping your account and investment safe from a dark web fate.
Based on the above recent hacks, it is clear that gaming companies host a trove of valuable information. Gamers trust these platforms with their payment information and with the safety of their gaming characters on which they spend thousands of hours and hundreds of dollars upgrading, making gaming a lucrative target for hackers.
Another way cybercriminals target gamers is through malware disguised as an advantage. Cheat software for online games is common as players strive to be the best out of thousands. Advantage seekers for “Call of Duty: Warzone” were targeted by a malware scam. The malware creators advertised the “cheat software” on YouTube with instructions on how to download it. The video received thousands of views and hundreds of comments, which made it look legitimate.
One of the steps in installing the “cheat software” was that users had to disable antivirus programs and firewalls. Users let the cybercriminals walk right into their device! From there, the device was infected by an aggressive type of fileless malware called a dropper. A dropper doesn’t download a malicious file onto the device; rather, it creates a direct pathway to deliver an additional payload, such as credential-stealing malware.
Competitive gaming is, well, competitive. So, if you invest a lot of real money into your characters, be especially vigilant and follow these five important tips to protect your online accounts.
It’s common for gamers to use variations of their real names and birthdates in their public-facing usernames. Don’t use your real name or birthdate in your username. Consider using a nickname or a combination of random numbers instead. Along this same vein, don’t reveal personal details about yourself (phone number, birthday, places you visit regularly) on chats or streams. Lurking cybercriminals can gather these personal details to impersonate you.
On some online PC games, you can join campaigns with gamers from all over the world. While the interconnectivity is great, carefully vet who you allow to follow your online profile. If a stranger sends a friend request out of the blue, be on alert. They could have nefarious motives, such as phishing for valuable personal data. It’s best to customize your privacy settings to make your profile invisible to strangers.
Developers spend a lot of time creating amazing games, so make sure you purchase games legally and play them as they are intended. Be especially wary of free downloads or pirated versions and cheat software, as they’re likely too good to be true. Instead, go for a challenge and have fun with the game as it’s written.
A virtual private network (VPN) scrambles your online data traffic, making it impossible for hackers to access your IP address and spy on your online browsing.
Gaming antivirus software not only makes your online gaming experience more secure, but it can boost your rig’s performance! McAfee Gamer Security detects threats through the cloud and optimizes resources to minimize frame drops.
The post 5 Online Gaming Tips to Stay Safe From Hackers appeared first on McAfee Blogs.
T-Mobile, the popular US mobile phone service provider, recently confirmed a data breach affecting 7.8 million current customers and 40 million records from past or prospective customers. The stolen data included customer names, dates of birth, social security numbers, and driver’s license information. Fortunately, subscriber credit card information and other financial details were not affected in the breach.
Even though financial data was spared in the breach, the types of information stolen, along with the vast volume of affected subscribers mean that all T-Mobile subscribers should take immediate action to secure their identities and accounts online.
This is the immediate step all affected subscribers should take.
As part of T-Mobile’s response, they are offering an identity protection service exclusively to all affected customers, free for two years. This identity protection service gives customers the ability to monitor personal info, including your SSN, bank account numbers, debit cards, email addresses, phone numbers, and more. If info is found on the dark web, customers will receive guidance to help secure online accounts. Should identity theft occur, the identity protection service includes fraud resolution support and identity theft insurance for peace of mind. The free 24 months of identity protection will be delivered directly by T-Mobile. The company is also encouraging customers to sign up for their Account Takeover Protection service.
One lesser-known type of data stolen in the breach was International Mobile Equipment Identity (IMEI) numbers, which allow individual devices to be identified on a mobile network. Access to IMEI numbers could enable SIM-swap attacks which make account takeovers possible. With an account takeover, two-factor authentication through text message becomes vulnerable, allowing hackers potential access to bank accounts, among others. App-based multi-factor authentication, using a solution like Google’s Authenticator, allows you to authenticate your identity from other devices, instead of having authentication tied to your mobile phone number.
T-Mobile will be contacting impacted customers directly. However, cybercriminals and scammers may also take advantage of this data breach to scam people using email. They will often pose as major corporations or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number. We’ve provided additional information here to help you to recognize legitimate emails.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. This includes email accounts, cell phone numbers, bank accounts, your tax ID, and more. Read our additional tips to protect your digital identity.
For regular updates and official news from T-Mobile, visit their Newsroom blog here.
The post T-Mobile’s data breach exposes the personal data of 40 million appeared first on McAfee Blog.
Chances are, you’ve heard the term VPN more and more lately but still can’t figure out exactly what it does or if your family needs one. You aren’t alone. The short answer is yes—you need a VPN on your family devices—and here’s why.
One of the main reasons you’re hearing more about VPNs is that cybercrime and data breaches are skyrocketing—especially since the pandemic. Cybercriminals are devising more inventive ways to grab and misuse your data. Subscribing to a VPN service is one of the most practical and powerful ways consumers can fight back.
VPN is an acronym for Virtual Private Network. And while it sounds complicated, it’s not. A VPN is an app you install on family devices to help keep data and online activity secure while using public Wi-Fi. Pretty simple, right?
When you connect your computer or phone to a VPN, the service sends your network traffic through the VPN server before going to the public Wi-Fi server. Because a VPN scrambles data, should a bad actor try to access your activity, all they will see is gibberish.
A VPN encrypts internet traffic and then bounces it around until it becomes scrambled, helping block geolocation-based tracking and offering more protection than an open network. Encryption makes it harder for cyber crooks to decipher your location, data, and online activity for malicious purposes.
Anytime you or another family member uses public Wi-Fi—to stream, shop, or game—it’s possible that others can see your traffic. However, a VPN will encrypt your activity so that all a potential hacker will see is gibberish.
A VPN is a safeguard if your kids forget to turn off the Wi-Fi auto-connect feature on their phones. This can be a powerful feature if your kids connect to social networks, shopping, banking, or gaming sites throughout the day from locations outside the home.
A VPN configured correctly can also keep companies from sharing your browsing habits and information with third parties.
If everyone in your family has two devices and you have five family members, a bad actor has up to 10 potential entry points to steal your data or instigate a scam. With cybersecurity threats on the rise, a VPN provides security for all users on multiple devices, regardless of their safety habits.
When shopping for the best VPN for your family, it’s easy to get lost in an ocean of features. Here’s a shortcut to help you with the VPN features best for your family. Look for:
A quick search will render dozens of VPN options and not all protect consumers. Approximately 38% of Android VPN apps in the Google Play Store (some free) install malware rather than block it. Another study found that of 283 free VPN providers, 72% included trackers. Because of this standard practice, it’s essential to do your research and choose a VPN that delivers bank-grade encryption. Note: Many free VPNs make their money by sharing your data with third parties.
Choose a VPN that allows you to maintain a secure network connection no matter how much time you spend online.
With more work and school now remote, consider choosing a high-speed VPN that improves privacy without sacrificing the quality of your connection.
Consider a VPN server that shows a different location than your point of entry, a feature that enhances anonymity, location, and browsing history. For example, you may be getting online in the United States, but your VPN server might show you are connected in Italy.
It’s important to note that a VPN does not provide 100% protection from cyber threats. However, to date, it is one of the safest ways your family can simultaneously enjoy the convenience of the internet and reduce risk on public Wi-Fi.
McAfee Total Protection subscribers already have access to unlimited VPN usage. If you haven’t already signed up, now’s a perfect time. McAfee Total Protection provides security for all your devices while your family shops, banks, games, and browses online.
The post Are You Still on the Fence About a Family VPN? appeared first on McAfee Blog.
Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be?
These conversations weigh heavy on parents for a good reason. According to a report from Common Sense Media, teens spend an average of seven hours and 22 minutes on their phones a day. Tweens (ages 8 to 12) spend four hours and 44 minutes daily. This is time outside of schoolwork.
Since the pandemic, another study claims that screen time for teens doubled to 7.7 hours a day—plus 5 to 7 daily hours of online learning, according to a study published in JAMA Pediatrics. In addition, according to the Journal of Affective Disorders Reports, children overall have been spending nearly triple the recommended amount of time on their screens.
The good news is that social media also became a powerful tool for kids during the pandemic. Social channels helped kids connect with peers and combat loneliness and other mental health challenges. Still, the poor habit of device dependence may have come with those benefits.
While the debate continues over social media’s impact on kids and the research methodology continues to evolve, we can hold on to one clear truth: Any activity in excess can cause kids harm. When it comes to social media, too much screen time may contribute to sleep deprivation, a lack of healthy, and poor academics. In addition, studies show that mental health can be impacted by exposure to hate speech, sexual content, cyberbullying, and comparing oneself to others both physically and financially.
As parents, we know when our family’s wellbeing is in jeopardy. We see it even if we fail to acknowledge it right away. Our kids might become compelled to check their phones. In fact, they panic when they can’t check their likes and comments every few minutes. We notice the red eyes and moodiness at the breakfast table caused by a late-night Tic Tock marathon. We sense a surge of anxiety in our kids when technology goes from entertaining to distressing.
Thankfully, it’s never too late to help your kids better understand the impact of their actions and revise digital habits.
In the bestselling book Atomic Habits, author James Clear says, “The task of breaking a bad habit is like uprooting a powerful oak within us.” He adds, “The task of building a good habit is like cultivating a delicate flower one day at a time.” Lasting change, says clear, needs to be enjoyable, not a punishment. If the goal is shaving a few hours off your child’s screen time, consider connecting time limits to an enjoyable activity such as making a meal together or creating an art space in your home for creative projects.
The data is in: The bright screens (and blue light emitted from devices( can cause permanent sleep cycle and brain/melatonin issues, which can have a cascading effect on physical and mental health. Turning off (or limiting the use of) electronic devices at least 15-30 minutes before going to bed may help prevent any adverse effects of technology and screen use on sleep. Consider investing in filtering software that comes with the time limits the whole family can all agree on. Do your research to ensure your family’s technology functions to empower, educate, and entertain.
Consider how your child uses their time before suggesting sweeping changes to your child’s screen time. Are they vegetating, or are they consciously engaged? Are they creating and learning? Are they engaging with others or stalking accounts and slipping into “comparison despair?” Are family and school responsibilities suffering? Is there a compulsion to post or thoughtfulness? All kids are different, and all online experiences vary. Encourage your child to take time to consider how they feel and what they think while they are using their technology.
One way to negotiate screen limits is to make sure your kids understand the impact of excess media. Balance includes tapping into the benefits of social media while also taking steps to protect the body’s need for physical activity, real-life relationships, goal-setting, creative activities, mindfulness, and self-reflection.
Helping kids manage and constantly revise their social media habits is a 24/7 endeavor from the minute they wake up to the minute they fall asleep. The biggest piece of that “management” plan and is keeping frequent, open, and honest communication a critical part of designing habits that encourage a healthy relationship with both peers and technology.
The post Does Your Child Have an Unhealthy Relationship with Social Media? appeared first on McAfee Blog.
Every year we can count on new technology to make our lives easier. Right? As beneficial and convenient as tech can be, it can also pose risks to our online safety and privacy—risks that we should be prepared to handle. Increasingly, we’re seeing governments around the world implementing stricter privacy laws. And even major players like Google are phasing out invasive tracking technology like cookies. However, when it comes to activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. Let’s take a look at some prominent trends in the way we now live online and how we can protect our data.
Crypto, the blockchain, NFTs, tokens – all of these terms are considered part of what’s being termed Web3. Whereas Web 2.0 described an internet made up of large corporations hosting content and consumers, Web3 is governed by the blockchain. What this means is that applications use a decentralized online ledger to document transactions of all sorts. The most famous example is bitcoin, a blockchain that acts as a digital currency. Another example would be NFTs, which are digital works of art. Web3 may be in its infancy, but it’s important to consider what this means for privacy and data protection. Blockchain affords users anonymity in regards to currencies like bitcoin. Of course that means bitcoin also has a reputation as the currency of choice for money-launderers and other shady enterprises. Still, that means it’s good for privacy, right? Well, maybe. The EU’s GDPR rights to erase or amend data are at odds with transactions on a blockchain, which are essentially unchangeable. So if you’re buying cryptocurrency, NFTs, or interacting with blockchains in other ways, just understand your personal information might be hidden, but the record of your transactions is totally visible.
Tip: If you’re keeping cryptocurrencies in an online wallet, you’ll want to use an identity protection service to monitor those account credentials so you can be warned of breaches and leaks onto the dark web.
Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk.
Since 2020, schools have adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more.
For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments.
Tip: Getting a VPN for the family to use is a great way to safeguard your privacy while your kids are learning online.
Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security training.
Tip: McAfee’s Protection Score is a great way to understand how protected you are online and what you can do to stay more secure
This buzzy term is being used to describe Meta’s (previously Facebook) vision for a fully connected future. Right now it exists as an AR/VR space accessible through Meta’s own VR hardware, Oculus. However, the terminology has caught on as a catch-all for platforms that may contain work, business, gaming, entertainment, social interactions, and more in one easily navigable, immersive online setting. Web3 features, like blockchain, NFTs, and cryptocurrencies are being touted as integral parts of the metaverse. As exciting and futuristic as this is, there are major privacy questions that will have to be answered. This means that as customers you’ll want to think hard about what you choose to share through the metaverse and look into the privacy settings a platform offers you.
Tip: Use comprehensive online protection. McAfee Total Protection secures all aspects of your life online. From identity to online connections to antivirus, a full security suite like Total Protection keeps you and your family safer on all the devices you use and places you go online.
Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions.
While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place.
Tip: Full-featured identity protection will protect you financially. Services like McAfee Identity Protection Service include credit checks, identity theft restoration, and even stolen fund restoration as benefits.
Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, finances, you name it, is the first step to ensuring our private information remains just that—private.
The post Privacy in Practice: Securing Your Data in 2022 and Beyond appeared first on McAfee Blog.
Finding someone who hasn’t heard of TikTok in 2022 would be quite the achievement. As one of the most popular social media platforms of the moment, it is not only being used by our tweens, teens and even grownups to connect but also as a crucial way to tell important stories amidst a backdrop of natural disasters and even war.
As parents, we know we need to keep up with the latest social media platforms but let’s be real – we don’t always have enough time. So, I’m going to do the hard work for you. Here’s my overview of TikTok – what it is, the risks, and most importantly, how you can help your kids (or yourself) stay safe while using it. You’re welcome!!
Tik Tok is a social media platform that can be downloaded on any smartphone via an app. Once you’ve signed up to the app and become a user, you can create and then share short videos of 15 seconds in length on any topic.
The app started life as Musical.ly, a super popular video streaming app that also allowed users to make funny 15-second videos, many of which focussed on lip-syncing. By mid-2017, the app had over 200 million registered users. In 2018, the app was taken over by Chinese company ByteDance and all of its users (and their content) were moved to TikTok.
According to Hootsuite, TikTok is the 6th most used social media platform in the world. As of late September 2021, TikTok had over a billion monthly users and as of August last year, it overtook Facebook to become the world’s most downloaded app. Facebook does, however, have more monthly users, reporting a massive 2.74 billion users as of August 2021.
It appears TikTok is used by females (57%) more than males (43%) however its user base is very diverse and cuts across all age categories – yes, even us parents! But brands hoping to reach younger female audiences are without a doubt using TikTok to showcase their wares. What is interesting is that although we all think that TikTok dominates the Gen Z market, research shows that it doesn’t rank as the top choice for younger users – in fact only 4.3% of users name it as their favorite platform. Users between 16 and 24 nominate Instagram as their top choice!
Unlike other social media platforms, there is no minimum age requirement when using TikTok. The company says that it adjusts a user’s privacy settings based on the birthday entered when setting up the account. If a user is under the age of 13, they will automatically be directed into the TikTok for Younger Users program which has additional privacy and safety protections. Of course, anyone can lie about their age, but TikTok has said publicly that it has moderators trained to predict when a user is suspected of being underage.
As you would know, there are risks associated with using all social media platforms and TikTok is no exception. However, in my opinion the majority of these can be managed with a combination of critical thinking, parental controls, and preparation – more about these later.
But let’s go worst-case scenario for one moment. Here are the potential risks that your child could encounter:
Unfortunately, it isn’t possible to keep our tweens and teens in a bubble – I know, so disappointing! So, the best and only option is to prepare them for challenges online and arm them with tools to navigate the tricky stuff. Here’s my advice on how to best help them manage TikTok:
Knowledge is power, my friends. So, download the app and have a play so you better understand it. Then, why not ask your experienced in-house ‘TikTokers’ to show you how it works. Use this as an opportunity to ask them what they do when they see something that concerns them, or how they would manage approaches from people they don’t know. Why not weave in reminders about the importance of online privacy and the permanence of their digital footprint? Commit to making these conversations regular.
Helping your kids become critical thinkers is, without doubt, one of the best ways of helping them prepare for life’s challenges – both online and offline. Being able to rigorously question ideas and assumptions rather than accepting them at face value is your kids’ golden ticket! So, if they are approached by friendly (but ill-intentioned) strangers online or sent a link to a super compelling offer online, they will have the ‘smarts’ to realise that all is not as it seems and to hit delete!
If the horse has already bolted and your tween or teen has been using TikTok for a while, then introducing boundaries might be tricky but don’t give up! TikTok has a Family Pairing feature which allows parents to link their TikTok account to their teen’s account so they can control the settings remotely. This might be a good option if your child is younger or just starting out on TikTok. This gives parents the power to turn on Restricted Mode, screen time limits, and also turn off the direct message option.
If your child has been using TikTok for some time and you want to pull things back, then why not work with them to set up their privacy and safety features. I find kids always respond best when you explain why you are doing something so assure them you are just wanting to keep them safe. TikTok has a long list of features you can enable that will make your offspring’s experience that much safer. From turning off downloads, filtering comments to introducing screen time limits, there is a great range of ways of making the TikTok experience much less risky. Check out the full list from TikTok here.
So, next time you hear your kids reference TikTok, don’t immediately feel a pang of guilt that you don’t really know what they are talking about. You’ve got this! Download the app, take a look around, read this post a few more times, and you’ll be fine! And remember, our kids don’t expect us to be experts straight away, or even at all. They just need to know that we’re interested in all parts of their life and respect just how important their digital life is to them.
You’ve got this!!
Take care all
Alex xx
The post A Parent’s Guide to TikTok appeared first on McAfee Blog.
Whether you think you might have a virus on your computer or devices, or just want to keep them running smoothly, it’s easy to do a virus scan. How to check for viruses depends on the software and device you have, so we’ll go through everything you need to know to run a scan effectively and keep your computers, phones and tablets in tip-top shape.
First, let’s cover a few of the telltale signs your device might have a virus. Is your computer or device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Or maybe, you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are all examples of signs that you may have a virus, but don’t get too worried yet, because many of these issues can be resolved with a virus scan.
Each antivirus program works a little differently, but in general the software will look for known malware that meets a specific set of characteristics. It may also look for variants of these known threats that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, it removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.
The process of checking for viruses depends on the device type and its operating system. Check out these tips to help you scan your computers, phones and tablets.
If you use Windows 10, go into “Settings” and look for the “Updates & Security” tab. From there you can locate a “Scan Now” button.
Of course, many people have invested in more robust antivirus software that has a high accuracy rate and causes less drain on their system resources, such as McAfee Total Protection. To learn how to run a virus scan using your particular antivirus software, search the software’s help menu or look online for instructions.
Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. There are some free antivirus applications available online, but we recommend investing in trusted software that can protect you from a variety of threats. Downloading free software and free online virus scans can be risky, since cybercriminals know that this is a good way to spread malware.
Whichever program you choose, follow their step-by-step instructions on how to perform a virus scan, either by searching under “help” or looking it up on their website.
Yes, you can get a virus on your phone or tablet, although they are less common than on computers. However, the wider category of mobile malware is on the rise and your device can get infected if you download a risky app, click on an attachment in a text message, visit a dangerous webpage, or connect to another device that has malware on it.
Fortunately, you can protect your devices with mobile security software. It doesn’t usually come installed, so you will have to download an application and follow the instructions.
Because the Android platform is an open operating system, there are a number of antivirus products for Android devices, that allows you to do a virus scan.
Apple devices are a little different because they have a closed operating system that doesn’t allow third parties to see their code. Although Apple has taken other security precautions to reduce malware risks, such as only allowing the installation of apps from Apple’s official app store, these measures aren’t the same as an antivirus program.
For more robust protection on your Apple devices, you can install mobile security software to protect the private data you have stored on your phone or tablet, such as contacts, photos and messages.
If safeguarding all your computers and devices individually sounds overwhelming, you can opt for a comprehensive security product that protects computers, smartphones and tablets from a central control center, making virus prevention a breeze.
New online threats emerge every day, putting our personal information, money and devices at risk. In the first quarter of 2019 alone McAfee detected 504 new threats per minute, as cybercriminals employed new tactics. That’s why it is essential to stay ahead of these threats by using security software that is constantly monitoring and checking for new known threats, while safeguarding all of your sensitive information. Virus scans are an essential part of this process when it comes to identifying and removing dangerous code.
Most antivirus products are regularly scanning your computer or device in the background, so you will only need to start a manual scan if you notice something suspicious, like crashes or excessive pop-ups. You can also program regular scans on your schedule.
Of course, the best protection is to avoid getting infected in the first place. Here are a few smart tips to sidestep viruses and other malware:
The post How To Do A Virus Scan appeared first on McAfee Blog.
Congratulations! You reached 10,000 steps today!
It’s a great feeling when a wearable fitness device vibrates to let you know when you hit the day’s fitness goal. The digital fireworks display that lights up your watch’s screen is a signal that you should keep on moving to challenge yourself more … or spend the rest of the day on the couch guilt-free.
While fitness wearable devices, trackers, and apps are excellent motivators for you, cybercriminals love them for their vulnerabilities and privacy loopholes. This doesn’t mean you have to chuck your expensive watch in the bin or delete your fitness apps from your smartphone. Awareness and smart habits go a long way in deterring cybercriminals. Keep reading to learn more about wearable technology vulnerabilities and how you can sidestep each.
Many fitness tracker apps and wearables are equipped with GPS. At the end of a run or long walk, you can view your exact route, sometimes with detailed maps that show street and town names. This tracking feature was potentially dangerous back in 2018 when a fitness app released a heat map of all its users’ running routes for the year, which clearly outlined secret military bases.1
Even if you’re stationed in a suburb and not hostile territory, you may consider the risks of sharing your location data. A determined criminal who has time to spare can guess your address and see the times of days when you’re commonly out at the gym or on a run.
When you purchase a wearable fitness device, you often have to pair it with an accompanying smartphone app to see your daily stats and tailor your fitness goals. Think about all the personally identifiable information (PII) that app now houses: your full name, password, address, height, weight, location, medical concerns, daily activity patterns, etc. In the hands of a cybercriminal, this information can bring a nefarious actor one step closer to impersonating you. Plus, if your health data makes it onto the dark web or is sold to health companies, it may result in serious privacy concerns.
Luckily, there are ways to get peace of mind about the security of your identity. Identity protection services, such as McAfee Identity Monitoring Service, provide expert identity theft support and up to $1 million in identity theft coverage.
Wearable devices complement any athleisure outfit and are a fun way to inspire athletic competition between a group of friends. Here are a few ways you can patch some of their security shortcomings:
When you first purchase any new device, fitness trackers included, your first step should always be to reset the factory password. Cybercriminals know that many people often skip this step, making it easy for them to walk right into new accounts. If you have a hard time remembering your passwords, consider entrusting them to a password manager to remember them for you. McAfee True Key makes it so that you only have to remember one master password to unlock the rest, and it’s protected by one of the strongest encryption algorithms available.
This is a tip you should consider for all your social media accounts. When you post about your life online, you actually divulge a lot of personal details that are helpful to cybercriminals. In the case of fitness trackers and apps, sharing the times of day when you go to the gym, are at the local track, or are on a bike path may give a criminal an idea of windows during the day when your home is empty. It’s unsettling to think that strangers can track your whereabouts, so it’s best to keep those details exclusive to people you personally know and trust.
In the case of fitness trackers and apps, a savvy cybercriminal may be able take an educated guess at your address, with which they can do a myriad of nefarious activities. Some running and fitness apps may be able to still create maps of your running routes but erase street names and other landmarks to make it more private. But when in doubt, turn off geolocation.
Fitness trackers are a fun way to stir up some friendly competition, keep connected with your fit friends, and motivate yourself to exercise and maintain healthy habits. While you’re shopping for a new device or when evaluating your current tracker, keep these tips in mind to enjoy this technology to its fullest.
The post Why You Should Care About Fitness Tracker Security appeared first on McAfee Blog.
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.
In a statement about the changes, Deputy Attorney General Lisa O. Monaco said the DOJ “has never been interested in prosecuting good-faith computer security research as a crime,” and that the new guidelines “promote cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”
What constitutes “good faith security research?” The DOJ’s new policy (PDF) borrows language from a Library of Congress rulemaking (PDF) on the Digital Millennium Copyright Act (DMCA), a similarly controversial law that criminalizes production and dissemination of technologies or services designed to circumvent measures that control access to copyrighted works. According to the government, good faith security research means:
“…accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”
“Security research not conducted in good faith — for example, for the purpose of discovering security holes in devices, machines, or services in order to extort the owners of such devices, machines, or services — might be called ‘research,’ but is not in good faith.”
The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v. United States (PDF), a case involving a former police sergeant in Florida who was convicted of CFAA violations after a friend paid him to use police resources to look up information on a private citizen.
But in an opinion authored by Justice Amy Coney Barrett, the Supreme Court held that the CFAA does not apply to a person who obtains electronic information that they are otherwise authorized to access and then misuses that information.
Orin Kerr, a law professor at University of California, Berkeley, said the DOJ’s updated policy was expected given the Supreme Court ruling in the Van Buren case. Kerr noted that while the new policy says one measure of “good faith” involves researchers taking steps to prevent harm to third parties, what exactly those steps might constitute is another matter.
“The DOJ is making clear they’re not going to prosecute good faith security researchers, but be really careful before you rely on that,” Kerr said. “First, because you could still get sued [civilly, by the party to whom the vulnerability is being reported], but also the line as to what is legitimate security research and what isn’t is still murky.”
Kerr said the new policy also gives CFAA defendants no additional cause for action.
“A lawyer for the defendant can make the pitch that something is good faith security research, but it’s not enforceable,” Kerr said. “Meaning, if the DOJ does bring a CFAA charge, the defendant can’t move to dismiss it on the grounds that it’s good faith security research.”
Kerr added that he can’t think of a CFAA case where this policy would have made a substantive difference.
“I don’t think the DOJ is giving up much, but there’s a lot of hacking that could be covered under good faith security research that they’re saying they won’t prosecute, and it will be interesting to see what happens there,” he said.
The new policy also clarifies other types of potential CFAA violations that are not to be charged. Most of these include violations of a technology provider’s terms of service, and here the DOJ says “violating an access restriction contained in a term of service are not themselves sufficient to warrant federal criminal charges.” Some examples include:
-Embellishing an online dating profile contrary to the terms of service of the dating website;
-Creating fictional accounts on hiring, housing, or rental websites;
-Using a pseudonym on a social networking site that prohibits them;
-Checking sports scores or paying bills at work.
Kerr’s warning about the dangers that security researchers face from civil prosecution is well-founded. KrebsOnSecurity regularly hears from security researchers seeking advice on how to handle reporting a security vulnerability or data exposure. In most of these cases, the researcher isn’t worried that the government is going to come after them: It’s that they’re going to get sued by the company responsible for the security vulnerability or data leak.
Often these conversations center around the researcher’s desire to weigh the rewards of gaining recognition for their discoveries with the risk of being targeted with costly civil lawsuits. And almost just as often, the source of the researcher’s unease is that they recognize they might have taken their discovery just a tad too far.
Here’s a common example: A researcher finds a vulnerability in a website that allows them to individually retrieve every customer record in a database. But instead of simply polling a few records that could be used as a proof-of-concept and shared with the vulnerable website, the researcher decides to download every single file on the server.
Not infrequently, there is also concern because at some point the researcher suspected that their automated activities might have actually caused stability or uptime issues with certain services they were testing. Here, the researcher is usually concerned about approaching the vulnerable website or vendor because they worry their activities may already have been identified internally as some sort of external cyberattack.
What do I take away from these conversations? Some of the most trusted and feared security researchers in the industry today gained that esteem not by constantly taking things to extremes and skirting the law, but rather by publicly exercising restraint in the use of their powers and knowledge — and by being effective at communicating their findings in a way that maximizes the help and minimizes the potential harm.
If you believe you’ve discovered a security vulnerability or data exposure, try to consider first how you might defend your actions to the vulnerable website or vendor before embarking on any automated or semi-automated activity that the organization might reasonably misconstrue as a cyberattack. In other words, try as best you can to minimize the potential harm to the vulnerable site or vendor in question, and don’t go further than you need to prove your point.
A 33-year-old Illinois man was sentenced to two years in prison today following his conviction last year for operating services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against hundreds of thousands of Internet users and websites.
The user interface for Downthem[.]org.
Matthew Gatrel of St. Charles, Ill. was found guilty for violations of the Computer Fraud and Abuse Act (CFAA) related to his operation of downthem[.]org and ampnode[.]com, two DDoS-for-hire services that had thousands of customers who paid to launch more than 200,000 attacks.
Despite admitting to FBI agents that he ran these so-called “booter” services (and turning over plenty of incriminating evidence in the process), Gatrel opted to take his case to trial, defended the entire time by public defenders. Gatrel’s co-defendant and partner in the business, Juan “Severon” Martinez of Pasadena, Calif., pleaded guilty just before the trial.
After a nine-day trial in the Central District of California, Gatrel was convicted on all three counts, including conspiracy to commit unauthorized impairment of a protected computer, conspiracy to commit wire fraud, and unauthorized impairment of a protected computer.
Prosecutors said Downthem sold subscriptions allowing customers to launch DDoS attacks, while AmpNode provided “bulletproof” server hosting to customers — with an emphasis on “spoofing” servers that could be pre-configured with DDoS attack scripts and lists of vulnerable “attack amplifiers” used to launch simultaneous cyberattacks on victims.
Booter and stresser services let customers pick from among a variety of attack methods, but almost universally the most powerful of these methods involves what’s known as a “reflective amplification attack.” In such assaults, the perpetrators leverage unmanaged Domain Name Servers (DNS) or other devices on the Web to create huge traffic floods.
Ideally, DNS servers only provide services to machines within a trusted domain — such as translating an Internet address from a series of numbers into a domain name, like example.com. But DNS reflection attacks rely on consumer and business routers and other devices equipped with DNS servers that are (mis)configured to accept queries from anywhere on the Web.
Attackers can send spoofed DNS queries to these DNS servers, forging the request so that it appears to come from the target’s network. That way, when the DNS servers respond, they reply to the spoofed (target) address.
The bad guys also can amplify a reflective attack by crafting DNS queries so that the responses are much bigger than the requests. For example, an attacker could compose a DNS request of less than 100 bytes, prompting a response that is 60-70 times as large. This “amplification” effect is especially pronounced if the perpetrators query dozens of DNS servers with these spoofed requests simultaneously.
The government charged that Gatrel and Martinez constantly scanned the Internet for these misconfigured devices, and then sold lists of Internet addresses tied to these devices to other booter service operators.
“Gatrel ran a criminal enterprise designed around launching hundreds of thousands of cyber-attacks on behalf of hundreds of customers,” prosecutors wrote in a memorandum submitted in advance of his sentencing. “He also provided infrastructure and resources for other cybercriminals to run their own businesses launching these same kinds of attacks. These attacks victimized wide swaths of American society and compromised computers around the world.”
The U.S. and United Kingdom have been trying to impress on would-be customers of these booter services that hiring them for DDoS attacks is illegal. The U.K. has even taken out Google ads to remind U.K. residents when they search online for terms common to booter services.
The case against Gatrel and Martinez was brought as part of a widespread crackdown on booter services in 2018, when the FBI joined law enforcement partners overseas to seize 15 different booter service domains.
Those actions have prompted a flurry of prosecutions, with wildly varying sentences when the booter service owners are invariably found guilty. However, DDoS experts say booter and stresser services that remain in operation continue to account for the vast majority of DDoS attacks launched daily around the globe.
Heard of the sandwich generation? Well, if you’ve got a tribe of kids and parents who are aging then you are a fully-fledged member! And as members of this special club, not only do we need to manage and keep our offspring in check, but we also have to reserve some energy to help our parents navigate life’s challenges which of course includes the online world.
In the broadest sense, the sandwich generation is the ‘caught in the middle’ generation who have living parents and children to care for. More often than not, it’s people like us, smack-bang in middle age, who support both their parents and children financially, physically, and/or emotionally. And with life expectancies looking rosier than ever and many of us choosing to have careers before we become parents, it’s inevitable that us middle-aged folks are feeling a little squeezed at both ends!
Getting our head around keeping our kids safe online can feel overwhelming for many of us. Keeping up with the latest apps, games and platforms can often feel relentless and let’s not forget about trying to weave in cyber safety messages to ensure our kids make safe decisions online too. But when the downside of not being vigilant about online safety is so great, it’s essential that we extend our digital education messages to the older members of the family too!
One of the silver linings of the pandemic is that it gave a real push to those who were resisting getting online. And in most cases, that was the older member of our society. Research from ACMA shows that by 2020, over 90% of Australian seniors had internet connectivity in their homes compared to 68% in 2017. But as we all know, owning a car and driving it are 2 very different tasks!
My parents, who are both in their late 70’s, do a pretty good job of managing their online lives. They bank online, are avid email senders and can even do a little Facetime, thanks to COVID! But they are a work in progress – like everyone. And while I try very hard to keep them up to date with new apps and risks, I have learnt over the years that less is more. That not overwhelming them is actually the key. In fact, the simpler I keep my updates and tips, the more likely they are to get onboard with my message.
So, in the spirit of the experience with my much-loved mum and Dad, I‘d like to share with you the top things you can do to keep your much loved older family members safe when they go online.
I accept that there are no real guarantees in life but there are risk-minimizing decisions. And ensuring all devices have top-level security software is one of those. Not only will this protect your loved ones from downloading viruses and malware, but it will also allow them to shop with confidence at approved ‘safe’ websites, help them manage their passwords, locate their devices plus loads more. It’s such a small price to pay for increased peace of mind. Check out McAfee+ protection which can protect your family’s entire fleet of devices.
A secure password is a key to keeping one’s online life safe so taking some time to formulate a strategy for older family members is so worthwhile. Downloading a password manager was a total life changer for me. Not only did it help me create complex passwords that no human could ever generate but it remembers them for me too. I only have to remember the master password and it then automatically logs me in! Now, if this was set up carefully for older family members, this could be an amazing tool to protect their online life.
I am also very aware that writing down passwords ‘in a special book’ is used very commonly. And if this is the only way that will work for your family members then try to make these passwords as complex as possible without overwhelming them. A complex, nonsensical sentence would work well here but just ensure each account has its own sentence in case the account gets hacked.
Out-of-date software is a little like leaving your front door unlocked – it makes it far easier for unwanted visitors. In almost every case, a software update includes a patch for a security vulnerability – a weak hole in the company’s software that could expose the user to risk. So, when I discovered that my parents were ignoring reminders for updates as they had become very annoying, I sprang into action! Most software updates can be automated so I strongly encourage taking some time to ensure all the software your family members use is set up to update automatically.
Unfortunately, older Aussies are often the target of online scams. Scammers will work overtime to get their trust with the aim of extracting dollars or their personal details. I wish I had a silver bullet that would protect all vulnerable types from these cybercrims, but I don’t. The next best option is to talk about scams and some of the sneaky techniques scammers will use with them. I remind my parents regularly not to reply to emails from people they don’t know, not to even answer calls from numbers they aren’t familiar with and that if they receive a call from their bank and they aren’t sure whether it is legitimate, ask for the caller’s number so you can ring them bank – if the caller is legit, that won’t be a problem.
If you think about it, keeping your older family members only is simply an extension of keeping your kids safe. The messages and strategies are almost identical! So, if your older family members use a Messenger app, why not set up a family group chat with both the younger and older family members? You can share news stories about online risks and better still, get the kids involved too! So, next time your parents have an issue with their phone – the kids will be able to help out! Awesome!!
Take care
Alex xx
The post Online Safety for Seniors – How to Keep Older Family Members Safe Online appeared first on McAfee Blog.
The past few months have been chockfull of conversations with security customers, partners, and industry leaders. After two years of virtual engagements, in-person events like our CISO Forum and Cisco Live as well as the industry’s RSA Conference underscore the power of face-to-face interactions. It’s a reminder of just how enriching conversations are and how incredibly interconnected the world is. And it’s only made closer by the security experiences that impact us all.
I had the pleasure of engaging with some of the industry’s best and brightest, sharing ideas, insights, and what keeps us up at night. The conversations offered more than an opportunity to reconnect and put faces with names. It was a chance to discuss some of the most critical cybersecurity issues and implications that are top of mind for organizations.
The collective sentiments are clear. The need for better security has never been so strong. Securing the future is good business. Disruptions are happening faster than ever before, making our interconnected world more unpredictable. Hybrid work is here to stay, hybrid and complex architectures will continue to be a reality for most organizations and that has dramatically expanded the threat surface. More and more businesses are operating as ecosystems—attacks have profound ripple effects across value chains. Attacks are becoming more bespoke, government-sponsored threat actors and ransomware as a service, continue to unravel challenging businesses to minimize the time from initial breach to complete compromise, in the event of a compromise.
Regardless of where organizations are on their digital transformations, they are progressively embarking upon journeys to unify networking and secure connectivity needs. Mobility, BYOD (bring your own device), cloud, increased collaboration, and the consumerization of IT have necessitated a new type of access control security–zero trust security. Supporting a modern enterprise across a distributed network and infrastructure involves the ability to validate user IDs, continuously verify authentication and device trust, and protect every application—
without compromising user experience. Zero trust offers organizations a simpler approach to securing access for everyone, from any device, anywhere—all the while, making it harder for attackers.
Simplicity continues to be a hot topic, and in the context of its functionality. In addition to a frictionless user experience, the real value to customers is improving operational challenges. Security practitioners want an easier way to secure the edge, access, and operations—including threat intelligence and response. Key to this simplified experience is connecting and managing business-critical control points and vulnerabilities, exchanging data, and contextualizing threat intelligence. And it requires a smarter ecosystem that brings together capabilities, unifying admin, policy, visibility, and control. Simplicity that works hard and smart—and enhances their security posture. The ultimate simplicity is improved efficacy for the organization.
Insider cyber-attacks are among the fastest growing threats in the modern security network, an increasingly common cause of data breaches. Using their authorized access, employees are intentionally or inadvertently causing harm by stealing, exposing, or destroying sensitive company data. Regardless, the consequences are the same—costing companies big bucks and massive disruption. It’s also one of the reasons why “identity as the new perimeter” is trending, as the primary objective of all advanced attacks is to gain privileged credentials. Insider attack attempts are not slowing down. However, advanced telemetry, threat detection and protection, and continuous trusted access all help decelerate the trend. Organizations are better able to expose suspicious or malicious activities caused by insider threats. Innovations are enabling business to analyze all network traffic and historical patterns of employee access and determine whether to let an employee continue uninterrupted or prompt to authenticate again.
Supply chain attacks have become one of the biggest security worries for businesses. Not only are disruptions debilitating, but no one knew the impacts or perceived outcomes. Attackers are highly aware that supply chains are comprised of larger entities often tightly connected to a broad array of smaller and less cyber-savvy organizations. Lured by lucrative payouts, attackers seek the weakest supply chain link for a successful breach. In fact, two of the four biggest cyber-attacks that the Cisco Talos team saw in the field last year were supply chain attacks that deployed ransomware on their targets’ networks: SolarWinds and REvil’s attack exploiting the Kaseya managed service provider. While there’s no perfect way to absolutely protect from ransomware, businesses are taking steps to bolster their defenses and protect against disaster.
Security incidents targeting personal information are on the rise. In fact, 86 percent of global consumers were victims of identity theft, credit/debit card fraud, or a data breach in 2020. In a recent engagement discovered by the Cisco Talos team, the API on a customer’s website could have been exploited by an attacker to steal sensitive personal information. The good news is governments and businesses alike are leaning into Data Privacy and Protection, adhering to global regulations that enforce high standards for collecting, using, disclosing, storing, securing, accessing, transferring, and processing personal data. Within the past year, the U.S. government implemented new rules to ensure companies and federal agencies follow required cybersecurity standards. As long as cyber criminals continue seeking to breach our privacy and data, these rules help hold us accountable.
Through all the insightful discussions with customers, partners, and industry leaders, a theme emerged. When it comes to cybersecurity, preparation is key and the cost of being wrong is extraordinary. By acknowledging there will continue to be disruptions, business can prepare for whatever comes next. And when it comes, they’ll not only weather the storm, but they will also come out of it stronger. And the good news is that Cisco Security Business Group is already on the journey actively addressing these headlines, and empowering our customers to reach their full potential, securely.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
U.S. state and federal investigators are being inundated with reports from people who’ve lost hundreds of thousands or millions of dollars in connection with a complex investment scam known as “pig butchering,” wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
The term “pig butchering” refers to a time-tested, heavily scripted, and human-intensive process of using fake profiles on dating apps and social media to lure people into investing in elaborate scams. In a more visceral sense, pig butchering means fattening up a prey before the slaughter.
“The fraud is named for the way scammers feed their victims with promises of romance and riches before cutting them off and taking all their money,” the Federal Bureau of Investigation (FBI) warned in April 2022. “It’s run by a fraud ring of cryptocurrency scammers who mine dating apps and other social media for victims and the scam is becoming alarmingly popular.”
As documented in a series of investigative reports published over the past year across Asia, the people creating these phony profiles are largely men and women from China and neighboring countries who have been kidnapped and trafficked to places like Cambodia, where they are forced to scam complete strangers over the Internet — day after day.
The most prevalent pig butchering scam today involves sophisticated cryptocurrency investment platforms, where investors invariably see fantastic returns on their deposits — until they try to withdraw the funds. At that point, investors are told they owe huge tax bills. But even those who pay the phony levies never see their money again.
The come-ons for these scams are prevalent on dating sites and apps, but they also frequently start with what appears to be a wayward SMS — such as an instant message about an Uber ride that never showed. Or a reminder from a complete stranger about a planned meetup for coffee. In many ways, the content of the message is irrelevant; the initial goal to simply to get the recipient curious enough to respond in some way.
Those who respond are asked to continue the conversation via WhatsApp, where an attractive, friendly profile of the opposite gender will work through a pre-set script that is tailored to their prey’s apparent socioeconomic situation. For example, a divorced, professional female who responds to these scams will be handled with one profile type and script, while other scripts are available to groom a widower, a young professional, or a single mom.
That’s according to Erin West, deputy district attorney for Santa Clara County in Northern California. West said her office has been fielding a large number of pig butchering inquiries from her state, but also from law enforcement entities around the country that are ill-equipped to investigate such fraud.
“The people forced to perpetrate these scams have a guide and a script, where if your victim is divorced say this, or a single mom say this,” West said. “The scale of this is so massive. It’s a major problem with no easy answers, but also with victim volumes I’ve never seen before. With victims who are really losing their minds and in some cases are suicidal.”
West is a key member of REACT, a task force set up to tackle especially complex forms of cyber theft involving virtual currencies. West said the initial complaints from pig butchering victims came early this year.
“I first thought they were one-off cases, and then I realized we were getting these daily,” West said. “A lot of them are being reported to local agencies that don’t know what to do with them, so the cases languish.”
West said pig butchering victims are often quite sophisticated and educated people.
“One woman was a university professor who lost her husband to COVID, got lonely and was chatting online, and eventually ended up giving away her retirement,” West recalled of a recent case. “There are just horrifying stories that run the gamut in terms of victims, from young women early in their careers, to senior citizens and even to people working in the financial services industry.”
In some cases reported to REACT, the victims said they spent days or weeks corresponding with the phony WhatsApp persona before the conversation shifted to investing.
“They’ll say ‘Hey, this is the food I’m eating tonight’ and the picture they share will show a pretty setting with a glass of wine, where they’re showcasing an enviable lifestyle but not really mentioning anything about how they achieved that,” West said. “And then later, maybe a few hours or days into the conversation, they’ll say, ‘You know I made some money recently investing in crypto,’ kind of sliding into the topic as if this wasn’t what they were doing the whole time.”
Curious investors are directed toward elaborate and official-looking online crypto platforms that appear to have thousands of active investors. Many of these platforms include extensive study materials and tutorials on cryptocurrency investing. New users are strongly encouraged to team up with more seasoned investors on the platform, and to make only small investments that they can afford to lose.
The now-defunct homepage of xtb-market[.]com, a scam cryptocurrency platform tied to a pig butchering scheme.
“They’re able to see some value increase, and maybe even be allowed to take out that value increase so that they feel comfortable about the situation,” West said. Some investors then need little encouragement to deposit additional funds, which usually generate increasingly higher “returns.”
West said many crypto trading platforms associated with pig butchering scams appear to have been designed much like a video game, where investor hype is built around upcoming “trading opportunities” that hint at even more fantastic earnings.
“There are bonus levels and VIP levels, and they’ll build hype and a sense of frenzy into the trading,” West said. “There are definitely some psychological mechanisms at work to encourage people to invest more.”
“What’s so devastating about many of the victims is they lose that sense of who they are,” she continued. “They thought they were a savvy, sophisticated person, someone who’s sort of immune to scams. I think the large scale of the trickery and psychological manipulation being used here can’t be understated. It’s like nothing I’ve seen before.”
Courtney Nolan, a divorced mother of three daughters, says she lost more than $5 million to a pig butchering scam. Nolan lives in St. Louis and has a background in investment finance, but only started investing in cryptocurrencies in the past year.
Nolan’s case may be especially bad because she was already interested in crypto investing when the scammer reached out. At the time, Bitcoin was trading at or near all-time highs of nearly $68,000 per coin.
Nolan said her nightmare began in late 2021 with a Twitter direct message from someone who was following many of the same cryptocurrency influencers she followed. Her fellow crypto enthusiast then suggested they continue their discussion on WhatsApp. After much back and forth about his trading strategies, her new friend agreed to mentor her on how to make reliable profits using the crypto trading platform xtb.com.
“I had dabbled in leveraged trading before, but his mentor program gave me over 100 pages of study materials and agreed to walk me through their investment strategies over the course of a year,” Nolan told KrebsOnSecurity.
Nolan’s mentor had her create an account website xtb-market[.]com, which was made to be confusingly similar to XTB’s official platform. The site promoted several different investment packages, including a “starter plan” that involves a $5,250 up-front investment and promises more than 15 percent return across four separate trading bursts.
Platinum plans on xtb-market promised a whopping 45 percent ROI, with a minimum investment of $265,000. The site also offered a generous seven percent commission for referrals, which encouraged new investors to recruit others.
The now-defunct xtb-market[.]com.
While chatting via WhatsApp, Nolan and her mentor would trade side by side in xtb-market, initially with small investments ranging from $500 to $5,000. When those generated hefty returns, Nolan made bigger deposits. On several occasions she was able to withdraw amounts ranging from $10,000 to $30,000.
But after investing more than $4.5 million of her own money over nearly four months, Nolan found her account was suddenly frozen. She was then issued a tax statement saying she owed nearly $500,000 in taxes before she could reactivate her account or access her funds.
Nolan said it seems obvious in hindsight that she should never have paid the tax bill. Because xtb-market and her mentor cut all communications with her after that, and the entire website disappeared just a few weeks later.
Justin Maile, an investigation partner manager at Chainalysis, told Vice News that the tax portion of the pig butchering scam relies on the “sunk costs fallacy,” when people are reluctant to abandon a failing strategy or course of action because they have already invested heavily in it.
“Once the victim starts getting skeptical or tries to withdraw their funds, they are often told that they have to pay tax on the gains before funds can be unlocked,” Maile told Vice News. “The scammers will try to get any last payments out of the victims by exploiting the sunk cost fallacy and dangling huge profits in front of them.”
Vice recently published an in-depth report on pig butchering’s link to organized crime gangs in Asia that lure young job seekers with the promise of customer service jobs in call centers. Instead, those who show up at the appointed place and time are taken on long car rides and/or forced hikes across the borders into Cambodia, where they are pressed into indentured servitude.
Vice found many of the people forced to work in pig-butchering scams are being held in Chinese-owned casinos operating in Cambodia. Many of those casinos were newly built when the Covid pandemic hit. As the new casinos and hotels sat empty, organized crime groups saw an opportunity to use these facilities to generate huge income streams, and many foreign travelers stranded in neighboring countries were eventually trafficked to these scam centers.
Vice reports:
“While figures on the number of people in scam centers in Cambodia is unknown, best estimates pieced together from various sources point to the tens of thousands across scam centers in Sihanoukville, Phnom Penh, and sites in border regions Poipet and Bavet. In April, Thailand’s assistant national police commissioner said 800 Thai citizens had been rescued from scam centers in Cambodia in recent months, with a further 1,000 citizens still trapped across the country. One Vietnamese worker estimated 300 of his compatriots were held on just one floor in a tall office block hosting scam operations.”
“…within Victory Paradise Resort alone there were 7,000 people, the majority from mainland China, but also Indonesians, Singaporeans and Filipinos. According to the Khmer Times, one 10-building complex of high-rises in Sihanoukville, known as The China Project, holds between 8,000 to 10,000 people participating in various scams—a workforce that would generate profits around the $1 billion mark each year at $300 per worker per day.”
REACTs’ West said while there are a large number of pig butchering victims reporting their victimization to the FBI, very few are receiving anything more than instructions about filing a complaint with the FBI’s Internet Crime Complaint Center (IC3), which keeps track of cybercrime losses and victims.
“There’s a huge gap in victims that are seeing any kind of service at all, where they’re reporting to the FBI but not being able to talk to anyone,” she said. “They’re filling out the IC3 form and never hearing back. It sort of feels like the federal government is ignoring this, so people are going to local agencies, which are sending these victims our way.”
For many younger victims of pig butchering, even losses of a few thousand dollars can be financially devastating. KrebsOnSecurity recently heard from two different readers who said they were in their 20s and lost more than $40,000 each when the investment platforms they were trading on vanished with their money.
The FBI can often bundle numerous IC3 complaints involving the same assailants and victims into a single case for federal prosecutors to pursue the guilty, and/or try to recapture what was stolen. In general, however, victims of crypto crimes rarely see that money again, or if they do it can take many years.
“The next piece is what can we actually do with these cases,” West said. “We used to frame success as getting bad people behind bars, but these cases leave us as law enforcement with not a lot of opportunity there.”
West said the good news is U.S. authorities are seeing some success in freezing cryptocurrency wallets suspected of being tied to large-scale cybercriminal operations. Indeed, Nolan told KrebsOnSecurity that her losses were substantial enough to warrant an official investigation by the FBI, which she says has since taken steps to freeze at least some of the assets tied to xtb-market[.]com.
Likewise, West said she was recently able to freeze cryptocurrency funds stolen from some pig butchering victims, and now REACT is focusing on helping state and local authorities learn how to do the same.
“It’s important to be able to mobilize quickly and know how to freeze and seize crypto and get it back to its rightful owner,” West said. “We definitely have made seizures in cases involving pig butchering, but we haven’t gotten that back to the rightful owners yet.”
In April, the FBI warned Internet users to be on guard against pig butchering scams, which it said attracts victims with “promises of romance and riches” before duping them out of their money. The IC3 said it received more than 4,300 complaints related to crypto-romance scams, resulting in losses of more than $429 million.
Here are some common elements of a pig butchering scam:
–Dating apps: Pig-butchering attempts are common on dating apps, but they can begin with almost any type of communication, including SMS text messages.
–WhatsApp: In virtually all documented cases of pig butchering, the target is moved fairly quickly into chatting with the scammer via WhatsApp.
–No video: The scammers will come up with all kinds of excuses not to do a video call. But they will always refuse.
–Investment chit-chat: Your contact (eventually) claims to have inside knowledge about the cryptocurrency market and can help you make money.
The FBI’s tips on avoiding crypto scams:
-Never send money, trade, or invest based on the advice of someone you have only met online.
-Don’t talk about your current financial status to unknown and untrusted people.
-Don’t provide your banking information, Social Security Number, copies of your identification or passport, or any other sensitive information to anyone online or to a site you do not know is legitimate.
-If an online investment or trading site is promoting unbelievable profits, it is most likely that—unbelievable.
-Be cautious of individuals who claim to have exclusive investment opportunities and urge you to act fast.
We’ve all seen the headlines like “race to the cloud” and “cloud-first.” These articles and publications are true, more and more customers have adopted cloud strategies, but there is more to the story. In these customer conversations, cloud security and network security are often discussed in unison. Why is that?
Customers desire freedom and choice when establishing resilience across every aspect of their business, and this requires both the ability to remain agile, and maintain control of their organization’s most sensitive data. Neither of these can be achieved with just the cloud, or private data center. Organizations are investing in hybrid-multicloud environments to ensure continuity amidst unpredictable threats and change. But these investments will fall short if they do not include security.
The modern enterprise relies on the network more than ever before, and it looks a lot different than it did 10 years ago. According to our 2022 Global Hybrid Cloud Trends Report, where 2,500 global IT leaders were interviewed across 13 countries, 82% said they have adopted hybrid cloud architectures, and 47% of organizations use between two and three public IaaS clouds1. As organizations have grown more dependent on the network, the more complex it has become, making firewall capabilities the most critical element of the hybrid-multicloud security strategy. And Cisco has a firewall capability for every strategy, protecting your most important assets no matter where you choose to deploy it.
In May, Cisco brought offerings from Umbrella and Duo to the AWS Marketplace. Today at AWS Re:Inforce, Cisco Secure announced furthering its partnership with AWS to drive innovation with the goal to protect the integrity of your business. Validating our commitment to hybrid-multicloud security, Cisco has received the AWS Security Competency Partner designation for Network and Infrastructure Security. This designation was awarded through our demonstrated success with customer engagements and rigorous technical validations of Secure Firewall.
This week at AWS Re:Inforce, customers can stop by our booth to see our latest firewall innovation. Cisco Secure Firewall as-a-service on AWS builds on our existing portfolio, giving organizations greater flexibility and choice with a radically simplified SaaS offering. If organizations are truly to embrace security across the multi-environment IT, customers demand simplification without compromising security. With a SaaS-based form factor, management and deployment complexity is reduced. NetOps and SecOps teams will enjoy a simplified security architecture where provisioning of firewalls and control plane infrastructure are managed by Cisco. This will save your teams time by removing the need to rearchitect the network, freeing them to focus on protecting the integrity of your business.
As organizations continue to move more of their day-to-day operations to the cloud, Cisco and AWS are committed to ensure that security is an integral part of their hybrid multi-cloud strategy. We all have seen the impact of security that is bolted on, or too complex. If we are truly to find that balance between agility and protection to ensure business continuity, we need to ensure the same protections we have in the private infrastructure are easily consumed no matter where your data may roam.
Product page: Cisco Secure Firewall for Public Cloud
Partner page: Cisco solutions on AWS
Blog: Securing cloud is everyone’s responsibility
Quick Start page: Cisco solutions on AWS
Amazon Partner Network page: Cisco solutions on AWS
2022 Global Hybrid Cloud Trends Report
1 Henderson, N. & Hanselman, E. (2022, May 25). 2022 Global Hybrid Cloud Trends Report.
S&P Global Market Intelligence, commissioned by Cisco Systems.
https://www.cisco.com/c/en/us/solutions/hybrid-cloud/2022-trends.html ‘
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by secretly bundling it with other titles.
The Microleaves proxy service, which is in the process of being rebranded to Shifter[.[io.
Launched in 2013, Microleaves is a service that allows customers to route their Internet traffic through PCs in virtually any country or city around the globe. Microleaves works by changing each customer’s Internet Protocol (IP) address every five to ten minutes.
The service, which accepts PayPal, Bitcoin and all major credit cards, is aimed primarily at enterprises engaged in repetitive, automated activity that often results in an IP address being temporarily blocked — such as data scraping, or mass-creating new accounts at some service online.
In response to a report about the data exposure from KrebsOnSecurity, Microleaves said it was grateful for being notified about a “very serious issue regarding our customer information.”
Abhishek Gupta is the PR and marketing manager for Microleaves, which he said in the process of being rebranded to “Shifter.io.” Gupta said the report qualified as a “medium” severity security issue in Shifter’s brand new bug bounty program (the site makes no mention of a bug bounty), which he said offers up to $2,000 for reporting data exposure issues like the one they just fixed. KrebsOnSecurity declined the offer and requested that Shifter donate the amount to the Electronic Frontier Foundation (EFF), a digital rights group.
From its inception nearly a decade ago, Microleaves has claimed to lease between 20-30 million IPs via its service at any time. Riley Kilmer, co-founder of the proxy-tracking service Spur.us, said that 20-30 million number might be accurate for Shifter if measured across a six-month time frame. Currently, Spur is tracking roughly a quarter-million proxies associated with Microleaves/Shifter each day, with a high rate of churn in IPs.
Early on, this rather large volume of IP addresses led many to speculate that Microleaves was just a botnet which was being resold as a commercial proxy service.
Proxy traffic related to top Microleaves users, as exposed by the website’s API.
The very first discussion thread started by the new user Microleaves on the forum BlackHatWorld in 2013 sought forum members who could help test and grow the proxy network. At the time, the Microleaves user said their proxy network had 150,000 IPs globally, and was growing quickly.
One of BlackHatWorld’s moderators asked the administrator of the forum to review the Microleaves post.
“User states has 150k proxies,” the forum skeptic wrote. “No seller on BHW has 150k working daily proxies none of us do. Which hints at a possible BOTNET. That’s the only way you will get 150k.”
Microleaves has long been classified by antivirus companies as adware or as a “potentially unwanted program” (PUP), the euphemism that antivirus companies use to describe executable files that get installed with ambiguous consent at best, and are often part of a bundle of software tied to some “free” download. Security vendor Kaspersky flags the Microleaves family of software as a trojan horse program that commandeers the user’s Internet connection as a proxy without notifying the user.
“While working, these Trojans pose as Microsoft Windows Update,” Kaspersky wrote.
In a February 2014 post to BlackHatWorld, Microleaves announced that its sister service — reverseproxies[.]com — was now offering an “Auto CAPTCHA Solving Service,” which automates the solving of those squiggly and sometimes frustrating puzzles that many websites use to distinguish bots from real visitors. The CAPTCHA service was offered as an add-on to the Microleaves proxy service, and ranged in price from $20 for a 2-day trial to $320 for solving up to 80 captchas simultaneously.
“We break normal Recaptcha with 60-90% success rate, recaptcha with blobs 30% success, and 500+ other captcha,” Microleaves wrote. “As you know all success rate on recaptcha depends very much on good proxies that are fresh and not spammed!”
The exposed Microleaves user database shows that the first user created on the service — username “admin” — used the email address alex.iulian@aol.com. A search on that email address in Constella Intelligence, a service that tracks breached data, reveals it was used to create an account at the link shortening service bit.ly under the name Alexandru Florea, and the username “Acidut.” [Full disclosure: Constella is currently an advertiser on this website].
According to the cyber intelligence company Intel 471, a user named Acidut with the email address iulyan87_4u@gmail.com had an active presence on almost a dozen shadowy money-making and cybercrime forums from 2010 to 2017, including BlackHatWorld, Carder[.]pro, Hackforums, OpenSC, and CPAElites.
The user Microleaves (later “Shifter.io”) advertised on BlackHatWorld the sale of 31 million residential IPs for use as proxies, in late 2013. The same account continues to sell subscriptions to Shifter.io.
In a 2011 post on Hackforums, Acidut said they were building a botnet using an “exploit kit,” a set of browser exploits made to be stitched into hacked websites and foist malware on visitors. Acidut claimed their exploit kit was generating 3,000 to 5,000 new bots each day. OpenSC was hacked at one point, and its private messages show Acidut purchased a license from Exmanoize, the handle used by the creator of the Eleonore Exploit Kit.
By November 2013, Acidut was advertising the sale of “26 million SOCKS residential proxies.” In a March 2016 post to CPAElites, Acidut said they had a worthwhile offer for people involved in pay-per-install or “PPI” schemes, which match criminal gangs who pay for malware installs with enterprising hackers looking to sell access to compromised PCs and websites.
Because pay-per-install affiliate schemes rarely impose restrictions on how the software can be installed, such programs can be appealing for cybercriminals who already control large collections of hacked machines and/or compromised websites. Indeed, Acidut went a step further, adding that their program could be quietly and invisibly nested inside of other programs.
“For those of you who are doing PPI I have a global offer that you can bundle to your installer,” Acidut wrote. “I am looking for many installs for an app that will generate website visits. The installer has a silence version which you can use inside your installer. I am looking to buy as many daily installs as possible worldwide, except China.”
Asked about the source of their proxies in 2014, the Microleaves user responded that it was “something related to a PPI network. I can’t say more and I won’t get into details.”
Acidut authored a similar message on the forum BlackHatWorld in 2013, where they encouraged users to contact them on Skype at the username “nevo.julian.” That same Skype contact address was listed prominently on the Microleaves homepage up until about a week ago when KrebsOnSecurity first reached out to the company.
There is a Facebook profile for an Alexandru Iulian Florea from Constanta, Romania, whose username on the social media network is Acidut. Prior to KrebsOnSecurity alerting Shifter of its data breach, the Acidut profile page associated Florea with the websites microleaves.com, shrooms.io, leftclick[.]io, and online[.]io. Mr. Florea did not respond to multiple requests for comment, and his Facebook page no longer mentions these domains.
Leftclick and online[.]io emerged as subsidiaries of Microleaves between 2017 and 2018. According to a help wanted ad posted in 2018 for a developer position at online[.]io, the company’s services were brazenly pitched to investors as “a cybersecurity and privacy tool kit, offering extensive protection using advanced adblocking, anti-tracking systems, malware protection, and revolutionary VPN access based on residential IPs.”
A teaser from Irish Tech News.
“Online[.]io is developing the first fully decentralized peer-to-peer networking technology and revolutionizing the browsing experience by making it faster, ad free, more reliable, secure and non-trackable, thus freeing the Internet from annoying ads, malware, and trackers,” reads the rest of that help wanted ad.
Microleaves CEO Alexandru Florea gave an “interview” to the website Irishtechnews.ie in 2018, in which he explained how Online[.]io (OIO) was going to upend the online advertising and security industries with its initial coin offering (ICO). The word interview is in air quotes because the following statements by Florea deserved some serious pushback by the interviewer.
“Online[.]io solution, developed using the Ethereum blockchain, aims at disrupting the digital advertising market valued at more than $1 trillion USD,” Alexandru enthused. “By staking OIO tokens and implementing our solution, the website operators will be able to access a new non-invasive revenue stream, which capitalizes on time spent by users online.”
“At the same time, internet users who stake OIO tokens will have the opportunity to monetize on the time spent online by themselves and their peers on the World Wide Web,” he continued. “The time spent by users online will lead to ICE tokens being mined, which in turn can be used in the dedicated merchant system or traded on exchanges and consequently changed to fiat.”
Translation: If you install our proxy bot/CAPTCHA-solver/ad software on your computer — or as an exploit kit on your website — we’ll make millions hijacking ads and you will be rewarded with heaps of soon-to-be-worthless shitcoin. Oh, and all your security woes will disappear, too.
It’s unclear how many Internet users and websites willingly agreed to get bombarded with Online[.]io’s annoying ads and search hijackers — and to have their PC turned into a proxy or CAPTCHA-solving zombie for others. But that is exactly what multiple security companies said happened when users encountered online[.]io, which operated using the Microsoft Windows process name of “online-guardian.exe.”
Incredibly, Crunchbase says Online[.]io raised $6 million in funding for an initial coin offering in 2018, based on the plainly ludicrous claims made above. Since then, however, online[.]io seems to have gone…offline, for good.
Until this week, Shifter.io’s website also exposed information about its customer base and most active users, as well as how much money each client has paid over the lifetime of their subscription. The data indicates Shifter has earned more than $11.7 million in direct payments, although it’s unclear how far back in time those payment records go, or how complete they are.
The bulk of Shifter customers who spent more than $100,000 at the proxy service appear to be digital advertising companies, including some located in the United States. None of the several Shifter customers approached by KrebsOnSecurity agreed to be interviewed.
Shifter’s Gupta said he’d been with the company for three years, since the new owner took over the company and made the rebrand to Shifter.
“The company has been on the market for a long time, but operated under a different brand called Microleaves, until new ownership and management took over the company started a reorganization process that is still on-going,” Gupta said. “We are fully transparent. Mostly [our customers] work in the data scraping niche, this is why we actually developed more products in this zone and made a big shift towards APIs and integrated solutions in the past year.”
Ah yes, the same APIs and integrated solutions that were found exposed to the Internet and leaking all of Shifter’s customer information.
Gupta said the original founder of Microleaves was a man from India, who later sold the business to Florea. According to Gupta, the Romanian entrepreneur had multiple issues in trying to run the company, and then sold it three years ago to the current owner — Super Tech Ventures, a private equity company based in Taiwan.
“Our CEO is Wang Wei, he has been with the company since 3 years ago,” Gupta said. “Mr. Florea left the company two years ago after ending this transition period.”
Google and other search engines seem to know nothing about a Super Tech Ventures based in Taiwan. Incredibly, Shifter’s own PR person claimed that he, too, was in the dark on this subject.
“I would love to help, but I really don’t know much about the mother company,” Gupta said, essentially walking back his “fully transparent” statement. “I know they are a branch of the bigger group of asian investment firms focused on private equity in multiple industries.”
Adware and proxy software are often bundled together with “free” software utilities online, or with popular software titles that have been pirated and quietly fused with installers tied to various PPI affiliate schemes.
But just as often, these intrusive programs will include some type of notice — even if installed as part of a software bundle — that many users simply do not read and click “Next” to get on with installing whatever software they’re seeking to use. In these cases, selecting the “basic” or “default” settings while installing usually hides any per-program installation prompts, and assumes you agree to all of the bundled programs being installed. It’s always best to opt for the “custom” installation mode, which can give you a better idea of what is actually being installed, and can let you control certain aspects of the installation.
Either way, it’s best to start with the assumption that if a software or service online is “free,” that there is likely some component involved that allows the provider of that service to monetize your activity. As KrebsOnSecurity noted at the conclusion of last week’s story on a China-based proxy service called 911, the rule of thumb for transacting online is that if you’re not the paying customer, then you and/or your devices are probably the product that’s being sold to others.
Further reading on proxy services:
July 18, 2022: A Deep Dive Into the Residential Proxy Service ‘911’
June 28, 2022: The Link Between AWM Proxy & the Glupteba Botnet
June 22, 2022: Meet the Administrators of the RSOCKS Proxy Botnet
Sept. 1, 2021: 15-Year-Old Malware Proxy Network VIP72 Goes Dark
Aug. 19, 2019: The Rise of “Bulletproof” Residential Networks
Your digital footprint grows with every internet account you make. While your old Tumblr account may be fun for reminiscing, dormant accounts are actually one of the most significant sources of user data on the internet. These accounts can be used by data brokers or third parties to access your personal information.
To improve your data security, it’s good practice to remove public-facing information by deleting unused accounts. Simply put, having less personal data stored on the internet reduces the risk of theft and/or non-consensual data usage.
Deleting, canceling, unsubscribing, or removing your account can be a long process, depending on the service. This article will walk you through the simplest ways to delete unwanted accounts from various social media platforms.
Deleting unwanted accounts protects your information and prevents the monetization of your data. Your internet accounts often hold personal information like your name, age, email, or home address. What’s more alarming is that some platforms may even have credit card details, phone numbers, and bank account information.
When left unattended, internet accounts become vulnerable to being suspended or taken over by the platform. This means that if your accounts are left inactive for too long, you might be handing some or all of your data over to the tech platform.
For example, even if you believe an old Google account doesn’t have any sensitive information stored, it may be linked to other platforms you use (like Amazon or Google services like Gmail and Google Play). This exposes all of these accounts to several data privacy vulnerabilities.
Moreover, a recent survey found that 70% of surveyed adults admitted using the same password for more than one service. People who don’t use password managers or reuse passwords are at a greater security risk than others, as multiple accounts can become compromised at once. Whether the platform is now out of service or you are cutting down on your app usage, deleting dormant accounts will minimize security threats and safeguard your data.
Every platform has a different process for deleting accounts: Some take only a few clicks to complete and others are a little longer. Companies usually don’t want a user to stop using their services, so account deletion pages are often hidden in a complex web of tabs that you have to navigate.
In addition, some subscription services might require that you send an email to customer support to close your account. You can go to justdelete.me, an online directory that lets you access direct links to account deletion pages of various web services.
Remember to download your personal information and data before pulling the plug on your account. Most platforms let you download your data before initiating a deletion request, which saves you from losing important details and files. It is also important to check whether your Google account is used for your YouTube channel or connected to other online accounts.
To help you get rid of accounts you no longer use, we’ve broken down deleting accounts from some of the most popular social networks. The steps described below are for a desktop browser and may not apply to Android or iOS devices (unless specified).
Facebook’s user privacy policy enables it to store a large amount of user information, including personal messages, posts, search history, name, age, birthdate, and even metadata from posted photos and videos.
Follow these simple steps to delete your Facebook account:
LinkedIn collects information on users and uses it for targeted advertising. As a result, it amasses quite a lot of your data, from professional details to personal preferences and even your online behavior trail.
Follow these simple steps from your desktop to delete your account:
It’s simple to delete your Twitter account, but you’ll have to wait 30 days for your data and tweets to clear. To delete your account, you first need to deactivate it.
Once you’ve decided to delete your account from the micro-blogging site, follow these steps from your desktop:
Remember to revoke third-party access to your Twitter account to avoid having your account reactivated in the 30 days following deactivation.
Since Facebook and Instagram are both owned by Meta, they share a lot of data for targeted advertising. You can adjust the privacy settings of your Instagram account from the mobile app, but you will need to log in from a web browser like Chrome to delete your account.
To delete your Instagram account:
Your information and data will be permanently deleted after 30 days and you won’t be able to retrieve it. However, completing a deletion process may take up to 90 days.
Tumblr has a fairly simple process to delete your account:
Follow these steps to delete your account from the popular picture-sharing platform:
Pinterest servers continue to store your data after deletion, but your information won’t be visible to other users.
There are different steps to deleting your email account depending on which email service you use. Backing up email data usually takes more time because of the sheer volume of data a mail account can hold.
Complete the following steps to delete your Google account:
Here’s what you need to do to delete your Yahoo email account:
Deleting your Yahoo account also deletes the linked information from Yahoo’s other services.
Follow these steps to delete your Microsoft account on Outlook 2010, 2013, or 2016:
Leaving old information scattered across the internet makes you susceptible to identity theft. There are multiple ways to keep your identity and data secure online, including McAfee’s Total Protection plan.
Total Protection lets you choose from multiple affordable subscription models that provide comprehensive security against identity theft and potential data breaches and offers web protection and several related benefits. In addition, having access to 24/7 online security experts and a 30-day money-back guarantee make the Total Protection plan an easy, reliable, and safe choice. You can also have peace of mind with McAfee’s Personal Data Cleanup feature where our teams will work to find your personal information online and assist in removing it.
The post How to Delete Old Accounts Containing Personal Information appeared first on McAfee Blog.
Let’s be honest – many of us parents aren’t big fans of gaming. In fact, some of us have probably even been known to roll our eyes or groan when we think about just how long our kids spend playing online games. But if there is one thing I’ve learned after 25 years of parenting, it’s that taking the time to look at a stressful family situation from the perspective of my children, can be very powerful. In fact, it can almost always fast track finding a mutually agreeable work-around for everyone – and gaming is the perfect example.
We have all read about how online gaming can provide players with regular hits of dopamine – a neurotransmitter in the brain that becomes active when you participate in fun and pleasurable activities. Now I am not disputing this for a moment – I’ve witnessed it firsthand! However, it is important to remember that dopamine increases whenever we do anything enjoyable – pop a square of chocolate in our mouth or watch our favorite sporting team win – not just when we play online games.
Many online games have cleverly designed built-in reward systems, and many experts believe that it is the combination of dopamine and reward that probably best explains why our kids are such gaming fans. Now, these reward systems are intentionally unpredictable so players are aware they will eventually get a reward, but they have no idea as to when or how often it is coming – so they are compelled to keep playing! Very clever!
In my opinion, gaming also fills several other needs in our children – the need to belong, to feel competent and be independent. And while we may have had these needs addressed very differently in the 70’s and 80’s – hanging at the bus stop, mastering the Rubix cube and not being helicopter parented, our batch of digital natives will often use gaming as their go-to solution.
When many of us parents think about our kids’ online gaming, our initial thought is ‘how do we make our kids stop’. But I can you this isn’t the right approach. Online gaming isn’t going anywhere. So, taking the time to see gaming from your child’s perspective and understand why it is such a big part of their life is where you need to focus your energy. I guarantee this will further strengthen your relationship with your child and help you introduce rules that they will better respect.
Let’s take a moment to channel the great Atticus Finch from To Kill a Mockingbird and focus on his words of inspiration for us all: ‘“You never really understand a person until you consider things from his point of view…until you climb into his skin and walk around in it.” Ah yes – very wise words!
So, if you are keen to stop gaming being a negative issue in your family, here are my top tips to help you get it under control and stop it causing family tension:
1. Change Your Thinking
If you find yourself thinking ‘how do I get my kids to stop gaming’, you’re barking up the wrong tree. Gaming isn’t going anywhere and as parents, we don’t want to drive an unnecessary wedge between ourselves and our kids. Instead, commit to having an open mind. Think ’Ok, let’s give this gaming thing a go’.
When the time is right, ask your kids what their favourite games are and why. Your aim is to get them talking. You could even do your research in advance and drop in the names of a few popular games to ask them about. ‘My work friend’s son plays Roblox, do you know much about that?’
Even if you aren’t that interested, I promise, playing along will open your eyes. You’ll better understand how the game’s reward system works and what it feels like to get a shot of digital dopamine! And most importantly, it will be great for your relationship with your child. By taking the time to play with them, you are showing that you are interested in their life and their hobbies.
4. Educate Yourself About All Thing Gaming
When your kids started their social media journey, chances are you spent a little time familiarising yourself with the various platforms they joined. Well, you need to adopt the same approach with their gaming life too. Here are a few areas to focus on:
5. Introduce Fair, Age-Appropriate Rules Around Gaming
Once you’ve taken the time to understand your child’s gaming life, cleared your mind of any unnecessary negative gaming thoughts and done your research, why not put together a set of family rules for gaming? You may like to consider a family tech agreement and have a separate section for gaming. Or you may prefer to keep it more casual and have the rules written on the fridge or shared in the family group chat. Regardless of what you choose, ensure that you introduce these boundaries when everyone is calm and in a good head space NOT when you’re in the middle of a verbal stoush!
You could choose to give your children a set amount of time they can use each week on gaming and then let them choose when to use it or you allocate a small time everyday once they’ve completed homework and chores. When my boys were younger, I didn’t allow gaming Monday – Thursday but after school Friday was always quite the gaming fest – a reward for getting through the school week. Do what works for your family!
There’s no question that this digital parenting gig is complicated. Trying to help your kids find the right balance between embracing the online world and offline world can often feel hard to get right. But if you’re ever in doubt about whether you’re on track when it comes to managing your kids’ gaming, always ask yourself – have I kept an open mind? Have I taken the time to talk to my kids and understand their gaming life? Are the gaming rules fair? And, if you have answered yes, then I have every confidence that you have the right approach to ensuring gaming is a positive part of your family’s life.
The post How To Get Your Head Around Your Kids’ Online Gaming Life appeared first on McAfee Blog.
Data brokers are companies that collect your information from a variety of sources to sell or license it out to other businesses. Before they can pass your data along, brokers analyze it to put you into specific consumer profiles. Consumer profiles help businesses suggest products you might like and create targeted marketing campaigns based on your interests.
Companies who buy data from brokers use it for things like marketing or risk mitigation. For example, if you’re a guitarist, a guitar manufacturer might try to reach you with an ad for their instruments. If you’re in the market for car insurance, insurance providers might use your personal information to do a background check so they can assess the risk that you’ll be in a car accident.
While businesses don’t typically use your information maliciously, there are risks involved with having your personal data spread online. There might be certain details you don’t want to share with the world, like health or criminal records or financial issues.
Having your data featured online can also expose it to cybercriminals who might use it for identity theft. Sometimes, hackers can even breach information that’s stored in an information broker’s database. When a criminal has your data, they might be able to access your financial accounts, use your credit to secure a loan, or even use your insurance to receive medical care.
This article shows you how to remove your information from data broker sites and protect your data privacy online.
There are various ways for a data broker to access your personal information. Some of these information sources are offline. For example, a broker can peruse public records to view your voter registration information.
Other information sources that brokers use are online. For instance, a broker might track your buying history to see which products you’re likely interested in.
Below are some of the top sources data brokers use to collect consumer information.
Data brokering is a worldwide industry that brings in around $200 billion annually. An estimated 4,000 data broker companies exist. The largest data broker companies include organizations like Acxiom, Experian, and Epsilon.
Most data broker sites will give you the ability to have your personal information removed from their database — but don’t expect it to be easy.
You might have to follow a multi-step process to opt out of a broker site. Even after your information is removed, you may have to repeat the process periodically.
Different regions have different laws when it comes to protecting consumer data. The European Union has the General Data Protection Regulation (GDPR), which gives consumers the right to request that a company deletes any personal information they have stored.
In the United States, states have to create their own laws to safeguard consumer privacy. States like Colorado and California have enacted laws that allow consumers to have their personal information removed from data broker sites.
The next few sections go over steps you can follow to get your information removed from various data broker sites. Many broker sites allow you to opt out of their data collection and advertising programs.
Opting out can prevent brokers from collecting and sharing your information and help you avoid intrusive ads for things like pre-approved credit cards.
The first thing you’ll have to do is visit each data broker’s site that has your information. Some of the biggest data broker sites that might have your information include:
While these are some of the largest data broker sites around, this list is by no means exhaustive. There’s a large number of data-sharing sites out there. For example, people-search sites like PeekYou, Spokeo, and Whitepages, let average consumers search through databases of personal information.
It may seem counterintuitive to sign up for an account with a broker when all you want is to delete your information from their site, but most data brokers require you to register with them to opt out of data collection.
You’ll likely have to create an account with every data broker you want to opt out of. Unfortunately, this will require you to give the brokers some personal information, like your name, email address, and possibly a picture of your driver’s license. Cross out your license number if you have to send a photo of your ID.
After creating an account with a broker, you’ll likely have to visit their portal to find out whether they have your personal information listed. Checking to see what every data broker has listed about you can be a time-consuming process.
Services like DeleteMe and Kanary will delete your information from data brokers. However, most of these sites charge a fee, and they only delete your information from a select number of sites. For example, DeleteMe removes your information from 36 different data broker sites.
You should also be aware that some data broker sites don’t allow third parties to request for information to be deleted on behalf of consumers.
You’ll have to make a separate removal request for every data broker site you want to opt out of. Some data brokers make the process more difficult than others. Remember that data companies are always collecting records, so you may need to repeat the process of removing your information from data broker sites annually.
Here’s how to opt out of some of the largest data brokering companies we mentioned earlier:
The data broker industry is enormous. A data brokerage can collect a wealth of information about you from a huge number of sources, and provide that information to businesses that use it to do things like design targeted marketing campaigns for their ideal consumers.
Brokers can share sensitive information that you want to keep private, like medical data. Having your personal information floating around the internet makes it easier for cybercriminals to use it for personal gain.
By opting out of information-sharing programs, you can protect your online privacy, reduce the number of intrusive advertisements and emails you receive, and make it less likely that identity thieves will target you.
One of the best ways to protect yourself online is to use quality security software. When you sign up for McAfee’s Total Protection services, you’ll get features like award-winning antivirus software, 24/7 account monitoring, a secure virtual private network (VPN), and up to $1 million in identity theft coverage and restoration.
When it comes to protecting your privacy online, McAfee has your back.
The post How to Remove Personal Information From Data Broker Sites appeared first on McAfee Blog.
FreshRSS 