Login
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend Micro’s midyear roundup report which found that published vulnerabilities in the first half of 2020 grew to 786, compared to 583 during the same time period last year. Also, read about vulnerabilities in Cisco’s Jabber app that could allow an attacker to execute arbitrary code.
Read on:
1H 2020 Cyber Security Defined by Covid-19 Pandemic
When thinking about 2020 security predictions, no one thought that there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. While Covid-19 dominated the threat landscape in the first half of 2020, it wasn’t the only threat that defined it. Learn more about the 2020 threat landscape in Trend Micro’s recent blog.
Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely
Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code. The flaws, which were uncovered by cybersecurity firm Watchcom during a pentest, affect all currently supported versions of the Jabber client (12.1-12.9) and has since been fixed by the company.
The Life Cycle of a Compromised (Cloud) Server
Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. This week, Trend Micro released the second report in a three-part series which details the what, how, and why of cybercriminal hosting. Trend Micro dives into the common life cycle of a compromised server from initial compromise to the different stages of monetization preferred by criminals.
Instagram ‘Help Center’ Phishing Scam Pilfers Credentials
Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. Trend Micro researchers said that the campaign has been targeting hundreds of celebrities, startup business owners, and other entities with sizeable followings on Instagram.
What is a VPN and How Does it Increase Your Online Security and Privacy?
The number of VPN users has grown considerably over the past few years. According to a report from Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. In this blog, Trend Micro takes a deeper look at all of the benefits a VPN can provide.
First Half of 2020 Led to Nearly 800 Disclosed Vulnerabilities: Report
Published vulnerabilities in January through June of 2020 grew to 786, compared to 583 during the same time period last year, according to Trend Micro’s midyear cybersecurity report. Bad actors most often targeted enterprise software, including Apache Struts and Drupal frameworks, between 2017 and the first half of this year. In this article, Trend Micro’s director of global threat communications, Jon Clay, shares his thoughts on the first half of 2020.
A Blind Spot in ICS Security: The Protocol Gateway Part 1: Importance of the Protocol Gateway
Trend Micro released a white paper summarizing potential protocol gateway security risks in early August. This blog series follows up on that paper, analyzing the impacts of the serious vulnerabilities detected in the protocol gateways essential when shifting to smart factories and outlining the security countermeasures that security administrators in factories must take. In the first blog of this series, part one describes the importance of the protocol gateway in ICS environments.
Evilnum Group Targets FinTech Firms with New Python-Based RAT
Evilnum, a group known for targeting financial technology companies, has added new malware and infection tricks to its arsenal, researchers warn. The group is suspected of offering APT-style hacker-for-hire services to other entities, a growing and worrying trend that’s changing the threat landscape.
Are Employees the Weakest Link in Your Security Strategy?
Email is the number one threat vector. Data from Trend Micro Smart Protection Network shows that for the first five months of 2020, 92% of all the cyberthreats leveraging Covid-19 were spam or phishing email messages. Email scams can have a big impact, both on the organization and the individual. This was highlighted in a recent report from BBC News where a finance professional from Glasgow, Scotland was targeted by a business email compromise (BEC) scam.
55% of Cybersquatted Domains are Malicious or Potentially Fraudulent
In a single month, cyber-squatters registered almost 14,000 domain names, more than half of which went on to host malicious or likely fraudulent content, Palo Alto Networks states in a report released this week. The company, which collected information on newly registered domains in December 2019, found 13,857 domains classified by its software as cybersquatting based on lexical analysis.
What are your thoughts on Evilnum’s APT-style hacker-for-hire services? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: First Half of 2020 Led to Nearly 800 Disclosed Vulnerabilities and Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely appeared first on .
When we published our 2020 Predictions report in December, we didn’t realize there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. Malicious actors have always taken advantage of big news to use as lures for socially engineered threats, but these events tend to be fairly short news cycles.
When Covid-19 started making headlines in early 2020, we started seeing new threats using this in the attacks. As you see below, April was the peak month for email-based Covid-19 related threats.
The same was true for phishing URLs related to Covid-19, but for files using Covid-19 in their naming convention, the peak month in the first half was June.
Impact on Cybercrime
The constant 24×7 news around cases, cures and vaccines makes this pandemic unique for cybercriminals. Also, the shift to remote working and the challenges posed to supply chains all gave cybercriminals new content they could use as lures to entice victims into infecting themselves.
As we’ve seen for many years now, email-based threats were the most used threat vector by malicious actors, which makes sense as the number one infection vector to penetrate an organization’s network is to use a socially engineered email against an employee.
We even saw malicious mobile apps being developed using Covid-19 as a lure, as you see below.
In this case it was supporting potential cures for the virus, which many people would have wanted.
Other Highlights in 1H 2020
While Covid-19 dominated the threat landscape in the 1H 2020, it wasn’t the only thing that defined it. Ransomware actors continued their attacks against organizations, but as we’ve been seeing over the past year, they’ve become much more selective in their victims. The spray and pray model using spam has been shifted to a more targeted approach, similar to how nation-state actors and APT groups perform their attacks. Two things showcase this trend:
2. The ransom amounts have increased significantly over the years, showing ransomware actors are selecting their victims around how much they feel they can extort them for and whether they are more likely to pay a ransom.
Home network attacks are another interesting aspect of the threat landscape in the first half of this year. We have millions of home routers around the world that give us threat data on events coming into and out of home networks.
Threat actors are taking advantage of more remote workers by launching more attacks against these home networks. As you see below, the first half of 2020 saw a marked increase in attacks.
Many of these attacks are brute force login attempts as actors try to obtain login credentials for routers and devices within the home network, which can allow them to do further damage.
The above are only a small number of security events and trends we saw in just six months of 2020. Our full roundup of the security landscape so far this year is detailed out in our security roundup report – Securing the Pandemic-Disrupted Workplace. You can read about all we found to help prepare for many of the threats we will continue to see for the rest of the year.
The post 1H 2020 Cyber Security Defined by Covid-19 Pandemic appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how solutions from 32 Amazon Web Services partners – including Trend Micro – are now available for AWS customers to use with their deployments of AWS Outposts. Also, read about a data breach at U.S. office-supply retailer Staples.
Read on:
Boosting Impact for Profit: Evolving Ransomware Techniques for Targeted Attacks
As described in Trend Micro’s 2020 Midyear Roundup, the numbers pertaining to ransomware no longer tell the full story. While the number of infections, company disclosures, and ransomware families has gone down, the estimated amount of money exchanged for the retrieval of encrypted data has steadily gone up. By going after institutions and companies with the urgent need to retrieve their data and get their systems running again, cybercriminals are able to demand exorbitant amounts of ransom.
AWS Outposts Ready Launches with 32 Validated Partners
Solutions from 32 Amazon Web Services partners, including Trend Micro, are available now for AWS customers to use with their deployments of AWS Outposts, the on-premises version of the industry’s leading public cloud.
Analysis of a Convoluted Attack Chain Involving Ngrok
The Trend Micro Managed XDR team recently handled an incident involving one of Trend Micro’s customers. The incident revealed how a malicious actor incorporated certain techniques into an attack, making it more difficult for blue teams and security researchers alike to analyze the chain of events in a clean and easily understandable manner. In this blog, Trend Micro further analyzes the attack.
39% of Employees Access Corporate Data on Personal Devices
A large proportion of employees are using their own devices to access data belonging to their company, according to a new study by Trend Micro. Researchers found that 39% of workers use personal smartphones, tablets, and laptops to access corporate data, often via services and applications hosted in the cloud.
In this blog series, Trend Micro analyzes the impacts of the serious vulnerabilities detected in the protocol gateways and shares the security countermeasures that security administrators in smart factories must take. In the second part of this series, Trend Micro presents an overview of the verification methods, results of this research, and describes “flaws in the protocol conversion function,” one of the security risks revealed through Trend Micro’s experiments.
Staples Hit by Data Breach: What to Do Now
U.S. office-supply retailer Staples says its recent data breach affected fewer than 2,500 customers. Australian security researcher Troy Hunt, who runs the HaveIBeenPwned website, used his Twitter account to post a copy of an email message sent to an unknown number of Staples online customers.
“Zerologon” and the Value of Virtual Patching
A new CVE was released recently that has made quite a few headlines – CVE-2020-1472, also known as Zerologon. This CVE can allow an attacker to take advantage of the cryptographic algorithm used in the Netlogon authentication process and impersonate the identity of any computer when trying to authenticate against the domain controller.
Billions of Devices Vulnerable to New ‘BLESA’ Bluetooth Security Flaw
Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed this summer. Named BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol. BLE is a slimmer version of the original Bluetooth (Classic) standard but designed to conserve battery power while keeping Bluetooth connections alive as long as possible.
California Elementary Kids Kicked Off Online Learning by Ransomware
As students head back to the classroom, the wave of ransomware attacks against schools is continuing. The latest is a strike against a California school district that closed down remote learning for 6,000 elementary school students, according to city officials. The cyberattack, against the Newhall School District in Valencia, affected all distance learning across 10 different grade schools.
Mobile Messengers Expose Billions of Users to Privacy Attacks
When installing a mobile messenger like WhatsApp, new users can instantly start texting existing contacts based on the phone numbers stored on their device. For this to happen, users must grant the app permission to access and regularly upload their address book to company servers in a process called mobile contact discovery. A new research study shows that currently deployed contact discovery services severely threaten the privacy of billions of users.
Should employees be able to access company data via their personal devices? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: AWS Outposts Ready Launches With 32 Validated Partners and Staples Hit by a Data Breach appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how threat actors are bundling Windscribe VPN installers with backdoors. Also, read about a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications.
Read on:
Windows Backdoor Masquerading as VPN App Installer
This article discusses findings covered in a recent blog from Trend Micro where company researchers warn that Windows users looking to install a VPN app are in danger of downloading one that’s been bundled with a backdoor. The trojanized package in this specific case is the Windows installer for Windscribe VPN and contains the Bladabindi backdoor.
The Evolution of Malicious Shell Scripts
The Unix-programming community commonly uses shell scripts as a simple way to execute multiple Linux commands within a single file. Many users do this as part of a regular operational workload manipulating files, executing programs and printing text. However, as a shell interpreter is available in every Unix machine, it is also an interesting and dynamic tool abused by malicious actors.
Microsoft Says It Detected Active Attacks Leveraging Zerologon Vulnerability
Hackers are actively exploiting the Zerologon vulnerability in real-world attacks, Microsoft’s security intelligence team said on Thursday morning. The attacks were expected to happen, according to security industry experts. Multiple versions of weaponized proof-of-concept exploit code have been published online in freely downloadable form since details about the Zerologon vulnerability were revealed on September 14 by Dutch security firm Secura BV.
Stretched and Stressed: Best Practices for Protecting Security Workers’ Mental Health
Security work is stressful under the best of circumstances, but remote work presents its own challenges. In this article, learn how savvy security leaders can best support their teams today — wherever they’re working. Trend Micro’s senior director of HR for the Americas, Bob Kedrosky, weighs in on how Trend Micro is supporting its remote workers.
Exploitable Flaws Found in Facial Recognition Devices
To gain a more nuanced understanding of the security issues present in facial recognition devices, Trend Micro analyzed the security of four different models: ZKTeco FaceDepot-7B, Hikvision DS-K1T606MF, Telpo TPS980 and Megvii Koala. Trend Micro’s case studies show how these devices can be misused by malicious attackers.
New ‘Alien’ Malware Can Steal Passwords from 226 Android Apps
Security researchers have discovered and analyzed a new strain of Android malware that comes with a wide array of features allowing it to steal credentials from 226 applications. Named Alien, this new trojan has been active since the start of the year and has been offered as a Malware-as-a-Service (MaaS) offering on underground hacking forums.
Government Software Provider Tyler Technologies Hit by Possible Ransomware Attack
Tyler Technologies, a Texas-based provider of software and services for the U.S. government, started informing customers this week of a security incident that is believed to have involved a piece of ransomware. Tyler’s website is currently unavailable and in emails sent out to customers the company said its internal phone and IT systems were accessed without authorization by an “unknown third party.”
U.S. Justice Department Charges APT41 Hackers Over Global Cyberattacks
On September 16, 2020, the United States Justice Department announced that it was charging five Chinese citizens with hacking crimes committed against over 100 institutions in the United States and abroad. The global hacking campaign went after a diverse range of targets, from video game companies and telecommunications enterprises to universities and non-profit organizations. The five individuals were reportedly connected to the hacking group known as APT41.
Phishers are Targeting Employees with Fake GDPR Compliance Reminders
Phishers are using a bogus GDPR compliance reminder to trick recipients – employees of businesses across several industry verticals – into handing over their email login credentials. In this evolving campaign, the attackers targeted mostly email addresses they could glean from company websites and, to a lesser extent, emails of people who are high in the organization’s hierarchy.
Mispadu Banking Trojan Resurfaces
Recent spam campaigns leading to the URSA/Mispadu banking trojan have been uncovered, as reported by malware analyst Pedro Tavares in a Twitter post and by Seguranca Informatica in a blog post. Mispadu malware steals credentials from users’ systems. This attack targets systems with Spanish and Portuguese as system languages.
A Blind Spot in ICS Security: The Protocol Gateway Part 3: What ICS Security Administrators Can Do
In this blog series, Trend Micro analyzes the impacts of the serious vulnerabilities detected in the protocol gateways that are essential when shifting to smart factories and discusses the security countermeasures that security administrators in those factories must take. In the final part of this series, Trend Micro describes a stealth attack method that abuses a vulnerability as well as informs readers of a vital point of security measures required for the future ICS environment.
Major Instagram App Bug Could’ve Given Hackers Remote Access to Your Phone
Check Point researchers disclosed details about a critical vulnerability in Instagram’s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. The flaw lets attackers perform actions on behalf of the user within the Instagram app, including spying on victim’s private messages and deleting or posting photos from their accounts, as well as execute arbitrary code on the device.
Addressing Threats Like Ryuk via Trend Micro XDR
Ryuk has recently been one of the most noteworthy ransomware families and is perhaps the best representation of the new paradigm in ransomware attacks where malicious actors go for quality over sheer quantity. In 2019, the Trend Micro Managed XDR and Incident Response teams investigated an incident concerning a Trend Micro customer that was infected with the Ryuk ransomware.
What are your thoughts on the Android Instagram app bug that could allow remote access to user’s phones? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Cybercriminals Distribute Backdoor with VPN Installer and New ‘Alien’ Malware can Steal Passwords from 226 Android Apps appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how an adware family known primarily for distributing browser hijackers, Linkury, has been caught distributing malware. Also, read about a newly uncovered strain of the Glupteba trojan.
Read on:
Cross-Platform Modular Glupteba Malware Uses ManageX
Trend Micro recently encountered a variant of the Glupteba trojan and reported its attacks on MikroTik routers and updates on its command and control (C&C) servers. The use of ManageX, a type of modular adware that Trend Micro has recently analyzed, is notable in this newly uncovered strain as it aims to emphasize the modularity and the cross-platform features of Glupteba as seen through its code analysis.
Phishing Attack Targets Microsoft 365 Users with Netflix & Amazon Lures
Security researchers have been tracking a phishing campaign that abuses Microsoft Office 365 third-party application access to obtain specific resources from victims’ accounts. The attacker, dubbed TA2552, mostly uses Spanish-language lures and a narrow range of themes and brands. These attacks have targeted organizations with a global presence but seem to choose victims who likely speak Spanish, according to a report from Proofpoint researchers.
New Report Suggests the Bug Bounty Business is Recession-Proof
A new report from HackerOne presents data suggesting that the bug bounty business might be recession-proof, citing increases in hacker registrations, monthly vulnerability disclosures and payouts during a pandemic-induced economic downturn. Brian Gorenc, senior director of vulnerability research and director of Trend Micro’s Zero Day Initiative program, shared that he’s seen bug bounty activity increase with ZDI publishing 1,045 vulnerability advisories in all of 2019 and 1,235 already in 2020.
Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis
We’ve all been spending more time online since the pandemic hit, and as a result we’re sharing more personal and financial information online with each other and with organizations. Unfortunately, as ever, there are bad guys around every digital corner looking for this. Personally identifiable information (PII) is the currency of internet crime, and cyber-criminals will do whatever they can to get it.
Linkury Adware Caught Distributing Full-Blown Malware
An adware family known primarily for distributing browser hijackers has been caught distributing malware, security researchers said at the Virus Bulletin 2020 security conference. Its main method of distribution is the SafeFinder widget, a browser extension ironically advertised as a way to perform safe searches on the internet. K7 researchers say that in recent cases they analyzed, the SafeFinder widget has now also begun installing legitimate malware, such as the Socelars and Kpot infostealer trojans.
Chinese APT Group Targets Media, Finance, and Electronics Sectors
Cybersecurity researchers have uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S. and China. Linking the attacks to Palmerworm (aka BlackTech), likely a China-based advanced persistent threat (APT), the first wave of activity associated with this campaign began last year in August 2019.
InterPlanetary Storm Botnet Infects 13K Mac, Android Devices
A new variant of the InterPlanetary Storm malware has been discovered, which comes with fresh detection-evasion tactics and now targets Mac and Android devices (in addition to Windows and Linux, which were targeted by previous variants of the malware). Researchers say the malware is building a botnet with a current estimated 13,500 infected machines across 84 countries worldwide – and that number continues to grow.
More Americans Share Social Security, Financial and Medical Information than Before the Pandemic
A new survey has shown that consumer willingness to share more sensitive data – social security numbers, financial information and medical information – is greater in 2020 than in both 2018 and 2019. According to the NYC-based scientific research foundation ARF’s (Advertising Research Foundation) third annual privacy study, contact tracing is considered a key weapon in the fight against COVID-19.
Do you feel like you are more willing to share sensitive information online since the pandemic began? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Linkury Adware Caught Distributing Full-Blown Malware and Cross-Platform Modular Glupteba Malware Uses ManageX appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals secure their assets and survive in the business in a new Trend Micro report. Also, read about a how cybercriminals are tapping into Amazon’s Prime Day with phishing and malicious websites that are fraudulently using the Amazon brand.
Read on:
French Companies Under Attack from Clever BEC Scam
Trend Micro researchers observed a new modus operandi involving a clever BEC campaign that uses social engineering to target French companies. Malicious actors impersonated a French company in the metal fabrication industry that provides services to several organizations. They then registered a domain very similar to the legitimate one used by the business and used it to send emails to their targets.
Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks
Cybercriminals are tapping into Amazon’s annual Prime Day with researchers warning of a recent spike in phishing and malicious websites that are fraudulently using the Amazon brand. There has been a spike in the number of new monthly phishing and fraudulent sites created using the Amazon brand since August, the most significant since the COVID-19 pandemic forced people indoors in March.
CSO Insights: DataBank’s Mark Houpt on Looking Beyond Securing Infrastructures in the New Normal
The big move to working remotely wasn’t completely difficult for Mark Houpt, CISO at DataBank. After all, he has been doing so since before COVID-19. However, when the pandemic hit, DataBank, like many other companies across the globe, had to help most of their employees transition securely and smoothly to virtual work. Read up on the several important security considerations this experience highlighted.
240+ Android Apps Caught Showing Out-of-Context Ads
This summer, Google removed more than 240 Android applications from the Play Store for showing out-of-context ads and breaking a newly introduced Google policy against this type of intrusive advertising. Out-of-context ads are mobile ads that are shown outside an app’s normal container and appear as pop-ups or as full-screen ads.
Safe and Smart Connections: Securing IoT Networks for Remote Setups
As a result of our work-from-home (WFH) arrangements, there is an increased demand on networks as remote operations have created greater dependence on the IoT. Subsequently, now is a good time to re-examine the security of your network. Rather than only focusing on securing individual devices that can compromise a network, users should also secure the network to minimize threats across several devices.
Inside the Bulletproof Hosting Business
The use of underground infrastructure is inherent to the modus operandi of a cybercriminal. In Trend Micro’s Underground Hosting series, it differentiates how cybercrime goods are sold in marketplaces and what kinds of services are offered. In this final part of the Underground Hosting report series, Trend Micro explores the methods criminals employ to secure their assets and survive in the business.
Comcast Voice Remote Control Could be Turned into Spying Tool
The Comcast XR11 voice remote controller was recently found to be vulnerable and could be turned into a spying tool that eavesdrops on users. Discovered by researchers at Guardicore, the attack has been named WarezTheRemote and is said to be a very serious threat, considering that the remote is used for over 18 million devices across the U.S.
Transforming IoT Monitoring Data into Threat Defense
In the first half of 2020, there was a 70% increase in inbound attacks on devices and routers compared to the second half of 2019, which included attacks on IoT systems. To protect customers effectively by continuously monitoring trends in IoT attacks, Trend Micro examined Mirai and Bashlite (aka Qbot), two notorious IoT botnet malware types, and shares the figures relating to these botnets’ command and control (C&C) servers, IP addresses, and C&C commands.
Russia’s Fancy Bear Hackers Likely Penetrated a Federal Agency
Last week the Cybersecurity and Infrastructure Security Agency published an advisory that hackers had penetrated a US federal agency. Now, clues uncovered by a researcher at cybersecurity firm Dragos and an FBI notification to hacking victims obtained by WIRED in July suggest that it was Fancy Bear, a team of hackers working for Russia’s GRU also known as APT28.
Threat Research & XDR Combine to Stop Cybercrime
Like legitimate businesses across the globe seeking to improve their information security and protect their network infrastructure, cybercriminal businesses take similar precautions. Trend Micro Research released the final report in a series focused on this part of cybercriminal business: Underground hosting providers. Based on the report, it’s clear that understanding both the criminal business and the attacks themselves better prepares defenders and investigators to identify and eliminate threats.
Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. According to research by Paul Litvak of Intezer Labs, two security flaws in Microsoft’s Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server.
Cyber Security Awareness: A Critical Checklist
October 2020 marks the 17th year of National Cybersecurity Awareness Month, where users and organizations are encouraged to increase awareness of cybersecurity issues. To help raise awareness, Trend Micro’s Consumer Division breaks down of the security issues you should be aware of and shares tips about how you can protect yourself and your family while working, learning, or gaming at home.
The Basics of Keeping Kubernetes Cluster Secure: Worker Nodes and Related Components
In part one of this blog series, Trend Micro talked about the different ways developers can protect control plane components, including Kube API server configurations, RBAC authorization, and limitations in the communication between pods through network policies. In this second part, Trend Micro focuses on best practices that developers can implement to protect worker nodes and their components.
Are you surprised that Comcast voice activated remote controllers could be turned into a spying tool? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: A Look Inside the Bulletproof Hosting Business and Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how cybercriminals are passing the time during the COVID-19 pandemic with online poker games, where the prizes include stolen data. Also, read about how VirusTotal now supports Trend Micro ELF Hash (aka telfhash).
Read on:
Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles
Cybercriminals have put their own spin on passing time during the COVID-19 lockdown with online rap battles, poker tournaments, poem contests, and in-person sport tournaments. The twist is that the prize for winning these competitions is sometimes stolen data and tools to make cybercrime easier, according to new research from Trend Micro.
Becoming an Advocate for Gender Diversity: Five Steps that Could Shape Your Journey
Sanjay Mehta, senior vice president at Trend Micro, was recently named a new board member at Girls In Tech—a noted non-profit and Trend Micro partner working tirelessly to enhance the engagement, education, and empowerment of women in technology. In this blog, Sanjay shares five steps that you can use to become an ally for diversity in the workplace.
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
In this month’s Patch Tuesday update, Microsoft pushed out fixes for 87 security vulnerabilities – 11 of them critical – and one of those is potentially wormable. There are also six bugs that were previously unpatched but publicly disclosed, which could give cybercriminals a leg up — and in fact at least one public exploit is already circulating for this group.
VirusTotal Now Supports Trend Micro ELF Hash
To help IoT and Linux malware researchers investigate attacks containing Executable and Linkable Format (ELF) files, Trend Micro created telfhash, an open-source clustering algorithm that helps cluster Linux IoT malware samples. VirusTotal has always been a valuable tool for threat research and now, with telfhash, users of the VirusTotal Intelligence platform can pivot from one ELF file to others.
New Emotet Attacks Use Fake Windows Update Lures
File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated. Naturally, this must be done by clicking the Enable Editing button. According to the Cryptolaemus group, since yesterday, these Emotet lures have been spammed in massive numbers to users located all over the world.
Metasploit Shellcodes Attack Exposed Docker APIs
Trend Micro recently observed an interesting payload deployment using the Metasploit Framework (MSF) against exposed Docker APIs. The attack involves the deployment of Metasploit’s shellcode as a payload, and researchers said this is the first attack they’ve seen using MSF against Docker. It also uses a small, vulnerability-free base image in order for the attack to proceed in a fast and stealthy manner.
Barnes & Noble Warns Customers It Has Been Hacked, Customer Data May Have Been Accessed
American bookselling giant Barnes & Noble is contacting customers via email, warning them that its network was breached by hackers, and that sensitive information about shoppers may have been accessed. In the email to customers, Barnes & Noble says that it became aware that it had fallen victim to a cybersecurity attack on Saturday, October 10th.
ContentProvider Path Traversal Flaw on ESC App Reveals Info
Trend Micro researchers found ContentProvider path traversal vulnerabilities in three apps on the Google Play store, one of which had more than 5 million installs. The three applications include a keyboard customization app, a shopping app from a popular department store, and the app for the European Society of Cardiology (ESC). Fortunately, the keyboard and department store apps have both been patched by developers. However, as of writing this blog, the ESC app is still active.
Carnival Corp. Ransomware Attack Affects Three Cruise Lines
Hackers accessed personal information of guests, employees and crew of three cruise line brands and the casino operations of Carnival Corp. in a ransomware attack the company suffered on Aug. 15, officials have confirmed. Carnival Cruise Line, Holland America Line and Seabourn were the brands affected by the attack, which Carnival said they’re still investigating in an update on the situation this week.
Docker Content Trust: What It Is and How It Secures Container Images
Docker Content Trust allows users to deploy images to a cluster or swarm confidently and verify that they are the images you expect them to be. In this blog from Trend Micro, learn how Docker Content Trust works, how to enable it, steps that can be taken to automate trust validation in the continuous integration and continuous deployment (CI/CD) pipeline and limitations of the system.
Twitter Hackers Posed as IT Workers to Trick Employees, NY Probe Finds
A simple phone scam was the key first step in the Twitter hack that took over dozens of high-profile accounts this summer, New York regulators say. The hackers responsible for the July 15 attack called Twitter employees posing as company IT workers and tricked them into giving up their login credentials for the social network’s internal tools, the state’s Department of Financial Services said.
A distributed denial-of-service (DDoS) attack sees an attacker flooding the network or servers of the victim with a wave of internet traffic so big that their infrastructure is overwhelmed by the number of requests for access, slowing down services or taking them fully offline and preventing legitimate users from accessing the service at all. DDoS attacks are one of the crudest forms of cyberattacks, but they’re also one of the most powerful and can be difficult to stop.
Cyberattack on London Council Still Having ‘Significant Impact’
Hackney Council in London has said that a cyberattack earlier this week is continuing to have a “significant impact” on its services. Earlier this week, the north London council said it had been the target of a serious cyberattack, which was affecting many of its services and IT systems.
Surprised by the new Emotet attack? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Cybercriminals Use Stolen Data and Hacking Tools as Prizes in Poker Games and Rap Battles and VirusTotal Now Supports Trend Micro ELF Hash appeared first on .
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a watering hole campaign Trend Micro dubbed ‘Operation Earth Kitsune’ that is spying on users’ systems through compromised websites. Also, read about how APT groups are threatening DDoS attacks against victims if they don’t send them bitcoin.
Read on:
Fancy Bear Imposters Are on a Hacking Extortion Spree
Radware recently published extortion notes that were sent to a variety of companies globally. The senders purport to be from the North Korean government hackers Lazarus Group, or APT38, and Russian state-backed hackers Fancy Bear, or APT28. The notes threaten that if the target doesn’t send bitcoin, powerful distributed denial of service (DDoS) attacks will be launched against the victim. Robert McArdle, Trend Micro’s director of our Forward-Looking Threat Research (FTR) team, comments on DDoS as an extortion method.
A Ride on Taiwan’s Self-Driving Bus
The self-driving bus is now being tested on the streets of downtown Taipei and more autonomous buses are being deployed in other places, including Germany, Japan and Canada. Since connected cars are still a relatively new technology, the dangers of these vehicles are unknown and mostly speculated. In this article, Trend Micro discusses potential security implications of these connected vehicles.
U.S. Charges Russian Intelligence Officers in Major Cyberattacks
This week, the Justice Department unsealed charges accusing six Russian military intelligence officers of an aggressive worldwide hacking campaign that caused mass disruption and cost billions of dollars by attacking targets like a French presidential election, the electricity grid in Ukraine and the opening ceremony of the 2018 Winter Olympics.
Operation Earth Kitsune: Tracking SLUB’s Current Operations
A watering hole campaign that Trend Micro has dubbed as Operation Earth Kitsune is spying on users’ systems through compromised websites. Using SLUB and two new malware variants, the attacks exploit vulnerabilities including those of Google Chrome and Internet Explorer.
Cybersecurity Company Finds Hacker Selling Info on 186 Million U.S. Voters
Trustwave says it found a hacker selling personally identifying information of more than 200 million Americans, including the voter registration data of 186 million. The revelation underscored how vulnerable Americans are to email targeting by criminals and foreign adversaries, even as U.S. officials announced that Iran and Russia had obtained voter registration data and email addresses with an eye toward interfering in the 2020 election.
In 2012, Trend Micro, the International Cyber Security Protection Alliance (ICSPA) and Europol’s European Cyber Crime Centre (EC3) collaborated on a white paper that imagined the technological advances of the coming 8 years, the societal and behavioral changes they may bring and the opportunities for malfeasance they could present. As we enter the 2020s, we now have the opportunity to objectively review the project against a number of success factors.
WordPress Deploys Forced Security Update for Dangerous Bug in Popular Plugin
WordPress sites running Loginizer, one of today’s most popular WordPress plugins with an install base of over one million sites, were forcibly updated this week to Loginizer version 1.6.4. This version contained a security fix for a dangerous SQL injection bug that could have allowed hackers to take over WordPress sites running older versions of the Loginizer plugin.
Just Leave That Docker API on the Front Porch, No One Will Steal It
Recently, a new type of Linux malware named “DOKI” has been discovered exploiting publicly accessible Docker API’s hosted in all major cloud providers. The manner in which threat actors are gaining access to container environments is a previously discovered technique, but the DOKI malware is something that has not been documented until now.
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Two of the issues are out-of-bounds read flaws, (CVE-2020-24409, CVE-2020-24410); one is an out-of-bounds write bug (CVE-2020-24411). Tran Van Khang, working with Trend Micro Zero Day Initiative, is credited for the discoveries.
US Treasury Department Ban on Ransomware Payments Puts Victims in Tough Position
This month, the US Treasury Department’s Office of Foreign Assets Control (OFAC) warned organizations making ransomware payments that they risk violating economic sanctions imposed by the government against cybercriminal groups or state-sponsored hackers. The advisory has the potential to disrupt the ransomware monetization model, but also puts victims, their insurers and incident response providers in a tough situation.
What are your thoughts on the sanctions imposed by the government against cybercriminal groups or state-sponsored hackers? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Watering Hole Campaign Operation Earth Kitsune Spying on Users’ Systems and Fancy Bear Imposters Are on a Hacking Extortion Spree appeared first on .
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about how Trend Micro researchers uncovered two new espionage backdoors associated with the ‘Operation Earth Kitsune’ campaign. Also, read about how U.S. healthcare providers have been put on high alert over Trickbot malware and ransomware targeting the sector.
Read on:
Operation Earth Kitsune: A Dance of Two New Backdoors
Trend Micro recently published a research paper on Operation Earth Kitsune, a watering hole campaign aiming to steal information by compromising websites. Besides its heavy use of SLUB malware, Trend Micro researchers also uncovered two new espionage backdoors associated with the campaign: agfSpy and dneSpy, dubbed as such following the attackers’ three-letter naming scheme.
FBI Warning: Trickbot and Ransomware Attackers Plan Big Hit on U.S. Hospitals
U.S. healthcare providers, already under pressure from the COVID-19 pandemic, are on high alert over Trickbot malware and ransomware targeting the sector. Trickbot is one of the largest botnets in the world, against which Microsoft took U.S. legal action earlier this month in effort to gain control of its servers. Within a day of the seizure, Trickbot C&C servers and domains were replaced with new infrastructure.
Trend Micro HouseCall for Home Networks
While a home network provides numerous benefits, it can also expose its users to safety and privacy risks. Checking for those risks doesn’t need to be costly: Trend Micro’s Housecall for Home Networks (HCHN) solution scans the connected devices in home networks and detects those that pose security risks and is available for free.
Bug-Bounty Awards Spike 26% in 2020
According to a list of top 10 vulnerabilities by HackerOne, cross-site scripting (XSS) remained the most impactful vulnerability and reaped the highest rewards for ethical hackers in 2020 for the second year in a row, earning hackers $4.2 million in total bug-bounty awards in the last year, a 26-percent increase from what was paid out in 2019 for finding XSS flaws. Following XSS on the list: Improper access control, information disclosure, server-side request forgery (SSRF) and more.
Security is an aspect that every enterprise needs to consider as they use and migrate to cloud-based technologies. On top of the list of resources that enterprises need to secure are networks, endpoints, and applications. However, another critical asset that enterprises should give careful security consideration to is their back-end infrastructure which, if compromised, could lead to supply chain attacks.
U.S. Shares Information on North Korean Threat Actor ‘Kimsuky’
An alert released this week by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Cyber Command Cyber National Mission Force (CNMF) provides information on Kimsuky, a threat actor focused on gathering intelligence on “foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions” on behalf of the North Korean government. The advisory says the adversary has been active since 2012, engaging in social engineering, spear-phishing, and watering hole attacks.
76% of Applications Have at Least One Security Flaw
Most applications contain at least one security flaw and fixing those flaws typically takes months, a new Veracode report reveals. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find. The report also uncovered some best practices to significantly improve these fix rates.
Apps Infected with Adware Found on Google Play Store
Some 21 malicious Android apps containing intrusive adware were discovered on the Google Play Store, but most have now been removed, according to a report from Avast. These fraudulent mobile applications, disguised as Android gaming apps, had been downloaded more than 8 million times since they were made available in the store.
Patients in Finland Blackmailed After Therapy Records Were Stolen by Hackers
The confidential records of thousands of psychotherapy patients in Finland have been hacked and some are now facing the threat of blackmail. Attackers were able to steal records related to therapy sessions, as well as patients’ personal information including social security numbers and addresses, according to Vastaamo, the country’s largest private psychotherapy center.
Surprised by the Vastaamo hack and subsequent blackmail of patients? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Trend Micro Researcher Uncover Two Espionage Backdoors Associated with Operation Earth Kitsune and Trickbot and Ransomware Attackers Plan Big Hit on U.S. Hospitals appeared first on .
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Also, read about how the operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month.
Read on:
Beware a New Google Drive Scam Landing in Inboxes
Scammers just found a new phishing lure to play with: Google Drive. A flaw in Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, could land people on malicious websites. The smartest part of the scam is that the emails and notifications it generates come directly from Google.
What Are the Best Options for Cybersecurity Protection for Small Businesses?
For Workplace IT, providing the best cybersecurity protection for their company’s hundreds of small business clients is critical. Workplace IT relies exclusively on Trend Micro to ensure that its customers have the best cybersecurity protection available. Partnering with one security vendor makes it easy for the company to focus on other issues, knowing that security is handled comprehensively and consistently.
REvil Ransomware Gang ‘Acquires’ KPOT Malware
The operators of the REvil ransomware strain have “acquired” the source code of the KPOT trojan in an auction held on a hacker forum last month. The sale took place after the KPOT malware author decided to auction off the code, desiring to move off to other projects, and was organized as a public auction on a private underground hacking forum for Russian-speaking cyber-criminals.
Encouraging the Next Generation of Cybersecurity Stars to Join the Industry
At its core, Trend Micro has a passion for education and a desire to grow the cybersecurity industry with talented, dedicated professionals. The two are closely linked: If we can introduce cyber skills into schools at an earlier age, then more young people will be encouraged to start a career in cybersecurity. That’s why Trend Micro is running a new virtual event for university students in November, during NIST NICE Cybersecurity Career Awareness Week.
Cybersecurity Threats to Corporate America are Present Now ‘More Than Ever,’ SEC Chair Says
Securities and Exchange Commission (SEC) Chairman Jay Clayton is telling corporate America it needs to be more vigilant on security. In an interview with CNBC, Clayton stressed that significant cybersecurity threats remain, despite the ongoing coronavirus pandemic and election season. In October alone, the Cybersecurity and Infrastructure Security Agency (CISA) put out 30 cyber alerts across various industries and business sizes, as well as consumers.
US Cyber Command Exposes New Russian Malware
US Cyber Command has exposed eight new malware samples that were developed and deployed by Russian hackers in recent attacks. Six of the eight samples are for the ComRAT malware (used by the Turla hacking group), while the other two are samples for the Zebrocy malware (used by the APT28 hacking group).
SaltStack Discloses Critical Vulnerabilities, Urges Patching
SaltStack disclosed three new vulnerabilities, two of which are assessed to be critical, and is urging users to patch immediately. In an advisory, the organization announced it released a security update to address the vulnerabilities. While two vulnerabilities were discovered and submitted by “KPC” of Trend Micro’s Zero Day Initiative (ZDI), the advisory does not say how CVE-2020-25592 was found. Dustin Childs, ZDI communications manager, said they reported it to SaltStack privately in late August.
New Data Shows Just How Badly Home Users Overestimate IoT Security
A new survey from the National Cyber Security Alliance (NCSA) shows adult workers vastly overestimate the security of the internet devices in their homes. The survey polled 1,000 adults – 500 aged 18-34 and 500 aged 50-75 – and found that the overwhelming majority of both believed the internet of things (IoT) devices they owned were secure.
Over 23,000 Hacked Databases Shared Over Telegram and Discord
It was reported that over 50GB of data from 23,000 hacked databases have been shared by hackers across Telegram channels and two hacking forums. A total of 23,618 databases were able to be downloaded through the Mega file hosting service, amounting to a dataset of around 13 billion personal files. The link was later taken down following abuse reports but there are fears that the data has entered the public domain.
A website created for global consultancy Deloitte to quiz people on knowledge of hacking tactics has proven itself vulnerable to hacking. The site, found at the insecure non-HTTPS URL http://deloittehackeriq.com/, makes its YAML configuration file publicly accessible. And within the file, in cleartext, is the username and password for the site’s mySQL database.
Toymaker Mattel Hit by Ransomware Attack
Top toymaker Mattel revealed it was a victim of a ransomware attack that successfully encrypted some data and temporarily crippled a limited number of business functions. The disclosure was part of a U.S. Securities Exchange Commission (SEC) disclosure filed in late October. Mattel reported the attack occurred on July 28, 2020 and that, for the most part, it was mitigated quickly and had a minimal impact on the company.
Spike in Emotet Activity Could Mean Big Payday for Ransomware Gangs
There’s been a massive increase in Emotet attacks and cyber criminals are taking advantage of machines compromised by the malware to launch more malware infections as well as ransomware campaigns. The October 2020 HP-Bromium Threat Insights Report reports a 1,200% increase in Emotet detections from July to September compared to the previous three months.
How do you secure your IoT devices at home? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: US Cyber Command Exposes New Russian Malware and REvil Ransomware Gang ‘Acquires’ KPOT Malware appeared first on .
Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about a ransomware group that walked away with 2,200 Bitcoin: More than $33 million based on the current Bitcoin exchange rate. Also, read about this month’s Patch Tuesday security updates from Microsoft, including patches for 112 vulnerabilities.
Read on:
Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution (RCE) bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in severity. In this article, ZDI’s Dustin Childs shares his thoughts on Microsoft’s removal of descriptions from CVE overviews.
An Old Joker’s New Tricks: Using Github to Hide Its Payload
Trend Micro detected a new Joker malware version on a sample on Google Play, which utilizes Github pages and repositories in an attempt to evade detection. The app promised wallpapers in HD and 4K quality and was downloaded over a thousand times before it was removed from the Play Store by Google after being reported as malicious.
NETGEAR Router, WD NAS Device Hacked on First Day of Pwn2Own Tokyo 2020
Due to the coronavirus pandemic, this year’s Pwn2Own Tokyo was turned into a virtual event coordinated by ZDI from Toronto, Canada. On the first day of the event, the NETGEAR Nighthawk R7800 router, Western Digital My Cloud Pro series PR4100 NSA device and Samsung Smart TV were targeted and $50,000 was awarded among teams STARLabs, Trapa Security and Team Flashback.
Developing Story: COVID-19 Used in Malicious Campaigns
As the number of those afflicted with COVID-19 continues to surge by thousands, malicious campaigns that use the disease as a lure likewise increase. In this report, Trend Micro researchers share samples on COVID-19 related malicious campaigns. The report also includes detections from other researchers.
IoT Security is a Mess. These Guidelines Could Help Fix That
The supply chain around the Internet of Things (IoT) has become the weak link in cybersecurity, potentially leaving organizations open to cyberattacks via vulnerabilities they’re not aware of. However, new guidelines from the European Union Agency for Cybersecurity (ENISA) aims to ensure that security forms part of the entire lifespan of IoT product development.
US Department of Energy Launches New Program for Technology Security Managers
The US Department of Energy (DOE) recently launched the Operational Technology (OT) Defender Fellowship. Another milestone from the Department in enhancing the US’s critical infrastructure. In collaboration with DOE’s Idaho National Laboratory (INL) and the Foundation for Defense of Democracies’ (FDD) Center for Cyber and Technology Innovation (CTTI), the OT Defender Fellowship hopes to expand the knowledge of primary US front-line critical infrastructure defenders.
Ransomware Gang is Raking in Tens of Millions of Dollars
A ransomware organization has raked in tens of millions of dollars, according to a new report. The organization, identified as group “One,” walked away with 2,200 Bitcoin, according to a report by Advanced Intelligence. That’s more than $33 million based on the current Bitcoin exchange rate.
CISA Braces for 5G with New Strategy, Initiatives
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released its 5G Strategy, ensuring the federal government and its many states, local, tribal, territorial, and private sector partners are secure as when the 5G technology arrives. The agency’s document hoped to expand on how the US government would secure 5G infrastructure both in the country and abroad.
Hacker-for-Hire Group Targeting South Asian Organizations
There’s a new cyber mercenary group on the block, and they’re going after targets in more than a dozen countries globally, according to a BlackBerry research report. The hack-for-hire shop, which BlackBerry is calling “CostaRicto,” has largely gone after targets in South Asia, especially in India, Bangladesh and Singapore. Some of its targeting was also located in Africa, the Americas, Australia and Europe.
Defense in Depth, Layered Security in the Cloud
In this blog, Trend Micro’s vice president of cybersecurity, Greg Young, discusses the evolution of network security into how it manifests itself today, how network security has looked up until now, how the future of network security looks and why security teams need layered protection in the cloud.
Surprised by Microsoft’s decision to remove the description section from Patch Tuesday bulletins? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.
The post This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs appeared first on .
Where do you get your news? There’s a good chance much of it comes from social media.
In 2019, Pew Research found that 55% of American adults said they get their news from social media either “often” or “sometimes,” which is an 8% rise over the previous year. We can visualize what that mix might look like. Some of their news on social media may come from information sources they’ve subscribed to and yet more news may appear via articles reposted or retweeted by friends.
So, as we scroll through our feeds and quickly find ourselves awash in a cascade of news and comments on the news, we also find ourselves wondering: what’s true and false here?
And that’s the right question to ask. With the advent of the internet, anyone can become a publisher. That’s one of the internet’s greatest strengths—we can all have a voice. Publishing is no longer limited to newspaper, TV, and radio ownership bodies. Yet it’s one of the internet’s greatest challenges as well—with millions of publishers out there, not everyone is posting the truth. And sometimes, people aren’t doing the posting at all.
For example, last May, researchers at Carnegie Melon University studied more than 200 million tweets about the current virus. Of the top 50 most influential retweeters, 82% of them were bots. Some 62% of the top 1,000 retweeters were bots as well. What were they retweeting? Researchers said the tweets revolved around more than 100 types of inaccurate stories that included unfounded conspiracy theories and phony cures. Researchers cited two reasons for this surge: “First, more individuals have time on their hands to create do-it-yourself bots. But the number of sophisticated groups that hire firms to run bot accounts also has increased.”
With the sheer volume of news and information we wade through each day, you can be assured that degrees of false and misleading information make their way into people’s social media mix. And that calls for all of us to build up our media literacy—which is our ability to critically analyze the media we consume for bias and accuracy.
What follows are a few basics of media literacy that can help you to discern what’s fact and what’s fiction as you scroll through your social media feed for news.
When talking about spotting truth from falsehood on social media, it helps to first define two types of falsehood: unintentional and the deliberate.
First off, there’s unintentional misinformation. We’re only human, and sometimes that means we get things wrong. We forget details, recall things incorrectly, or we pass along unverified accounts that we mistakenly take for fact. Thus, misinformation is wrong information that you don’t know is wrong. An innocent everyday example of this is when someone on your neighborhood Facebook group posts that the drug store closes at 8pm on weeknights when in fact it really closes at 7pm. They believe it closes at 8pm, but they’re simply mistaken.
That differs entirely from deliberate disinformation. This is intentionally misleading information or facts that have been manipulated to create a false narrative—typically with an ulterior motive in mind. The readiest example of this is propaganda, yet other examples also extend to deliberate untruths engineered to discredit a person, group, or institution. In other words, disinformation can take forms both large and small. It can apply to a person just as easily as it can to a major news story.
Now, let’s take a look at some habits and tactics designed to help you get a better grasp on the truth in your social media feed.
Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts? Likewise, that source has sources too. Consider them in the same way as well.
Now, what’s the best way to go about that? For one, social media platforms are starting to embed information about publications into posts where their content is shared. For example, if a friend shares an article from The Economist, Facebook now includes a small link in the form of an “i” in a circle. Clicking on this presents information about the publication, which can give you a quick overview of its ownership, when it was founded, and so forth.
Another fact-finding trick comes by way of Michael Caufield, the Director of Blended and Networked Learning at Washington State University. He calls it: “Just Add Wikipedia.” It entails doing a search for a Wikipedia page by using the URL of an information source. For example, if you saw an article published on Vox.com, you’d simply search “Wikipedia www.vox.com.” The Wikipedia entry will give you an overview of the information source, its track record, its ownership, and if it has fired reporters or staff for false reporting. Of course, be aware that Wikipedia entries are written by public editors and contributors. These articles will only be as accurate as the source material that they are drawn from, so be sure to reference the footnotes that are cited in the entry. Reading those will let you know if the entry is informed by facts from reputable sources as well. They may open up other avenues of fact-finding as well!
A single information source or story won’t provide a complete picture. It may only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of which have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broader range information sources is so important.
So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and have the ability to compare and contrast different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet.
Additionally, for a list of reputable information sources, along with the reasons why they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point.
Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check could be in order.
There’s a good reason for that. Bad actors who wish to foment unrest, unease, or simply spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to actually get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information is completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all.
Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact check and confirm what you’ve read. This leads us right back to our earlier points about considering the source and cross-checking against other sources of information as well.
You’ve probably seen headlines similar to this before: THIS FAT-BURNING TRICK HAS DOCTORS BAFFLED! You’ll usually spot them in big blocks laden with catchy photos and illustrations, almost to the point that they look like they’re links to other news stories. They’re not. They’re ads, which often strike a sensationalistic tone.
The next time you spot one of these, look around the area of the web page where they’re placed. You should find a little graphic or snippet of text that says “Advertisement,” “Paid Sponsor,” or something similar. And there you go. You spotted some sponsored content. These so-called articles aren’t intentionally developed to misinform you. They are likely trying to bait you into buying something.
However, in some less reputable corners of the web ads like these can take you to malicious sites that install malware or expose you to other threats. Always surf with web browser protection. Good browser protection will either identify such links as malicious right away or prevent your browser from proceeding to the malicious site if you click on such a link.
So, let’s say you’ve been following these practices of media literacy for a while. What do you do when you see a friend posting what appears to be misinformation on their social media account? If you’re inclined to step in and comment, try to be helpful, not right.
We can only imagine how many spoiled relationships and “unfriendings” have occurred thanks to moments where one person comments on a post with the best intentions of “setting the record straight,” only to see tempers flare. We’ve all seen it happen. The original poster, instead of being open to the new information, digs in their heels and becomes that much more convinced of being right on the topic.
One way to keep your friendships and good feelings intact is this: instead of entering the conversation with the intention of being “right,” help people discover the facts for themselves. You can present your information as part of a discussion on the topic. So while you shouldn’t expect this to act like a magic wand that whisks away misinformation, what you can do is provide a path toward a reputable source of information that the original poster, and their friends, can follow if they wish.
Wherever your online travels take you as you read and research the news, be sure to go out there with a complete security suite. In addition to providing virus protection, it will also help protect your identity and privacy as you do anything online. Also look for an option that will protect your mobile devices too, as we spend plenty of time scrolling through our social media feeds on our smartphones.
If you’re interested in learning more about savvy media consumption, pop open a tab and give these articles a read—they’ll give you a great start:
Bots in the Twittersphere: Pew Research
How to Spot Fake News: FactCheck.org
Likewise, keep an eye on your own habits. We forward news in our social media feeds too—so follow these same good habits when you feel like it’s time to post. Make sure that what you share is truthful too.
Be safe, be well-read, and be helpful!
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Spot Fake News and Misinformation in Your Social Media Feed appeared first on McAfee Blogs.
On September 22nd, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory about the potential threat from foreign actors and cybercriminals attempting to spread false information. Their joint public service announcement makes a direct statement regarding how this could affect our election:
“Foreign actors and cybercriminals could create new websites, change existing websites, and create or share corresponding social media content to spread false information in an attempt to discredit the electoral process and undermine confidence in U.S. democratic institutions.”
Their call to action is clear—critically evaluate the content you consume and to seek out reliable and verified information from trusted sources, such as state and local election officials. Not just leading up to Election Day, but during and after as well.
Here’s why: it’s estimated that roughly 75% of American voters will be eligible to vote by mail, potentially leading to some 80 million mail-in ballots being cast. That’s twice the number from the 2016 presidential election, which could prolong the normal certification process. Election results will likely take days, even weeks, to ensure every legally cast ballot is counted accurately so that the election results can ultimately get certified.
That extended stretch of time is where the concerns come in. Per the FBI and CISA:
“Foreign actors and cybercriminals could exploit the time required to certify and announce elections’ results by disseminating disinformation that includes reports of voter suppression, cyberattacks targeting election infrastructure, voter or ballot fraud, and other problems intended to convince the public of the elections’ illegitimacy.”
In short, bad actors may attempt to undermine people’s confidence in our election as the results come in.
Our moment to act as smart consumers, and sharers, of online news has never been more immediate.
Before we look at how we can combat the spread of false information this election, let’s see how it cascades across the internet.
It’s been found that false political news traveled deeper and more broadly, reached more people, and was more viral than any other category of false information, according to a Massachusetts Institute of Technology study on the spread of true and false news online, which was published by Science in 2018.
Why’s that so? In a word: people. According to the research findings,
“We found that false news was more novel than true news, which suggests that people were more likely to share novel information … Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”
Thus, bad actors pick their topics, pumps false information about them into social media channels, and then lets people spread it by way of shares, retweets, and the like—thanks to “novel” and click-baity headlines for content people may not even read or watch, let alone fact check.
Done on a large scale, false information thus can hit millions of feeds, which is what the FBI and CISA is warning us about.
The FBI and CISA recommend the following:
If there’s a common theme across our election blogs so far, it’s trustworthiness.
Knowing which sources are deserving of our trust and being able to spot the ones that are not takes effort—such as fact-checking from reputable sources like FactCheck.org, the Associated Press, and Reuters or researching the publisher of the content in question to review their credentials. Yet that effort it worthwhile, even necessary today. The resources listed in my recent blogs can help:
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020 – Keep Misinformation from Undermining the Vote appeared first on McAfee Blogs.
As the news and conversations leading up to Election Day intensify, and with early voting already in full swing, the flood of misinformation and outright disinformation online continues—and will undoubtedly continue in the days after as the results are tabulated and announced.
Perhaps you’ve seen some instances of it yourself. For instance, one recent news story reported that numerous legitimate social media accounts have shared misinformation about the vote. An example: photos of old, empty election envelopes that were properly disposed of after the 2018 election, used to make the false claim that they were uncounted votes from the 2020 election. It’d be naïve for us to think that postings like this, and others, would suddenly come to a halt on Election Day.
I touched upon this topic in my earlier blog about how misinformation online can undermine our election, yet it’s worthy of underscoring once again. It’s easy for our attention to focus on the days leading up to the election, however, this election stands to be like few others as the high volume of mail-in ballots may keep us from knowing who the certified victor is for possibly weeks after Election Day.
How that timeline plays out in practice remains to be seen, yet we should all prepare ourselves for a glut of continued misinformation and disinformation that aims to cloud the process. Feeds will get filled with it, and it’ll be up to us to make sense of what’s true and what’s false out there.
Sadly, much of onus for fact-checking will fall on us, particularly when 55% of Americans say they “often” or “sometimes” get their news via social media. There are a few reasons why:
• First, social media platforms are new to fact-checking and their processes are still developing, particularly around the transparency of their fact-checking methodology;
• Secondly, corporate leadership of the two major social media platforms have stated differing views about fact checking on their platforms;
• And third, the sheer volume of posts that these platforms pump out in any given day (or minute!) make it difficult to fact-check posts at scale.
Where does that leave us? In unprecedented times.
Historically, we’ve always had to be savvy consumers of news, where a balanced diet of media consumption allowed us to develop a clearer picture of events. Yet now, in a time of unfiltered social media, news comes to us from a multitude of publishers, bloggers, and individuals. And within that mix, it’s difficult to immediately know who the editorial teams behind those stories are—what their intentions, credentials, and leanings are—and if they’re drawing their information from bona fide, verified sources. The result is that we must read and view everything today with an increased level of healthy skepticism.
That takes work, yet my recent blog on How to Spot Fake News and Misinformation in Your Social Media Feed offers you a leg up with several pointers to help you sniff out potential falsehoods.
In addition, here’s a short list of fact-checking resources that you can turn to when something questionable comes up in your feed. Likewise, they make for good browsing even if you don’t have a specific story that you want to check up on. You can keep these handy:
• PolitiFact from the Poynter Institute
• FactCheck.org from the Annenberg Public Policy Center
• AP News Fact Check from the Associated Press
• Reuters Fact Check from Reuters News
• Snopes.com from Snopes Media Group
With the election just days away and a result that may not be declared at the end of Election Day, we all need to scrutinize the news that presents itself to us, particularly on social media. Fact-checking what you see and read, along with cross-referencing it with multiple, reputable sources, will help you get the best information possible—which is absolutely vital when it comes time to cast your ballot.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Election 2020: Lookout for Fake News Before and After the Election appeared first on McAfee Blogs.
If 2020 has taught us anything, it’s that our ability to think critically about the information we encounter online is now a fundamental life skill we need to learn, practice, and pass on to our offspring. But the actual task of teaching kids how to discern real and fabricated information online these days is easier said than done.
How did the truth get so hard to pin down? In the documentary The Social Dilemma, the answer to that question comes down to two things: Our growing reliance on social media for both human connection and information and the data-based algorithms social networks use to mine and sell data, nurture device dependence, and influence our behavior.
A 2019 Pew Study reveals that 55 percent of US adults get their news from social media either “often” or “sometimes.” A July 2020 Pew Study shows that people who rely on social media for news are less likely to get the facts right about the coronavirus and politics and more likely to hear some unproven claims.
The power of algorithms to deliver customized, manipulative content to a person’s screen is alarming, says Tristan Harris, a former design ethicist at Google, who is featured in The Social Dilemma, adding, “Never before in history have 50 designers made decisions that would have an impact on two billion people.”
On the heels of the recent election, Media Literacy skills will make a difference as false reports are likely to surface in our social feeds in the foreseeable future. For many, the willpower to shut down their social feeds altogether isn’t a viable option. So how do we wade through the veiled forms of manipulation and misinformation taking place all around us online?
One approach is to make a personal commitment to stay alert, slow down, and carefully vet the content you consume, create, or share.
One thing you might consider is making 2021 the year your family masters Media Literacy, a topic we’ve written extensively about on this blog. In short, Media Literacy is the ability to identify different types of content and understand the messages each is sending. Content includes texts, social media memes or posts, videos, television, movies, video games, music, and various other digital content. Reminder: Someone creates each piece of content and that person, group, or company has an agenda or message.
Do I understand all the points of view of this story?
What do I think about this topic or idea?
Am I overly emotional and eager to share this?
Am I being manipulated by this content?
What if I’m wrong?
Lastly, consume all media with thoughtful intention — avoid mindless scrolling and liking. A few other practical ways to fight back against the algorithms we drew from The Social Dilemma: Don’t click on video or content recommendations. Fight back against algorithms by choosing your content. Uninstall social media apps that are not useful and waste your time. Turn off notifications or any other alert that interferes with living life. If an issue has you angry or emotional, stop, breathe, and research the facts before sharing.
The post Helping Your Family Combat Digital Misinformation appeared first on McAfee Blogs.
Every year CRN recognizes the women who are leading the channel and their unique strengths, vision, and achievements. This year, CRN recognized five McAfee individuals on their prestigious list of those leading the channel. Those selected demonstrate commitment to mentoring future generations and driving channel innovation and growth.
The 2021 Women of the Channel (WOTC) awards highlight over 1,000 women in all areas of the IT ecosystem, including technology vendors, distributors, solution providers and other IT organizations. We’re thrilled to see our colleagues recognized for their strategic vision and dedication to channel success. See below to learn more about each McAfee honoree.
Please join us in celebrating this recognition and congratulating these exceptional women who are at the heart of our channel business.
A channel veteran of 20+ years and 2020 WOTC recipient, Kristin Carnes joined McAfee through the acquisition of Skyhigh Networks and has lead channel growth for industry bellwethers like EMC (NYSE: EMC), Nimble Storage, (HPE Subsidiary) and Veritas Software. She was chosen to lead McAfee’s global channel programs and operations and now leads global teams supporting an extensive network of distributors. Kristin was instrumental in organizing the early 2021 expansion of McAfee and Ingram Micro’s partnership to sell in more than 20 countries leveraging the Ingram Cloud Marketplace. She has also launched new partner experience initiatives that have been adopted worldwide and driven changes in the McAfee rebate policy to improve partner profitability.
Madeline Fugate is an experienced sales and marketing leader with 23 years of experience in the channel. Madeline has a passion for mentoring and nurturing younger talent. Through coaching, she has developed a strong McAfee team for Tech Data that has delivered Tech Data’s Cyber Range with McAfee on premise and cloud solutions as well as an easy to use customer demo environment. Her work with Tech Data led to further growth in 2021 with IBM. This year, she also launched McAfee’s first social media campaign through Tech Data and played a fundamental role in improving operational efficiency to reduce quoting lead times.
With 25+ years of experience in distribution, Sheri Leach has dedicated the last 15 years to supporting and growing Ingram Micro with their McAfee business. This year, she was instrumental in launching McAfee on the Ingram Micro Cloud Marketplace soon to bring in millions of dollars in no touch business to McAfee and our partners. She’s worked closely with the team at Ingram Micro to also facilitate a creative finance program and to deliver a Business Intelligence program that helped the McAfee sales teams to create, plan and execute on business plans to drive more sales. Sheri was recognized on the 2020 WOTC list and believes that in 2021, the keys to partner success are partner enablement, frequent engagement and special finance to ensure partners are thriving amid the pandemic.
Sarah Thompson joined McAfee’s channel organization 13 years ago and has spent the last six years focused on building the Service Provider Specialization for partners delivering managed services globally. This year, Sarah managed the launch coordination, tracking progress and initiatives across product, channel, marketing and executive teams for McAfee’s partner lead managed endpoint detection and response (EDR) offerings. She’s driven innovation for McAfee’s channel by helping define a select set of partners as Global Service Provider Partners through the creation of formal requirements and curriculum.
Natalie Tomlin has been at McAfee for over 20 years, and currently drives much of McAfee’s “Channel First” global strategy through resources, tools, enablement and marketing efforts ensuring partners and customers have a good experience with McAfee. Her team is focused on helping McAfee’s strategic partners lead customer cloud adoption and deliver security from Device to Cloud. Returning to the WOTC list from 2020, Natalie’s current goal is to continue with McAfee’s “Channel First” strategy and to continue empowering, enabling, and listen to our partners.
The post CRN’s Women of the Channel 2021 Recognizes McAfee Leaders appeared first on McAfee Blogs.
In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth when compared to Q1 2020, putting Apple in fourth place in the global PC market share. It is safe to say that Macs are well-loved and trusted devices by a significant portion of the population — but just how safe are they from a security perspective?
Many users have historically believed that Macs are untouchable by hackers, giving Apple devices a reputation for being more “secure” than other PCs. However, recent attacks show that this is not the case. According to TechCrunch, a new malware called XCSSET was recently found exploiting a vulnerability that allowed it to access parts of macOS, including the microphone, webcam, and screen recorder — all without consent from the user.
Let’s dive deeper into how XCSSET works.
Researchers first discovered XCSSET in 2020. The malware targeted Apple developers and the projects they use to build and code apps. By targeting app development projects, hackers infiltrated apps early in their production, causing developers to unknowingly distribute the malware to their users.
Once the malware is running on a user’s device, it uses multiple zero-day attacks to alter the machine and spy on the user. These attacks allow the hacker to:
While macOS is supposed to ask users for permission before allowing any app to record the screen, access the microphone or webcam, or open the user’s storage, XCSSET can bypass all of these permissions. This allows the malware to sneak in under the radar and inject malicious code into legitimate apps that commonly ask for screen-sharing permissions such as Zoom, WhatsApp, and Slack. By disguising itself among these legitimate apps, XCSSET inherits their permissions across the computer and avoids getting flagged by macOS’s built-in security defenses. As a result, the bug could allow hackers to access the victim’s microphone, webcam, or capture their keystrokes for login credentials or credit card information.
It is unclear how many devices were affected by XCSSET. Regardless, it is crucial for consumers to understand that Mac’s historical security reputation does not replace the need for users to take online safety precautions. The following tips can help macOS users protect themselves from malware:
Software developers are continuously working to identify and address security issues. Frequently updating your devices’ operating systems, browsers, and apps is the easiest way to have the latest fixes and security protections. For example, Apple confirmed that it addressed the bug exploited by XCSSET in macOS 11.4, which was made available on May 24th, 2021.
Hackers often use phishing emails or text messages as a means to distribute malware by disguising their malicious code in links and attachments. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message. This will allow you to confirm the sender’s legitimacy.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool to help identify malicious websites.
Regardless of whether you are Team PC or Team Mac, it is important to realize that both platforms are susceptible to cyberthreats that are constantly changing. Doing your research on prevalent threats and software bugs puts you in a better position to protect your online safety.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blogs.
This post was written by Emmanuel
Making the most of opportunities and putting in the work with an employer who invests in you is a powerful combination. My journey at McAfee would not be complete had it not been for the chance to prove myself.
McAfee Rotation Program (MRP) program helps candidates find the right fit within the organization. MRP consists of five-month-long placements within Professional Services, Pre-Sales Engineering, Security Operations, and Sales Operations. To be accepted, candidates must complete and score well during three rigorous days of evaluation.
There is no promise you’ll be hired, only the promise that McAfee will give you every chance to prove your worth. And when you succeed, the benefits are far greater than just a paycheck.
In 2018, about a year after earning my Bachelor’s Degree in Mechanical Engineering and Mathematics, I learned about the program while looking for work. Even though cybersecurity wasn’t my background, I decided to take a chance.
McAfee flew me from my home in New Jersey to Dallas to complete an intensive course consisting of 10- to 12-hour days of interviews, presentations, logic tests, and team-building exercises. One of the toughest parts was presenting on McAfee products, something I knew very little about, and having only a few hours overnight to prepare once given the assignment.
Those days were extremely challenging and tested me in ways that I didn’t think possible. Even though it wasn’t really tailored to my area of studies, the program was an opportunity to work for one of the largest global corporations. I was resolved to stay focused and make an impression.
And I was hungry. Failing wasn’t an option. I had done my research and wanted the opportunity to work for McAfee.
About two weeks after the course, McAfee informed me that I was one of six candidates to be accepted into the MRP. The journey to help me find the best position soon began.
For the next two years, I worked five rotations or positions within the program’s designated areas. It wasn’t long before I began charting my path to what interested me most.
Last year, I achieved my goal of becoming an Enterprise Security Engineer.
I could not have achieved success without God, the help of a lot of people, and a diverse culture that embraces personal and professional growth.
McAfee gives you the opportunity to not just find what you do best but fulfill your passions. Along the way, you are recognized and mentored – a great achievement was receiving the “Who’s Doing This” award based on performance within my first year at McAfee.
The company invests in you personally and professionally, not just through training opportunities, but by encouraging healthy lifestyles and work-life balance. When we’re not working remotely, every Friday employees can bring their dogs to work through the Pups at Work Program. Some people have actually become attached to their coworkers’ pets!
Building connections has helped launch my career, understand where I want to go and how to get there. Like any new hire, you have to develop into your role, and that is only made possible with the right direction and encouragement. Coworkers and leadership have continually helped me along my journey.
Even through a period of remote working, McAfee has developed an online culture which makes you feel as though everybody is collaborating in person.
And the learning never stops. My mentor spends time each month guiding me down my career path, which is a huge plus.
What I like about McAfee is you are given every chance to succeed, which instills a strong work ethic and the ability to give back. I was fortunate to help lead another MRP soon after completing my rotation. Leadership entrusted me to coordinate the program from start to finish, and it was rewarding to watch the development of those who succeeded.
My time here has been sweet, and I could not pick a better company to launch my career. I’ve gone from somebody with no background in information technology and security to being a subject matter expert.
Those three days in Dallas were tough, but sometimes you have to put in a little sweat equity to reach your goal. They are among the greatest days of my career and make working for McAfee that much sweeter.
Are you thinking about joining our team? McAfee takes great pride in providing candidates every opportunity to show their true value. Learn more about our jobs. Subscribe to job alerts.
The post How I Seized McAfee’s Opportunities to Realize My Potential appeared first on McAfee Blogs.
We live in a world that thrives on digital connectivity. According to We Are Social, Canadians are now spending half a day more a month online than they did a year ago. Also, 33 million Canadians logged on to the internet at least once a month in 2020. As more people every year are spending hours upon hours online, they are knowingly (and sometimes unknowingly) unsafely releasing their personal information into the digital ether, making them vulnerable to all sorts of cybercrimes. The ramifications range anywhere from malware infection to identity fraud. Better understanding the best practices for online sharing will ensure users can navigate online dangers and safely connect with others.
Here are three ways online users share too much information and how they are placing themselves at risk.
Think about how many websites you visit regularly. How many of these have access to your personal information, such as your email, credit card numbers, and shipping address? Before accepting the option to save your information on file for a “faster checkout experience,” consider the following: A Canadian Internet Registration Authority polled 500 IT security professionals, and a quarter of them experienced a breach of customer data in 2020. Online users cannot afford to take liberties with the information they hand over to online companies, especially if they subscribe to numerous sites.
On a similar note, it is equally inadvisable to hand over information about yourself. Although seemingly harmless, online quizzes may not be as safe as you think. Some quiz questions sound more like security questions such as, “What was the first car you owned?” or “Where did you grow up?” Hackers using spyware can access these answers and anything else you enter on quiz sites to formulate informed guesses at your passwords.
It may seem counterintuitive not to share information on social media, seeing as the purpose of these platforms is to share. However, the problem with social media is that too many people are leaving themselves exposed to hackers due to the specificity of the information they share. More than two-thirds of Canadians are on social media, according to Statista, meaning there are millions of user profiles and newsfeeds brimming with personal information. Specific information such as company details in a new job announcement or your birth date in a celebration post are details hackers can use to impersonate you or break into your accounts. Additionally, cybercriminals can impersonate people in your network or pose as average users and add you as a friend. Hackers will often use this tactic to get close to someone and gather intel to formulate a targeted phishing attempt or identity theft.
While you can take proper precautions to safeguard your personal information, you cannot guarantee that others will do so with the same vigilance. Many do not realize there is more at stake than a loss of privacy when intentionally sharing information, usually login credentials, with others. If your friend you shared your password with is hacked, then a cybercriminal can now access your information as well as theirs. Cybercriminals can then use this information to break into your accounts, hold your data for ransom, and even steal your identity.
Knowing what is safe to share online and how to protect the information that is not is the first step to safeguarding your online presence. Here are four tips to consider before sharing your personal details on websites, social media, and with others:
Always err on the side of caution whenever you visit unknown sites or download applications on your devices. Be aware of what you click on, the ramifications of clicking on a malicious link, or handing over information on an unsecured website. One way to ensure you are visiting a secure website is to look for the padlock icon in the top left corner of your browser. This icon indicates the site and your connection are secure.
Take your internet protection one step further and avoid saving your information on file. If possible, use an alternate payment gateway with verified encryption that does not require inputting your credit card information. This way, your data does not become a liability in the event of a company data breach.
There’s a fine line between sharing too much and sharing just enough on social media. Start taking control of your privacy on social media by adjusting your privacy settings. Unless you are an aspiring social media influencer, it is best to keep your account private and limit your followers to only people you know personally. Do not follow strangers and reject friend requests from strangers. They could turn out to be a hacker.
Take advantage of platform security controls that allow you to control your visible information. For example, you can disable your activity status or geolocations to block other people from tracking your every move or manage the personal data these platforms are allowed to share. Keep in mind that any third-party app with access to these platforms will have varied privacy policies. Read the fine print on their user agreements, as these policies differ depending on the app.
3. Use a VPN
Before hopping online, consider using a virtual private network (VPN) to secure your connection. A VPN allows you to browse the internet with the confidence that your Wi-Fi and any sensitive information you send through this connection is encrypted. In other words, if a hacker intercepts this data, they won’t be able to make any sense of it.
Enabling multi-factor authentication adds an extra layer of protection that makes it nearly impossible for hackers to bypass even if they do manage to steal your credentials.
Also, make sure you create strong passwords or passphrases by following password best practices and ensuring they are long, complex, and varied. Use a password manager with a generator to help you create strong passwords and store them, so you do not have to memorize them. This method also makes it easier and more secure than saving passwords on internet browsers. Further, password managers, like McAfee True Key, make it easy to securely share your credentials with others.
From social media to work to daily activities, peoples’ lives are centralized around their digital devices and online access. Users must learn to care for their information to the same degree one would manage their physical IDs or credit cards. Only then can they carry on their online activities, confident in the knowledge they are doing so securely.
The post The Ultimate Guide to Safe Sharing Online appeared first on McAfee Blogs.
Microsoft has shipped an emergency security update affecting most Windows users. This update partially addresses a security vulnerability known as PrintNightmare that could allow remote hackers to take over your system.
PrintNightmare could allow hackers to gain control of your computer. This means hackers could perform malicious activities like installing their own apps, stealing your data, and creating new user accounts.
Microsoft recommends Windows 10, 8.1, and 7 users update their computers through Windows Update as soon as possible. Note that an additional patch will likely be required to fully fix the issue, so expect another update prompt from Microsoft in the days to come.
For extra protection against malware that may result from a hack like this one, we recommend an all-in-one security solution, like McAfee Total Protection or McAfee LiveSafe. If a hacker takes advantage of the exploit and tries to install additional malware, McAfee Total Protection/LiveSafe can help protect against those attempts. Learn more about our online security products here.
PrintNightmare exploits a vulnerability in the Windows Print Spooler service. The step-by-step instructions below will guide you through turning off the service to ensure hackers can no longer exploit the security flaw. The Print Spooler will remain off until the PC is rebooted.
Step 1: Press the Windows key, and type Services, clicking on the Services App
Step 2: Scroll down to the Print Spooler Service
Step 3: Right-click on the Print Spooler Service and click Stop.
The post Microsoft Urges Customers to Update Windows as Soon as Possible appeared first on McAfee Blogs.
Small business owners are getting a special deal on their online protection through a partnership between McAfee and Visa. With new ways of working creating online opportunities and risks for small business owners, McAfee and Visa have come together to offer comprehensive protection for a changed business landscape.
Designed to help you minimize costs and unexpected interruptions to your business, McAfee® Security for Visa cardholders provides award-winning antivirus, ransomware, and malware protection for all your company devices including PCs, smartphones, and tablets on all major platforms. Visa Small Business cardholders automatically save up to 40% with a 24-month package and up to 60% with a 12-month offer.
Safety features include:
McAfee’s security savings bundle is also part of Visa’s commerce in a box initiative, which has launched in six U.S. cities (D.C., Detroit, Atlanta, Miami, Los Angeles and Chicago). This program features a curated selection of offers, discounts, and bundles from Visa’s Authorize.net and Visa partners designed to help small businesses with what they need to move their business forward digitally — from accepting digital payments and building an eCommerce site to marketing to their audience in new ways and providing online marketing tools to run and protect their business.
The post Small Businesses Save Up to 60% in McAfee and Visa Partnership appeared first on McAfee Blogs.
Over the past year and a half, workers everywhere have gotten used to working from home. They have adopted an entirely new work from home mindset and diverted their weekly commuting hours to other productive and more enjoyable pursuits. As parts of the world return to a “new normal,” another change is on the way: a gradual return to the office.
The hybrid working model is met with mixed reviews from employees and business security teams alike. For some employees, a clearer separation between work and home is a welcome change. CTV News reports 66% of Canadian respondents to an International Workplace Group poll say they are looking forward to splitting their working hours between the office and home.
For business security teams who are just catching their breath after the monumental shift to a remote workforce, they are now gearing up for the new online safety challenges posed by the hybrid work model. According to a VMware Canada Threat Report, 86% of security professionals agree that cyberattacks aimed at their organizations have become more sophisticated since the onset of the pandemic. Additionally, 91% of global respondents cite employees working from home as the cause of cyberattacks. Challenges of the hybrid workforce include the constant back-and-forth of company-issued devices, the lack of control over home office setups, and mixing personal and company devices with company and personal business respectively. For example, if you pay your bills or shop online using your work device, it opens several new avenues for a hacker to walk right onto the corporate network. When your guard is down even a little bit when you are off the clock, you could fall victim to e-skimmers, fake login pages, or phishing scams.
No matter how advanced your company’s threat detection system, hackers know where vulnerabilities lie and are on the hunt to exploit them. Check out these tips to ensure you are not the weak link in your organization.
A virtual private network (VPN) is a service that scrambles online browsing data, making it impossible for nefarious characters to decipher your activity. This is an excellent way to deter hackers from tracking your movements and picking up sensitive pieces of information.
VPNs are essential if you are working in a public area, sharing a wireless network with strangers, or using a Wi-Fi connection that is not password protected. Public Wi-Fi networks are notoriously easy pickings for hackers seeking entry into unsuspecting users’ devices. On the days where you are not in the office, make sure your wireless connection is secure.
While a VPN is an excellent tool, security measures and your accounts are vulnerable without a strong and private password or passphrase to protect them. The gigantic Colonial Pipeline hack is being blamed on a hacker gaining entry through an unused VPN that was not secured with multifactor authentication. Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts.
Consider using a password manager to organize all your passwords and logins. Password managers remember each pairing so you don’t have to, plus most managers are secured with multifactor authentication. A password manager makes it easier to add variety to your passwords and prevents you from ever having to write them down.
Professionals who travel between their home and an office are likely transporting their devices back and forth, increasing the number of opportunities for devices to be forgotten at either location or in transit. As convenient as it may be, never use your personal device for official business. Even if you pride yourself on sound online safety habits, your company device likely has more defenses ingrained in its hardware than your personal devices.
With your personal devices, you should carefully vet everything you download. With your work-issued devices, this vetting process is even more important as company information is at stake. The Information and Privacy Commissioner of Ontario states that employees should never download applications to their work devices without permission from the IT team. Apps and programs often have security vulnerabilities that could open a gateway for hackers.
Zero Trust is a security philosophy that is exactly what it sounds like: trust no one. Businesses are employing Zero Trust models to greatly limit who has access to sensitive data sources. Adopt your own personal Zero Trust philosophy concerning your passwords, logins, and device access. This means never sharing passwords or log in details, especially over email, instant messenger, or over a video conference. Hackers commonly eavesdrop on all three mediums. Also, even your most trusted coworker could mishandle your passwords and login details, such as writing them down and leaving them in a public place.
A key aspect of the Zero Trust model is only granting employees access to platforms that are vital to their job. Sharing your logins with coworkers who may not be authorized for using that platform undermines all the hard work the IT team does to keep tabs on data access.
Every time you turn on the nightly news, another ransomware attack has hit another organization, each one bigger than the last. This heightened prevalence is a reflection on the wiliness of hackers, but also the number of security holes every company must plug.
There are several vulnerable points of entry in every company, and some of those vulnerabilities are heightened by the hybrid work model. Always heed the advice of your company’s IT team, and make sure to do your part to keep your devices and work information secure.
The post Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety appeared first on McAfee Blogs.
Written by Shuborno, Principal Engineer
At McAfee, architects and engineers continuously have opportunities to make decisions that impact customers and propel exciting and meaningful careers. They also work with leaders focused on supporting their learning and growth. These truths have been constant and driving forces for me throughout my 15+ years with the company.
Today, I am a Principal Engineer at McAfee. My job is to translate product and customer goals into the technology we must build to enable and sustain those goals. It is challenging, fulfilling work that impacts 40 million customers around the world and motivates me every day.
This role is also a high in my personal career journey, one that started with a McAfee internship while I was a student at the University of Waterloo in Ontario, Canada.
Supportive leadership is an important, and differentiating, element of McAfee’s culture. Being promoted to Principal Engineer was, of course, an incredibly proud moment in my career, but the support and encouragement of my managers and mentors helped me get there.
When I moved into the Software Architect role, I met with the head of Consumer Engineering who — to my surprise — arranged for the Chief Architect to mentor me. Things took off from there.
Jeremy, one of my mentors, helped me realize the impact I could make by asking a simple question: “If there is something important that needs to be done, why aren’t you doing it?”
That encouragement, support, and coaching gave me the confidence and motivation to achieve the Principal Engineer career goal. It also helped me understand the importance of supportive leaders focused on helping their teams learn, grow, and succeed.
Beyond the office, McAfee leaders supported my growth, too. Early on as an architect, my manager encouraged me to get involved with Toastmasters, an organization that teaches public speaking and leadership skills. I’ve used skills gained there when presenting to fellow architects and engineers, C-level executives including the CTO, as well as during my Principal Engineer Committee Panel presentation. (Today, I’m also the Vice President of Education for my local Toastmasters Club!)
The leadership support I’ve experienced at McAfee enabled me to learn, grow, and thrive, inside and outside the office. I know that the same support will be available for you — and anyone who joins the McAfee team — because when McAfee employees thrive, McAfee thrives, too.
Are you considering joining our team? McAfee takes great pride in a culture that promotes personal growth and professional success. Learn more about our jobs. Subscribe to job alerts.
The post My Journey from Intern to Principal Engineer appeared first on McAfee Blogs.
This week, McAfee took an exciting new step in our journey—we are now a pure-play consumer company. What does that mean for consumers? It means that McAfee will be able to focus 100% of our talent and expertise on innovation and development that directly enables and improves the products and services that protect you and your family.
It’s the right time to take that step. Today, we use technology in every aspect of our lives, from education to recreation and entertainment to transportation. We have connected devices in our cars, in our pockets, and in our houses. In fact, the average U.S. household has 25 connected devices, and this number will continue to grow as more connected devices hit the market. We are also on the precipice of new connectivity technology, such as 5G, that will enable devices to access larger amounts of data, faster, and from more places.
All this technology makes our lives easier and more enriching in some way, whether it’s the ability to do our banking online or ordering groceries online or even having a consultation with our physician online. Our behaviors have changed during the past sixteen months and our need for online protection has changed with the times.
Our online world is rapidly evolving, and as McAfee’s Chief Technology Officer, part of my job is to ensure that you and your family can use the latest, cutting-edge technology with the confidence and peace of mind that you are protected.
The technology required to defend consumers against the latest threats requires new levels of sophistication. It’s important that we don’t confuse sophistication with complexity. Part of my mission for McAfee is to package the world’s most effective, highly sophisticated cybersecurity technology in a form that is accessible, usable, and consumable by everyday users—people and their families
So as McAfee places its entire focus on consumers, what that really means is that now the focus is on you. Your life online, and the ways you use it to run your home, keep tabs on your finances, split dinner with friends, chat with your children’s teachers, and binge on your favorite shows over a rainy weekend. More than that, we’re here to protect you, because you are at the center of all these things and more. Our aim is to bring you breakthrough advances in online protection so that you can freely enjoy life online. And everyone here at McAfee is looking forward to bringing them to you.
The post It’s All About You: McAfee’s New All-Consumer Focus appeared first on McAfee Blogs.
This news has been some time in the making, and I’m terrifically excited to share it.
As of July 27th, we take a decisive step forward, one where McAfee places its sole focus on consumers. People like you. This marks the day we officially divest our enterprise business and dedicate ourselves to protecting people so they can freely enjoy life online.
This move reflects years of evolution, time spent re-envisioning what online protection looks like in everyday life—how to make it stronger, easier to use, and most importantly, all the ways it can make you feel safe and help you stay that way.
In the coming days, you’ll see your experience with us evolve dramatically as well. You’ll see advances in our online protection that look, feel, and act in bold new ways. They will put you in decisive control of your identity and privacy, all in a time where both are so infringed upon. And you’ll also see your protection get simpler, much simpler, than before.
Today, I’d like to give you a preview of what’s ahead.
First, these changes are inspired by you. From feedback, research, interviews, and even having some of you invite us into your homes to show us how you live life online, you’ve made it clear what’s working and what isn’t. You’ve also shared what’s on your mind—your thoughts on technology’s rapid growth, the concerns you have for your children, and the times where life online makes you feel vulnerable.
We’re here to change things for the better. And here’s why …
Our lives are more fluid and mobile than ever before. From the palm of our hand, we split the cost of dinner, purchase birthday gifts, dim the lights in our living room, warm up the car on a winter morning, and far more. In many ways, our smartphones are the remote control for our lives. From managing our finances to controlling our surroundings, we’re increasing our use of technology to get things done and make things happen. Could any of us have imagined this when the first smartphones rolled out years ago?
Without question, we’re still plenty reliant on our computers and laptops too. Our recent research showed that we’re looking forward to using them in addition to our phones for telemedicine, financial planning, and plenty of personal shopping—each representing major upticks in usage than in years before, up to 74 percent more in some cases.
Yet what’s the common denominator here? You. Whatever device you’re using, at the center of all that activity is you. You’re the one who’s getting things done, making things happen, or simply passing some time with a show. So, while the device remains important, what’s far more important is you—and the way you’re using your device for ever-increasing portions of your life. Safely. Confidently. Easily.
Taken together, the time to squarely focus on protecting people is now. A new kind of online security is called for, one that can protect you as you go online throughout your day in a nearly constant and seamless fashion. We’ve dedicated ourselves to making that happen. And you’ll soon see what that looks like.
So how can you expect this evolution to take shape? You’ll see it in three significant ways:
1. Personalized experience. We’re building security that protects you effortlessly wherever your day takes you. From device to device, place to place, and all the experiences online in between. Think of our approach to online protection like Netflix, which used to be a physical service where you waited in queue for that next episodic DVD of Lost to get mailed to you. Now your shows follow you and stream anywhere, no matter what device you’re on. It’s the same thing with our security. It will recognize you and protect you whether you’re at home or by the pool on vacation, on your laptop, or your phone, with one consistent experience. Again, it’s all about you. Keeping you protected as you enjoy every perk and convenience of life online.
2. Intelligent experience. The next evolution builds on personalization and takes it a step further. This is security that understands when you and your personal info is at risk and then takes intelligent steps to protect you. This could be your smartphone automatically connecting to VPN when you’re at the airport, keeping you safe from prying eyes on public networks. It could also be alerts to you if your personal info is compromised so you can take steps to protect it. Or it could be a simple suggestion to help keep you safe while browsing, shopping, or banking online. In all, it’s intelligence that helps you stay safe and make safe choices.
3. Simpler experience. With this personalization and intelligence in place, you can protect everyone in your family far more easily than ever. It becomes practically automatic. Regardless of their age, interests, or how much they know about technology, this simplified approach to online security makes smart choices for you and your family wherever possible, steering them clear of threats and keeping everyone safer as a result.
Us at your side. New and existing customers alike will still benefit from McAfee’s award-winning technology as you always have. Further advances and features will roll out to you as part of the regular updates as they become available for your subscription. In all, you’ll always have the latest and greatest benefits of your product with us.
As for our future, expect more to come. Your confidence in us both fuels and informs these leaps ahead. Thank you as always for choosing us for your protection. It allows us to invest in breakthroughs that keep you safe against new and evolving threats, just as we have as a market leader for years.
The new McAfee is focused on you. It’s a bold new world of protection online, where you are in control of your identity and privacy, where you have intelligence that offers right protection in the right moment, where you can simply feel safe, and where you’re ultimately free to enjoy your life online at every turn.
Here’s to what’s next. And I can’t wait for you to experience it.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post The New McAfee: A Bold New World of Protection Online appeared first on McAfee Blogs.
T-Mobile, the popular US mobile phone service provider, recently confirmed a data breach affecting 7.8 million current customers and 40 million records from past or prospective customers. The stolen data included customer names, dates of birth, social security numbers, and driver’s license information. Fortunately, subscriber credit card information and other financial details were not affected in the breach.
Even though financial data was spared in the breach, the types of information stolen, along with the vast volume of affected subscribers mean that all T-Mobile subscribers should take immediate action to secure their identities and accounts online.
This is the immediate step all affected subscribers should take.
As part of T-Mobile’s response, they are offering an identity protection service exclusively to all affected customers, free for two years. This identity protection service gives customers the ability to monitor personal info, including your SSN, bank account numbers, debit cards, email addresses, phone numbers, and more. If info is found on the dark web, customers will receive guidance to help secure online accounts. Should identity theft occur, the identity protection service includes fraud resolution support and identity theft insurance for peace of mind. The free 24 months of identity protection will be delivered directly by T-Mobile. The company is also encouraging customers to sign up for their Account Takeover Protection service.
One lesser-known type of data stolen in the breach was International Mobile Equipment Identity (IMEI) numbers, which allow individual devices to be identified on a mobile network. Access to IMEI numbers could enable SIM-swap attacks which make account takeovers possible. With an account takeover, two-factor authentication through text message becomes vulnerable, allowing hackers potential access to bank accounts, among others. App-based multi-factor authentication, using a solution like Google’s Authenticator, allows you to authenticate your identity from other devices, instead of having authentication tied to your mobile phone number.
T-Mobile will be contacting impacted customers directly. However, cybercriminals and scammers may also take advantage of this data breach to scam people using email. They will often pose as major corporations or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number. We’ve provided additional information here to help you to recognize legitimate emails.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. This includes email accounts, cell phone numbers, bank accounts, your tax ID, and more. Read our additional tips to protect your digital identity.
For regular updates and official news from T-Mobile, visit their Newsroom blog here.
The post T-Mobile’s data breach exposes the personal data of 40 million appeared first on McAfee Blog.
Customers often ask us some version of this question. It’s a good question and in the past, there was no direct answer – only recommendations. For instance, we recommend online protection that goes beyond antivirus to include identity and privacy protection, as well as promoting safety best practices like using multi-factor authentication. We wondered if there was a simpler and easier way to advise customers how to better protect themselves.
A recent survey shows how important online security has become to consumers. We found that 74% of you have concerns about keeping your information private online. 57% want to be more in control of their personal info online. And, since the pandemic started, 47% of online consumers feel unsafe compared to 29%. Simply put, customers are more conscious of their safety online than ever before, and eager to play an active role in their protection.
It’s time for a new approach – meet the Protection Score.
If you’re thinking this looks like a credit, fitness, sleep, or any of the other scores we now use to visualize and quantify aspects of our life, you’re on the right track.
Your personalized Protection Score is a measure of your security online. The higher your score, the safer you are online. Your score will highlight any weaknesses in your security and help you fix them with easy step-by-step instructions. We’ll also let you know which features haven’t been setup so you can get the most out of your protection.
When we developed Protection Score the idea was to give customers a simple solution to better protect themselves and get the most from their subscription, including security tips to protect their identity, privacy, and devices, while also improving their online habits. We wanted it to be easy for anyone to:
Now that we’ve talked about Protection Score generally, let’s look at how it works in practice. Your score is based on a few things, including setting up your McAfee protection, strengthening your security with our safety recommendations, and ensuring your personal info is safely monitored with Identity Protection.
For example, if your information is exposed in a data breach your score may drop, but you can improve it by following our easy-to-follow remediation steps. Once you’ve completed those steps your score will go back up and you can be confident knowing you’re better protected online.
A perfect score does not mean you’re perfectly safe, but it does mean that you’re doing an excellent job of preventing and managing risks.
Your Protection Score is a great way to understand how safe you are at a glance. Additionally, improving your score ensures your life online is being protected by many of the safety features and benefits McAfee has to offer. For instance, the subscriber, John Smith, can see they’re fairly safe based on their score. However, it isn’t a perfect score and there are a few actions they could still take to improve it. In this case, adding their email and phone number to dark web monitoring – a crucial step in protecting their personally identifiable information online.
Protection Score can be easily accessed* from your browser of choice on any device so you can review our guidance and take steps to improve your score from wherever you are. McAfee’s Protection Score is a first for the cybersecurity industry, but we’re not stopping there. We’re going to continue to improve the feature by adding more personalization and accessibility so you can enjoy your life online knowing exactly how protected you are.
*Note that Protection Score is currently live in the US, Canada, Brazil, Australia, New Zealand, Japan, UK, Germany, France, Spain, and Italy.
The post Stay on top of your online security with our Protection Score appeared first on McAfee Blog.
It’s little surprise that a digital currency scam based on the popular Squid Games series on Netflix is making the news.
If you haven’t caught wind of it yet, the story goes along the following lines:
Note that this Squid Game cryptocurrency had no relationship to the show or to Netflix, aside from hijacking the Squid Game name without permission so that the scammers could use it as bait.
Scams such as this are nothing new. Earlier this year, an “initial coin offering” (ICO) called Mando turned out to be a scam as well. Based on Disney’s popular Star Wars series, The Mandalorian, the scammers used the name and the Star Wars-themed imagery around it without permission. Then, just as suddenly they used the popular name to drum up investments in the ICO, the scammers disappeared with the money they garnered from the “pre-sale” of the bogus Mando cryptocurrency.
With all the fervor around cryptocurrencies, scams associated with them are on the rise and have been for some time. A study published by Investopedia found that 80% of cryptocurrencies are scams and that only 8% of cryptocurrencies make their way onto legitimate trading exchanges.
In the case of the Squid Game cryptocurrency, there were several apparent signs that it was bogus to begin with. Reports call out the fact that the currency was not available for purchase on mainstream platforms. Instead, investors could only purchase the cryptocurrency on a platform that doesn’t guarantee the transactions made upon it. Further, investors could only buy the currency, not sell it, effectively locking them in.
Other indications were found in the accompanying website and technical white paper, which were laden with spelling and grammatical errors, along with apparently unsubstantiated claims. In all, red flags such as those are very similar to the ones associated with phishing attacks—where scammers co-opt the identities of well-known brands and organizations in bogus emails and websites, albeit in an often-clumsy fashion. Errors like those are often a telltale sign that something sketchy is afoot.
1. Working with an accredited financial adviser is always a sound step with any investment you choose to make, as is only investing funds you can afford to lose if the investment falls through.
2. Steer clear of cryptocurrency investments that ask you to contribute money directly from one of your own accounts rather than via a reliable platform that is verified.
3. Consider dependable cryptocurrencies such as Bitcoin, Ethereum, and Litecoin—of course recognizing that even legitimate cryptocurrencies can be highly volatile investments.
4. Regard any cryptocurrency based on a pop culture reference like movies, memes, and shows with a highly critical eye. It may very well be a scam built around buzz rather than an earnest attempt at launching a legitimate cryptocurrency, such as it was with the Squid Game scam.
Just as Netflix’s Squid Game is one in a long string of hit shows that’ll capture our attention, we can count on a similarly long string of cryptocurrency scams to continue. In this case, the Squid Game cryptocurrency scam was rigged from the start, despite the warning signs. After all, an investment people can only buy into but never sell is scam, plain and simple.
The post Squid Game Cryptocurrency Scam appeared first on McAfee Blog.
The Robinhood trading platform recently disclosed a data breach that exposed the information of millions of its customers. News of the attack was released on Monday, November 8th along with word the hackers behind it had demanded an extortion payment from the company.
According to Robinhood’s disclosure, the attack occurred on November 3rd, which allowed an unauthorized party to obtain the following:
In addition, smaller groups of Robinhood customers had yet more information compromised. Around 310 people had their names, birth dates, and zip codes exposed in the breach. Another 10 customers had “more extensive account details revealed,” per Robinhood’s disclosure.
Robinhood went on to say, “We believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.”
Robinhood further stated that the company contained the intrusion and that it promptly informed law enforcement of the extortion demand. Robinhood says that it is continuing to investigate the incident with the assistance of a security firm.
The company advised its customers to visit the Robinhood help center to receive the latest messages from the company, noting that they will never include a link to access an account in a security alert.
Any data breach that you and your information may have been involved in calls for a few quick security steps:
1. Log into your account and update your password with a new one that is strong and unique. Likewise, if you use the same or similar passwords across several accounts, change those as well. (A password manager that’s included with comprehensive online protection software can do that work for you.) Set up two-factor authentication if your account allows for it, as this will provide an extra layer of protection as well.
2. Review your statements for any strange activity—even the smallest of withdrawals or transactions could be the sign of a larger issue.
3. Report any suspected fraud to the company or institution involved. They typically have set policies and procedures in place to provide support.
If you believe that you’ve become a victim of identity theft, file a report with local law enforcement and the Federal Trade Commission (FTC). Law enforcement can provide you with a case number that you may need as part of the recovery process. Likewise, the FTC’s identity theft website provides excellent resources, including a recovery plan and a step-by-step walkthrough if you create an account with them.
For even more information, visit our blog that points out the signs of identity theft and the steps you can take should you find yourself victim.
Given that the breach apparently exposed some 5 million email addresses, there’s the risk that these may end up in the hands of bad actors who may use them for follow-on attacks.
Notable among them would be phishing attacks, where hackers could target Robinhood users with phony messages in an attempt to get affected users to reveal further account information. For example, hackers could potentially create bogus emails that appear to come from Robinhood and direct users to a malicious site that requests account information. As Robinhood stated, the company will never include a link to access an account in a security alert. Users should visit the Robinhood site directly for account information.
This breach could lead to other phishing attacks as well, ones that may or may not pose as communication from Robinhood. Some of these phishing attacks can be rather easy to spot, as they may include typos, poorly rendered logos, or spoofed web addresses. However, some sophisticated hackers can roll out rather polished phishing attacks that can closely resemble legitimate communications.
In all, people can avoid falling victim to phishing attacks by keeping the following in mind:
1. Only access your accounts directly from the official website of the company or financial institution involved. If you receive an email, message, or text alerting you of an issue, do not click any links provided in the communication. Go straight to the site yourself by typing in the proper address and view your account information there. Likewise, calling the customer support line posted on their official site is an option as well.
2. Use comprehensive online protection software that includes a spam filter. This can prevent phishing emails from reaching your inbox in the first place.
3. Get to know the signs of phishing emails. A common sign of a scam is an email, ad, message, or site that simply doesn’t look or read right. (Maybe the grammar is awkward or the logo is grainy or has the colors slightly wrong.) However, some of them can look quite convincing, yet there are still ways to spot an attempted phishing attack.
4. Beware of email attachments you aren’t expecting. This is always good form because hackers love to spike attachments with malware that’s designed to steal your personal information. Whether you get an unexpected attachment from a friend or business, follow up before opening it. That’s a quick way to find out if the attachment is legitimate or not.
For more info on phishing and how to steer clear of it, check out our blog on how to spot phishing attacks.
The unfortunate fact is that data breaches can and do happen. Many of the larger data breaches make the headlines, yet many more do not—such as the ones that hit small businesses, restaurants, and medical care providers. In the hands of hackers, the information spilled by these breaches can provide them with the building blocks to commit identity theft. As a result, keeping on top of your identity and personal information is a must.
The good news is that you have solid options to prevent them from harming you or at least greatly lessen their potential impact. With identity theft protection, even in the short-term, you can monitor emails addresses and usernames that are being used to breach other accounts. You can monitor dozens of different types of personal information and receive alerts to keep an eye out for misuse. Likewise, it can monitor your email addresses and bank accounts for signs of misuse or fraud, plus provide theft protection and support from a recovery specialist if identity theft, unfortunately, happens to you.
Along those same lines, news of a data breach offers all of us a moment to pause and take stock of just how protected we are. Above and beyond the steps covered above, comprehensive online protection can protect your devices from malware, phishing attacks, malicious websites, and other threats. More importantly, it protects you—your identity and privacy, particularly in times where breaches such as the one we’re talking about here occur with seeming regularity.
The post Protecting Yourself in the Wake of the Robinhood Data Breach appeared first on McAfee Blog.
You may have spotted the news last week that U.S. federal prosecutors brought charges against the former chief security officer of Uber. At issue was a breach that occurred in 2016, where prosecutors allege that he covered up a $100,000 payoff to the hackers responsible for the attack. The specific charges are obstructing justice and concealing a felony for the alleged cover-up.
While the breach itself is relatively old news and the company has since paid a $148 million settlement along with an agreement to regular audits of its privacy and security systems, this is a reminder that breaches happen. What’s more, it may be some time before you become aware of them, even in instances when companies move quickly, transparently, and in your best interest.
According to research we recently published, nearly three-quarters of all breaches have required public disclosure or have affected financial results, up five points from 2015. Additionally, industry studies show that it can take roughly nine month on average to identify and contain a breach. Yes, that’s more than nine months, and a lot can happen to your credit in that timeframe. Thus the onus is on us to be vigilant about our own credit.
Here’s a quick list of things you can do right now to keep on top of your credit—and that you can do on an ongoing basis as well, because that’s what it takes to keep tabs on your personal info today.
Closely monitor your online accounts: Whether it’s your credit card statements, banking statements, or your individual accounts for services like Uber, review them closely. If you see any suspicious activity, notify the institution or service and put a freeze on your account(s) as needed. Even a small charge can indicate a bigger problem, as that means your information is out there in the wild and could be used for bigger purchases down the pike. In the event you feel your Uber account has been compromised, you can contact them via their “I think my Uber account has been hacked” page.
Update your settings: That includes your privacy settings in addition to changing your password. As far as passwords go, strong and layered passwords are best, and never reuse your credentials across different platforms. Plus, update your passwords on a regular basis. That’ll further protect your data. Using a password manager will help you keep on top of it all, while also storing your passwords securely.
Enable two-factor authentication: While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
Check your credit: Depending on where you live, there are different credit reporting agencies that keep a centralized report of all your credit activities. For example, the major agencies in the U.S. are primarily Equifax, Experian, and TransUnion. Likewise in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. It’s a relatively quick process, and you might be surprised what you find—anywhere to incorrect address information to bills falsely associated with your name. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
Freeze your credit: Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
Consider using identity theft protection: A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity in addition to the activities I’ve listed above. Additionally, you can use a comprehensive security solution such as McAfee Total Protection to help protect your devices and data from known vulnerabilities and emerging threats.
For all the technology we have at our fingertips, our best defense is our eyes. Keeping a lookout for fishy activity and following up with family members when unfamiliar charges show up on your accounts will help you keep your good name in good standing.
The thing is, we never know when the next data breach might hit and how long it may be until that information is discovered and finally disclosed to you. Staying on top of credit has always been important, but given all our apps, accounts, and overall exposure these days, it’s a must.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Uber Data Breach and How to Protect Your Info appeared first on McAfee Blog.
How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go.
This trend in the way we connect is reflected in recent data too. In fact, we’ve found that the average consumer spends 6 hours and 55 min online per day, split between mobile (52%) and desktop (48%). Whether you’re a Boomer, Gen X, a Millennial, or Gen Z, the way you connect online is diverse and specific to you.
As for what we’re doing online? It’s just about everything. After all, we spend an average of 7 hours per day on connected devices and the pandemic has forced us to do even more online. The downside to this rapid change in the way we live is that we are opening ourselves up to more risk which leaves consumers feeling highly concerned about their ability to keep their personal info secure or private. We need new protection for this new normal.
What all these changes mean is that you’re able to have the same online experience regardless of where you are, what you’re doing, or what device you’re using. Your favorite streaming service is a great example – you can just as easily find a movie on a tablet as you can on your laptop. In fact, you can pause the movie you’re watching on that tablet and pick up where you left off on your laptop. Your experience with online security should offer the same convenience and familiarity. More importantly, online protection should give you a feeling of confidence however or wherever you choose to connect.
This means knowing your personal info is secure even when accessing an unsecured network, your browsing habits remain private, and you can take necessary actions should your information be compromised. To put it another way, YOU are what we’re focused on protecting and we do that by making sure everything you connect with is also secure.
A phone is the remote control for your life. From the palm of your hand, you’re able to shop, browse, stream, and create – everything you do online you can now do from your phone. So, it’s crucial that your phone be a major focus of our online protection. The new mobile app makes it easier to get robust protection for your identity, privacy, and phone. Let’s look at a few of the capabilities offered by the new mobile app.
Think about all the online accounts you’ve created in the past year. How many of them do you use regularly? Sometimes I think I have more food delivery apps on my phone than I do restaurants to use them on. Regardless of how often you use an account (or if you no longer use it at all!), any personal information (like emails, addresses, credit cards) added to it is available online and vulnerable to breaches. McAfee Security comes with identity protection, a feature that monitors your personal information and then notifies you when there’s a risk of your data being compromised. What this means is that if we detect that your data was stolen, you’ll be alerted an average of 10 months earlier than similar services, so you can act before your data is used illegally or shows up on the dark web.
Let’s say you’re about to use the free internet at your favorite café for a speedier connection. Time to flip on your virtual private network (VPN). Forget about digging through a sea of menus to find your VPN. The new mobile app offers a seamless VPN experience so you can keep your activity hidden on less-than-secure Wi-Fi. Or, better yet, you can set up a Secure VPN to automatically turn on for unsecured Wi-Fi networks. Whatever you choose, Secure VPN keeps your personal data and location private anywhere you go with unlimited data and bank-grade Wi-Fi encryption.
At the end of the day, phones are devices and they’re vulnerable to viruses, malware, and, increasingly, malicious apps. The new McAfee Mobile app offers an antivirus scan for Android phones and system scans to see if your passcode is strong enough and that your OS is up to date on iOS devices.
Most importantly, the app is part of McAfee’s total online protection, so the experience on your phone is the same as on your PC. It’s protection that goes where you go – at home on your PC, or on the go with your mobile.
If you’re an existing McAfee subscriber using McAfee Total Protection or McAfee LiveSafe, you can get the app right now. And, if you’ve already got the app installed, just make sure it’s up-to-date and you’ll be all set with the new look and features.
Interested in trying the app out? You can buy or get a free trial of McAfee Total Protection here and get started today.
The post Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. appeared first on McAfee Blog.
Several security researchers have recently reported a powerful software bug that could potentially affect thousands of popular websites, services, hosted apps, and even game servers—thanks to an apparent flaw that could allow hackers to compromise or take control of servers that run them.
Just as reported by the developers of the popular Minecraft game, this flaw potentially affects servers that run Twitter, Apple’s iCloud, the Steam gaming platform, and a growing number of others that may be vulnerable.
One research group has dubbed the vulnerability as “Log4Shell,” and the name appears to be sticking. It involves a widely used software used to log information on servers. This software is open source, meaning it is freely available to developers. As a result, countless organizations and businesses use it on their servers.
While details are still evolving, researchers are acting with a proper degree of caution given the potential scope of the issue. Needless to say, the immediate level of concern remains high given the potential of the flaw to impact millions of servers, devices, and the people who use them.
At this early stage, a few things appear to be possible:
The developers of Minecraft have provided several steps that detail what both players and server hosts should do to protect themselves. The developers clearly recognize the potential gravity of the situation and are taking a proactive approach in saying, “This vulnerability poses a potential risk of your computer being compromised, and while this exploit has been addressed with all versions of the game client patched, you still need to take [steps] to secure your game and your servers.” We’ve provided the link to those steps here:
Recommended steps for Minecraft players and server hosts.
Right now, as this situation evolves, the best step is to keep your eyes open. If the app, service, site, or game you’re on performs strangely, consider signing out and closing it down. Then, perform a security scan on your device to check for viruses, malware, or other threats. Follow the guidance from your online protection software if any results come up.
You may also consider limiting your app and service usage to the most important activities. If it’s not an urgent or important online task or activity, see about putting it off until more is known.
Likewise, stay tuned. The details around this vulnerability continue to unfold. As they do, you’ll find further guidance that can help keep you and your family protected from this or any follow-on threats associated with this issue.
The post Concerned by the Security Risk Affecting Popular Services and Apps? Here’s What We Know. appeared first on McAfee Blog.
Like many consumers around the world, you’re probably scouring the internet to find the perfect gifts for your friends and family in time for the holidays. While buyers prepare for the festivities, cybercriminals look for opportunities to scam shoppers with various tricks. In 2020, the FBI received over 17,000 complaints regarding goods that were never delivered, totaling losses of more than $53 million.1 And this year, it is anticipated that the number could increase due to rumors of merchandise shortages and the ongoing pandemic.
But no need to get your tinsel in a tangle! At McAfee, we’re empowering consumers to live their digital lives with confidence by providing tips and tools for sidestepping cyber-grinches. Here are the top scams to look out for this holiday season so you can be on your merry way:
Phishing may be one of the older tricks in the book, but it is still a favorite standby for cybercriminals as phishing tactics become more sophisticated. According to Bleeping Computer, scammers tend to target holiday shoppers with emails advertising big-ticket or hard-to-find items to entice them to click on a malicious link.2 For example, cybercriminals could send a phishing email promising a sweet deal —often referred to as the discount scam — on the latest gaming system. Jumping at the opportunity to score such a great gift for a low price, an unsuspecting holiday shopper might click on the link and swiftly hand over their credit card details. But instead of receiving the gaming system, they receive alerts of suspicious purchases from their bank — purchases that cybercriminals made with their credit card information.
During the holidays, many brands increase their online advertising to boost sales. However, cyber-grinches will likely take advantage of this trend by creating fake websites and ads impersonating companies that consumers know and love. For example, cybercriminals can create fake websites and ads promoting unrealistic discounts and bargains that look remarkably similar to an online retailer’s site. If a customer clicks on the fake website and makes a “purchase” by inputting their credit card information, the scammers will then be able to use this data to make fraudulent purchases elsewhere.
Many consumers rely on social media to stay up-to-date on the latest deals, and scammers are eagerly looking for ways to take advantage. To target holiday shoppers via Instagram, Facebook, TikTok, etc., criminals use fake social media posts offering vouchers, gift cards, freebies, and contests in the hopes that the user will click on the post and hand over their personal or financial information. Perhaps a user comes across a fake contest for a $1,000 Amazon gift card on Instagram — all they have to do is enter their login credentials to enter. Little do they know that this contest has been formulated by scammers and submitting their login for entry is just handing over their data for cyber-scrooges to exploit.
Criminals can also take advantage of shoppable social media posts to target holiday shoppers with advertisements for non-existent or counterfeit items. Today, 130 million Instagram users tap on shoppable posts to learn more about products every month. It’s likely that these users will also rely on shoppable posts to interact with products they’re interested in purchasing for holiday gifts.3
Cybercriminals can entice these users by creating fraudulent social media ads for products they don’t actually have. If an unsuspecting shopper purchases through the fake ad, their financial information will not only find its way into the hands of the scammer, but they also won’t receive what they initially paid for.
According to the Wall Street Journal, travel and charity scams also tend to spike around the holidays.4 Travel scams could show up in the form of an email stating that a booking has been canceled, sending you to a fake website where you’re asked to enter your credit card number to set up a new reservation. You could also receive an email directing you to a clone site offering deals on a house rental, flight, or hotel room that seems too good to be true — as long as you hold your reservation with a deposit.
Cybercriminals also know that consumers tend to make charitable donations around the holidays, and many are quick to take advantage. A charity scam might target victims via social media feeds, asking people to donate to a fake organization. Consumers should always do their research on a charity before they donate to prevent money from ending up in a scammer’s pocket.
To prevent cyber-grinches from stealing your money, data, and festive spirit, follow these tips so you can continue to make merry during the holiday shopping season:
The post 6 Tips to Protect Yourself From Holiday Shopping Scammers appeared first on McAfee Blog.
With digital life-changing so rapidly, it’s time for a new way to protect it. Welcome to McAfee Forward—the future of online protection today.
As all that change reshapes how we spend our time online, we believe that one thing remains constant: meaningful protection is a personal right. Your right. That’s how we see it here at McAfee, and we want you to go forward and enjoy your digital life with confidence. Confident that you’re safe as you bank and shop online, sure. Yet also confident as you consult your doctor online, track your fitness routines, order a pizza with the sound of your voice, start your car with your smartphone, and simply do what’s next—the umpteen other innovations yet imagined, all thanks to the internet.
So what does the future of online protection look like? You. While different technologies may come and go, the one thing that won’t change is you. The person using them. That’s why our focus is on you, your privacy, identity, and overall security, no matter what device, app, or platform you’re doing or what you’re doing it on.
No doubt about it, life online will continue to change how we go about our day in lively and unexpected ways. You have a right to enjoy it all. And you can leave that to us. We thrive on what’s new and different—and then protecting it so you can get the most out of it.
That future of online protection is indeed here today. We’ve already rolled out major updates and industry firsts that look out for you online, particularly your privacy and identity. There’s much more to come in the weeks and months ahead. Because you have a right to a life that’s always safe and enjoyable online, whatever shape it takes in the days to come.
Here’s to living that life with confidence, and to what’s on the horizon. Through it all, we have your back.
The post Welcome McAfee Forward—the Future of Online Protection Today appeared first on McAfee Blog.
People have made it clear. They’re feeling more exposed to online threats and want stronger protection.
Our 2022 Trends Study puts figures to these feelings, saying that they believe the risks to their online privacy have increased over the past year. Moreover, 42% believe the risks to their personal and financial information have increased as well.
These findings come as more consumers shift their daily lives online, with greater use of internet banking, more investment in virtual assets, and a proliferation of online activities due to COVID-19. A lot more sensitive personal information is being stored and shared on the web, which is putting increased pressure on passwords and security measures.
As more sensitive personal information is being stored and shared on the web, people are showing a strong preference for increased security overall. For example, when asked to choose between connecting with others from anywhere to always being fully protected, the response was overwhelming in favor of strong protection (63%) over ease of connection (16%). The same sentiment extended to the workplace, where “work meetings that are guaranteed seamless” trailed significantly at 14% versus “meetings that are guaranteed secure” at (62%).
Curious as to what steps you can take to be safer online? A few tools along with a few good habits can go a long way toward keeping your privacy and identity secure.
1. Install and use online protection software: By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like steering you clear of malicious downloads and links, protecting your email from phishing attacks, and providing you with a digital shredder that can permanently remove sensitive documents from your computer (simply deleting them won’t do that alone).
2. Use a VPN: A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
3. Improve your passwords and use multi-factor authentication (MFA): Strong, unique passwords for each of your accounts, updated regularly, offer a strong line of defense against attackers. While this may require a bit of effort, a password manager can do the work for you by securely creating and storing strong, unique passwords for you. Comprehensive online protection software will include a password manager as one of its many features. Additionally, MFA adds yet another layer of security by double-checking your identity beyond your username and password, usually with a text or email. If any of your accounts offer MFA, consider using it.
4. Monitor your accounts: Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
5. Check your credit report: This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
6. Consider using identity protection: In addition to checking your own credit report, an identity protection service provides yet deeper monitoring of your personal information. Identity protection such as ours monitors up to 60 different pieces of vital personal information and notifies you of potential misuse—up to ten months sooner than similar services. In addition to this around-the-clock monitoring, it also provides up to $1 million in coverage for lawyer fees, travel expenses, lost wages, and more.
The post Today’s Trends: Consumers Prioritize Protection Over Convenience appeared first on McAfee Blog.
You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee as its 2021 Product of the Year.
McAfee makes staying safe simple, and now this endorsement by an independent lab says we protect you best.
Over the course of 2021, AV-Comparatives subjected 17 different online protection products to a series of rigorous tests. Their labs investigated each product’s ability to protect against real-world Internet threats, such as thousands of emerging malicious programs and advanced targeted attacks, along with the ability to provide protection without slowing down the computer.
McAfee topped the field, taking home the award for AV-Comparatives’ Product of the Year thanks to our highest overall scores across the seven different testing periods throughout the year. McAfee further took a Gold Award for the Malware Protection Test, in addition to recognition for its clean, modern, and touch-friendly design and for the way that McAfee Firewall coordinates perfectly with Windows.
“We’re honored by the recognition,” says Chief Technology Officer, Steve Grobman. “The strong reputation that AV-Comparatives carries in the industry cements our place as a leader in online protection.” He goes on to say, “Our work continues. The internet is evolving to be integral to every part of our lives. This creates new opportunities for cybercriminals and drives the evolution of the threat landscape. McAfee is committed to staying one step ahead of these sophisticated threats, ensuring customers can safely utilize the full value of our online world.”
Read the full AV-Comparatives annual report and protect yourself and your family with the year’s top-rated antivirus. Give it a look for yourself with a free 30-day trial of McAfee Total Protection, which includes McAfee’s award-winning anti-malware technology plus identity monitoring, Secure VPN, and safe browsing for an all-in-one online protection.
The post McAfee Wins Product of the Year for Best Online Protection appeared first on McAfee Blog.
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see.
Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level that they carry into adulthood, which is one of the several findings we uncovered in our global survey of parents, tweens, and teens this year.
So, what are tweens and teens up to on their mobile devices as they mature? And where do their parents fit in? We asked parents and kids alike. What we found gives us a look into the mobile lives of tweens and teens behind their lock screens.
For starters, parents and their kids alike say that their mobile device is the most important one in their life. Parents placed mobile in their top two with their mobile device or smartphone at 59% followed their computer or laptop at 42%. Tweens and teens put their mobile device or smartphone at the top of the list as well, yet at a decisive 74% worldwide, followed by their gaming console at 68%.
“Parents and their kids alike say that their mobile device is the most important thing in their life.”
Further, tweens and teens place a higher value on their smartphones to keep them connected with friends and family. Some 59% of parents said mobile was essential in this role, whereas tweens and teens put that figure at 64%. For parents, the runner-up device for keeping connected was the computer or laptop at 42%.
Yet quite interestingly, tweens and teens said their second-most important device for keeping connected with others is their gaming console, at 40%, perhaps indicating gaming’s role in creating and fostering friendships today. Of course, plenty of that gaming is happening on mobile as well, with half of all tweens and teens surveyed worldwide saying that they play games on their smartphones.
Broadly speaking, the activities kids do on their phones match up closely with what their parents think they’re doing on their phones. Yet there’s a fair share of secretive activity that happens within that.
Regarding general activity, parents and their tween- and teen-aged children worldwide see eye to eye when it comes to what parents think are their kids’ favorite activities on mobile are and what kids say they actually are:
However, and perhaps unsurprisingly, tweens and teens say they’ve kept some the things they’re watching, browsing, and streaming from their parents. When asked if they sometimes hide specific online activity from their parents, 59% of tweens and teens worldwide said they have done so in some form or other, including:
Worldwide, monitoring apps rank relatively low when it comes to parents keeping tabs on their children’s mobile usage. Use of parental controls software on smartphones came in at a 27% global average, with India (37%) and France (33%) leading the way, while Japan fell on the low end (12%).
Largely, parents appear to take up this work themselves, citing several other ways they take charge of their children’s time online:
Consistent with other research we recently gathered, families are relying on mobile more and more, yet this hasn’t seen an increase in mobile protection for the smartphones they count on.
Our research published in early 2011 found double-digit increases in mobile activities such as online banking, shopping, finances, and doctor visits, all of which can generate high-value data that are attractive to hackers and cybercriminals. Despite this newfound reliance on mobile, many smartphones worldwide remain unprotected. Children’s phones are less protected than their parents’ phones as well.
Taken together, these security lapses can lead to downloaded malware, data and identity theft, illicit crypto mining apps on the device, and other attacks that can put children and families at risk. For a deeper dive, you can view the full report.
Misconceptions about online protection may play a role in these lax measures. This survey found that 49% of parents think a new phone is more secure than a new computer, and 59% of tweens and teens thought the new phone was more secure—both denying the reality that smartphones, and the people using them, are subject to hacks and attacks just like with any other device that connects to the internet.
Amid this climate, more than 1/3 of families reported that a child in their household had been the victim of a financial information leak and 15% stated that there’d been an attempt to steal a child’s online account or identity. With smartphones providing children with a major onramp to the internet, it follows that stronger mobile security could help prevent such attacks from happening.
Protecting mobile devices and the family members who count on them takes on further importance when we consider that children in some nations rely heavily on their smartphones for online learning.
Although using mobile for online learning was relatively low globally at 23%, parents and children in three nations reported a high rate of attending classes and courses on mobile—with India at 54%, Mexico at 42%, and Brazil at 39%, once again posing the possibility that mobile offers many children the most reliable broadband connection required for such instruction. In other words, there are households where broadband comes by way of mobile, rather than a cable or fiber connection.
Meanwhile, other nations saw significantly lower figures for online learning on mobile, such as Germany at 7%, France at 8%, and Japan at 11%. The U.S., Canada, and the UK all reported rates of 17%.
“With smartphones providing children as a major onramp to the internet, it follows that stronger mobile security could prevent such attacks from happening”
Something we’ve yet to mention here is how much online shopping and banking kids are doing on their mobile devices. No question, tweens and teens are doing those things too at a global rate of 25% and 12% across all age groups respectively. Not surprisingly, those numbers climb as teens approach adulthood. This serves as a reminder that our children are maturing hand-in-hand with their smartphones, which asks a few things of us as parents as they grow and adjust to their mobile world.
As with all things parenting, there are moments of where you have a sense of what’s right for you and your child, yet you’re uncertain how to act on it. That’s definitely the case with smartphones and the internet in general. Despite having grown up alongside the internet over the course of our adult lives, we can still have plenty of questions. New ones. Old ones. Ones we weren’t even aware of until they cropped up.
With that, we’re glad you’re dropping by our blog. And you’re more than invited to visit whenever you can. A big focus of ours is providing you, as a parent, with resources that answer your questions, in addition to articles about online protection in general that simply make for good reading. Our aim is to help you think about what’s best for your family and give you some ideas about how you can see that through, particularly as our children grow in this mobile world of ours.
The post A Look Beyond Their Lock Screens: The Mobile Activity of Tweens and Teens appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
The White House recently reissued a warning to American businesses in response to the unprecedented economic sanctions the U.S. has imposed on Russia for the Ukraine invasion, stating, “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.”
Along with this statement, the White House published a fact sheet outlining the new and ongoing steps the government is taking to protect its infrastructure and technologies, along with steps that private businesses can take to protect themselves from attacks as well.
Of course, any successful attack on government operations and the operations of private businesses could potentially affect households as well—such as in the case of data breaches where data or information is stolen from a system, often the personal data and information of individuals.
Word of potential attacks understandably leaves people feeling uncertain and may further leave them wondering if there’s anything they can do to protect themselves. With regards to data breaches and the cases of identity theft that typically follow, there are several steps people can take to keep safer online.
Let’s break down what a data breach looks like, how it can affect you, and what you can do in advance of a breach to protect yourself.
We’ve certainly seen data breaches make the news over the years, which are often (but not always) associated with malicious hackers or hacker organizations. A quick list of some of the largest and most impactful breaches we’ve seen in recent years:
Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location.
What differs with the White House warning is who may end up being behind these potential attacks—a nation-state rather than what are financially motivated hackers or hacking groups. (Some research indicates that nearly 90% of breaches are about the money.) However, the result is the same. Your personal information winds up loose in the world and possibly in the hands of a bad actor.
The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.
Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:
As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.)
The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.
With this information in hand, a crook can commit several types of identity crimes—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get an ID issued in your name as well.
Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or another gain.
The succinct answer is to sign up for an identity protection service. It can monitor dozens of types of personal information and then alert you if any of them are possibly being misused, so you can address any issues right away before they become a potentially much bigger problem.
Further, pairing identity protection with online protection software can protect you even more. With an all-up view of your overall online security—how well you’re protecting yourself and your identity online—it can guide you through steps that can shore up your protection and make you safer still.
When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps.
Given the possibility that your password may be in the hands of a bad actor, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed.
As outlined above, identity protection like ours can monitor a broad set of your personal information and provide you guidance for making it more secure, in addition to getting help from a professional recovery specialist.
For an even closer look at identity theft, we have two articles that can help guide the way if you think you’re a victim, each featuring a series of straightforward steps you can take to set matters right:
No matter how uncertain news of possible cyberattacks may any of us feel, you can take steps to set some of that uncertainty aside. An identity protection service is a strong first move against possible identity theft, as is pairing it with online protection software that keeps you safer online overall. Likewise, knowing the signs of possible identity theft and what you can do to address it right away offer further assurance still—like having the services of a professional recovery specialist to help.
In all, there’s no need to leave yourself wondering at the news from the White House. As an individual, you have it in your power to make yourself and your family safer than they are now.
The post White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
By Oliver Devane
Update: In the past 24 hours (from time of publication) McAfee has identified 15 more scam sites bringing the total to 26. The combined value of the wallets shared on these sites is over $1,300,000 which is an increase of roughly $1,000,000 since this blog was last published. This highlights the scale of this current scam campaign. The table within this blog has been updated to include the new sites and crypto-wallets.
McAfee has identified several Youtube channels which were live-streaming a modified version of a live stream called ‘The B Word’ where Elon Musk, Cathie Wood, and Jack Dorsey discuss various aspects of cryptocurrency.
The modified live streams make the original video smaller and put a frame around it advertising malicious sites that it claims will double the amount of cryptocurrency you send them. As the topic of the video is on cryptocurrency it adds some legitimacy to the websites being advertised.
The original video is shown below on the left and a modified one which includes a reference to a scam site is shown on the right.
We identified several different streams occurring at a similar same time. The images of some are shown below:
The YouTube streams advertised several sites which shared a similar theme. They claim to send cryptocurrency worth double the value which they’ve received. For example, if you send 1BTC you will receive 2BTC in return. One of the site‘s frequently asked questions (FAQ) is shown below:
Here are some more examples of the scam sites we discovered:
The sites attempt to trick the visitors into thinking that others are sending cryptocurrency to it by showing a table with recent transactions. This is fake and is generated by JavaScript which creates random crypto wallets and amounts and then adds these to the table.
The wallets associated with the malicious sites have received a large number of transactions with a combined value of $280,000 as of 5 PM UTC on the 5th of May 2022
| Scam Site | Crypto Type | Wallet | Value as on 5PM UTC 5th May 2022 |
| 22ark-invest[.]org | ETH | 0x820a78D8e0518fcE090A9D16297924dB7941FD4f | $25,726.46 |
| 22ark-invest[.]org | BTC | 1Q3r1TzwCwQbd1dZzVM9mdFKPALFNmt2WE | $29,863.78 |
| 2xEther[.]com | ETH | 0x5081d1eC9a1624711061C75dB9438f207823E694 | $2,748.50 |
| 2x-musk[.]net | ETH | 0x18E860308309f2Ab23b5ab861087cBd0b65d250A | $10,409.13 |
| 2x-musk[.]net | BTC | 17XfgcHCfpyYMFdtAWYX2QcksA77GnbHN9 | $4,779.47 |
| arkinvest22[.]net | ETH | 0x2605dF183743587594A3DBC5D99F12BB4F19ac74 | $11,810.57 |
| arkinvest22[.]net | BTC | 1GLRZZHK2fRrywVUEF83UkqafNV3GnBLha | $5,976.80 |
| doublecrypto22[.]com | ETH | 0x12357A8e2e6B36dd6D98A2aed874D39c960eC174 | $0.00 |
| doublecrypto22[.]com | BTC | 1NKajgogVrRYQjJEQY2BcvZmGn4bXyEqdY | $0.00 |
| elonnew[.]com | ETH | 0xAC9275b867DAb0650432429c73509A9d156922Dd | $0.00 |
| elonnew[.]com | BTC | 1DU2H3dWXbUA9mKWuZjbqqHuGfed7JyqXu | $0.00 |
| elontoday[.]org | ETH | 0xBD73d147970BcbccdDe3Dd9340827b679e70d9d4 | $18,442.96 |
| elontoday[.]org | BTC | bc1qas66cgckep3lrkdrav7gy8xvn7cg4fh4d7gmw5 | $0.00 |
| Teslabtc22[.]com | ETH | 0x9B857C44C500eAf7fAfE9ed1af31523d84CB5bB0 | $27,386.69 |
| Teslabtc22[.]com | BTC | 18wJeJiu4MxDT2Ts8XJS665vsstiSv6CNK | $17,609.62 |
| tesla-eth[.]org | ETH | 0x436F1f89c00f546bFEf42F8C8d964f1206140c64 | $5,841.84 |
| tesla-eth[.]org | BTC | 1CHRtrHVB74y8Za39X16qxPGZQ12JHG6TW | $132.22 |
| teslaswell[.]com | ETH | 0x7007Fa3e7dB99686D337C87982a07Baf165a3C1D | $9.43 |
| teslaswell[.]com | BTC | bc1qdjma5kjqlf7l6fcug097s9mgukelmtdf6nm20v | $0.00 |
| twittergive[.]net | ETH | 0xB8e257C18BbEC93A596438171e7E1E77d18671E5 | $25,918.90 |
| twittergive[.]net | BTC | 1EX3dG9GUNVxoz6yiPqqoYMQw6SwQUpa4T | $99,123.42 |
Scammers have been using social media sites such as Twitter and Youtube to attempt to trick users into parting ways with their cryptocurrency for the past few years. McAfee urges its customers to be vigilant and if something sounds too good to be true then it is most likely not legitimate.
Our customers are protected against the malicious sites detailed in this blog as they are blocked with McAfee Web Advisor
| Type | Value | Product | Blocked |
| URL – Crypto Scam | twittergive[.]net | McAfee WebAdvisor | YES |
| URL – Crypto Scam | tesla-eth[.]org | McAfee WebAdvisor | YES |
| URL – Crypto Scam | 22ark-invest[.]org | McAfee WebAdvisor | YES |
| URL – Crypto Scam | 2xEther[.]com | McAfee WebAdvisor | YES |
| URL – Crypto Scam | Teslabtc22[.]com | McAfee WebAdvisor | YES |
| URL – Crypto Scam | elontoday[.]org | McAfee WebAdvisor | YES |
| URL – Crypto Scam | elonnew[.]com | McAfee WebAdvisor | YES |
| URL – Crypto Scam | teslaswell[.]com | McAfee WebAdvisor | YES |
| URL – Crypto Scam | 2x-musk[.]net | McAfee WebAdvisor | YES |
| URL – Crypto Scam | doublecrypto22[.]com | McAfee WebAdvisor | YES |
| URL – Crypto Scam | arkinvest22[.]net | McAfee WebAdvisor | YES |
The post Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency appeared first on McAfee Blog.
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.
The Costa Rican publication CRprensa.com reports that affected systems at the Costa Rican Social Security Fund (CCSS) were taken offline on the morning of May 31, but that the extent of the breach was still unclear. The CCSS is responsible for Costa Rica’s public health sector, and worker and employer contributions are mandated by law.
A hand-written sign posted outside a public health center in Costa Rica today explained that all systems are down until further notice (thanks to @Xyb3rb3nd3r for sharing this photo).
A hand-written notice posted outside a public health clinic today in Costa Rica warned of system outages due to a cyberattack on the nation’s healthcare systems. The message reads: “Dear Users: We would like to inform you that due a problem related to the information systems of the institution, we are unable to expend any medicine prescriptions today until further notice. Thank you for your understanding- The pharmacy.”
Esteban Jimenez, founder of the Costa Rican cybersecurity consultancy ATTI Cyber, told KrebsOnSecurity the CCSS suffered a cyber attack that compromised the Unique Digital Medical File (EDUS) and the National Prescriptions System for the public pharmacies, and as a result medical centers have turned to paper forms and manual contingencies.
“Many smaller health centers located in rural areas have been forced to close due to not having the required equipment or communication with their respective central health areas and the National Retirement Fund (IVM) was completely blocked,” Jimenez said. “Taking into account that salaries of around fifty thousand employees and deposits for retired citizens were due today, so now the payments are in danger.”
Jimenez said the head of the CCSS has addressed the local media, confirming that the Hive ransomware was deployed on at least 30 out of 1,500 government servers, and that any estimation of time to recovery remains unknown. He added that many printers within the government agency this morning began churning out copies of the Hive ransom note.
Printers at the Costa Rican government health ministry went crazy this morning after the Hive ransomware group attacked. Image: Esteban Jimenez.
“HIVE has not yet released their ransom fee but attacks are expected to follow, other organizations are trying to get a hold on the emergency declaration to obtain additional funds to purchase new pieces of infrastructure, improve their backup structure amongst others,” Jimenez said.
A copy of the ransom note left behind by the intruders and subsequently uploaded to Virustotal.com indicates the CCSS intrusion was the work of Hive, which typically demands payment for a digital key needed to unlock files and servers compromised by the group’s ransomware.
A HIVE ransomware chat page for a specific victim (redacted).
On May 8, President Chaves used his first day in office to declare a national state of emergency after the Conti ransomware group threatened to publish gigabytes of sensitive data stolen from Costa Rica’s Ministry of Finance and other government agencies. Conti initially demanded $10 million, and later doubled the amount when Costa Rica refused to pay. On May 20, Conti leaked more than 670 gigabytes of data taken from Costa Rican government servers.
As CyberScoop reported on May 17, Chaves told local media he believed that collaborators within Costa Rica were helping Conti extort the government. Chaves offered no information to support this claim, but the timeline of Conti’s descent on Costa Rica is worth examining.
Most of Conti’s public communications about the Costa Rica attack have very clearly assigned credit for the intrusion to an individual or group calling itself “unc1756.” In March 2022, a new user by the same name registered on the Russian language crime forum Exploit.
A message Conti posted to its dark web blog on May 20.
On the evening of April 18, Costa Rica’s Ministry of Finance disclosed the Conti intrusion via Twitter. Earlier that same day, the user unc1756 posted a help wanted ad on Exploit saying they were looking to buy access to “special networks” in Costa Rica.
“By special networks I mean something like Haciendas,” unc1756 wrote on Exploit. Costa Rica’s Ministry of Finance is known in Spanish as the “Ministerio Hacienda de Costa Rica.” Unc1756 said they would pay $USD 500 or more for such access, and would work only with Russian-speaking people.
Experts say there are clues to suggest Conti and Hive are working together in their attacks on Costa Rica, and that the intrusions are tied to a rebranding effort by Conti. Shortly after Russia invaded Ukraine at the end of February, Conti declared its full support, aligning itself directly with Russia and against anyone who would stand against the motherland.
Conti’s threatening message this week regarding international interference in Ukraine.
Conti quickly deleted the declaration from its website, but the damage had already been done, and any favor or esteem that Conti had earned among the Ukrainian cybercriminal underground effectively evaporated overnight.
Shortly thereafter, a Ukrainian security expert leaked many months worth of internal chat records between Conti personnel as they plotted and executed attacks against hundreds of victim organizations. Those candid messages exposed what it’s like to work for Conti, how they undermined the security of their targets, as well as how the group’s leaders strategized for the upper hand in ransom negotiations.
But Conti’s declaration of solidarity with the Kremlin also made it increasingly ineffective as an instrument of financial extortion. According to cyber intelligence firm ADVIntel, Conti’s alliance with the Russian state soon left it largely unable to receive ransom payments because victim companies are being advised that paying a Conti ransom demand could mean violating U.S. economic sanctions on Russia.
“Conti as a brand became associated with the Russian state — a state that is currently undergoing extreme sanctions,” ADVIntel wrote in a lengthy analysis (PDF). “In the eyes of the state, each ransom payment going to Conti may have potentially gone to an individual under sanction, turning simple data extortion into a violation of OFAC regulation and sanction policies against Russia.”
Conti is by far the most aggressive and profitable ransomware group in operation today. Image: Chainalysis
ADVIntel says it first learned of Conti’s intrusion into Costa Rican government systems on April 14, and that it has seen internal Conti communications indicating that getting paid in the Costa Rica attack was not the goal.
Rather, ADVIntel argues, Conti was simply using it as a way to appear publicly that it was still operating as the world’s most lucrative ransomware collective, when in reality the core Conti leadership was busy dismantling the crime group and folding themselves and top affiliates into other ransomware groups that are already on friendly terms with Conti.
“The only goal Conti had wanted to meet with this final attack was to use the platform as a tool of publicity, performing their own death and subsequent rebirth in the most plausible way it could have been conceived,” ADVIntel concluded.
ADVIntel says Conti’s leaders and core affiliates are dispersing to several Conti-loyal crime collectives that use either ransomware lockers or strictly engage in data theft for ransom, including AlphV/BlackCat, AvosLocker, BlackByte, HelloKitty, Hive, and Karakurt.
Still, Hive appears to be perhaps the biggest beneficiary of any attrition from Conti: Twice over the past week, both Conti and Hive claimed responsibility for hacking the same companies. When the discrepancy was called out on Twitter, Hive updated its website to claim it was not affiliated with Conti.
Conti and Hive’s Costa Rican exploits mark the latest in a string of recent cyberattacks against government targets across Latin America. Around the same time it hacked Costa Rica in April, Conti announced it had hacked Peru’s National Directorate of Intelligence, threatening to publish sensitive stolen data if the government did not pay a ransom.
But Conti and Hive are not alone in targeting Latin American victims of late. According to data gathered from the victim shaming blogs maintained by multiple ransomware groups, over the past 90 days ransom actors have hacked and sought to extort 15 government agencies in Brazil, nine in Argentina, six in Colombia, four in Ecuador and three in Chile.
A recent report (PDF) by the Inter-American Development Bank suggests many Latin American countries lack the technical expertise or cybercrime laws to deal with today’s threats and threat actors.
“This study shows that the Latin American and Caribbean (LAC) region is not sufficiently prepared to handle cyberattacks,” the IADB document explains. “Only 7 of the 32 countries studied have a critical infrastructure protection plan, while 20 have established cybersecurity incident response teams, often called CERTs or CSIRTs. This limits their ability to identify and respond to attacks.”
FreshRSS 