DNSTrails v1.0 – DNS intelligence database

DNSTrails is an intelligence database, featuring IP and Domain related data such as current and historical DNS records, current and historical WHOIS, technologies used, subdomains and the ability to...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

OWASP Joomscan v0.0.1

OWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them. If you want to do a...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

GAN v1.0 – A SSL Subdomain Extractor

GetAltName (or GAN) is a tool that extracts sub-domains or virtual domains directly from SSL certificates found in HTTPS sites. It returns a handy list of sub-domains to ease the phase of information...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Enumdb Beta – Brute Force MySQL and MSSQL Databases

Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases. When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials. By...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

T.rex_scan v0.2 – Integrate Tools to Audit Web Sites

T.rex_scan only facilitates the visualization when auditing a web page. With this script you can optimize your time, reducing the time you audit a page web since T.rex_scan executes the task you...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Recon Village @ DEFCON 2018 (Hackathon)

ToolsWatch likes open source tools, for that reason we will participate in the Recon Village @ DEF CON 2018 as part of jury. Maxi Soler will be there 🙂 Recon Village is an Open Space with Talks,...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Network security simplified with Amazon VPC Ingress Routing and Trend Micro

Today, Amazon Web Services (AWS) announced the availability of a powerful new service, Amazon Virtual Private Cloud (Amazon VPC) Ingress Routing. As a Launch Partner for Amazon VPC Ingress Routing, we at Trend Micro are proud to continue to innovate alongside AWS to provide solutions to customers—enabling new approaches to network security. Trend Micro TippingPoint and Trend Micro Cloud One integrate with Amazon VPC Ingress Routing deliver network security that allows customers to quickly obtain compliance by inspecting both ingress and egress traffic. This gives you a deployment experience designed to eliminate any disruption in your business.

Cloud network layer security by Trend Micro

A defense-in-depth or layered security approach is important to organizations, especially at the cloud network layer. That being said, customers need to be able to deploy a solution without re-architecting or slowing down their business, the problem is, previous solutions in the marketplace couldn’t meet both requirements.

So, when our customers asked us to bring TippingPoint intrusion prevention system (IPS) capabilities to the cloud, we responded with a solution. Backed by industry leading research from Trend Micro Research, including the Zero Day Initiative, we created a solution that includes cloud network IPS capabilities, incorporating detection, protection and threat disruption—without any disruption to the network.

At AWS re:Invent 2018, AWS announced the launch of Amazon Transit Gateway. This powerful architecture enables customers to route traffic through a hub and spoke topology. We leveraged this as a primary deployment model in our Cloud Network Protection, powered by TippingPoint, cloud IPS solution, announced in July 2019. This enabled our customers to quickly gain broad security and compliance, without re-architecting. Now, we’re adding a flexible new deployment model.

 

Enhancing security through partnered innovation

This year we are excited to be a Launch Partner for Amazon VPC Ingress Routing, a new service that allows for customers to gain additional flexibility and control in their network traffic routing. Learn more about this new feature here.

Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.

By enabling customers to redirect their north-south traffic flowing in and out of a VPC through internet gateway and virtual private gateway to the Trend Micro cloud network security solution. Not only does this enable customers to screen all external traffic before it reaches the subnet, but it also allows for the interception of traffic flowing into different subnets, using different instances of the Trend Micro solution.

Trend Micro customers now have the ability to have powerful cloud network layer security in AWS leveraging Amazon VPC Ingress Routing. With this enhancement, customers can now deploy in any VPC, without any disruptive re-architecture and without introducing any additional routing or proxies. Deploying directly inline is the ideal solution and enables simplified network security without disruption in the cloud.

 

What types of protection can customers expect?

When you think of classic IPS capabilities, of course you think of preventing inbound attacks. Now, with Amazon VPC Ingress Routing and Trend Micro, customers can protect their VPCs in even more scenarios. Here is what our customers are thinking about:

• Protecting physical and on-premises assets by routing that traffic to AWS via DirectConnect or VPN
• Detecting compromised cloud workloads (cloud native or otherwise) and disrupting those attacks, including DNS filters and geo-blocking capabilities
• Preventing lateral movement between multi-tiered applications or between connected partner ecosystems
• Prevention for cloud-native threats, including Kubernetes® and Docker® vulnerabilities, and container image and repository compromises occurring when pulled into VPCs

 

Trend Micro Cloud One ­– Network Security

Amazon VPC Ingress Ingress Routing will be available as a deployment option soon for Cloud Network Protection, powered by TippingPoint, available in AWS Marketplace. It will also be available upon release of our recently announced Trend Micro Cloud One – Network Security, a key service in Trend Micro’s new Cloud One, a cloud security services platform.

The post Network security simplified with Amazon VPC Ingress Routing and Trend Micro appeared first on .

You’re In Safe Hands with Trend Micro Home Network Security

A three-part series on using Home Network Security to protect your home

Your home should be a haven that protects you. In the cyber age, however, your router, computers, and TVs, your game consoles and smart devices, are continuously connected to the internet and run the risk of being hacked—usually when you least expect it and often without your knowledge. Not only can cybercriminals invade your privacy, they can steal your data, your money and even your identity—if you don’t put the appropriate security measures in place.

Trend Micro Home Network Security (HNS) is specifically designed to be that key security measure for your home network. Attach the HNS station to your router, download and install the management app, pair them up, and HNS immediately begins protecting all the connected devices in your home against a wide variety of threats. These include network intrusions, risky remote connections, phishing, ransomware, harmful websites and dangerous downloads.

Though setup, configuration, monitoring, and maintenance are pretty straightforward, to get the most out of HNS, we’ve written a three-part series to teach you how to maximize its use:

	Part 1 of the series centers on initial setup and configuration. Choose the right security settings in HNS to maximize its effectiveness in your network. Part 2 is devoted to configuring Parental Controls to best fit your family. Part 3 targets some best practices for daily and weekly monitoring and maintenance over time.

Sound good? Let’s get started with Part 1!

Part 1: Home Network Security: Setup and Configuration

Once you take the Home Network Security Station out of its box, setup and connection is quick and easy:

Plug the Power and the Ethernet cables provided into the station. Plug the Ethernet cable into your router and then the power adapter into an outlet. Watch for the green blinking light while you connect your smartphone to the same network via WiFi. This indicates it’s ready to activate. Download the Home Network Security app from Google Play or Apple App Store and install it. When prompted, enter your 16-character Pairing Code in the screen, provided in your box and on the back of your HNS Station. Upon the Connection Successful message, sign into your Trend Micro Account to complete activation. HNS will register to your Account and automatically scan your network for connected devices. You’re already protected!

Configuration Modes

Trend Micro’s Home Network Security station is designed to be a Plug-n-Protect device. Upon being connected to your router, it will attempt to automatically sense and enable the optimal Mode.

However, if you are experiencing network instability or connection issues, you can also choose the Mode manually from one of four Modes available for the best performance with your particular router. In order to select the correct Mode, you should first determine your router’s optimal Mode. Go to the HNS eSupport website to check the compatibility of your router or to search for its brand and model. The optimal Mode is indicated for tested routers.

While most routers support the default setting automatically, a small number may require manual setup. An even smaller number are not compatible with Trend Micro Home Network Security.

Some additional information about HNS’s station Modes:

	Modes 1-3 do not require any changes to your router. A 4th DHCP Mode allows you to configure Home Network Security as a DHCP Server (which assigns IP addresses to your devices on the network) but this requires you to first disable your router’s DHCP server. You can find details about it on the HNS DHCP eSupport page.

If you change the mode, run a Test Status check 5 minutes after changing the settings.

Off to a Good Start

As mentioned, after the initial setup, Trend Micro Home Network Security automatically does a network check to see what devices are on your network. (As part of its improved device recognition in version 2.5, released in November 2019, HNS offers more than 150 device icons to help make managing your devices even easier.) If you tap the View Devices button in the resulting popup, HNS provides you with a list of All Devices on the network. By default these online devices are Unassigned. You can create family member profiles, then assign specific devices to each family member later on. (Further information regarding Family Profiles will be discussed in Part 2 of this article series.)

At any time, tap Check Devices to initiate a manual security scan. Once the scan ends, you may see Action Required items displayed in the Dashboard indicator. Tap them to review them. The Action Required screen indicates any security issues that have been discovered. When you tap the panel, you will be able to obtain the Issue Details and read the Potential Risk description to better understand the issue and what you can do to resolve it—or you can also tap Skip for Now to skip the remediation process.

If you decide to proceed with remediation, the HNS App loads your mobile browser and takes you to the Trend Micro eSupport site, which provides more details on the issue. You can scroll through the page to learn more about the possible risks it poses, what you can do to prevent the problem from happening in the future, and places to go for more answers to any questions you may have.

Back in the Dashboard, you can review the HNS Summary protection results in the Security, Parental Controls, Family Members, Top Attacked Devices, and Network Usage panels. You can either tap individual items—e.g., Vulnerability Found, Network Attacks, Web Threats Blocked, etc.—to reveal information on the various threats by device; or you can tap individual panels to show additional details about particular attacks or threats. For a more detailed look, you can check the Timeline to review individual events, which can be filtered by type, such as Security, Parental Controls, Connections, Action Required and System.

Recommended Network and Security Settings

There are a number of useful features that are disabled by default. You can enable these features to heighten your home network protection and maximize user convenience.

New Device Approval asks for your permission to approve network access when a new device attempts to join your home network. This component gives you control over the devices that are allowed access to your home network. Remote Access Protection limits remote desktop programs from connecting to your devices. This feature prevents Tech support scams that usually begin with fraudulent phone calls, or infected websites with malicious and fake popups, which can lead to fraudsters installing remote access software on the victim’s computer to gain access to its content. Those working from home who need to use remote access programs need not worry because they can set exceptions for their specific device and app. Voice Control lets you issue voice commands to Alexa to perform specific functions on HNS. You can conduct a scan, obtain your home network’s security status, pause internet usage, disable internet access for a user, and so on. Router Access Protection prevents malicious router attacks by blocking unauthorized access to your Primary Router’s Admin Console. Ad Block lets you filter out unwanted ads on all your connected devices for privacy protection and a better web browsing experience. Early Access Program features let you try the latest protection from HNS, while providing feedback to Trend Micro to help these features improve and evolve. Cyberattack Shield proactively protects all the devices in your home network from threat outbreaks by remotely deploying firewall policies.

For now, this should be enough to get you off to a good start with Trend Micro Home Network Security. Watch for Part 2 of our HNS Series, where we help you create profiles for family members and set up Parental Controls.

For more information about HNS, go to Trend Micro Home Network Security. For more online support, go to Trend Micro Home Network Security eSupport.

The post You’re In Safe Hands with Trend Micro Home Network Security appeared first on .

How to Speed Up a Slow PC Running Windows OS

Working with a slow PC is always annoying and frustrating. Enduring sudden frozen windows and stuttered animations can make you want to throw the machine out the window.

Take a deep breath, and consider these 8 tips on how to fix a slow PC running Windows.

 

 

Why is my Windows Running Slow?

First, here is a general analysis on why your Windows PC is running slow:

	Your computer is running out of memory (RAM) Your PC mode settings There are too many startup items and background programs Useless features or animation Insufficient disk space Too cluttered registry Malware and Virus Infection Unneeded third-party software

1. Restart your Computer

Many users are accustomed to keeping their computers running for several weeks. Their PC is either running or sleeping with the processes saved all the time. This means the running programs are occupying and filling up their RAM continuously, which can lead to the PC running extremely slowly. In addition, the computer might suffer from some bugs, which trigger programs to eat up much more RAM than they should. To avoid these troubles, restart your PC by clicking on the Windows button, selecting the ‘Power’ button, and choosing the ‘Restart’ button at least once a week.

A small hint: make sure you have saved your ongoing work before you shut down your computer.

2. Adjust setting modes

This is a very simple but often overlooked way to boost your PC’s performance. However, it sacrifices a bit of standby time. When you are not worrying about the state of charge and just pursuing maximum efficiency, you can consider opening Advanced System Setting in Windows for this trick.

Enter “Control Panel” in the Cortana search box in the taskbar. In the pop-up window, click “System,” and then click “Advanced system settings” in the left window, as shown below:

Click “Settings” in the performance bar, as shown in the following figure:

In the pop-up window, you can see that there are four setting modes, set “Adjust for best performance,” and then click OK, as shown in the following figure:

3. Disable Startup Programs

Startup items are programs that the system will run in the foreground or background once your computer is ON. When you download and install software, the “start-up” is usually a default choice. Therefore, if the software is not commonly used and you do not need to use it every time you start your PC, you can remove the check because it can slow down system speed. If you forgot to remove the check when installing the application, you can also make changes using the Task Manager.

To check and manage your startup programs, open the Task Manager (Ctrl + Alt + Del), then switch to the ‘Startup’ tab. You’ll also see the “Startup impact” of each startup program — either Low, Medium, or High. If you see “Not measured,” that’s because it was recently added and Windows hasn’t had a chance to observe the program’s behavior yet.

To prevent a program from launching on startup just right-click and choose “Disable.”

If you are not sure whether you can safely disable some programs, you can search the program online and learn about its function. If you are a little worried, you can download a PC cleaner app, which can automatically identify and classify these items and help you delete the unnecessary ones in batches. Remember to choose those apps without pop-up advertisements and hidden fees.

In addition, you can see the first tab named “Processes” in the picture above. Too many programs running simultaneously can slow down the system speed as well. Some programs may continue running in the background even after you have closed them. Under the “Processes” tab, you can select them and click ‘End task’ at the bottom right. However, be careful about this action because you might close some important processes needed to run Windows.

4. Turn off windows tips and tricks

When searching ways to speed up your PC online, your PC will ask you to disable the “Visual Effects” feature as they use up your PC’s performance. However, this operation needs you to balance the operating speed and the appearance of your PC, and even adjust those settings many times to achieve satisfying visual effects. Instead, here is an item that you can change without a hitch.

When you use a windows PC, Windows will always pay attention to what you are doing and provide tips on what you may want to do with your computer. You may find these tips unhelpful and even feel offended by its constant virtual viewing over your shoulders.

If you want to speed up your PC, you can ask Windows to stop giving you advice. To do this, click the START button, select the Settings icon, and then go to Systems > Notification & actions. Scroll down to the notifications section and uncheck the box labeled “Get tips, tricks, and suggestions as you use Windows.”

5. Run Disk Cleanup

Do not let that “Disk space is almost full” message pop up and stop your work. Too many junk files, useless big files and duplicate files usually cause insufficient disk space. To save gigabytes of disk space for things you really need, you should clean them regularly to free up space.

Here are steps on how to use the built-in Windows utility to run disk cleanup:

Press “WINDOWS + R” and enter the cleanmgr command with parameters:

cleanmgr /sageset

In the Disk Cleanup Settings window, you can find items you can clean.

Note that this operation is only the setting operation of the checked item. It has not been actually cleaned. After clicking OK, you need to press “WINDOWS + R” and enter “cleanmgr /sagerun:99”, and then it can execute specific cleanup operations.

You can also turn ON the storage sense function to remove unnecessary files automatically.

Enter Settings > System > Storage, and then turn ON the Storage sense function to allow Windows to clean up temporary files automatically. It can be set to run automatically every day, every fortnight, every month, or every two months.

Definitely, some cleanup apps can help you do the work more quickly and accurately. Besides useless files, they can even retrieve and delete similar photos. You can evaluate and download them according to your own needs.

6. Clean out your Registry

Registry is an important database, which is used to store the setting information of system and application program running in Windows. As early as Windows 3.0 introduced OLE technology, the registry has appeared. Windows NT was the first operating system to make extensive use of the registry at the system level. However, since the beginning of the Microsoft Windows 95 operating system, the registry has been a critical database that will continue to play a role in the subsequent operating systems.

The command to open the registry is:

Regedit or regedit.exe, regedt32 or regedt32.exe

Under normal circumstances, you can click the operation in the START menu (WINDOWS + R), and then enter regedit or regedit.exe and click OK to open the registry editor of Windows operating system.

The registry is a very messy thing. For example, when a program is uninstalled, the program’s settings are not always cleared in the registry. So over time, it will be filled with various outdated settings. This may lead to poor performance of your PC system.

A word of caution: Editing the registry manually is risky. A mistake can lead to system-level interruptions. Therefore, to clean the registry, it is recommended that a professional registry cleaner is used.

7. Malware and Virus Infection

As we all know, malware and viruses will infect the computer and make it run more sluggishly. There are a large number of antivirus apps in the marketplace. Trend Micro offers several options to consider.

8. Disable third-party services  

If you installed a lot of software on your PC, the system may become chaotic and some unexpected problems might occur. For example, several security applications are running at the same time can create conflicts that make the system misbehave. You can disable all third-party software services and only keep the system itself. The system status will also be called “Clean Boot.”

Here is how to perform a clean boot of Windows:

Press “WINDOWS + R” and type “msconfig”, then click OK. Open System Configuration, go to the Services tab and put a tick in the “Hide all Microsoft services” box at the bottom left before choosing the items and hitting Disable all.

We hope the listed solutions can help you boost your PC performance conveniently. Manually checking what is wrong with your Windows can be time-consuming and painstaking. When those irritating system messages pop up and interfere with your work, it is time to turn to a trusted all-in-one system care utility like Cleaner One. By employing this productive worker, you can retrieve and delete unnecessary items, have less clutter, make your computer more efficient, and optimize your Windows OS with just a few clicks. Why not give it a go?

The post How to Speed Up a Slow PC Running Windows OS appeared first on .

Parental Controls – Trend Micro Home Network Security has got you covered

We continue our three-part series on protecting your home and family. If you missed our first part, you can find it here. 

Are your kids at that formative age when they’re beginning to use mobile devices? How about at that inquisitive age when they start to discover the wonders of the Internet? Or that age when they tend to be more carefree and self-indulgent?

The Internet and the digital devices our children use are valuable tools when used the right way. They give them access to a wide range of information, pave the way to explore worthwhile ideas, and keep them socially connected with family, relatives and friends. That said, though there are big advantages to kids’ use of the Internet, there are dangers as well. Part 2 of our 3-part series on home network security discusses those dangers to your children and what you can do to protect them, leveraging Trend Micro Home Network Security’s Parental Controls to help you do so.

Internet Access Threats are Real

Gone are the days when simple malware was the focal point for internet safety. Nowadays, children have so many devices giving them access to the internet, unknown dangerous situations have multiplied. As a parent, the challenges include the following:

Your children can come across unwanted or explicit content (such as porn), whether intentionally or unintentionally. Your children can become victims of cyber bullies or internet predators through messaging apps they use or websites they visit. Your kids could be concealing their delinquent online activities from you. There also may be apps your kids are using that you don’t approve of. Conversely, there may be apps you approve, but your kids are spending too much time on them. Your youngers could be consuming too much time with their digital devices, instead of studying or doing other productive activities.

Parental Controls: Your Silent Partner

Finding the right balance between parenting and controlling the child’s use or possible misuse of the internet is tricky. Here’s where Trend Micro Home Network’s (HNS) Parental Controls can come in. In addition to protecting your home network from security risks and attacks, HNS also provides a robust and flexible parental control system to keep internet usage safe for your children. Controls include:

Web Access Control and Monitoring, which gives parents the ability to allot Daily Time Quotas as well as to implement a Customizable Schedule for your child’s screen time. The controls include the means to Pause Internet Access by each Family Member’s Profile; and they also provide general Online Connectivity Monitoring for observing family members’ internet usage. Website and Content Filtering blocks inappropriate websites and content. It also enables parents to turn on Google Safe Search and YouTube Restricted Mode. App Controls manages YouTube Pause and Time Limits. In addition, App Detection alerts you if your children are detected using potentially inappropriate apps.

Parental Controls that Work for You

Protecting your family members online starts with Adding a Profile.

You can add a new Profile for each Family Member and assign to them the devices they control. To do this, you can just simply tap Family in the Command Menu and choose the family member by tapping Add Someone. This will let you provide the Profile Name and Profile Picture as well as Assign Devices to the person by tapping the device(s) in the Unassigned panel. The devices you select will then be automatically moved into the ownership panel for that person. Tap Done and you’ll be presented with the Settings screen for that child’s Profile, where you can configure Parental Controls as you see fit.

Website Filtering

Next, let’s proceed with the most common component: Website Filtering.

To set this up, tap Set Up Now for Filtering to block inappropriate websites and content for this family member. Once the Filtering screen appears, you can toggle on Get Notifications for this family member when selected websites are visited, and Block to block selected websites for this family member’s profile. You can also tap the appropriate pre-configured setting for the Age Level for this particular profile. You can choose from Child, Pre-Teen, and Teen; or tap Custom to manually select categories and subcategories to block. Filtered Categories include: Adult or Sexual (e.g. Pornography), Communication or Media (e.g. Social Networking), Controversial (e.g. Violence, Hate, Racism) and Shopping and Entertainment (e.g. Games, Gambling). There may be instances where you may want to set exceptions to allow specific websites to be accessed or blocked. To do so, tap Set Exceptions and then add the website URL to either the Allowed List or Denied List.

Content Filtering

Moving on, you can also set up Content Filtering.

	Setting up Content Filtering is quite straightforward. For example, you can toggle Turn On Google Safe Search to filter Google search results on your child’s phone, tablet or computer within your home network. Likewise, all you need to do to restrict mature, inappropriate and offensive content on YouTube search results on your child’s devices is to toggle Turn On YouTube Restricted Mode.

App Controls

To continue, there are apps that parents disapprove of, but there are always those instances when the children try to use them anyway against their parent’s wishes. That’s when you can choose to be informed of the Inappropriate Apps Used by your children.

	You can achieve this by tapping Set Up Now under Inappropriate App Used and then enabling Get Notifications. You can then choose from the App Categories such as Games, Adult, Social Network or Chat, Shopping or Advertisement, Media/Streaming, Dating and VPN, which will send an alert once those selected apps are used by your kids on their respective devices.

Time Limits and Notifications

Even when you try to teach your kids about being responsible about their online time, it’s easier said than done. Thus, parents or guardians can schedule the hours of screen time their children are allowed each day, along with the hours when screen time is available. HNS’s Parental Controls provide both of these features and more.

To set up Time Limits, just tap Set Up Now to bring up Add First Rule. You can select the days for this rule and the number of hours per day that your child can use the internet. You can indicate the Internet Time Limit and Time on YouTube by scrolling back and forth to see the limits available, then tap the total time per day you want to allow. Once you set the limits, you may want to toggle Get Notifications to tip you off when your child reaches the limit. Next, you’ll set the time period when your child can use the Internet by tapping the From and To fields, and moving the Time Wheelbar accordingly for the Beginning and Ending You can opt to be informed by selecting Get Notifications when your child attempts to use the internet outside the allowed time period, as well as Block Internet Access for the child when they do. Before tapping Done to finalize the rule(s), the Rule Complete screen shows a summary of the rule you’ve set, providing a clock to show the Allowed Time, the Days for which the rule is set, the Hours of Internet allowed, including any time allowed for YouTube viewing, and the Times

Connection Alerts

Last but not least, since it’s tough to keep monitoring when your child is online, tapping Trend Micro HNS’ Connection Alert to toggle it on makes it easier for parents to get notifications when their kid’s digital devices connect to the home network during a specified time period.

In the end, Trend Micro Home Network Security’s Parental Controls can assist parents in dealing with the online safety challenges all children are exposed to in the 21^st century. HNS’ flexible and intuitive feature set comprised of Filtering, Inappropriate App Used, Time Limits and Connection Alerts support every parent or guardian’s goal to ensure a safe and secure internet experience for their kids. Coupled with kind face-to-face conversations, where you let your children know your care for them extends to how they use the Internet, HNS becomes your silent partner when ensuring your family’s safety.

For more information, go to Trend Micro Home Network Security.

The post Parental Controls – Trend Micro Home Network Security has got you covered appeared first on .

The Everyday Cyber Threat Landscape: Trends from 2019 to 2020

The past 12 months have been another bumper year for cybercrime affecting everyday users of digital technology. Trend Micro blocked more than 26.8 billion of these threats in the first half of 2019 alone. The bad news is that there are many more out there waiting to steal your personal data for identity fraud, access your bank account, hold your computer to ransom, or extort you in other ways.

To help you stay safe over the coming year we’ve listed some of the biggest threats from 2019 and some trends to keep an eye on as we hit the new decade. As you’ll see, many of the most dangerous attacks will look a lot like the ones we warned about in 2019.

As we enter 2020 the same rules apply: stay alert, stay sceptical, and stay safe by staying protected.

Top five threats of 2019

Cybercrime is a chaotic, volatile world. So to make sense of the madness of the past 12 months, we’ve broken down the main type of threats consumers encountered into five key areas:

Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. As the gateway to our home networks, routers are particularly at risk. It’s a concern that 83% are vulnerable to attack. There were an estimated 105m smart home attacks in the first half of 2019 alone.

Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion such email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware.

Mobile security threats: Hackers are also targeting our smartphones and tablets with greater gusto. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking Android apps, like the Agent Smith adware that infected over 25 million handsets globally this year. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own.

Online accounts under attack: Increasingly, hackers are after our log-ins: the virtual keys that unlock our digital lives. From Netflix to Uber, webmail to online banking, access to these accounts can be sold on the dark web or they can be raided for our personal identity data. Individual phishing attacks is one way to get these log-ins. But an increasingly popular method in 2019 was to use automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected.

Breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be successfully targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware.

What to look out for in 2020

Smart homes under siege: As we invest more money in smart gadgets for our families, expect hackers to double down on network attacks. There’s a rich bounty for those that do: they can use an exposed smart endpoint as a means to sneak into your network and rifle through your personal data and online accounts. Or they could monitor your house via hacked security cameras to understand the best time to break in. Your hacked devices could even be recruited into botnets to help the bad guys attack others.

Social engineering online and by phone: Attacks that target user credulity are some of the most successful. Expect them to continue in 2020: both traditional phishing emails and a growing number of phone-based scams. Americans are bombarded by 200 million automated “robocalls” each day, 30% of which are potentially fraudulent. Sometimes phone fraud can shift quickly online; for example, tech support scams that convince the user there’s something wrong with their PC. Social engineering can also be used to extort money, such as in sextortion scams designed to persuade victims that the hacker has and is about to release a webcam image of them in a “compromising position.” Trend Micro detected a 319% increase in these attacks from 2H 2018 to the first half of 2019.

Threats on the move: Look out for more mobile threats in 2020. Many of these will come from unsecured public Wi-Fi which can let hackers eavesdrop on your web sessions and steal identity data and log-ins. Even public charging points can be loaded with malware, something LA County recently warned about. This comes on top of the escalating threat from malicious mobile apps.

All online accounts are fair game: Be warned that almost any online account you open and store personal data in today will be a target for hackers tomorrow. For 2020, this means of course you will need to be extra careful about online banking. But also watch out for attacks on gaming accounts.  Not only your personal identity data and log-ins but also lucrative in-game tokens will become highly sought after. Twelve billion of those recorded 55 billion credential stuffing attacks were directed at the gaming industry.

Worms make a comeback: Computer worms are dangerous because they self-replicate, allowing hackers to spread attacks without user interaction. This is what happened with the WannaCry ransomware attacks of 2017. A Microsoft flaw known as Bluekeep offers a new opportunity to cause havoc in 2020. There may be more out there.

How to stay safe

Given the sheer range of online threats facing computer users in 2020, you’ll need to cover all bases to keep your systems and data safe. That means:

Protecting the smart home with network monitoring solutions, regular checks for security updates on gadgets/router, changing the factory default logins to strong passwords, and putting all gadgets onto a guest network.

Tackling data-stealing malware, ransomware and other worm-style threats with strong AV from a reputable vendor, regular patching of your PC/mobile device, and strong password security (as given below).

Staying safe on the move by always using VPNs with public Wi-Fi, installing AV on your device, only frequenting official app stores, and ensuring you’re always on the latest device OS version. And steer clear of public USB charging points.

Keeping accounts secure by using a password manager for creating and storing strong passwords and/or switching on two-factor authentication where available. This will stop credential stuffing in its tracks and mitigate the impact of a third-party breach of your log-ins. Also, never log-in to webmail or other accounts on shared computers.

Taking on social engineering by never clicking on links or opening attachments in unsolicited emails, texts or social media messages and never giving out personal info over the phone.

How Trend Micro can help

Fortunately, Trend Micro fully understands the multiple sources for modern threats. It offers a comprehensive range of security products to protect all aspects of your digital life — from your smart home, home PCs, and mobile devices to online accounts including email and social networks, as well as when browsing the web itself.

Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.

Trend Micro Security: Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media.

Trend Micro Mobile Security: Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks.

Trend Micro Password Manager: Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to.

Trend Micro WiFi Protection: Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks.

Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so.

The post The Everyday Cyber Threat Landscape: Trends from 2019 to 2020 appeared first on .

The Summit of Cybersecurity Sits Among the Clouds

Trend Micro Apex One as a Service

You have heard it before, but it needs to be said again—threats are constantly evolving and getting sneakier, more malicious, and harder to find than ever before.

It’s a hard job to stay one step ahead of the latest threats and scams organizations come across, but it’s something Trend Micro has done for a long time, and something we do very well! At the heart of Trend Micro security is the understanding that we have to adapt and evolve faster than hackers and their malicious threats. When we released Trend Micro OfficeScan 11.0, we were facing browser exploits, the start of advanced ransomware and many more new and dangerous threats. That’s why we launched our connected threat defense approach—allowing all Trend Micro solutions to share threat information and research, keeping our customers one step ahead of threats.

 

With the launch of Trend Micro OfficeScan XG, we released a set of new capabilities like anti-exploit prevention, ransomware enhancements, and pre-execution and runtime machine learning, protecting customers from a wider range of fileless and file-based threats. Fast forward to last year, we saw a huge shift in not only the threats we saw in the security landscape, but also in how we architected and deployed our endpoint security. This lead to Trend Micro Apex One, our newly redesigned endpoint protection solution, available as a single agent. Trend Micro Apex One brought to the market enhanced fileless attack detection, advanced behavioral analysis, and combined our powerful endpoint threat detection capabilities with our sophisticated endpoint detection and response (EDR) investigative capabilities.

 

We all know that threats evolve, but, as user protection product manager Kris Anderson says, with Trend Micro, your endpoint protection evolves as well. “While we have signatures and behavioral patterns that are constantly being updated through our Smart Protection Network, attackers are discovering new tactics that threaten your company. At Trend Micro, we constantly develop and fine-tune our detection engines to combat these threats, real-time, with the least performance hit to the endpoint. This is why we urge customers to stay updated with the latest version of endpoint security—Apex One.”

Trend Micro Apex One has the broadest set of threat detection capabilities in the industry today, and staying updated with the latest version allows you to benefit from this cross-layered approach to security.

 

One easy way to ensure you are always protected with the latest version of Trend Micro Apex One is to migrate to Trend Micro Apex One as a Service. By deploying a SaaS model of Trend Micro Apex One, you can benefit from automatic updates of the latest Trend Micro Apex One security features without having to go through the upgrade process yourself. Trend Micro Apex One as a Service deployments will automatically get updated as new capabilities are introduced and existing capabilities are enhanced, meaning you will always have the most recent and effective endpoint security protecting your endpoints and users.

 

Trend Micro takes cloud security seriously, and endpoint security is no different. You can get the same gold standard endpoint protection of Trend Micro Apex One, but delivered as a service, allowing you to benefit from easy management and ongoing maintenance.

The post The Summit of Cybersecurity Sits Among the Clouds appeared first on .

Defend Yourself Now and in the Future Against Mobile Malware

The world has gone mobile and the US is leading the way. It’s estimated that that the number of smartphone users alone topped 257 million in the States in 2018. That means three-quarters (74%) of households now boast at least one mobile device. And in this new digital world, it’s mobile applications that really matter. They’re a one-click gateway to our favorite videos, live messaging, email, banking, social media and much more.

There are said to be around 2.8 million of these apps on the official Google Play Store today. But unfortunately, where there are users, there are also hackers looking to capitalize. And one of their favorite ways to make money is by tricking you into downloading a malicious app they’ve sneaked onto the marketplace.

Most recently, 42 such apps had to be removed after being installed eight million times over the period of a year, flooding victims’ screens with unwanted advertising. This is just the tip of the iceberg. As more of us turn to mobile devices as our primary internet gateway, the bad guys will follow suit. Trend Micro blocked over 86 million mobile threats in 2018, and we can expect this figure to increase into the future.

So how can you protect your devices and your data from hackers?

Adware ahoy

The latest bunch of 42 apps are from a class of malicious software known as adware. This follows a previous discovery by Trend Micro earlier this year of a further 85 adware-laden apps downloaded eight million times. Cyber-criminals fraudulently make money by displaying unwanted ads on the victim’s device. In the meantime, the user has to contend with annoying pop-ups which can run down the device’s battery and eat up computing resources. Some even silently gather user information.

Ones to watch

Unfortunately, it’s increasingly difficult to spot malicious apps on the Play Store. A popular tactic for hackers is to hide their malware in titles which impersonate legitimate applications. A recent two-year study found thousands of such counterfeits on the Play Store, exposing users unwittingly to malware. Banking apps are a particularly popular type of title to impersonate as they can provide hackers with highly lucrative log-ins to open users’ accounts.

Some malware, like the recently disclosed Agent Smith threat, works by replacing all the legitimate apps on a user’s device with malicious alter-egos.

So, as we hit 2020, what other threats hidden in legitimate-seeming apps should mobile users be looking out for?

More intrusive adware. Cryptocurrency mining malware. This will run in the background, eating up your device battery and computing power. Trend Micro noted a 450% increase in infections from 2017 to 2018. Banking Trojans designed to harvest your log-ins so hackers can get their hands on your savings. Our detections of this malware soared 98% between 2017-18. These attacks have evolved from simple screen lockers to malware designed to encrypt all the files on your device. Premium rate services. Some malware will covertly text or call premium rate SMS numbers under the control of the hacker, thus making them money and costing you potentially significant sums. ExpensiveWall malware, for example, was found in 50 Google Play apps and downloaded millions of times, charging victims’ accounts for fake services. Information theft. Some malware will allow hackers to eavesdrop on your conversations, and/or hoover up your personal data, including phone number, email address, and account log-ins. This data can then be sold on the dark web and used in follow-on identity fraud attempts.

Is Google helping?

The Android ecosystem has always and remains to be a bigger threat than iOS because it’s relatively easier for developers to get their applications onto the official marketplace. Now, it’s true that Google carries out some vetting of the apps on its Play Store and it is getting better and quicker at spotting and blocking malware. It says the number of rejected app submissions grew by over 55% in 2018 while app suspensions increased by over 66%.

However, Google’s Play Protect, which is pre-installed on Android devices, has garnered less than favorable reviews. This anti-malware solution is intended to scan for malicious apps to prevent you downloading them. However, it has received poor reviews for its “terrible malware protection.”

In fact, in independent tests run in July by German organization AV-TEST, Google Play Protect found just 44% of the 3,347 “real-time” online malware threats, and just 55% of the 3,433 malware samples that were collected in the previous month. According to Tom’s Guide, “these scores are all well below the industry averages, which were always 99.5% or above in both categories for all three rounds.”

How do I stay safe?

So how can mobile users ensure their personal data and devices are secure from the growing range of app-based threats?

Consider the following:

Only visit official app stores. Even though Google Play has a malware problem, it is more secure than third-party app stores. In fact, you are 23 times more likely to install a potentially harmful application (PHA) outside Play, according to Google. Ensure you’re on the latest operating system version. Do not root your device as this can expose it to threats. Be cautious. If the app is requesting an excessive number of permissions, it may be malicious. Install on-device AV from a reputable third-party provider like Trend Micro.

How Trend Micro Mobile Security helps

Trend Micro Mobile Security (TMMS) offers customers comprehensive anti-malware capabilities via its real-time Security Scan function. Security Scan alerts you to any malware hidden in apps before they are installed and suggests legitimate versions. It can also be manually run on devices to detect and remove malicious apps, including ransomware, that may already have been installed.

To use the manual scan, simply:

1. Tap the Security Scan panel in the TMMS Console. The Security Scan settings screen appears, with the Settings tab active by default.

2. Tap Scan Now to conduct a security scan. The result appears.

3. In the example shown, “Citibank” has been detected as a fake banking app, installed on the device before Mobile Security was installed. Apps are recommended for you to remove or to trust.

4. Tap Uninstall to uninstall the fake app. A Details screen defines the security threats.

5. Tap Uninstall A popup will ask if you want to uninstall the app.

6. Tap Uninstall once more to uninstall it. The app will uninstall.

7. If there are more potentially unwanted apps, tap the panel for Apps Removal Recommended to show the list of apps recommended for removal. The Removal Recommended list will show apps to Remove or Trust.

8. You can configure settings via Security Scan > Settings This will allow you to choose protection strength (Low, Normal, and High).

9. In Settings, check the Pre-Installation Scan, which is disabled by default, to block malware from Google Play before it’s installed. It sets up a virtual private network (VPN) and enables the real-time scan.

Among its other features, Trend Micro Mobile Security also:

Blocks dangerous websites from loading in any browsing app with Web Guard Checks if public WiFi connections are safe with Wi-Fi Checker Guards financial and commercial apps with Pay Guard Mobile Optimizes your device’s performance System Tuner and App Manager Protects your kids’ devices with Parental Controls Protects your privacy on social media with Social Network Privacy Provides Lost Device Protection.

To find out more about Trend Micro Mobile Security, go to our Mobile Security Solutions website, where you can also learn about our Mobile Security solution for iOS.

Tags: Mobile Security, Mobile Antivirus, Mobile Antimalware, Android Antivirus

The post Defend Yourself Now and in the Future Against Mobile Malware appeared first on .

How to Manage Your Privacy On and Off Facebook

Social media has come a long way in a short space of time. In a little over a decade, it’s grown from being the preserve of a relatively small group of online enthusiasts to one of the defining trends of 21^st century life. As the undisputed global leader in this field, Facebook now boasts nearly 1.7 billion daily active users.

Not only do we share personal and global news, photos and videos with each other every day on the site, we also log-in to our favorite third-party websites and apps via Facebook to shop, chat, play games and much more. In short, social media makes life more fun, more social, and more connected.

But at the same time, our digital lives have become more complicated. Sometimes we share without realizing the significance of the data we’re showing others — including strangers, trolls and maybe even fraudsters. Sometimes we sign-up for third-party apps/services that take advantage of small print agreements to sell our data on to others — possibly for uses we did not want. And often, the websites we visit independently of Facebook send data on our browsing behavior back to the social network without our knowledge.

Some of us view this kind of tracking as the price we pay for free internet services, and welcome the improved personalization it enables. But others may feel creeped out that their family’s every click and swipe is being silently monitored, logged, and shared.

Time for action

The good news is that Facebook has been listening (to some extent!) to regulators and consumers, and has started the new year by offering users more tools to shine a light on where and how their data is being used, and how they can protect their privacy. But we’re talking here about a platform that has been growing non-stop for the past 15 years. Complexity is everywhere, and it’s not always easy to find the tools you need to enhance your privacy on the site.

That’s why we’ve put together this short guide. It’ll teach you where your privacy is most at risk on Facebook, and what you can do to manage these risks, including an assist by Trend Micro’s own Privacy Scanner tool.

Why should I be worried?

Although social media offers much to enrich and improve our lives, there are multiple levels of privacy risk involved in using it. For many of us, the stakes have risen almost silently in the background over the past few years. We can split these into three basic areas:

Oversharing: At a very basic level Facebook allows you to share news, pictures, stories and more with the world. But would you want your boss, prospective employer, law enforcement, credit agencies and other users to see every little thing about you? Yes, they increasingly use Facebook as a source of intelligence gathering, so you may want to limit who can view your information to just those in your friendship network.

Among the most prodigious collectors and monetizers of our private data are cyber-criminals. A Facebook account is a trove of sensitive personal information: everything from email addresses and phone numbers to partners and political preferences. It could all be leveraged to commit identity fraud or craft convincing phishing emails which trick you into giving away even more details. Something as innocuous as a photo of a family pet could provide hackers with some useful intel for guessing your online passwords. Or what about a real-time update from the beach? It might be all an opportunistic burglar needs to raid your home.

Third-party apps and websites: One of the most controversial aspects of data collection and use on Facebook relates to partner sites and services. Often, users sign-up for these apps without being fully aware of how their data will be used, or even what profile data the app may be gaining permission to harvest. It was data on 87 million Facebook users and their friends collected by a popular third-party personality test app that ended up being sold to Cambridge Analytica. It was then controversially used to target US voters ahead of the last Presidential election.

Following a huge FTC fine, Facebook is now more rigorous in ensuring third-party developers comply with its privacy and data use policies. But some users may still balk at their private data being sold on to third parties.

Other Off-Facebook activity: Apps and websites that you log into with your Facebook ID technically count as “off-Facebook activity”: that is, stuff that happens outside of the social site. But there’s more. Did you know, for example, that Facebook collects data from a huge number of additional sites and apps that aren’t obviously connected to the platform?

It uses code embedded on these sites to track what you do there, in order to make advertising on Facebook more targeted and personalized. So accurate and covert is this technology that it has given rise to a conspiracy theory that Facebook is somehow listening in to its users’ phone calls. It’s not. Users simply don’t know that, when they visit many sites and apps on the web, those same sites are secretly sending data back to Facebook, which then serves up relevant ads. Just bought Season One of your favorite show on a streaming app? You may get an ad for Season Two when you next visit your Facebook account.

Some people may be fine with this trade-off: privacy for a more tailored user experience. But many others may not. It’s one thing monitoring what you bought off an e-commerce site, quite another to track who you swiped left on when you were last on a dating site.

How can I manage my privacy better?

Fortunately, Facebook provides tools to help you to manage your privacy. Let’s go through some of them, from the newest to the oldest.

Off-Facebook
Facebook has just released a way of checking which sites/apps track and send data on your web usage back to the social network, clearing your data sharing history with them, and disconnecting for the future.

The Off-Facebook Activity tool can be reached here, or you can go to Settings > Your Facebook Information > Off-Facebook Activity. Click Manage Your Off-Facebook Activity and you’ll see a list of the (possibly many) apps and sites that have shared info about you with Facebook, including how they shared the data, and what kind of data it is. You can turn off this activity by going to Clear History. However, to prevent such data sharing in future, you will need to go to Manage Future Activity and then toggle it Off. There are some caveats. Disconnecting in this way will log you out of any apps/sites you used Facebook to log into. In addition, it will not stop Facebook serving you advertising — you’ll get the same number of ads, except these won’t be as personalized as before. Facebook will also continue to receive information about your interactions on various sites, but this will be anonymized.

Particular apps, games and websites

You can also directly edit the privacy and settings of particular apps, games and websites you’ve logged into with your Facebook account.

Go here, or click Settings, then Apps and Websites in the menu on the left. Click the name of the app, game or website you want to update, or Search Apps and Websites with the Search tool on the upper right to find it. Once you’ve found the app, game, or website in question, update the information you’re sharing, who can see that you use it, and the notifications you receive. Click Save to save your changes.

Basic privacy settings

Facebook has also overhauled its most basic privacy settings. Its Privacy Checkup tool features four distinct sections.

Click at the top of any page on Facebook and select Privacy Checkup. Then choose Who Can See What You Share to review and change who can view your profile info and posts, and to block individuals if you wish. How to Keep Your Account Secure to choose a stronger password and turn on login alerts. How People Can Find You On Facebook enables you to choose who can look you up and send friend requests. Your Data Settings on Facebook provides a list of apps and sites you’ve used Facebook to log-in to and allows you to remove these.

How Trend Micro can help

An easier option for managing your basic privacy on Facebook is the Trend Micro Privacy Scanner, which is available within Trend Micro Security on Windows and Mac, and within Mobile Security on Android and iOS. It automates the process of finding and fixing any potentially risky settings to keep your personal data safe from prying eyes.

It’s turned on by default in Trend Micro Internet and Maximum Security, as well as in Mobile Security.

Either click on the Privacy icon in the TMS Console, or in the PC or Mac browser click the Trend Micro Toolbar and select Check Your Online Privacy/Check Social Network Privacy In Mobile Security, tap the panel for Social Network Privacy > Facebook. Once you’re signed-in to Facebook, See Scan Results, and then click or tap Fix All, or click or tap on the drop down to view and edit each issue separately.

Facebook is getting better at privacy, but its controls can be hard to find, and functionality is constantly being updated. That’s why we recommend a privacy audit every few months. Check in with your Facebook Privacy settings directly or via the Privacy Scanner to make sure you’re not leaking personal data. Privacy is subjective, but we’re all getting more critical about how big corporations use our data — and that’s not a bad thing.

Go here for more information on Trend Micro Security and Trend Micro Mobile Security.

The post How to Manage Your Privacy On and Off Facebook appeared first on .

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

As you use more internet-connected devices and smart appliances in your home, it’s of utmost importance to make sure your gadgets are properly protected from malware and hackers—and Trend Micro Home Network Security (HNS) helps you do just that. But while it’s easy to set up, connect, and configure (and even to forget!), you reap the most benefit when you’re actively involved with it, maintaining and monitoring its features and controls.

Start by asking the question: Are you sure your home network is secure? As you learn what network security entails, by the end of this blog you’ll be able to answer that question confidently. The more you’re involved with HNS, as the tech-savvy “guru” of the household, the more you’ll know when things are properly secured.

We’ll cover three main topics in Part 3 of our 4-part series, where we help you to test the following features: Threat Blocking, Access Control, and Parental Controls.

1.   Threat Blocking

To better understand how HNS blocks malware on malicious websites from being downloaded to your devices, open your browser either from your mobile device or PC then proceed to these links:

http://www.eicar.org/download/eicar.com

http://test-malware.hns.tm

When you run these tests, the test URL will be blocked, your browser will say “Website Blocked by Trend Micro Home Network Security,” and the payload will not be downloaded to the test device. The HNS app will then notify you that a web threat has been blocked, along with the name of the test device that was able to detect it. In the future, you should monitor the HNS app for such messages, so you can see which malicious sites your family has been accessing and warn them.

2.   Access Control

Next, there are three aspects of Access Control that you should test to familiarize yourself with the features. They are: Approving and Rejecting Devices, Remote Access Protection, and Disconnecting Devices.

Approving and Rejecting Devices

Device control is the first part of access control.

Navigate to Settings -> Access Control and enable New Device Approval, after completing setup and allowing HNS to scan the network for devices. Connect a device that has never been connected to the HNS-secured network. The phone that’s managing the HNS Station will receive a notification indicating, “Request from a new device to join the network”. Once you tap the notification, you’re given the option to either Allow Connection or Block the new device’s connection to your network.

Based on the decision to Allow Connection, verify the connection status on the new device by navigating to a webpage or using an application that connects to the internet.

Remote Access Protection

For the next test, Remote Access Protection, you’ll use a real-world remote-access program commonly used in tech support scams. Note that remote desktop software such as LogMeIn, AnyDesk, TeamViewer, and others are not inherently harmful, but malicious hackers often use them for nefarious activities, such as tech support scams, where they lure you into downloading such a program, pretending they need it to “solve” your computer problems. Unsuspecting consumers around the world have fallen victim to such scams, often losing a large amount of money in fake support fees and ransoms. Additionally, such hackers can use remote desktop programs to scoop up your private data and sell it on the Dark Web.

Home Network Security gives owners peace of mind by preventing these types of Remote Desktop programs from establishing connections with remote computers.

In this test, we will use the free version of TeamViewer.

Download the remote access software from https://www.teamviewer.com and install it on two devices—e.g., a laptop and desktop computer. (It’s available for phones and tablets too.) One will act as the source, the other the target. The target PC should be on the same home network where HNS is installed. The source PC should be on another network. Navigate to Settings -> Access Control -> Remote Access Protection in the HNS app and enable Block Remote Access. From the source PC outside of your network, attempt to establish a TeamViewer connection to the target PC and start a session.

HNS will block the TeamViewer session and the HNS app will receive a notification of a remote access connection attempt, along with the name of the target PC. Once you’ve run your tests and understand how this access blocking works, you can delete the instances of TeamViewer on your devices, if you have no need of them.

Disconnecting Devices

Next, you should test Disconnecting Devices.

	To do this, navigate to the Devices page and choose a connected device (indicated by a green status indicator next to the device’s name). On the chosen device’s detail page, turn off the “Connect to the Network” switch to disconnect it from the network. Using the disconnected device, attempt to browse to a webpage or use an online application to verify that the device no longer has access.

3.   Parental Controls

As we indicated in our last installment of this series, there are many facets to HNS’s Parental Controls. In this segment we will check the effectiveness of its Website Filtering, Content Filtering, App Controls, Time Limits, and Connection Alert & Notification capabilities.

Website Filtering

Testing Website Filtering is easy.

	For this test, under the Filtering sector, first assign a test PC with the Pre-Teen-Age Level default profile for Filtered Categories. Next, using the browser of your assigned test PC, attempt to go to a website that belongs to the default blocked categories in the Pre-Teen level, such as Personals or Dating.

The browser will show, “Website Blocked by Trend Micro Home Network Security” and indicate the rule that triggered the block, i.e., the Category: Personals/Dating rule in our test. The HNS app will receive a notification indicating HNS prevented your “Pre-Teen device” was from visiting a Personals/Dating site. Tapping the notification will show more details, such as the time and website visited.

Content Filtering

Moving forward, Content Filtering is next in our checklist.

Go to the HNS app, proceed to the test user’s profile Settings -> Filtering. Then scroll down to the Content Turn ON Google SafeSearch and YouTube Restricted Mode if they’re turned OFF, or vice-versa. The change in settings should be reflected on the browser. To verify this, open a new instance of the browser. From the Google Search results page go to Settings -> Search Settings and Turn On SafeSearch should have a check mark beside it if it’s turned ON by HNS, or it’s unchecked when turned OFF by HNS. For YouTube, go to https://www.youtube.com and locate the 3 vertical dots near the SIGN IN button. Scroll down and check whether Restricted Mode is turned ON or OFF, depending on the toggled setting made from the HNS app.

When it’s toggled ON, you can try to search for inappropriate content, such as red band trailersDoing this, the user will see a message that says, “Some results have been removed because Restricted Mode is enabled by your network administrator.” In addition, videos with mature or inappropriate content will not be displayed when you open YouTube’s Home page.

App Controls

To continue, you can test the Inappropriate App Used functionality. Note that this feature only logs the apps opened in your devices; it does not block those apps from being used by the child.

	From the HNS app, toggle on Inappropriate App Used from the Settings of the same test user account profile of the assigned test mobile device. Enable Notifications and choose any or all that are listed in the App Category.

Next, on your test mobile device, open any of the apps that correspond to the App Categories you’ve chosen. For instance, when a gaming app is opened, The HNS app should get a notification that a Games App was found in the user’s device. Tapping this notification should open the Report section where more detailed information is presented, such as the name of the app, the amount of time it was used, and the name of the device that triggered the notification.

Time Limits

To test Time Limits, you can set up a simple rule that consists of the chosen days the family member can use the internet, set the internet time limit, and set the time spent on YouTube within the set time period they’re allowed to use the internet, then enable notifications for this rule.

As an example:

	Monday, Tuesday, Wednesday, Thursday, Friday 30 minutes of Internet allowed, including 15 minutes of YouTube Times allowed: 6:00 PM to 10:00 PM

To check if the rule is working, look for when the user attempts to surf and use YouTube beyond what’s permitted by the rule. HNS will block access to the internet and YouTube and provide you with a notification that says the YouTube or internet time limit has been reached by the user account. This notification is also logged in the user profile’s Report section.

Connection Alert & Notification

Let’s wrap up testing the Parental Control features with enabling Connection Alert. This allows you to receive a notification when a device you choose, like your child’s mobile phone, reconnects to your HNS-secure network after getting home from school.

To do this, from the HNS App’s User Account > Settings, enable Connection Alert to indicate when the devices you have selected connect to the home network, according to your set schedule. You’ll only receive notifications of connections from HNS during that scheduled time.

And Now, the Answer to Your Question

Is your network secure? As the techie in your household, you’re the designated technical support for the family. As the saying usually goes, “Heavy is the head that wears the crown,” but armed with what you’ve just learned about Trend Micro Home Network Security’s capabilities, your burden will lighten significantly and you and your family will stay safe and secure from constantly evolving network threats.

Go to our website for more information on Trend Micro Home Network Security. And watch for Part 4 of this series, where we wind up with some additional monitoring and maintenance best practices.

Go here for Parts 1 and 2 of our series:

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

The post In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions appeared first on .

Tax Scams – Everything you need to know to keep your money and data safe

Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress.

There are two things that cybercriminals are always on the hunt for: people’s identity data from their accounts, and their money. And during the tax-filing season both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds.

Let’s take look at some of the main threats out there and what you can do to stay safe.

What do they want?

Cybercrime is a highly efficient money-making business. Some reports suggest this underground economy generates as much as $1.5 trillion each year. (See Into the Web of Profit, April 2018, McGuire, Bromium.) And tax-related scams are an increasingly popular way for the bad guys to drive-up profits. The Internal Revenue Service (IRS) claims that “thousands of people have lost millions of dollars and their personal information” to such attacks.

The bottom line is that they’re after one of two things: to trick you into wiring funds to them, and/or to get hold of your personally identifiable information (PII), including bank account and Social Security Numbers (SSNs). This personal data can subsequently be used to defraud you or the IRS, or may be deployed in follow-on identity fraud schemes to capture illicit funds from you.

There are various ways cyber-criminals can achieve these goals. The most common is by using social engineering tactics to trick taxpayers into sending money or personal information. But they might also use malware, either delivered to you personally or targeted at your tax preparer. This means you not only have to look after your own cybersecurity but also demand that the third-party businesses you work with store and transmit your sensitive information securely.

Look out for these scams

Here’s a round-up of the most popular tactics used by tax scammers today:

Impersonation: The fraudster gets in touch pretending to be an IRS representative. This could be via email, phone, social media or even SMS. They usually claim you owe the IRS money in unpaid taxes or fines and demand a wire transfer, or funds from a prepaid debit card. Sometimes they may ask for personal and financial details—for example, by claiming you’re entitled to a large tax refund and they just need you to supply your bank account info.

These interactions are usually pushy. The scammer knows the best way of making you pay up is by creating a sense of urgency and, sometimes, shaming the individual into believing they’ve been withholding tax payments. Phishing emails may look highly convincing, right down to the logo and sender domain, while phone callers will use fake names and badge numbers. Sometimes the scammers use personal data they may have stolen previously or bought on the Dark Web to make their communications seem more convincing.

In some impersonation scams, the fraudsters may even pretend to work for charities and ask for personal details to help disaster victims with tax refund claims.

Spoofing, phishing, and malware: In some cases, a text, email or social media message spoofed to appear as if sent from the IRS or your tax preparer actually contains malware. The scammers use the same tactics as above but trick the recipient into clicking on a malicious link or opening an attachment laden with malware. The covert download that follows could result in: theft of your personal information; your computer being completely hijacked by hackers via remote control software; or a ransomware download that locks your computer until you pay a fee.

Fake tax returns: Another trick the scammers employ is to use stolen SSNs and other personal information to file tax returns on your behalf. They can then try to claim a large payment in tax refunds from the IRS. The PII they use to file in your name may have been taken from a third-party source without your knowledge, and the first you might hear of it is when you go to file a legitimate tax return. It can take months to resolve the problem.

Attacks targeting tax preparers: Over half of Americans use third-party tax preparation companies to help them with their returns. However, this offers another opportunity for scammers to get hold of your sensitive information. In one recently discovered campaign, malware deployed on tax preparers’ websites was designed to download to the visitor’s computer as soon as they loaded the page. The IRS warns that businesses large and small are potentially at risk, as scammers are keen to get hold of tax information which enables them to file highly convincing fake returns in your name.

What to do

The good news is that by taking a few simple steps you can insulate yourself from the worst of these scams. Remember: the IRS does not contact taxpayers by email, text messages or social media to request personal/financial information— so if you receive communications that do, they are definitely a scam. It’s also important to remember that scams happen all year round, not just in the run-up to the tax filing deadline. That means, unfortunately, that you need to be on your guard all the time.

Here are a few other recommendations:

Install anti-malware from a reputable provider to block phishing emails and websites and prevent malware downloads. Be wary of any unsolicited messages purporting to come from your tax preparer or the IRS. Always contact them directly to check whether it’s a genuine communication or not. Don’t click on any links in unsolicited emails, or download attachments. Obtain an Identity Protection PIN from the IRS before filing your taxes. This will prevent fake returns being filed in your name. Alert phishing@irs.gov about any unsolicited emails from IRS scammers. Protect your log-ins with tax preparation companies. Switch on multi-factor authentication (MFA) if available, and/or use a password manager to make your logins hard to guess or crack.

It also pays to demand that your tax preparer take their own precautions to keep your data secure. They should not be sending sensitive data or documents unencrypted in emails and must take steps on their own to combat phishing emails that target employees, since these can cascade to you during your tax preparation process. Whether hosted in the cloud or running on-premises, the servers that hold your data should also have adequate protection—and you have a right (and a duty to yourself) to ask ahead of time what they’re doing to protect it.

According to the IRS tax preparers should put the following internal controls in place:

Install anti-malware on all web and storage servers and keep their software automatically updated. Encourage the use of unique, strong passwords via a password manager for each account, and deploy multi-factor authentication technology for clients. Encrypt all sensitive files and emails exchanged with strong password protections. Back-up sensitive data regularly to a secure off-site source. Wipe clean/destroy any old hard drives and printers containing sensitive data. Limit access to taxpayer data to staff who need to know.

How Trend Micro can help

Trend Micro offers a range of security tools to help taxpayers keep their personal and financial information safe from fraudsters.

Our flagship consumer solution Trend Micro Security (TMS) provides the following protections:

Protects against phishing links in emails that can take you to fraudulent sites. Its Fraud Buster feature for Gmail and Hotmail extends this to webmail. Blocks malicious website downloads and scans for malware hidden in attachments. Protects against ransomware and theft of sensitive data via Folder Shield. Protects and manages strong, unique passwords with Password Manager, which is bundled with Trend Micro Maximum Security.

To find out more, go to our Trend Micro Security website.

The post Tax Scams – Everything you need to know to keep your money and data safe appeared first on .

How to Stay Safe as Online Coronavirus Scams Spread

Few national emergencies have the ability to strike panic into the populace quite like a virus pandemic. It’s fortunately something most of us have never had to experience, until now. At the time of writing, the number of global confirmed cases of Coronavirus infection, or COVID-19, has reached nearly 174,000 worldwide. Although the official US total currently remains a fraction of that (around 4,000), problems with testing mean many cases are likely to be going unreported here.

This is a difficult time for many Americans, as it is for citizens all over the world. But unfortunately it’s extraordinary global events like this that cyber-criminals look for in order to make their schemes more successful. True to form, they’re using mass awareness of the outbreak and a popular desire for more information on the virus, to trick users into giving away personal information and log-ins, or to unwittingly install malware on their devices.

As organizations enforce remote working to reduce the impact of the virus, many of you will be logging-on from home or your mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.

Here’s a quick guide to the key online threats and security tips:

Phishing for trouble

Decades before COVID-19 burst onto the scene, a different kind of pandemic was spreading across the globe. Phishing messages have been one of the most popular tools in the hackers’ arsenal for years. In fact, Trend Micro blocked nearly 48 billion email-borne threats in 2019, 91% of the total we detected. Phishing is designed to trick the user into handing over their log-ins or personal and financial details, or persuading them to unwittingly download malware. Cyber-criminals typically achieve this by spoofing an email to make it appear as if sent from a legitimate and trustworthy source.

Once a user has been hooked, they are enticed into clicking on a malicious link or opening a malware-laden attachment. This could be anything from a banking trojan designed to steal online banking log-ins, to a piece of ransomware which will lock the user out of their PC until they pay a fee. It could even be cryptojacking malware which sits on the infected machine, quietly mining for Bitcoin while running up large energy bills and slowing down your PC.

The bad news is that phishing messages — whether sent by email, social media, text or messaging app — are getting harder to spot. Many now feature perfect English, and official logos and sender domains. They also often use current newsworthy events to trick the user into clicking. And they don’t get more high-profile than the COVID-19 pandemic.

Depending on how well protected your computing devices are, you may be more likely to receive one of these scam messages than be exposed to the virus itself. So, it pays to know what’s out there.

Watch out for these scams

The phishing landscape is evolving all the time. But here is a selection of some of the most common scams doing the rounds at the moment:

‘Official’ updates

Many of these emails purport to come from official organizations such as the US Center for Disease Control and Prevention (CDC), or the World Health Organization (WHO). They claim to contain key updates on the spread of the virus and must-read recommendations on how to avoid infection. Booby-trapped links and attachments carry malware and/or could redirect users to phishing sites.

Coronavirus map

Sometimes legitimate tools can be hijacked to spread malware. Researchers have spotted a version of the interactive Coronavirus dashboard created by Johns Hopkins University which was altered to contain information-stealing malware known as AZORult. If emails arrive with links to such sites, users should exercise extreme caution.

Corporate updates

Many big brands are proactively contacting their customer base to reassure them of the steps they are taking to keep staff and customers safe from the virus. But here too, the hackers are jumping in with spoof messages of their own purporting to come from the companies you may do business with. FedEx is one such global brand that has been spoofed in this way.

Donations

Another trick is to send phishing emails calling for donations to help fund research into the virus. One, claiming to come from the “Department of Health” has a subject line, “URGENT: Coronavirus, Can we count on your support today?” A key tactic in phishing emails is to create a sense of urgency like this to rush the reader into making hasty decisions.

Click here for a cure

One scam email claims to come from a medical professional and contains details about a vaccine for COVID-19 which has been “hushed up” by global governments. Of course, clicking through to find the non-existent ‘cure’ will bring the recipient nothing but trouble.

Tax refunds

In the UK, users have received emails spoofed to appear as if sent from the government, and promising a tax refund to help citizens cope with the financial shock of the pandemic. As governments in the US and elsewhere start to take more interventionist measures to prop up their economies, we can expect more of these types of phishing email.

How to stay safe

The good news is that there’s plenty you can do to protect you and your family from phishing emails like these. A blend of the following technical and human fixes will go a long way to minimizing the threat:

Be cautious of any unsolicited emails/social media messages etc, even if they appear to come from a reputable organization or a known contact. Don’t click through on any links/buttons in unsolicited emails, or download attachments. If an email asks you for personal data, check directly with the sender rather than clicking through and entering those details. Invest in cybersecurity tools from a trusted vendor like Trend Micro, to spot and block scam emails and block malicious downloads and websites. Disable macros in Office files – these are often used by hackers to run malware.

How Trend Micro can help

Fortunately, Trend Micro Security can also help. Among its anti-phishing features are the following:

Antispam for Outlook: includes checks on email sender reputation, employs web threat protection to block malicious URLs in messages, and scans for threats in files attached to email messages.

Fraud Buster: uses leading-edge AI technology to detect fake emails in Gmail and Outlook webmail that don’t contain malicious URLs or attachments, but still pose a risk to the user.

To find out more about how Trend Micro can help keep your family safe from online threats and phishing, go to our Trend Micro Security homepage, or watch our video series: How to Prevent Phishing, Part 1 and Part 2.

The post How to Stay Safe as Online Coronavirus Scams Spread appeared first on .

The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring

We’re all getting a little more worldly wise to the dangers that lurk around every corner of our digital lives. We know that the flipside of being able to shop, chat, bank and share online at the push of a button is the risk of data theft, ransomware and identity fraud. That’s why we protect our families’ PCs and mobile devices with security solutions from proven providers like Trend Micro, and take extra care each time we fire up the internet.

But what about the firms that we entrust to handle our data securely?

Unfortunately, many of these organizations still aren’t doing enough to protect our personal and financial information. It could be data we enter online to pay for an item or open an account. Or it could be payment card details that we’ve used at a local outlet which are subsequently stored online. These companies are big targets for the bad guys, who only have to get lucky once to crack open an Aladdin’s Cave of lucrative customer data.

What does this mean? That data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest affected customers of convenience store and gas station chain Wawa — and it could be one of the biggest ever, affecting 30 million cards.

Let’s take a look at what happened, and what consumers can do to steal a march on the bad guys.

What happened this time?

Wawa first notified its customers of a payment card breach in December 2019. But although the firm discovered malware on its payment processing servers that month, it had actually been sitting there since March, potentially siphoning card data silently from every single Wawa location. That’s more than 850 stores, across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington DC.

The company itself has so far declined to put a number on how many customers have been affected. However, while cardholders were still wondering whether they’ve been impacted or not, something else happened. At the end of January, a hacker began to upload the stolen cards to a notorious dark web marketplace, known as Joker’s Stash.

They are claiming to have 30 million stolen cards in total, which if accurate could make this one of the biggest card breaches of its kind, placing it alongside other incidents at Home Depot (2014) and Target (2013).

How does it affect me?

Once the data goes on sale on a dark web market like this, it is usually bought by scammers, who use it in follow-on identity fraud attacks. In this case, the stolen data includes debit and credit card numbers, expiration dates and cardholder names, but not PINs or CVV records. That means they can’t be used at ATMs and fraudsters will find it hard to use the cards online, as most merchants require the CVV number.

However, if the cards are of the old magstripe type, they could be cloned for use in face-to-face transactions.

Although Wawa said it has informed the relevant card issuers and brands, the cardholders themselves must monitor their cards for unusual transactions and then report to their issuer “in a timely manner” if they want to be reimbursed for any fraudulent usage. This can be a distressing, time-consuming process.

What should I do next?

This is by no means the first and it won’t be the last breach of this kind. In the past, data stolen from customers of Hilton Hotels, supermarket chain Hy-Vee, retailer Bebe Stores, and restaurant chains including Krystal, Moe’s and Schlotzsky’s has turned up for sale on Joker’s Stash. It can be dispiriting for consumers to see their personal data time and again compromised in this way by cyber-criminals.

Too often in the aftermath of such incidents, the customers themselves are left in the dark. There is no information on whether they’ve definitively had their personal or card data stolen, just an ominous sense that something bad may be about to happen. If the company itself doesn’t even know how many cards have been affected, how can you act decisively?

Credit monitoring is often provided by breached firms, but this is a less-than-perfect solution. For one thing, such services only alert the user if a new line of credit is being opened in their name — not if a stolen card is being used. And second, they only raise the alarm after the incident, by which time the fraudsters may already have made a serious dent in your finances.

Monitoring your bank account for fraudulent transactions is arguably more useful in cases like the Wawa breach, but it’s still too reactive. Here’s a handy 2-step plan which could provide better results:

Step 1: Dark web monitoring works

To get more proactive, consumers need Dark Web monitoring. These tools typically scour dark web sites like Joker’s Stash to look for your personal information. The beauty of this approach is that it can raise the alarm after a breach has occurred, when the data is posted to the Dark Web, but before a fraudster has had time to monetize your stolen details. With this information, you can proactively request that your lender block a particular card and issue a new one.

This approach works for all personal data you may want to keep protected, including email addresses, driver’s license, passport numbers and passwords.

Step 2: Password protection

Once you’ve determined that your data has been part of a breach and is being sold on the dark web, one of the most important things you can do is to change your passwords to any stolen accounts, in order to minimize the potential damage that fraudsters can do.

This is where password manager tools can come in very handy. They allow users to store and recall long, strong and unique credentials for each of the websites and apps they use. This means that if one password is compromised, as in a breach scenario, your other accounts will remain secure. It also makes passwords harder for hackers to guess, which they may try to do with automated tools if they already have your email address.

Following a breach, it also makes sense to look out for follow-on phishing attacks which may try to trick you into handing over more information to the fraudsters. Here are a few tips:

Be wary of any unsolicited email, even if it appears to come from a reputable vendor Don’t click on links in unsolicited emails, or download attachments If an email asks you for personal data, check directly with the source, rather than clicking through/replying Invest in AV with anti-phishing from a trusted vendor, for all desktop and mobile devices Ensure all operating systems and applications are on the latest version.

How Trend Micro can help

Fortunately, Trend Micro has several products that can help you, as a potential or actual victim of a data breach, to proactively mitigate the fallout from a serious security incident, or to foil the fraudsters:

Trend Micro ID Security: checks if your personal information has been uploaded to Dark Web sites by hackers. This highly secure service, available in apps for Android and iOS mobile devices, uses data hashing and an encrypted connected to keep your details safe, alerting when it has found a match on the Dark Web so you can take action. Use it to protect your emails, credit card numbers, passwords, bank accounts, passport details and more.

Trend Micro Password Manager: provides a secure place to store, manage and update your passwords. It remembers your log-ins, so you can create secure and unique credentials for each website/app you need to sign-in to. This means if one site is breached, hackers will not be able to use that password to open your other accounts. Password Manager is available for Windows, Mac, iOS, and Android, synchronizing your passwords across all four platforms.

Trend Micro Fraud Buster: is a free online service you can use to check suspicious emails It uses advanced machine learning technology to identify scam emails that don’t contain malicious URLs or attachments but still pose a risk to the user, because the email (which may be extortionist) reflects the fact that the fraudster probably got your email address from the Dark Web in the first place. Users can then decide to report the scam, get more details, or proceed as before.

Fraud Buster is also now integrated into Trend Micro Security for Windows, protecting Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox. It’s also integrated in Trend Micro Antivirus for Mac, where it does the same for Gmail webmail in Safari, Chrome and Firefox on the Mac.

In the end, only you can guard your identity credentials with vigilance.

The post The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring appeared first on .

COVID-19: How Do I Work from Home Securely?

The coronavirus pandemic—the infection officially designated as COVID-19—is causing upheaval across the globe. Aside from the serious economic and public health implications, one very practical impact of shelter-in-place dictums is to force many companies to support remote working where they can. The most recent data tells us that in 2017, eight million Americans worked from home at least some of the week — amounting to around 5% of US workers. However, the events of the past few weeks are driving what is being described in certain sectors as the biggest shift to home working since 9/11.

This will ensure that many companies can continue functioning while helping to achieve social distancing to minimise the spread of the virus. But there are challenges, particularly to smaller businesses who don’t have IT security teams to assist with the transition. Hackers are primed and ready to take advantage of home workers, whose machines and devices may not be as secure as those in the office. There’s also a risk that workers are more distracted by current events when working at home, creating more opportunities for cyber-criminals to strike.

This isn’t just about hackers stealing your personal log-ins and information to sell on the dark web. In a home-working context, corporate data and systems may also be at risk. It takes just one unsecured remote worker to let the bad guys in. The damage they end up doing may be particularly difficult for employers to weather given the extreme economic pressures already on many firms.

With that in mind, therefore, let’s take a look at some of the major threats to home workers and their organizations, and what can be done to keep the hackers at bay.

The main threats

Phishing messages are by far the number one threat to home workers. Cyber-criminals are using widespread awareness of COVID-19, and a desire for more information on the outbreak, to trick users into clicking on malicious links or opening booby-trapped attachments. Many are spoofed to appear as if sent by trusted organizations such as the US Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). They may claim to offer more information on the spread of the outbreak, tips on staying safe, and even provide details of how to get a non-existent vaccine online.

If you click through on a malicious link, the next stage of the attack could:

Take you to a convincing-looking log-in page (e.g., for Microsoft Outlook, Office 365, or any popular cloud apps) where your username and password could be harvested by hackers. With these, they have a foothold in the organization which could provide the foundation for a serious information-stealing attack. Covertly initiate a malware download. This malware could exploit unpatched vulnerabilities on your computer to infect not just your machine but the entire corporate network it’s connected to, with ransomware, cryptojacking malware, banking trojans, information-stealing threats, and much more.

Brute forcing is another way for hackers to hijack your cloud accounts. They use previously breached username/password combos and run them through automation software to try them across billions of websites and apps. Because users reuse passwords across numerous accounts, the bad guys often get lucky and are able to unlock additional accounts in this way. Home workers using Microsoft Teams, Slack, Zoom and other cloud platforms for collaboration and productivity may be targeted.

Malicious smartphone apps are another threat to home workers. These may be disguised to trick the user into believing they’re downloading a COVID-19 tracker, for example. In reality, it could infect the device with ransomware, info-stealers, or other malware. That device could then spread the same malware to the corporate network, if it is connected to it via the home network.

Smart device threats are also a concern for home workers. More and more of us are investing in smart home devices. From voice assistants to smart speakers, connected refrigerators to smart TVs, it’s estimated that there’ll be as many as 128 million smart homes in the US by the end of this year. However, often these consumer-grade devices don’t have strong built-in protection. They may use weak, factory default passwords and/or contain multiple software vulnerabilities which are rarely patched by the manufacturer, if at all. The risk is that hackers could hijack one or more of these devices and use them as a stepping stone into the home and then corporate network – as we’ve demonstrated in previous research.

Friends and family could also introduce new cyber-threats, as they will also be confined largely to the home. That means they’ll be logging on to the home network with their own mobile devices, which may not be as well protected from threats as they should be. Once again, such threats could spread quickly from the home network to infect the enterprise network if it’s connected without adequate security controls. Another risk is of children using unsecured remote learning platforms, which may offer cybercriminals opportunities to hijack accounts, steal information and spread malware onto the network.

What are the hackers after?

Home workers represent an attractive target in their own right. After all, personal information and log-ins (home banking, Netflix, webmail etc) can be easily sold for a profit on dark web marketplaces. However, organizations represent a much bigger, potentially more lucrative pay day for cyber-criminals. While corporate PCs and networks might be fairly well secured, the rush to support home working may have left gaps the bad guys are keen to exploit.

By first compromising the home worker, and then pivoting through unsecured channels to the corporate network, hackers could spread ransomware, steal sensitive company IPs, infect work networks with crypto-mining malware, or steal large volumes of customer data. They may also look to hijack employees’ corporate email or other accounts as the first part of a multi-stage information-stealing attack. There have even been new warnings of Business Email Compromise (BEC) attacks in which employees (usually those working in the finance department) are contacted by someone posing as a senior exec and ordered to wire business funds to a new bank account.

Working safely at home

With so many techniques at their disposal, it’s easy to imagine that the bad guys have the upper hand. But by putting a few best practices in place, there are things businesses and employees can do today to reduce home working security risks.

Consider the following:

User awareness exercises to improve the ability of home workers to spot phishing attacks. Ensure all home workers are outfitted with anti-malware for any devices used for work. Trend Micro Maximum Security is an excellent place to start for PCs and Macs, while Trend Micro Mobile Security can help secure Android and Mobile devices. Require strong, unique passwords for all accounts, stored in a password manager, such as Trend Micro Password Manager. Enhance the above by switching on two-factor authentication for all enterprise accounts that have it (including any cloud platforms). Always use a VPN for communication between home and corporate networks. Ensure staff have a clear route to report any security incidents. Switch on automatic updates for all home computer systems (operating systems and software). Ensure smart home devices are on latest software version and have strong passwords or 2FA. Use a network security solution like Trend Micro Home Network Security to secure your home network. It not only provides a secure baseline for working at home, with its web and content threat protections; you can block your kids’ use of the internet and YouTube while you’re having conference calls or doing other bandwidth-intensive work on the remotely-accessed corporate network. Tightly enforce endpoint security policies: if possible, only allow work devices to connect to the corporate network, and/or employee devices that have been previously scanned for threats.

We don’t know how long COVID-19 will last. But by adapting to the new reality as quickly as possible, businesses and their home workers can at least close down any security gaps, enabling them to be as productive as possible — while most importantly, staying safe and healthy.

The post COVID-19: How Do I Work from Home Securely? appeared first on .

The AWS Service to Focus On – Amazon EC2

If we run a contest for Mr. Popular of Amazon Web Services (AWS), without a doubt Amazon Simple Storage Service (S3) has ‘winner’ written all over it. However, what’s popular is not always what is critical for your business to focus on. There is popularity and then there is dependability. Let’s acknowledge how reliant we are on Amazon Elastic Cloud Computing (EC2) as AWS infrastructure led-organizations.

We reflected upon our in-house findings for the AWS ‘Security’ pillar in our last blog, Four Reasons Your Cloud Security is Keeping You Up at Night, explicitly leaving out over caffeination and excessive screen time!

Drilling further down to the most affected AWS Services, Amazon EC2 related issues topped the list with 32% of all issues. Whereas Mr. Popular – Amazon S3 contributed to 12% of all issues. While cloud providers, like AWS, offer a secure infrastructure and best practices, many customers are unaware of their role in the shared responsibility model. The results showing the number of issues impacting Amazon EC2 customers demonstrates the security gap that can happen when the customer part of the shared responsibility model is not well understood.

While these AWS services and infrastructure are secure, customers also have a responsibility to secure their data and to configure environments according to AWS best practices. So how do we ensure that we keep our focus on this crucial service and ensure the flexibility, scalability, and security of a growing infrastructure?

Introducing Rules

If you thought you were done with rules after passing high school and moving out of your parent’s house, you would have soon realized that you were living a dream. Rules seem to be everywhere! Rules are important, they keep us safe and secure. While some may still say ‘rules are made to be broken’, you will go into a slump if your cloud infrastructure breaks the rules of the industry and gets exposed to security vulnerabilities.

It is great if you are already following the Best Practices for Amazon EC2, but if not, how do you monitor the performance of your services day in and day out to ensure their adherence to these best practices? How can you track if all your services and resources are running as per the recommended standards?

We’re here to help with that. Trend Micro Cloud One – Conformity ‘Rules’ provide you with that visibility for some of the most critical services like Amazon EC2.

What is the Rule?

A ‘Rule’ is the definition of the best practice used as a basis for an assessment that is run by Conformity on a particular piece of your Cloud infrastructure. When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an Amazon EC2 may have 60 Rules (Checks) scanning for various risks/vulnerabilities. Checks are either a SUCCESS or a FAILURE.

Conformity has about 540 Rules and 60 of them are for monitoring your Amazon EC2 services best practices. Conformity Bot scans your cloud accounts for these Rules and presents you with the ‘Checks’ to prioritize and remediate the issues keeping your services healthy and prevent security breaches.

Amazon EC2 Best Practices and Rules

Here are just a few examples of how Conformity Rules have got you covered for some of the most critical Amazon EC2 best practices:

To ensure Security, ensure IAM users and roles are used and management policies are established for access policies. For managing Storage, keep EBS volumes separate for operating systems and data, and check that the Amazon EC2 instances provisioned outside of the AWS Auto Scaling Groups (ASGs) have Termination Protection safety feature enabled to protect your instances from being accidentally terminated. For efficient Resource Management, utilize custom tags to track and identify resources, and keep on top of your stated Amazon EC2 limits. For full confident Backup and Recovery, regularly test the process of recovering instances and EBS volumes should they fail, and create and use approved AMIs for easier and consistent future instance deployment.

See how Trend Micro can support your part of the shared responsibility model for cloud security: https://www.trendmicro.com/cloudconformity.

Stay Safe!

The post The AWS Service to Focus On – Amazon EC2 appeared first on .

Principles of a Cloud Migration – From Step One to Done

Boiling the ocean with the subject, sous-vide deliciousness with the content.

Cloud Migrations are happening every day.  Analysts predict over 75% of mid-large enterprises will migrate a workload to the cloud by 2021 – but how can you make sure your workload is successful? There are not just factors with IT teams, operations, and security, but also with business leaders, finance, and many other organizations of your business. In this multi-part series, I’ll explore best practices, forward thinking, and use cases around creating a successful cloud migration from multiple perspectives.  Whether you’re a builder in the cloud or an executive overseeing the transformation, you’ll learn from my firsthand experience and knowledge on how to bring value into your cloud migration project.

Here are just a few advantages of a cloud migration:

	Technology benefits like scalability, high availability, simplified infrastructure maintenance, and an environment compliant with many industry certifications The ability to switch from a CapEx to an OpEx model Leaving the cost of a data center behind

While there can certainly be several perils associated with your move, with careful planning and a company focus, you can make your first step into cloud a successful one.  And the focus of a company is an important step to understand. The business needs to adopt the same agility that the cloud provides by continuing to learn, grow, and adapt to this new environment. The Phoenix Project and the Unicorn Project are excellent examples that show the need and the steps for a successful business transformation.

To start us off, let’s take a look at some security concepts that will help you secure your journey into this new world. My webinar on Principles to Make Your Cloud Migration Journey Secure is a great place to start: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html

The post Principles of a Cloud Migration – From Step One to Done appeared first on .

Cloud Transformation Is The Biggest Opportunity To Fix Security

This overview builds on the recent report from Trend Micro Research on cloud-specific security gaps, which can be found here.

Don’t be cloud-weary. Hear us out.

Recently, a major tipping point was reached in the IT world when more than half of new IT spending was on cloud over non- cloud. So rather than being the exception, cloud-based operations have become the rule.

However, too many security solutions and vendors still treat the cloud like an exception – or at least not as a primary use case. The approach remains “and cloud” rather than “cloud and.”

Attackers have made this transition. Criminals know that business security is generally behind the curve with its approach to the cloud and take advantage of the lack of security experience surrounding new cloud environments. This leads to ransomware, cryptocurrency mining and data exfiltration attacks targeting cloud environments, to name a few.

Why Cloud?

There are many reasons why companies transition to the cloud. Lower costs, improved efficiencies and faster time to market are some of the primary benefits touted by cloud providers.

These benefits come with common misconceptions. While efficiency and time to market can be greatly improved by transitioning to the cloud, this is not done overnight. It can take years to move complete data centers and operational applications to the cloud. The benefits won’t be fully realized till the majority of functional data has been transitioned.

Misconfiguration at the User Level is the Biggest Security Risk in the Cloud

Cloud providers have built in security measures that leave many system administrators, IT directors and CTOs feeling content with the security of their data. We’ve heard it many times – “My cloud provider takes care of security, why would I need to do anything additional?”

This way of thinking ignores the shared responsibility model for security in the cloud. While cloud providers secure the platform as a whole, companies are responsible for the security of their data hosted in those platforms.

Misunderstanding the shared responsibility model leads to the No. 1 security risk associated with the cloud: Misconfiguration.

You may be thinking, “But what about ransomware and cryptomining and exploits?” Other attack types are primarily possible when one of the 3 misconfigurations below are present.

You can forget about all the worst-case, overly complex attacks: Misconfigurations are the greatest risk and should be the No. 1 concern. These misconfigurations are in 3 categories:

	Misconfiguration of the native cloud environment Not securing equally across multi-cloud environments (i.e. different brands of cloud service providers) Not securing equally to your on-premises (non-cloud) data centers

How Big is The Misconfiguration Problem?

Trend Micro Cloud One – Conformity identifies an average of 230 million misconfigurations per day.

To further understand the state of cloud misconfigurations, Trend Micro Research recently investigated cloud-specific cyber attacks. The report found a large number of websites partially hosted in world-writable cloud-based storage systems. Despite these environments being secure by default, settings can be manually changed to allow more access than actually needed.

These misconfigurations are typically put in place without knowing the potential consequences. But once in place, it is simple to scan the internet to find this type of misconfiguration, and criminals are exploiting them for profit.

Why Do Misconfigurations Happen?

The risk of misconfigurations may seem obvious in theory, but in practice, overloaded IT teams are often simply trying to streamline workflows to make internal processes easier. So, settings are changed to give read and/or write access to anyone in the organization with the necessary credentials. What is not realized is that this level of exposure can be found and exploited by criminals.

We expect this trend will increase in 2020, as more cloud-based services and applications gain popularity with companies using a DevOps workflow. Teams are likely to misconfigure more cloud-based applications, unintentionally exposing corporate data to the internet – and to criminals.

Our prediction is that through 2025, more than 75% of successful attacks on cloud environments will be caused by missing or misconfigured security by cloud customers rather than cloud providers.

How to Protect Against Misconfiguration

Nearly all data breaches involving cloud services have been caused by misconfigurations. This is easily preventable with some basic cyber hygiene and regular monitoring of your configurations.

Your data and applications in the cloud are only as secure as you make them. There are enough tools available today to make your cloud environment – and the majority of your IT spend – at least as secure as your non-cloud legacy systems.

You can secure your cloud data and applications today, especially knowing that attackers are already cloud-aware and delivering vulnerabilities as a service. Here are a few best practices for securing your cloud environment:

Employ the principle of least privilege: Access is only given to users who need it, rather than leaving permissions open to anyone. Understand your part of the Shared Responsibility Model: While cloud service providers have built in security, the companies using their services are responsible for securing their data. Monitor your cloud infrastructure for misconfigured and exposed systems: Tools are available to identify misconfigurations and exposures in your cloud environments. Educate your DevOps teams about security: Security should be built in to the DevOps process.

To read the complete Trend Micro Research report, please visit: https://www.trendmicro.com/vinfo/us/security/news/virtualization-and-cloud/exploring-common-threats-to-cloud-security.

For additional information on Trend Micro’s approach to cloud security, click here: https://www.trendmicro.com/en_us/business/products/hybrid-cloud.html.

The post Cloud Transformation Is The Biggest Opportunity To Fix Security appeared first on .

Cloud Native Application Development Enables New Levels of Security Visibility and Control

We are in unique times and it’s important to support each other through unique ways. Snyk is providing a community effort to make a difference through AllTheTalks.online, and Trend Micro is proud to be a sponsor of their virtual fundraiser and tech conference.

In today’s threat landscape new cloud technologies can pose a significant risk. Applying traditional security techniques not designed for cloud platforms can restrict the high-volume release cycles of cloud-based applications and impact business and customer goals for digital transformation.

When organizations are moving to the cloud, security can be seen as an obstacle. Often, the focus is on replicating security controls used in existing environments, however, the cloud actually enables new levels of visibility and controls that weren’t possible before.

With today’s increased attention on cyber threats, cloud vulnerabilities provide an opportunistic climate for novice and expert hackers alike as a result of dependencies on modern application development tools, and lack of awareness of security gaps in build pipelines and deployment environments.

Public clouds are capable of auditing API calls to the cloud management layer. This gives in-depth visibility into every action taken in your account, making it easy to audit exactly what’s happening, investigate and search for known and unknown attacks and see who did what to identify unusual behavior.

Join Mike Milner, Global Director of Application Security Technology at Trend Micro on Wednesday April 15, at 11:45am EST to learn how to Use Observability for Security and Audit. This is a short but important session where we will discuss the tools to help build your own application audit system for today’s digital transformation. We’ll look at ways of extending this level of visibility to your applications and APIs, such as using new capabilities offered by cloud providers for network mirroring, storage and massive data handling.

Register for a good cause and learn more at https://www.allthetalks.org/.

The post Cloud Native Application Development Enables New Levels of Security Visibility and Control appeared first on .

Why CISOs Are Demanding Detection and Response Everywhere

Over the past three decades, we’ve had time at Trend Micro to observe the industry trends that have the biggest impact on our customers. And one of the big things we’ve seen is that threats move largely in tandem with changes to IT infrastructure. This matters today because most organizations are transforming the way they run and manage their infrastructure—a daunting task on its own.

But with digital transformation also comes an expanded corporate attack surface, driving security leaders to demand enhanced visibility, detection & response across the entire enterprise — this is not just about the endpoint.

Transforming business

Over the past five years, there has been a major shift in the way IT infrastructure is delivered, and with that shift, increasing complexity. A big part of this change has been the use of the cloud, reflected in Gartner’s prediction that the market will grow to over $266 billion in 2020. Organizations everywhere are leveraging the cloud and DevOps to rapidly deliver new and differentiated applications and services for their customers, partners and employees. And the use of containers and microservices across a multi-cloud and hybrid environment is increasingly common.

In addition to leveraging public cloud services like IaaS, organizations are also rapidly adopting SaaS applications like Office 365, and expanding their use of mobile and collaborative applications to support remote working. Some are even arguing that working patterns may never be the same again, following the changes forced on many employers by the Covid-19 pandemic.

Combine these changes with networks that continue to extend to include branch offices and add new areas to protect like operational technology including industrial systems, and we can certainly see that the challenges facing the modern enterprise look nothing like they did a few years ago.

Under fire, under pressure

All of these infrastructure changes make for a broader attack surface that the bad guys can take advantage of, and they’re doing so with an increasingly wide range of tools and techniques. In the cloud there is a new class of vulnerabilities introduced through a greater use of open source, containers, orchestration platforms, supply chain applications and more. For all organizations, the majority of threats still prey upon the user, arriving via email (over 90% of the 52.3 billion we blocked in 2019), and they’re no longer just basic phishing attempts. There’s been an uptick in fileless events designed to bypass traditional security filters (we blocked 1.4 million last year). And Business Email Compromise (BEC) and ransomware continue to evolve, the latter causing major outages across local government, healthcare and other vulnerable sectors.

Organizations are often left flat-footed because they don’t have the in-house skills to secure a rapidly evolving IT environment. Mistakes get made, and configuration errors can allow the hackers to sneak in.

Against this backdrop, CISOs need visibility, detection and response capabilities across the extended enterprise. But in too many cases, teams are struggling because they have:

Too many security tools, in silos. Security leaders want to consolidate the 10, 20 or even 50+ security technologies currently in use across their organizations. And ideally, they need capabilities that work seamlessly together, sharing threat intelligence across security layers, and delivering a fully connected threat defense. Too few people. Global cybersecurity skills shortages have now exceeded four million, with existing teams often overwhelmed by alerts, allowing serious threats to fly under the radar Increased compliance pressures. CISOs are under pressure to comply with a number of regulations, and the impacts of non-compliance are increasingly strict. While newer, more demanding compliance requirements like GDPR and the California Consumer Privacy Act aim to protect data, they also present operational challenges for cloud teams with complex, manual and time consuming audits. Not to mention new regulations have teeth, with fines that can have a serious impact on the bottom line.  For example, as of March 2020, 227 GDPR fines had been levied, totalling over 466 million euros.

Beyond the endpoint

While endpoint detection and response (EDR) has become a popular response to some of these problems over recent years, the reality is that cyber-attacks are rarely straightforward and limited to the endpoint (as noted in the email statistic above). Security teams actually need visibility, detection, and response across the entire IT environment, so they can better contextualize and deal with threats.

This is what Trend Micro XDR offers. It provides visibility across not just endpoints but also email, servers, cloud workloads and networks, applying AI and expert security analytics to correlate and identify potential threats. The result is fewer, higher fidelity alerts for stretched IT security teams to deal with. Recognizing the skills shortage reality, we also offer a managed XDR service that augments in-house SOC activities with the power of Trend Micro security experts.

Detection and response is too important to be limited to the endpoint. Today’s CISOs need visibility, detection, and response everywhere.

The post Why CISOs Are Demanding Detection and Response Everywhere appeared first on .

Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices

We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.

We’re now done with familiarizing ourselves with the features of Trend Micro Home Network Security (HNS) It’s now time for you to get a bit more adept at regular monitoring and maintenance, to ensure you’re getting the best protection HNS can provide your connected home.

Keeping Tabs on Your Home Network

Once you’re tracking the various internet-capable devices in your home within HNS, as with any security-related device it’s essential to monitor the activities captured by it. In the same way that we need to periodically review the videos taken by our security cameras, to check for any unusual events in or around the home that need our attention; so too, do you need to keep abreast of the goings on in your home network, particularly those of an unusual or suspect nature, as revealed by HNS. This can easily be done in two ways: via Voice Control and Reports.

Voice Control. When you want just a quick overview of the status of your network, you can use HNS’s Voice Control. Voice Control is available as a skill for both Amazon Alexa and Google Home.

Once the skill has been enabled, you can ask Alexa or Google Assistant to control your Home Network Security (HNS) using the following voice commands:

Start a Check Devices Scan – To check your network and devices, say: “Alexa (or Ok, Google), tell Trend Micro to scan my network.” Get Your Security Status – To get a network security status update, say: “Alexa (Ok, Google), ask Trend Micro if my network is ok.” Get An Online Activity Summary – To get a summary of a profile’s online activity, say: “Alexa (Ok, Google), ask Trend Micro what Tom (or any member of your household) did today.” Pause the Internet for a Profile – To disconnect the devices assigned to a profile from the internet, say: “Alexa (Ok, Google), ask Trend Micro to pause the Internet for Tom (or any member of your household).” Pause YouTube for a Profile – To prevent the devices assigned to a profile from accessing YouTube, say: “Alexa (Ok, Google), ask Trend Micro to turn off YouTube for Tom (or any member of your household).” Use the Dashboard – Lastly, though not a voice command, checking out the Dashboard of the HNS app will give you a brief summary of the state of security of your home network, and will let you know if anything triggered any Parental Control rules that you’ve set.

Reports. On the other hand, if you have more time to spare, you can peruse the Reports for your devices, user profiles, and network usage.

Devices. On your HNS app, Tap Menu > Devices and select a device. Then, tap Report and choose the report you want to view in order to see more details. User Profiles. From your HNS app, Tap Menu > Family and select a user profile. Then, tap Report and choose an event card from the list to see more details. Network Usage. Besides knowing the status of your devices and users, it’s also necessary to know your network usage, especially when your home network relies on a metered connection. Having an idea which devices are hogs on the network will allow you to make proper adjustments, either to rules you implement for your youngsters and other members of your household; or to let you know that maybe you need to upgrade your internet plan to address the more intensive internet needs of your family. Network usage can be viewed by scrolling down to the bottom of the Dashboard and tapping the Network Usage graph; or you can just simply tap Menu > Network. Both will display more detailed network usage information.

Responding to Network Events

Now that you’re more acquainted with your home network through HNS, it’s vital that you know what to do when, for instance, you received a Smart Alert notification indicating an unusually high network activity detected on one of your connected devices.

A Range of Network Events. In brief, you’ll need to review the recent activities and perform the required actions to eliminate risks such as the following:

Check if there are any important security-related issues you need to resolve by checking if the ball at the top of the Dashboard says “Action Required”. Tap the ball to find out what you need to do to make sure your network and device security are optimal. Check detected network activities. Check if the device where the unusually high network activity was detected. Select the device where the unusual activity was detected to view the Summary Report for the past 7 days. You will see the unusual network traffic details, including the time range of the traffic and the amount of data used. Check if the top 3 activity destinations were done by you or your family member. If you are aware of the activities and not concerned about these events, tap Report > Not Unusual. If these unusually high traffic activities were not caused by you or your family member, you need to double-check that the Network and Security settings are still enabled, to keep your connected devices protected. Moreover, you should fix any vulnerabilities on your devices, usually resolved by a software or firmware update.

For more specific information regarding these types of incidents, you may refer to this Technical Support article.

Monitoring the Health of Your Home Network Security Station

The Home Network Security Station takes care of your home and your family’s security and safety. In return, you should know how to check if it’s in good working condition.

Physical Status. Check whether the physical components (LED, Reset button, Power, and Ethernet ports) of your Station are intact.

Power. Ensure that the Station is powered on. To check if the Station has power supply, just follow these simple steps:

	Connect the adapter to the outlet and the Station. Make sure power on the outlet is turned on. Change outlets to ensure power is on.

Offline Notifications. When the HNS Station is offline the user will receive a notification about it. In addition, the HNS app will indicate the Station is offline. This situation can be attributed to loss of either the internet or LAN connections.

Internet Connection. Make sure you have stable internet connection. Checking your internet connection is easy:

	Disconnect your Home Network Security Station from the router. Check if internet line is connected to the router’s WAN port. If there is no internet connection, do the following: Reboot your router Check the network status from your Internet Service Provider Check your router settings

If you are able to connect to the internet, just reconnect your Home Network Security Station to the router.

LAN Connection. Check the connection between the router and the HNS Station.

Ensure that the Ethernet cable provided is used to connect the HNS Station to any available LAN port of your router. Check if the two LED lights of the LAN port are turned on. The port on the right should be blinking green, while the other port should be a steady green or yellow. If the LED lights don’t light up as mentioned, move the Ethernet cable to another router LAN port. Once the LED lights become normal, your HNS Station should be connected to the network.

Updates. Make sure that you update the HNS App if you receive a notification that indicates, “Update Needed. Please click the button below to get the latest version.” This will guarantee that your HNS is up-to-date with app improvements.

Getting Help. Always remember, if you encounter any questions, issues or concerns that you’re unable to resolve, Help is just a click away.

Final Thoughts

Home networks are everywhere these days. However, the user knowledge required to secure and maintain our home networks spans from tech newbies to gurus and often seems to be a rather complicated or even confusing task.

To help you maintain and monitor your home network, Trend Micro offers a simple plug-and-protect home network device to protect your smart home and connected devices from being hacked, while keeping the internet safe for your kids on any device. But plug-and-protect doesn’t mean plug-and-forget. As with any security device, ongoing monitoring and maintenance is needed to provide the best protection your home network and family members need and deserve.

For more information, go to Trend Micro Home Network Security.

To read the rest of our series on HNS, go to

You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration

Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls

In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions

The post Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices appeared first on .

5 reasons to move your endpoint security to the cloud now

As the world has adopts work from home initiatives, we’ve seen many organizations accelerate their plans to move from on-premises endpoint security and Detection and Response (EDR/XDR) solutions to Software as a Service versions. And several customers who switched to the SaaS version last year, recently wrote us to tell how glad to have done so as they transitioned to working remote. Here are 5 reasons to consider moving to a cloud managed solution:

 

1. No internal infrastructure management = less risk

If you haven’t found the time to update your endpoint security software and are one or two versions behind, you are putting your organization at risk of attack. Older versions do not have the same level of protection against ransomware and file-less attacks. Just as the threats are always evolving, the same is true for the technology built to protect against them.

With Apex One as a Service, you always have the latest version. There are no software patches to apply or Apex One servers to manage – we take care of it for you. If you are working remote, this is one less task to worry about and less servers in your environment which might need your attention.

2. High availability, reliability

With redundant processes and continuous service monitoring, Apex One as a Services delivers the uptime you need with 99.9% availability. The operations team also proactively monitors for potential issues on your endpoints and with your prior approval, can fix minor issues with an endpoint agent before they need your attention.

3. Faster Detection and Response (EDR/XDR)

By transferring endpoint telemetry to a cloud data lake, detection and response activities like investigations and sweeping can be processed much faster. For example, creating a root cause analysis diagram in cloud takes a fraction of the time since the data is readily available and can be quickly processed with the compute power of the cloud.

4. Increased MITRE mapping

The unmatched power of cloud computing also enables analytics across a high volume of events and telemetry to identify a suspicious series of activities. This allows for innovative detection methods but also additional mapping of techniques and tactics to the MITRE framework.  Building the equivalent compute power in an on- premises architecture would be cost prohibitive.

5. XDR – Combined Endpoint + Email Detection and Response

According to Verizon, 94% of malware incidents start with email.  When an endpoint incident occurs, chances are it came from an email message and you want to know what other users have messages with the same email or email attachment in their inbox? You can ask your email admin to run these searches for you which takes time and coordination. As Forrester recognized in the recently published report: The Forrester Wave Enterprise Detection and Response, Q1 2020:

“Trend Micro delivers XDR functionality that can be impactful today. Phishing may be the single most effective way for an adversary to deliver targeted payloads deep into an infrastructure. Trend Micro recognized this and made its first entrance into XDR by integrating Microsoft office 365 and Google G suite management capabilities into its EDR workflows.”

This XDR capability is available today by combining alerts, logs and activity data of Apex One as a Service and Trend Micro Cloud App Security. Endpoint data is linked with Office 365 or G Suite email information from Cloud App Security to quickly assess the email impact without having to use another tool or coordinate with other groups.

Moving endpoint protection and detection and response to the cloud, has enormous savings in customer time while increasing their protection and capabilities. If you are licensed with our Smart Protection Suites, you already have access to Apex One as a Service and our support team is ready to help you with your migration. If you are an older suite, talk to your Trend Micro sales rep about moving to a license which includes SaaS.

 

The post 5 reasons to move your endpoint security to the cloud now appeared first on .

Principles of a Cloud Migration – Security, The W5H

Whosawhatsit?! –  WHO is responsible for this anyways?

For as long as cloud providers have been in business, we’ve been discussing the Shared Responsibility Model when it comes to customer operation teams. It defines the different aspects of control, and with that control, comes the need to secure, manage, and maintain.

While I often make an assumption that everyone is already familiar with this model, let’s highlight some of the requirements as well as go a bit deeper into your organization’s layout for responsibility.

During your cloud migration, you’ll no doubt come across a variety of cloud services that fits into each of these configurations. From running cloud instances (IaaS) to cloud storage (SaaS), there’s a need to apply operational oversight (including security) to each of these based on your level of control of the service.  For example, in a cloud instance, since you’re still responsible for the Operating System and Applications, you’ll still need a patch management process in place, whereas with file object storage in the cloud, only oversight of permissions and data management is required. I think Mark Nunnikhoven does a great job in going into greater detail of the model here: https://blog.trendmicro.com/the-shared-responsibility-model/.

I’d like to zero in on some of the other “WHO”s that should be involved in security of your cloud migration.

InfoSec – I think this is the obvious mention here. Responsible for all information security within an organization. Since your cloud migration is working with “information”, InfoSec needs to be involved with how they get access to monitoring the security and risk associated to an organization. 

Cloud Architect – Another no-brainer in my eyes but worth a mention; if you’re not building a secure framework with a look beyond a “lift-and-shift” initial migration, you’ll be doomed with archaic principles leftover from the old way of doing things. An agile platform built for automating every operation including security should be the focus to achieving success.

IT / Cloud Ops – This may be the same or different teams. As more and more resources move to the cloud, an IT team will have less responsibilities for the physical infrastructure since it’s now operated by a cloud provider. They will need to go through a “migration” themselves to learn new skills to operate and secure a hybrid environment. This adaptation of new skills needs to be lead by…

Leadership – Yes, leadership plays an important role in operations and security even if they aren’t part of the CIO / CISO / COO branch. While I’m going to cringe while I type it, business transformation is a necessary step as you move along your cloud migration journey. The acceleration that the cloud provides can not be stifled by legacy operation and security ideologies. Every piece of the business needs to be involved in accelerating the value you’re delivering your customer base by implementing the agile processes including automation into the operations and security of your cloud.

With all of your key players focused on a successful cloud migration, regardless of what stage you’re in, you’ll reach the ultimate stage: the reinvention of your business where operational and security automation drives the acceleration of value delivered to your customers.

This blog is part of a multi-part series dealing with the principles of a successful cloud migration.  For more information, start at the first post here: https://blog.trendmicro.com/principles-of-a-cloud-migration-from-step-one-to-done/

The post Principles of a Cloud Migration – Security, The W5H appeared first on .

Getting ATT&CKed By A Cozy Bear And Being Really Happy About It: What MITRE Evaluations Are, and How To Read Them

Full disclosure: I am a security product testing nerd*.

 

I’ve been following the MITRE ATT&CK Framework for a while, and this week the results were released of the most recent evaluation using APT29 otherwise known as COZY BEAR.

First, here’s a snapshot of the Trend eval results as I understand them (rounded down):

91.79% on overall detection.  That’s in the top 2 of 21.

91.04% without config changes.  The test allows for config changes after the start – that wasn’t required to achieve the high overall results.

107 Telemetry.  That’s very high.  Capturing events is good.  Not capturing them is not-good.

28 Alerts.  That’s in the middle, where it should be.  Not too noisy, not too quiet.  Telemetry I feel is critical whereas alerting is configurable, but only on detections and telemetry.

 

So our Apex One product ran into a mean and ruthless bear and came away healthy.  But that summary is a simplification and doesn’t capture all the nuance to the testing.  Below are my takeaways for you of what the MITRE ATT&CK Framework is, and how to go about interpreting the results.

 

Takeaway #1 – ATT&CK is Scenario Based

The MITRE ATT&CK Framework is intriguing to me as it mixes real world attack methods by specific adversaries with a model for detection for use by SOCs and product makers.  The ATT&CK Framework Evaluations do this but in a lab environment to assess how security products would likely handle an attack by that adversary and their usual methods.  There had always been a clear divide between pen testing and lab testing and ATT&CK was kind of mixing both.  COZY BEAR is super interesting because those attacks were widely known for being quite sophisticated and being state-sponsored, and targeted the White House and US Democratic Party.  COZY BEAR and its family of derivatives use backdoors, droppers, obfuscation, and careful exfiltration.

 

Takeaway #2 – Look At All The Threat Group Evals For The Best Picture

I see the tradeoffs as ATT&CK evals are only looking at that one scenario, but that scenario is very reality based and with enough evals across enough scenarios a narrative is there to better understand a product.  Trend did great on the most recently released APT/29/COZY BEAR evaluation, but my point is that a product is only as good as all the evaluations. I always advised Magic Quadrant or NSS Value Map readers to look at older versions in order to paint a picture over time of what trajectory a product had.

 

Takeaway #3 – It’s Detection Focused (Only)

The APT29 test like most Att&ck evals is testing detection, not prevention nor other parts of products (e.g. support).  The downside is that a product’s ability to block the attacks isn’t evaluated, at least not yet.  In fact blocking functions have to be disabled for parts of the test to be done.  I get that – you can’t test the upstairs alarm with the attack dog roaming the downstairs.  Starting with poor detection never ends well, so the test methodology seems to be focused on ”if you can detect it you can block it”.  Some pen tests are criticized that a specific scenario isn’t realistic because A would stop it before B could ever occur.  IPS signature writers everywhere should nod in agreement on that one. I support MITRE on how they constructed the methodology because there has to be limitations and scope on every lab test, but readers too need to understand those limitations and scopes.  I believe that the next round of tests will include protection (blocking) as well, so that is cool.

 

Takeaway #4 – Choose Your Own Weather Forecast

Att&ck is no magazine style review.  There is no final grade or comparison of products.  To fully embrace Att&ck imagine being provided dozens of very sound yet complex meteorological measurements and being left to decide on what the weather will be. Or have vendors carpet bomb you with press releases of their interpretations.  I’ve been deep into the numbers of the latest eval scores and when looking at some of the blogs and press releases out there they almost had me convinced they did well even when I read the data at hand showing they didn’t.  I guess a less jaded view is that the results can be interpreted in many ways, some of them quite creative.  It brings to mind the great quote from the Lockpicking Lawyer review “the threat model does not include an attacker with a screwdriver”.

 

Josh Zelonis at Forrester provides a great example of the level of work required to parse the test outcomes, and he provides extended analysis on Github here that is easier on the eyes than the above.  Even that great work product requires the context of what the categories mean.  I understand that MITRE is taking the stance of “we do the tests, you interpret the data” in order to pick fewer fights and accommodate different use cases and SOC workflows, but that is a lot to put on buyers. I repeat: there’s a lot of nuance in the terms and test report categories.

 

If, in the absence of Josh’s work, if I have to pick one metric Detection Rate is likely the best one.  Note that Detection rate isn’t 100% for any product in the APT29 test, because of the meaning of that metric.  The best secondary metrics I like are Techniques and Telemetry.  Tactics sounds like a good thing, but in the framework it is lesser than Techniques, as Tactics are generalized bad things (“Something moving outside!”) and Techniques are more specific detections (“Healthy adult male Lion seen outside door”), so a higher score in Techniques combined with a low score in Tactics is a good thing.  Telemetry scoring is, to me, best right in the middle.  Not too many alerts (noisy/fatiguing) and not too few (“about that lion I saw 5 minutes ago”).

 

Here’s an example of the interpretations that are valuable to me.  Looking at the Trend Micro eval source page here I get info on detections in the steps, or how many of the 134 total steps in the test were detected.  I’ll start by excluding any human involvement and exclude the MSSP detections and look at unassisted only.  But the numbers are spread across all 20 test steps, so I’ll use Josh’s spreadsheet shows 115 of 134 steps visible, or 85.82%.  I do some averaging on the visibility scores across all the products evaluated and that is 66.63%, which is almost 30% less.  Besides the lesson that the data needs gathering and interpretation, it highlights that no product spotted 100% across all steps and the spread was wide. I’ll now look at the impact of human involvement add in the MSSP detections and the Trend number goes to 91%.  Much clinking of glasses heard from the endpoint dev team.  But if I’m not using an MSSP service that… you see my point about context/use-case/workflow.  There’s effectively some double counting (i.e. a penalty, so that when removing MSSP it inordinately drops the detection ) of the MSSP factor when removing it in the analyses, but I’ll leave that to a future post.  There’s no shortage of fodder for security testing nerds.

 

Takeaway #5 – Data Is Always Good

Security test nerdery aside, this eval is a great thing and the data from it is very valuable.  Having this kind of evaluation makes security products and the uses we put them to better.  So dig into ATT&CK and read it considering not just product evaluations but how your organization’s framework for detecting and processing attacks maps to the various threat campaigns. We’ll no doubt have more posts on APT29 and upcoming evals.

 

*I was a Common Criteria tester in a place that also ran a FIPS 140-2 lab.  Did you know that at Level 4 of FIPS a freezer is used as an exploit attempt? I even dipped my toe into the arcane area of Formal Methods using the GYPSY methodology and ran from it screaming “X just equals X!  We don’t need to prove that!”. The deepest testing rathole I can recall was doing a portability test of the Orange Book B1 rating for MVS RACF when using logical partitions. I’m never getting those months of my life back. I’ve been pretty active in interacting with most security testing labs like NSS and ICSA and their schemes (that’s not a pejorative, but testing nerds like to use British usages to sound more learned) for decades because I thought it was important to understand the scope and limits of testing before accepting it in any product buying decisions. If you want to make Common Criteria nerds laugh point out something bad that has happened and just say “that’s not bad, it was just mistakenly put in scope”, and that will then upset the FIPS testers because a crypto boundary is a very real thing and not something real testers joke about.  And yes, Common Criteria is the MySpace of tests.

The post Getting ATT&CKed By A Cozy Bear And Being Really Happy About It: What MITRE Evaluations Are, and How To Read Them appeared first on .

Principles of a Cloud Migration – Security, The W5H – Episode WHAT?

Teaching you to be a Natural Born Pillar!

Last week, we took you through the “WHO” of securing a cloud migration here, detailing each of the roles involved with implementing a successful security practice during a cloud migration. Read: everyone. This week, I will be touching on the “WHAT” of security; the key principles required before your first workload moves.  The Well-Architected Framework Security Pillar will be the baseline for this article since it thoroughly explains security concepts in a best practice cloud design.

If you are not familiar with the AWS Well-Architected Framework, go google it right now. I can wait. I’m sure telling readers to leave the article they’re currently reading is a cardinal sin in marketing, but it really is important to understand just how powerful this framework is. Wait, this blog is html ready – here’s the link: https://wa.aws.amazon.com/index.en.html. It consists of five pillars that include best practice information written by architects with vast experience in each area.

Since the topic here is Security, I’ll start by giving a look into this pillar. However, I plan on writing about each and as I do, each one of the graphics above will become a link. Internet Magic!

There are seven principles as a part of the security framework, as follows:

	Implement a strong identity foundation Enable traceability Apply security at all layers Automate security best practices Protect data in transit and at rest Keep people away from data Prepare for security events

Now, a lot of these principles can be solved by using native cloud services and usually these are the easiest to implement. One thing the framework does not give you is suggestions on how to set up or configure these services. While it might reference turning on multi-factor authentication as a necessary step for your identity and access management policy, it is not on by default. Same thing with file object encryption. It is there for you to use but not necessarily enabled on the ones you create.

Here is where I make a super cool (and free) recommendation on technology to accelerate your learning about these topics. We have a knowledge base with hundreds of cloud rules mapped to the Well-Architected Framework (and others!) to help accelerate your knowledge during and after your cloud migration. Let us take the use case above on multi-factor authentication. Our knowledge base article here details the four R’s: Risk, Reason, Rationale, and References on why MFA is a security best practice.

Starting with a Risk Level and detailing out why this is presents a threat to your configurations is a great way to begin prioritizing findings.  It also includes the different compliance mandates and Well-Architected pillar (obviously Security in this case) as well as descriptive links to the different frameworks to get even more details.

The reason this knowledge base rule is in place is also included. This gives you and your teams context to the rule and helps further drive your posture during your cloud migration. Sample reason is as follows for our MFA Use Case:

“As a security best practice, it is always recommended to supplement your IAM user names and passwords by requiring a one-time passcode during authentication. This method is known as AWS Multi-Factor Authentication and allows you to enable extra security for your privileged IAM users. Multi-Factor Authentication (MFA) is a simple and efficient method of verifying your IAM user identity by requiring an authentication code generated by a virtual or hardware device on top of your usual access credentials (i.e. user name and password). The MFA device signature adds an additional layer of protection on top of your existing user credentials making your AWS account virtually impossible to breach without the unique code generated by the device.”

If Reason is the “what” of the rule, Rationale is the “why” supplying you with the need for adoption.  Again, perfect for confirming your cloud migration path and strategy along the way.

“Monitoring IAM access in real-time for vulnerability assessment is essential for keeping your AWS account safe. When an IAM user has administrator-level permissions (i.e. can modify or remove any resource, access any data in your AWS environment and can use any service or component – except the Billing and Cost Management service), just as with the AWS root account user, it is mandatory to secure the IAM user login with Multi-Factor Authentication.

Implementing MFA-based authentication for your IAM users represents the best way to protect your AWS resources and services against unauthorized users or attackers, as MFA adds extra security to the authentication process by forcing IAM users to enter a unique code generated by an approved authentication device.”

Finally, all the references for each of the risk, reason, and rationale, are included at the bottom which helps provide additional clarity. You’ll also notice remediation steps, the 5^th ‘R’ when applicable, which shows you how to actually the correct the problem.

All of this data is included to the community as Trend Micro continues to be a valued security research firm helping the world be safe for exchanging digital information. Explore all the rules we have available in our public knowledge base: https://www.cloudconformity.com/knowledge-base/.

This blog is part of a multi-part series dealing with the principles of a successful cloud migration.  For more information, start at the first post here: https://blog.trendmicro.com/principles-of-a-cloud-migration-from-step-one-to-done/

The post Principles of a Cloud Migration – Security, The W5H – Episode WHAT? appeared first on .

Trend Micro’s Top Ten MITRE Evaluation Considerations

The introduction of the MITRE ATT&CK evaluations is a welcomed addition to the third-party testing arena. The ATT&CK framework, and the evaluations in particular, have gone such a long way in helping advance the security industry as a whole, and the individual security products serving the market.

The insight garnered from these evaluations is incredibly useful.  But let’s admit, for everyone except those steeped in the analysis, it can be hard to understand. The information is valuable, but dense. There are multiple ways to look at the data and even more ways to interpret and present the results (as no doubt you’ve already come to realize after reading all the vendor blogs and industry articles!) We have been looking at the data for the past week since it published, and still have more to examine over the coming days and weeks.

The more we assess the information, the clearer the story becomes, so we wanted to share with you Trend Micro’s 10 key takeaways for our results:

1. Looking at the results of the first run of the evaluation is important:

Trend Micro ranked first in initial overall detection. We are the leader in detections based on initial product configurations. This evaluation enabled vendors to make product adjustments after a first run of the test to boost detection rates on a re-test. The MITRE results show the final results after all product changes. If you assess what the product could detect as originally provided, we had the best detection coverage among the pool of 21 vendors. This is important to consider because product adjustments can vary in significance and may or may not be immediately available in vendors’ current product. We also believe it is easier to do better, once you know what the attacker was doing – in the real world, customers don’t get a second try against an attack. Having said that, we too took advantage of the retest opportunity since it allows us to identify product improvements, but our overall detections were so high, that even removing those associated with a configuration change, we still ranked first overall.

	And so no one thinks we are just spinning… without making any kind of exclusions to the data at all, and just taking the MITRE results in their entirety, Trend Micro had the second highest detection rate, with 91+% detection coverage.

2. There is a hierarchy in the type of main detections – Techniques is most significant

There is a natural hierarchy in the value of the different types of main detections. A general detection indicates that something was deemed suspicious but it was not assigned to a specific tactic or technique. A detection on tactic means the detection can be attributed to a tactical goal (e.g. credential access). Finally, a detection on technique means the detection can be attributed to a specific adversarial action (e.g. credential dumping). We have strong detection on techniques, which is a better detection measure. With the individual MITRE technique identified, the associated tactic can be determined, as typically, there are only a handful of tactics that would apply to a specific technique. When comparing results, you can see that vendors had lower tactic detections on the whole, demonstrating a general acknowledgement of where the priority should lie. Likewise, the fact that we had lower general detections compared to technique detections is a positive. General detections are typically associated with a signature; as such, this proves that we have a low reliance on AV. It is also important to note that we did well in telemetry which gives security analysts access to the type and depth of visibility they need when looking into detailed attacker activity across assets.

https://attackevals.mitre.org/APT29/detection-categories.html 

3. More alerts does not equal better alerting – quite the opposite

At first glance, some may expect one should have the same number of alerts as detections. But not all detections are created equal, and not everything should have an alert (remember, these detections are for low level attack steps, not for separate attacks.) Too many alerts can lead to alert fatigue and add to the difficulty of sorting through the noise to what is most important. When you consider the alerts associated with our higher-fidelity detections (e.g. detection on technique), you can see that the results show that Trend Micro did very well at reducing the noise of all of the detections into a minimal volume of meaningful/actionable alerts.

4. Managed Service detections are not exclusive

Our MDR analysts contributed to the “delayed detection” category. This is where the detection involved human action and may not have been initiated automatically. Our results shows the strength of our MDR service as one way for detection and enrichment. If an MDR service was included in this evaluation, we believe you would want to see it provide good coverage, as it demonstrates that the team is able to detect based on the telemetry collected. What is important to note though is that the numbers for the delayed detection don’t necessarily mean it was the only way a detection was/could be made; the same detection could be identified by other means. There are overlaps between detection categories. Our detection coverage results would have remained strong without this human involvement – approximately 86% detection coverage (with MDR, it boosted it up to 91%).

5. Let’s not forget about the effectiveness and need for blocking!

	This MITRE evaluation did not test for a product’s ability to block/protect from an attack, but rather exclusively looks at how effective a product is at detecting an event that has happened, so there is no measure of prevention efficacy included. This is significant for Trend, as our philosophy is to block and prevent as much as you can so customers have less to clean up/mitigate.

6. We need to look through more than the Windows

	This evaluation looked at Windows endpoints and servers only; it did not look at Linux for example, where of course Trend has a great deal of strength in capability. We look forward to the expansion of the operating systems in scope. Mitre has already announced that the next round will include a linux system.

7. The evaluation shows where our product is going

We believe the first priority for this evaluation is the main detections (for example, detecting on techniques as discussed above). Correlation falls into the modifier detection category, which looks at what happens above and beyond an initial detection. We are happy with our main detections, and see great opportunity to boost our correlation capabilities with Trend Micro XDR, which we have been investing in heavily and is at the core of the capabilities we will be delivering in product to customers as of late June 2020. This evaluation did not assess our correlation across email security; so there is correlation value we can deliver to customers beyond what is represented here.

8. This evaluation is helping us make our product better

The insight this evaluation has provided us has been invaluable and has helped us identify areas for improvement and we have initiate product updates as a result. As well, having a product with a “detection only” mode option helps augment the SOC intel, so our participation in this evaluation has enabled us to make our product even more flexible to configure; and therefore, a more powerful tool for the SOC. While some vendors try to use it against us, our extra detections after config change show that we can adapt to the changing threat landscape quickly when needed.

9. MITRE is more than the evaluation

While the evaluation is important, it is important to recognize MITRE ATT&CK as an important knowledge base that the security industry can both align and contribute to. Having a common language and framework to better explain how adversaries behave, what they are trying to do, and how they are trying to do it, makes the entire industry more powerful. Among the many things we do with or around MITRE, Trend has and continues to contribute new techniques to the framework matrices and is leveraging it within our products using ATT&CK as a common language for alerts and detection descriptions, and for searching parameters.

10. It is hard not to get confused by the fud!

MITRE does not score, rank or provide side by side comparison of products, so unlike other tests or industry analyst reports, there is no set of “leaders” identified. As this evaluation assesses multiple factors, there are many different ways to view, interpret and present the results (as we did here in this blog). It is important that individual organizations understand the framework, the evaluation, and most importantly what their own priorities and needs are, as this is the only way to map the results to the individual use cases. Look to your vendors to help explain the results, in the context that makes sense for you. It should be our responsibility to help educate, not exploit.

The post Trend Micro’s Top Ten MITRE Evaluation Considerations appeared first on .

Principles of a Cloud Migration – Security W5H – The When

If you have to ask yourself when to implement security, you probably need a time machine!

Security is as important to your migration as the actual workload you are moving to the cloud. Read that again.

It is essential to be planning and integrating security at every single layer of both architecture and implementation. What I mean by that, is if you’re doing a disaster recovery migration, you need to make sure that security is ready for the infrastructure, your shiny new cloud space, as well as the operations supporting it. Will your current security tools be effective in the cloud? Will they still be able to do their task in the cloud? Do your teams have a method of gathering the same security data from the cloud? More importantly, if you’re doing an application migration to the cloud, when you actually implement security means a lot for your cost optimization as well.

NIST Planning Report 02-3

In this graph, it’s easy to see that the earlier you can find and resolve security threats, not only do you lessen the workload of infosec, but you also significantly reduce your costs of resolution. This can be achieved through a combination of tools and processes to really help empower development to take on security tasks sooner. I’ve also witnessed time and time again that there’s friction between security and application teams often resulting in Shadow IT projects and an overall lack of visibility and trust.

Start there. Start with bringing these teams together, uniting them under a common goal: Providing value to your customer base through agile secure development. Empower both teams to learn about each other’s processes while keeping the customer as your focus. This will ultimately bring more value to everyone involved.

At Trend Micro, we’ve curated a number of security resources designed for DevOps audiences through our Art of Cybersecurity campaign.  You can find it at https://www.trendmicro.com/devops/.

Also highlighted on this page is Mark Nunnikhoven’s #LetsTalkCloud series, which is a live stream series on LinkedIn and YouTube. Seasons 1 and 2 have some amazing content around security with a DevOps focus – stay tuned for Season 3 to start soon!

This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html.

Also, feel free to give me a follow on LinkedIn for additional security content to use throughout your cloud journey!

The post Principles of a Cloud Migration – Security W5H – The When appeared first on .

Principles of a Cloud Migration – Security W5H – The WHERE

“Wherever I go, there I am” -Security

I recently had a discussion with a large organization that had a few workloads in multiple clouds while assembling a cloud security focused team to build out their security policy moving forward.  It’s one of my favorite conversations to have since I’m not just talking about Trend Micro solutions and how they can help organizations be successful, but more so on how a business approaches the creation of their security policy to achieve a successful center of operational excellence.  While I will talk more about the COE (center of operational excellence) in a future blog series, I want to dive into the core of the discussion – where do we add security in the cloud?

We started discussing how to secure these new cloud native services like hosted services, serverless, container infrastructures, etc., and how to add these security strategies into their ever-evolving security policy.

Quick note: If your cloud security policy is not ever-evolving, it’s out of date. More on that later.

A colleague and friend of mine, Bryan Webster, presented a concept that traditional security models have been always been about three things: Best Practice Configuration for Access and Provisioning, Walls that Block Things, and Agents that Inspect Things.  We have relied heavily on these principles since the first computer was connected to another. I present to you this handy graphic he presented to illustrate the last two points.

But as we move to secure cloud native services, some of these are outside our walls, and some don’t allow the ability to install an agent.  So WHERE does security go now?

Actually, it’s not all that different – just how it’s deployed and implemented. Start by removing the thinking that security controls are tied to specific implementations. You don’t need an intrusion prevention wall that’s a hardware appliance much like you don’t need an agent installed to do anti-malware. There will also be a big focus on your configuration, permissions, and other best practices.  Use security benchmarks like the AWS Well-Architected, CIS, and SANS to help build an adaptable security policy that can meet the needs of the business moving forward.  You might also want to consider consolidating technologies into a cloud-centric service platform like Trend Micro Cloud One, which enables builders to protect their assets regardless of what’s being built.  Need IPS for your serverless functions or containers?  Try Cloud One Application Security!  Do you want to push security further left into your development pipeline? Take a look at Trend Micro Container Security for Pre-Runtime Container Scanning or Cloud One Conformity for helping developers scan your Infrastructure as Code.

Keep in mind – wherever you implement security, there it is. Make sure that it’s in a place to achieve the goals of your security policy using a combination of people, process, and products, all working together to make your business successful!

This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html.

Also, feel free to give me a follow on LinkedIn for additional security content to use throughout your cloud journey!

The post Principles of a Cloud Migration – Security W5H – The WHERE appeared first on .

From Bugs to Zoombombing: How to Stay Safe in Online Meetings

The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.

The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).

Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.

What are the risks?

Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.

Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.

The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.

To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:

Exploiting vulnerabilities in the video conferencing software, particularly when it hasn’t been updated to fend off the latest threats Stealing your log-ins/meeting ID via malware or phishing attacks; or by obtaining a meeting ID or password shared on social media Hiding malware in legitimate-looking video apps, links and files Theft of sensitive data from meeting recordings stored locally or in the cloud.

Zooming in on trouble

Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.

And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.

More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.

Video conferencing alternatives

So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.

In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.

Some video conferencing options alongside Zoom, WebEx, and Teams include:

Signal which is end-to-end encrypted and highly secure, but only supports one-to-one calls. FaceTime, Apple’s video chat tool, is easy-to-use and end-to-end encrypted, but is only available to Mac and iOS users. Jitsi Meet is a free, open-source video conferencing app that works on Android, iOS, and desktop devices, with no limit on participants beyond your bandwidth. Skype Meet Now is Microsoft’s free, popular conferencing tool for up to 50 users that can be used without an account, (in contrast to Teams, which is a paid, more business-focused platform for Office 365 users). Google Duo is a free option for video calls only, while the firm’s Hangouts platform can also be used for messaging. Hangouts Meet is a more business-focused paid version. Doxy.me is a well-known telemedicine platform used by doctors and therapists that works through your browser—so it’s up to you to keep your browser updated and to ensure the appropriate security and privacy settings are in place. Secure medical consultation with your healthcare provider is of particular concern during the shelter- and work-from-home quarantine.

How do I stay safe?

Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.

Check for end-to-end encryption before getting onboard with the app. This includes encryption for data at rest. Ensure that you generate one-off meeting IDs and passwords automatically for recurring meetings (Zoom). Don’t share any meeting IDs online. Use the “waiting room” feature in Zoom (now fixed), so the host can only allow attendees from a pre-assigned list. Lock the meeting once it’s started to stop anyone new from joining. Allow the host to put attendees on hold, temporarily removing them from a meeting if necessary. Play a sound when someone enters or leaves the room. Set screen-sharing to “host only” to stop uninvited guests from sharing disruptive content. Disable “file transfers” to block possible malware. Keep your systems patched and up-to-date so there are no bugs that hackers can target. Only download conferencing apps from official iOS/Android stores and manufacturer websites. Never click on links or open attachments in unsolicited mail. Check the settings in your video conferencing account. Switch off camera access if you don’t want to appear on-screen. Use a password manager for video conferencing app log-ins. Enhance passwords with two-factor authentication (2FA) or Single-Sign-On (SSO) to protect access, if available. Install anti-malware software from a reputable vendor on all devices and PCs. And implement a network security solution if you can.

How Trend Micro can help

Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.

Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.

Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.

Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.

The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .

Is Cloud Computing Any Safer From Malicious Hackers?

Cloud computing has revolutionized the IT world, making it easier for companies to deploy infrastructure and applications and deliver their services to the public. The idea of not spending millions of dollars on equipment and facilities to host an on-premises data center is a very attractive prospect to many. And certainly, moving resources to the cloud just has to be safer, right? The cloud provider is going to keep our data and applications safe for sure. Hackers won’t stand a chance. Wrong. More commonly than anyone should, I often hear this delusion from many customers. The truth of the matter is, without proper configuration and the right skillsets administering the cloud presence, as well as practicing common-sense security practices, cloud services are just (if not more) vulnerable.

The Shared Responsibility Model

Before going any further, we need to discuss the shared responsibility model of the cloud service provider and user.

When planning your migration to the cloud, one needs to be aware of which responsibilities belong to which entity. As the chart above shows, the cloud service provider is responsible for the cloud infrastructure security and physical security of such. By contrast, the customer is responsible for their own data, the security of their workloads (all the way to the OS layer), as well as the internal network within the companies VPC’s.

One more pretty important aspect that remains in the hands of the customer is access control. Who has access to what resources? This is really no different than it’s been in the past, exception being the physical security of the data center is handled by the CSP as opposed to the on-prem security, but the company (specifically IT and IT security) are responsible for locking down those resources efficiently.

Many times, this shared responsibility model is overlooked, and poor assumptions are made the security of a company’s resources. Chaos ensues, and probably a firing or two.

So now that we have established the shared responsibility model and that the customer is responsible for their own resource and data security, let’s take a look at some of the more common security issues that can affect the cloud.

Amazon S3 

Amazon S3 is a truly great service from Amazon Web Services. Being able to store data, host static sites or create storage for applications are widely used use cases for this service. S3 buckets are also a prime target for malicious actors, since many times they end up misconfigured.

One such instance occurred in 2017 when Booz Allen Hamilton, a defense contractor for the United States, was pillaged of battlefield imagery as well as administrator credentials to sensitive systems.

Yet another instance occurred in 2017, when due to an insecure Amazon S3 bucket, the records of 198 million American voters were exposed. Chances are if you’re reading this, there’s a good chance this breach got you.

A more recent breach of an Amazon S3 bucket (and I use the word “breach,” however most of these instances were a result of poor configuration and public exposure, not a hacker breaking in using sophisticated techniques) had to do with the cloud storage provider “Data Deposit Box.” Utilizing Amazon S3 buckets for storage, a configuration issue caused the leak of more than 270,000 personal files as well as personal identifiable information (PII) of its users.

One last thing to touch on the subject of cloud file storage has to do with how many organizations are using Amazon S3 to store uploaded data from customers as a place to send for processing by other parts of the application. The problem here is how do we know if what’s being uploaded is malicious or not? This question comes up more and more as I speak to more customers and peers in the IT world.

API

APIs are great. They allow you to interact with programs and services in a programmatic and automated way. When it comes to the cloud, APIs allow administrators to interact with services, an in fact, they are really a cornerstone of all cloud services, as it allows the different services to communicate. As with anything in this world, this also opens a world of danger.

Let’s start with the API gateway, a common construct in the cloud to allow communication to backend applications. The API gateway itself is a target, because it can allow a hacker to manipulate the gateway, and allow unwanted traffic through. API gateways were designed to be integrated into applications. They were not designed for security. This means untrusted connections can come into said gateway and perhaps retrieve data that individual shouldn’t see. Likewise, the API requests to the gateway can come with malicious payloads.

Another attack that can affect your API gateway and likewise the application behind it, is a DDOS attack. The common answer to defend against this is Web Application Firewall (WAF). The problem is WAFs struggle to deal with low, slow DDOS attacks, because the steady stream of requests looks like normal traffic. A really great way to deter DDOS attacks at the API gateway however is to limit the number of requests for each method.

A great way to prevent API attacks lies in the configuration. Denying anonymous access is huge. Likewise, changing tokens, passwords and keys limit the chance effective credentials can be used. Lastly, disabling any type of clear-text authentication. Furthermore, enforcing SSL/TLS encryption and implementing multifactor authentication are great deterrents.

Compute

No cloud service would be complete without compute resources. This is when an organization builds out virtual machines to host applications and services. This also introduces yet another attack surface, and once again, this is not protected by the cloud service provider. This is purely the customers responsibility.

Many times, in discussing my customers’ migration from an on-premises datacenter to the cloud, one of the common methods is the “lift-and-shift” approach. This means customers take the virtual machines they have running in their datacenter and simply migrating those machines to the cloud. Now, the question is, what kind of security assessment was done on those virtual machines prior to migrating? Were those machines patched? Were discovered security flaws fixed? In my personal experience the answer is no. Therefore, these organizations are simply taking their problems from one location to the next. The security holes still exist and could potentially be exploited, especially if the server is public facing or network policies are improperly applied. For this type of process, I think a better way to look at this is “correct-and-lift-and-shift”.

Now once organizations have already established their cloud presence, they will eventually need to deploy new resources, and this can mean developing or building upon a machine image. The most important thing to remember here is that these are computers. They are still vulnerable to malware, so regardless of being in the cloud or not, the same security controls are required including things like anti-malware, host IPS, integrity monitoring and application control just to name a few.

Networking

Cloud services make it incredibly easy to deploy networks and divide them into subnets and even allow cross network communication. They also give you the ability to lock down the types of traffic that are allowed to traverse those networks to reach resources. This is where security groups come in. These security groups are configured by people, so there’s always that chance that a port is open that shouldn’t be, opening a potential vulnerability. It’s incredibly important from this perspective to really have a grasp on what a compute resource is talking to and why, so the proper security measures can be applied.

So is the cloud really safe from hackers? No safer than anything else unless organizations make sure they’re taking security in their hands and understand where their responsibility begins, and the cloud service provider’s ends. The arms war between hackers and security professionals is still the same as it ever was, the battleground just changed.

The post Is Cloud Computing Any Safer From Malicious Hackers? appeared first on .

Securing the Connected World with Support for The Shadowserver Foundation

If the first few months of 2020 have taught us anything, it’s the importance of collaboration and partnership to tackle a common enemy. This is true of efforts to fight the current pandemic, and it’s also true of the fight against cybercrime. That’s why Trend Micro has, over the years, struck partnerships with various organizations that share a common goal of securing our connected world.

So when we heard that one of these partners, the non-profit Shadowserver Foundation, was in urgent need of financial help, we didn’t hesitate to step in. Our new $600,000 commitment over three years will help to support the vital work it does collecting and sharing global threat data for the next three years.

What is Shadowserver?

Founded in 2004, The Shadowserver Foundation is now one of the world’s leading resources for reporting vulnerabilities, threats and malicious activity. Their work has helped to pioneer a more collaborative approach among the international cybersecurity community, from vendors and academia to governments and law enforcement.

Today, its volunteers, 16 full-time staff and global infrastructure of sinkholes, honeypots and honeyclients help run 45 scans across 4 billion IPv4 addresses every single day. It also performs daily sandbox scans on 713,000 unique malware samples, to add to the 12 Petabytes of malware and threat intelligence already stored on its servers. Thousands of network owners, including 109 CSIRTS in 138 countries worldwide, rely on the resulting daily reports — which are available free of charge to help make the digital world a safer place.

A Global Effort

Trend Micro is a long-time partner of The Shadowserver Foundation. We automatically share new malware samples via its malware exchange program, with the end goal of improving protection for both Trend Micro customers and Shadowserver subscribers around the world. Not only that, but we regularly collaborate on global law enforcement-led investigations. Our vision and mission statements of working towards a more secure, connected world couldn’t be more closely aligned.

As COVID-19 has brutally illustrated, protecting one’s own backyard is not enough to tackle a global challenge. Instead, we need to reach out and build alliances to take on the threats and those behind them, wherever they are. These are even more pronounced at a time when remote working has dramatically expanded the corporate attack surface, and offered new opportunities for the black hats to prosper by taking advantage of distracted employees and stretched security teams.

The money Trend Micro has donated over the next three years will help the Shadowserver Foundation migrate to the new data center it urgently needs and support operational costs that combined will exceed $2 million in 2020. We wish the team well with their plans for this year.

It’s no exaggeration to say that our shared digital world is a safer place today because of their efforts, and we hope to continue to collaborate long into the future

The post Securing the Connected World with Support for The Shadowserver Foundation appeared first on .

21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac

Nowadays, Macs are part of the work-from-home workforce during the COVID-19 pandemic. If you’ve brought a Mac from the office to home, it’s likely your IT department has already set it up to meet your company’s security policies. But what if you’re enlisting a Mac already at home to do duty for your company? You need to outfit it for business, to protect it and your company from infections and snooping, while ensuring it continues to run smoothly over time.

Here are 21 tips for staying secure, private, and productive while working from home on your Mac—while also making sure your personal “helpdesk” is in place, should you run into problems while doing your work.

How to guard against viruses and cyber threats on your Mac

While good security habits are important for all Mac users (since, contrary to popular opinion, Macs are as vulnerable to malicious attacks as PCs), you need to take special care when working from home on your Mac because you’ll be interacting with your company’s applications and platforms over the internet. Start your “security upgrade” with the Mac itself, to keep it free of viruses and malware. Make sure your security checklist includes the following:

Secure Your Mac. Ensure your Mac is in a secure, safe place, where family members can’t shoulder surf or use it, then set up a work account on your Mac (separate from your personal account), complete with a unique, complex password (disable automatic login), with only work-approved apps active on the account. Set the Mac to automatically lock one minute after sleep or your screen saver begins. Then turn on the Mac’s Firewall (if it’s not already on) and enable Stealth Mode, which will block incoming network requests from test applications. Keep Up to Date. Keep your Mac OS system, Web browser, and main work apps (e.g., Microsoft Office) up to date. Application updates often contain security improvements as well as bug fixes. Be Communication-Cautious. Use your messaging and email apps only for work, so as not to contaminate them with unexpected communications from friends, family, or strangers. Be particularly aware of phishing emails with potentially bad links and attachments, or with buttons to “help you log into” online accounts to allegedly adjust or renew some crucial account data. Credential data theft can be a doorway not only to the data on your Mac, but to your company’s online systems. Install Antivirus. Install endpoint security software on your Mac, if you don’t already have it. The solution should protect you from Web threats and when downloading files, and in the event something malicious lands on your disk, its scanning technology will help you remove the infection. The best endpoint protection will protect you and your files proactively from ransomware as well.

Trend Micro Mac Endpoint Security solutions include:

Trend Micro Ad Block One. Blocks ads and popups in your Safari browser. Trend Micro Antivirus One. Protects your Mac from adware, ransomware, spyware, and malware. Trend Micro Antivirus for Mac. Offers a full-protection solution for your Mac. When you install Antivirus for Mac, your endpoint security includes the Trend Micro Toolbar for Web Threat Protection, Fraud Buster for protection from phishing in Microsoft Outlook, and Folder Shield for protecting sensitive files from encryption by ransomware.

How to guard your privacy on Mac

Next, you need to make sure your work remains private. This means creating a “chain of privacy” that extends from your Mac over the internet to your company’s servers, so that each link in the chain is “locked” to ensure your company data remains private.

Harden Your Mac. Enable FileVault (which encrypts your data), making sure you secure but remember your login password or recovery key; otherwise your data will become inaccessible. This ensures that if your Mac is stolen, the thief won’t have access to your company’s data. Protect Your Router. Most routers come with default settings (Admin and Password), which can make your router vulnerable to hacker attacks. Change the default Admin and Password on the router to strong, unique alphanumeric strings. Encrypt Your Network. Use an Ethernet connection from your Mac to the router; or if you must, a WPA-2 encrypted Wi-Fi connection with unique password access. And consider moving your family and their devices to the guest network, if your router supports the same WPA-2 protection for guests. Deploy Network Security. Deploy a network security solution, to protect all the smart devices in your home network, since a breach on any device (e.g., your smart speaker, your security camera) could affect the privacy of all your devices, including your work Mac. The network security solution should enable you to block incoming connections from remote-access software and to manage your family’s devices. Use a VPN. This ensures a secure and private tunnel between the Mac on your home network and your company’s servers, encrypting your data from the moment it’s transmitted. Use Strong Authentication. Use strong authentication whenever possible, both locally on your Mac and for online account logins. This can include Single-Sign On (SSO) solutions, PINs, Facial Recognition and Multi-factor Authentication (MFA) tools. Use Secure Video Conferencing. For team conference calls/video meetings, make sure your chosen solution has end-to-end encryption and proper access controls. Consider using headphones to better privatize your teammates’ conversation. Use a Password Manager. This ensures the privacy of all your company login credentials, since you don’t want to store them in your browser, where they can be hacked. Use Cloud Sync; Encrypt and Detach Local Backups. You’re probably accustomed to using iCloud for cloud sync/backup, but if you’re already using Microsoft Office, consider using OneDrive for Business, since it’s integrated with Office. And don’t use a USB memory stick for backup. Instead, when you’re doing your weekly local backup via Time Machine, use a hard drive that can be disconnected and locked when your backup is finished.

Trend Micro Mac Privacy/Security solutions include:

Trend Micro Home Network Security. Ensures your network and all the smart devices on it are secure, while providing Android and iOS apps to manage the network. Trend Micro VPN Proxy One / WiFi Protection. VPN Proxy One protects your Mac and iOS devices with an emphasis on Privacy, while WiFi Protection emphasizes Security across all four platforms, including Mac, iOS, Windows and Android devices. Trend Micro Password Manager for Mac. Trend Micro’s Password Manager is available for Mac, Windows, iOS, and Android devices. Synch your passwords across all platforms.

Tips and tricks to maximize your Mac

Working from home means contending with home distractions (though working in the office has its own set of distractions too). Staying productive therefore includes setting good work and break habits, physically optimizing your work-from-home Mac setup, and keeping your Mac in good working order. Effective and productive remote working, when it comes setting up good work habits, using efficiency maximizing tools, and separating work from home activities, is a whole topic in itself. Here we include only those tips that directly affect the healthy operation and optimization of your Mac:

Deploy a Second Display. Hook up a large or second monitor to your Mac, for increased workspace. New MacBook users on Catalina MacOS can also attach an iPad with iOS 13 via Sidecar for use as a second monitor. Hook Up iPhone Calling to Your Mac. For efficiency’s sake, when your iPhone and Mac are on the same Wi-Fi network, you can make phone calls with your Mac by tying it to your iPhone and its cellular plan. The microphone and speakers of your Mac will be enlisted in the call. Ensure your Mac’s Contacts app includes your business contact cards and for easy Mac-assisted calling to your associates. Use Dictation. Now’s the chance for you to use the built-in dictation tools on your Mac (and iOS) to speed up writing letters, emails, memos, etc. Use Web Apps. Use the Web version of your office apps when possible; e.g., Microsoft Office 365, which includes Web Outlook, Word, Calendar, People, Sharepoint, Planner, Notes, OneDrive, etc. for efficient collaboration, reverting to the installed desktop apps when necessary. This can reduce the data footprint on your Mac. Periodically Optimize Your Mac. Every computer slows down over time, especially when doing heavy-duty work, due to system and application clutter, as well as duplication of files. Your home Mac may also be a bit short on memory and CPU power, so periodic use of Mac optimization tools, Apple’s or a third-party’s, can help ensure your Mac stays up to speed for maximum productivity.

Trend Micro Performance tools include:

	Trend Micro Cleaner One Pro for Mac. This solution can help you monitor and clean the Memory, CPU, and Network Usage on your Mac. Its System Optimizer tools include complete file cleanup and a shredder for junk, big, and duplicate files, as well as a tool for controlling apps upon startup.

How to get remote computer assistance for your Mac

Finally, should things go wrong at any time with your working Mac setup, you need to make sure to have a work-from-home “Help Desk” in place for when you need it. This can include the following:

Enlist your IT Department. Easy connection and a contact to your IT Department for device, network, and app requirements, as well as tech support for problems that may arise during your workday, is critical. Utilize Vendor Helpdesks. Use the community forums and chat services of your Mac, network, and app vendors. Apple provides its own Mac Support, along with Mac Service and Repair for Macs under warranty or for customers with AppleCare+. Purchase Support Services. Optional support services you purchase can help ensure the top-notch security and operation of your Mac, your network, and your workflow.

Trend Micro Solutions include:

Trend Micro Home Support. You can obtain technical support for all your Trend Micro-centric application needs using Trend Micro’s eSupport page, also known as Home Support. Note too that Air Support, which includes app log transfer, online engineer help, and email, can be initiated through the Trend Micro apps themselves through the Help screen. Trend Micro Premium Support Services. Trend Micro provides both Premium Service and Ultimate Service Bundles, which includes support for your Mac. Services include 24×7 emergency assistance, problem fixing, virus and spyware removal, and PC security and health check service for up to 4 devices with Trend Micro Security installed, including Trend Micro Antivirus for Mac.

That’s it! These tips should get you started on the road to staying secure, private, and productive, while running smoothly, as you work from home on your Mac. During the COVID-19 pandemic, many of us are doing just that. Now is the time to keep your working Mac working for you!

The post 21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac appeared first on .

Principles of a Cloud Migration – Security W5H – The HOW

“How about… ya!”

Security needs to be treated much like DevOps in evolving organizations; everyone in the company has a responsibility to make sure it is implemented. It is not just a part of operations, but a cultural shift in doing things right the first time – Security by default. Here are a few pointers to get you started:

1. Security should be a focus from the top on down

Executives should be thinking about security as a part of the cloud migration project, and not just as a step of the implementation. Security should be top of mind in planning, building, developing, and deploying applications as part of your cloud migration. This is why the Well Architected Framework has an entire pillar dedicated to security. Use it as a framework to plan and integrate security at each and every phase of your migration.

2. A cloud security policy should be created and/or integrated into existing policy

Start with what you know: least privilege permission models, cloud native network security designs, etc. This will help you start creating a framework for these new cloud resources that will be in use in the future. Your cloud provider and security vendors, like Trend Micro, can help you with these discussions in terms of planning a thorough policy based on the initial migration services that will be used. Remember from my other articles, a migration does not just stop when the workload has been moved. You need to continue to invest in your operation teams and processes as you move to the next phase of cloud native application delivery.

3. Trend Micro’s Cloud One can check off a lot of boxes!

Using a collection of security services, like Trend Micro’s Cloud One, can be a huge relief when it comes to implementing runtime security controls to your new cloud migration project. Workload Security is already protecting thousands of customers and billions of workload hours within AWS with security controls like host-based Intrusion Prevention and Anti-Malware, along with compliance controls like Integrity Monitoring and Application Control. Meanwhile, Network Security can handle all your traffic inspection needs by integrating directly with your cloud network infrastructure, a huge advantage in performance and design over Layer 4 virtual appliances requiring constant changes to route tables and money wasted on infrastructure. As you migrate your workloads, continuously check your posture against the Well Architected Framework using Conformity. You now have your new infrastructure secure and agile, allowing your teams to take full advantage of the newly migrated workloads and begin building the next iteration of your cloud native application design.

This is part of a multi-part blog series on things to keep in mind during a cloud migration project.  You can start at the beginning which was kicked off with a webinar here: https://resources.trendmicro.com/Cloud-One-Webinar-Series-Secure-Cloud-Migration.html. To have a more personalized conversation, please add me to LinkedIn!

The post Principles of a Cloud Migration – Security W5H – The HOW appeared first on .

Trend Micro Guardian: Protecting Your Kids On-the-Go

Some smart devices are not limited to use on the home network; for instance, your child’s mobile phone or tablet. Keeping your kids safe on these on-the-go devices means extending your security policies beyond the home. Trend Micro Home Network Security (HNS) makes it easy with its complementary app, Trend Micro Guardian. Guardian integrates with HNS’s parental control rules via Mobile Device Management technology to extend the rules you’ve applied on your home network to your children’s Wi-Fi / mobile connections outside the home.

Guardian enables the following security and parental controls:

Web Threat Protection, which blocks dangerous websites and phishing attempts. Website Filtering, which is equipped with category-based filters to protect your children from inappropriate websites. You can Pause the Internet and YouTube, to turn off your child’s distractions when they need to focus on other tasks. You can enforce Time Limits, to restrict when your child is online within a range of time. (This feature will be available around mid-year).

Setup and Configuration

In order to benefit from these features, the Trend Micro Guardian app must be installed on your child’s device and paired with your Home Network Security Station. It’s recommended that you install Trend Micro Guardian on the child’s device before setting up Parental Controls. However, you may also save the Trend Micro Guardian setup process until after you’ve defined the Parental Control rules for your child. Either way, Guardian accepts the rules defined and applies them to the child’s device whenever they go beyond your home and hook up to public WiFi or their mobile network.

For the Trend Micro Guardian app setup and installation process, you may refer to FAQ: Trend Micro Guardian or the Home Network Security Product Guide for more details.

A Few Additional Notes

Trend Micro Guardian is only available for Android and iOS platforms. For protecting your child while using a laptop outside the home network, use Trend Micro Security for your Windows machine (Antivirus+, Internet Security or Maximum Security) or Mac (Antivirus for Mac), available directly from the Trend Micro website. Trend Micro Antivirus One is also available for Macs directly from the Apple App Store. Once installed, you need to protect Trend Micro Guardian from being uninstalled. Uninstall Protection is set up somewhat differently on an iOS or Android device. Again refer to the Home Network Security Product Guide for more details. Trend Micro Guardian can be installed on your mobile device with any existing Trend Micro Mobile Security app for Android or iOS. When Trend Micro Mobile Security and Trend Micro Guardian are used together, Guardian takes precedence over Mobile Security in detecting and blocking dangerous or malicious sites. It does not affect the other features in Trend Micro Mobile Security, which are still fully enabled on your mobile device.

Protection that Goes Where Your Child Goes

Internet safety for kids is a must, whether they’re online at home, or out and about, away from home. Trend Micro Guardian ensures the child will observe and practice the same security rules at home and on the internet anywhere in the world.

For more information on Trend Micro Home Network Security with Guardian, go to Home Network Security.

The post Trend Micro Guardian: Protecting Your Kids On-the-Go appeared first on .

Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations

 

Trend Micro is excited to launch new Trend Micro Cloud One – Conformity capabilities that will strengthen protection for Azure resources.

 

As with any launch, there is a lot of new information, so we decided to sit down with one of the founders of Conformity, Mike Rahmati. Mike is a technologist at heart, with a proven track record of success in the development of software systems that are resilient to failure and grow and scale dynamically through cloud, open-source, agile, and lean disciplines. In the interview, we picked Mike’s brain on how these new capabilities can help customers prevent or easily remediate misconfigurations on Azure. Let’s dive in.

 

What are the common business problems that customers encounter when building on or moving their applications to Azure or Amazon Web Services (AWS)?

The common problem is there are a lot of tools and cloud services out there. Organizations are looking for tool consolidation and visibility into their cloud environment. Shadow IT and business units spinning up their own cloud accounts is a real challenge for IT organizations to keep on top of. Compliance, security, and governance controls are not necessarily top of mind for business units that are innovating at incredible speeds. That is why it is so powerful to have a tool that can provide visibility into your cloud environment and show where you are potentially vulnerable from a security and compliance perspective.

 

Common misconfigurations on AWS are an open Amazon Elastic Compute Cloud (EC2) or a misconfigured IAM policy. What is the equivalent for Microsoft?

The common misconfigurations are actually quite similar to what we’ve seen with AWS. During the product preview phase, we’ve seen customers with many of the same kinds of misconfiguration issues as we’ve seen with AWS. For example, Microsoft Azure Blobs Storage is the equivalent to Amazon S3 – that is a common source of misconfigurations. We have observed misconfiguration in two main areas: Firewall and Web Application Firewall (WAF),which is equivalent to AWS WAF. The Firewall is similar to networking configuration in AWS, which provides inbound protection for non-HTTP protocols and network related protection for all ports and protocols. It is important to note that this is based on the 100 best practices and 15 services we currently support for Azure and growing, whereas, for AWS, we have over 600 best practices in total, with over 70 controls with auto-remediation.

 

Can you tell me about the CIS Microsoft Azure Foundation Security Benchmark?

We are thrilled to support the CIS Microsoft Azure Foundation Security Benchmark. The CIS Microsoft Azure Foundations Benchmark includes automated checks and remediation recommendations for the following: Identity and Access Management, Security Center, Storage Accounts, Database Services, Logging and Monitoring, Networking, Virtual Machines, and App Service. There are over 100 best practices in this framework and we have rules built to check for all of those best practices to ensure cloud builders are avoiding risk in their Azure environments.

Can you tell me a little bit about the Microsoft Shared Responsibility Model?

In terms of shared responsibility model, it’s is very similar to AWS. The security OF the cloud is a Microsoft responsibility, but the security IN the cloud is the customers responsibility. Microsoft’s ecosystem is growing rapidly, and there are a lot of services that you need to know in order to configure them properly. With Conformity, customers only need to know how to properly configure the core services, according to best practices, and then we can help you take it to the next level.

Can you give an example of how the shared responsibility model is used?

Yes. Imagine you have a Microsoft Azure Blob Storage that includes sensitive data. Then, by accident, someone makes it public. The customer might not be able to afford an hour, two hours, or even days to close that security gap.

In just a few minutes, Conformity will alert you to your risk status, provide remediation recommendations, and for our AWS checks give you the ability to set up auto-remediation. Auto-remediation can be very helpful, as it can close the gap in near-real time for customers.

What are next steps for our readers?

I’d say that whether your cloud exploration is just taking shape, you’re midway through a migration, or you’re already running complex workloads in the cloud, we can help. You can gain full visibility of your infrastructure with continuous cloud security and compliance posture management. We can do the heavy lifting so you can focus on innovating and growing. Also, you can ask anyone from our team to set you up with a complimentary cloud health check. Our cloud engineers are happy to provide an AWS and/or Azure assessment to see if you are building a secure, compliant, and reliable cloud infrastructure. You can find out your risk level in just 10-minutes.

 

Get started today with a 60-day free trial >

Check out our knowledge base of Azure best practice rules>

Learn more >

 

Do you see value in building a security culture that is shifted left?

Yes, we have done this for our customers using AWS and it has been very successful. The more we talk about shifting security left the better, and I think that’s where we help customers build a security culture. Every cloud customer is struggling with implementing earlier on in the development cycle and they need tools. Conformity is a tool for customers which is DevOps or DevSecOps friendly and helps them build a security culture that is shifted left.

We help customers shift security left by integrating the Conformity API into their CI/CD pipeline. The product also has preventative controls, which our API and template scanners provide. The idea is we help customers shift security left to identify those misconfigurations early on, even before they’re actually deployed into their environments.

We also help them scan their infrastructure-as-code templates before being deployed into the cloud. Customers need a tool to bake into their CI/CD pipeline. Shifting left doesn’t simply mean having a reporting tool, but rather a tool that allows them to shift security left. That’s where our product, Conformity, can help.

 

The post Knowing your shared security responsibility in Microsoft Azure and avoiding misconfigurations appeared first on .

Principles of a Cloud Migration

Development and application teams can be the initial entry point of a cloud migration as they start looking at faster ways to accelerate value delivery. One of the main things they might use during this is “Infrastructure as Code,” where they are creating cloud resources for running their applications using lines of code.

In the below video, as part of a NADOG (North American DevOps Group) event, I describe some additional techniques on how your development staff can incorporate the Well Architected Framework and other compliance scanning against their Infrastructure as Code prior to it being launched into your cloud environment.

If this content has sparked additional questions, please feel free to reach out to me on my LinkedIn. Always happy to share my knowledge of working with large customers on their cloud and transformation journeys!

The post Principles of a Cloud Migration appeared first on .

Connected Car Standards – Thank Goodness!

Intelligent transportation systems (ITS) require harmonization among manufacturers to have any chance of succeeding in the real world. No large-scale car manufacturer, multimodal shipper, or MaaS (Mobility as a Service) provider will risk investing in a single-vendor solution. Successful ITS require interoperable components, especially for managing cybersecurity issues. See https://www.trendmicro.com/vinfo/us/security/news/intelligent-transportation-systems for a set of reports on ITS cybersecurity.

The good news is we now have a standard for automotive cybersecurity, ISA/SAE 21434. This standard addresses all the major elements of connected car security including V2X, reaching from the internals of ECUs and communications busses including CAN to the broader issues of fleet management and public safety. See https://www.iso.org/standard/70918.html for the current draft version of this standard.

Intelligent transport systems rely on complex, contemporary infrastructure elements, including cloud (for data aggregation, traffic analysis, and system-wide recommendations) and 5G (for inter-component networking and real-time sensing). ITS also rely on aging industrial control systems and components, for vehicle detection, weather reporting, and traffic signaling, some dating back forty years or more. This profound heterogeneity makes the cybersecurity problem unwieldy. Automotive systems generally are the most complex public-facing applications of industrial IoT. Any information security problems with them will erode public trust in this important and ultimately critical infrastructure.

Robert Bosch GmbH began working on the first automotive bus architecture in 1986. Automobiles gained increasing electronic functions (smog controls, seat belt monitors, electric window controls, climate controls, and so on). With each new device, the manufacturers had to install additional point-to-point wiring to monitor and control them. This led to increasing complexity, the possibility for error, extended manufacturing time, more costly diagnosis and repair post-sales, and added weight. See Figure 1 for details. By replacing point-to-point wiring with a simple bus, manufacturers could introduce new features connected with one pair of wires for control. This simplified design, manufacturing, diagnosis, and improved quality and maintainability.

The bus was simple: all devices saw all traffic and responded to messages relevant to them. Each message has a standard format, with a header describing the message content and priority (the arbitration IDs), the body which contains the relevant data, and a cyclic redundancy check (CRC), which is a code to verify that the message contents are accurate. This CRC uses a mathematical formula to determine if any bits have flipped, and for small numbers of errors can correct the message, like a checksum. This is not as powerful as a digital signature. It has no cryptographic power. Every device on the bus can use the CRC algorithm to create a code for messages it sends and to verify the data integrity of messages it receives. Other than this, there is no data confidentiality, authentication, authorization, data integrity, or non-repudiation in CAN bus messages – or any other automotive bus messages. The devices used in cars are generally quite simple, lightweight, and inexpensive: 8-bit processors with little memory on board. Any device connected to the network is trusted. Figure 2 shows the layout of a CAN bus message.

Today’s automobiles have more sophisticated devices on board. The types of messages and the services the offer are becoming more complex. In-vehicle infotainment (IVI) systems provide maps, music, Bluetooth connectivity for smartphones and other devices, in addition to increasingly more elaborate driving assistance and monitoring systems all add more traffic to the bus. But given the diversity of manufacturers and suppliers, impeding security measures over the automotive network. No single vendor could today achieve what Robert Bosch did nearly forty years ago. Yet the need for stronger vehicle security is growing.

The ISO/SAE 21434 standard describes a model for securing the supply chain for automotive technology, for validating the integrity of the development process, detecting vulnerabilities and cybersecurity attacks in automotive systems, and managing the deployment of fixes as needed. It is comprehensive. ISO/SAE 21434 builds on decades of work in information security. By applying that body of knowledge to the automotive case, the standard will move the industry towards a safer and more trustworthy connected car world.

But the standard’s value doesn’t stop with cars and intelligent transport systems. Domains far beyond connected cars will benefit from having a model for securing communications among elements from diverse manufacturers sharing a common bus. The CAN bus and related technologies are used onboard ships, in aircraft, in railroad management, in maritime port systems, and even in controlling prosthetic limbs. The vulnerabilities are common, the complexity of the supply chain is equivalent, and the need for a comprehensive architectural solution is as great. So this standard is a superb achievement and will go far to improve the quality, reliability, and trustworthiness of critical systems globally.

What do you think? Let me know in the comments below or @WilliamMalikTM.

The post Connected Car Standards – Thank Goodness! appeared first on .

Beyond the Endpoint: Why Organizations are Choosing XDR for Holistic Detection and Response

The endpoint has long been a major focal point for attackers targeting enterprise IT environments. Yet increasingly, security bosses are being forced to protect data across the organization, whether it’s in the cloud, on IoT devices, in email, or on-premises servers. Attackers may jump from one environment to the next in multi-stage attacks and even hide between the layers. So, it pays to have holistic visibility, in order to detect and respond more effectively.

This is where XDR solutions offer a convincing alternative to EDR and point solutions. But unfortunately, not all providers are created equal. Trend Micro separates themselves from the pack by providing mature security capabilities across all layers, industry-leading threat intelligence, and an AI-powered analytical approach that produces fewer, higher fidelity alerts.

Under pressure

It’s no secret that IT security teams today are under extreme pressure. They’re faced with an enemy able to tap into a growing range of tools and techniques from the cybercrime underground. Ransomware, social engineering, fileless malware, vulnerability exploits, and drive-by-downloads, are just the tip of the iceberg. There are “several hundred thousand new malicious programs or unwanted apps registered every day,” according to a new Osterman Research report. It argues that, while endpoint protection must be a “key component” in corporate security strategy, “It can only be one strand” —complemented with protection in the cloud, on the network, and elsewhere.

There’s more. Best-of-breed approaches have saddled organizations with too many disparate tools over the years, creating extra cost, complexity, management headaches, and security gaps. This adds to the workload for overwhelmed security teams.

According to Gartner, “Two of the biggest challenges for all security organizations are hiring and retaining technically savvy security operations staff, and building a security operations capability that can confidently configure and maintain a defensive posture as well as provide a rapid detection and response capacity. Mainstream organizations are often overwhelmed by the intersectionality of these two problems.”

XDR appeals to organizations struggling with all of these challenges as well as those unable to gain value from, or who don’t have the resources to invest in, SIEM or SOAR solutions. So what does it involve?

What to look for

As reported by Gartner, all XDR solutions should fundamentally achieve the following:

• Improve protection, detection, and response
• Enhance overall productivity of operational security staff
• Lower total cost of ownership (TCO) to create an effective detection and response capability

However, the analyst urges IT buyers to think carefully before choosing which provider to invest in. That’s because, in some cases, underlying threat intelligence may be underpowered, and vendors have gaps in their product portfolio which could create dangerous IT blind spots. Efficacy will be a key metric. As Gartner says, “You will not only have to answer the question of does it find things, but also is it actually finding things that your existing tooling is not.”

A leader in XDR

This is where Trend Micro XDR excels. It has been designed to go beyond the endpoint, collecting and correlating data from across the organization, including; email, endpoint, servers, cloud workloads, and networks. With this enhanced context, and the power of Trend Micro’s AI algorithms and expert security analytics, the platform is able to identify threats more easily and contain them more effectively.

Forrester recently recognized Trend Micro as a leader in enterprise detection and response, saying of XDR, “Trend Micro has a forward-thinking approach and is an excellent choice for organizations wanting to centralize reporting and detection with XDR but have less capacity for proactively performing threat hunting.”

According to Gartner, fewer than 5% of organizations currently employ XDR. This means there’s a huge need to improve enterprise-wide protection. At a time when corporate resources are being stretched to the limit, Trend Micro XDR offers global organizations an invaluable chance to minimize enterprise risk exposure whilst maximizing the productivity of security teams.

The post Beyond the Endpoint: Why Organizations are Choosing XDR for Holistic Detection and Response appeared first on .

Cleaner One Pro Speeds Up Your Mac: Part 1

The Mac has always been pretty easy to use, but even the most ardent Mac supporters know there comes a time when their Mac is no longer new and they notice slowdowns in its performance, particularly after intensive use. They’d like a handy one-stop tool to help them optimize memory and CPU performance, free up disk space, and generally speed up their Mac, since they don’t want to dig around in the MacOS for buried utilities they don’t know how to use. Fortunately, Trend Micro has a solution for that.

Trend Micro Cleaner One Pro is an easy-to-use, all-in-one disk cleaning and optimization utility that can help you boost your Mac’s performance. Cleaner One Pro includes a number of Mac housecleaning tools such as a Memory Optimizer, a Junk Files cleaner, a Big Files scanner, a Duplicate Files finder, an App Manager, a File Shredder, and a Disk Map. These functions are all rolled into an easy-to-use interface that helps you visualize your Mac’s usage, while freeing up memory and storage on your Mac.

In this two-part blog, we will show you how you can use Cleaner One Pro to make your Mac run faster, walking you through its features. In Part 1, we focus on Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we’ll focus on System and Application Management, Privacy Protection, and some Other Options.

Quick Optimizer

Once you’ve installed Cleaner One Pro, its Quick Optimizer appears in the Apple Menu, with handy tools to speed up your Mac. Click the icon and it displays a Console that monitors your Memory, Junk Files, CPU, and Network Usage, while letting you Optimize your Memory Usage and Clean your Junk Files with just one click. System Optimizer opens a Window onto the contents of your Mac for more detailed management.

Memory Optimizer

There are applications running in the background of your Mac that take up physical memory and affect its performance. The Memory Optimizer gives you control over how your computer consumes its memory resources—and you can free up your Mac’s memory in seconds with just one click on the Optimize button. If you want to see which apps are taking up significant memory, you can click the three-dot icon next to Memory Usage. It will show your Mac’s memory usage by app, in descending order. Click the Information (i) icon in the Memory Usage window for a breakdown of the types of memory being used.

Junk Files Cleaner

Junk files, temporary files, system files and other non-essential items will accumulate on your Mac over time. These files take up a lot of space on your hard drive and may degrade the performance of your Mac as you reach higher disk usage. Click the Clean button and the Junk Files cleaner quickly removes application cache, system log files, update files, temporary files and hidden leftover files. You can also see the details of the identified Junk Files by clicking the three-dot icon next to Junk Files.

CPU Usage Monitor

When your computer starts to run slowly it’s helpful to have a snapshot of its CPU usage. With this feature, you can see which apps are using significant CPU resources and how much percentage they’re using. It also let you know how long your computer has been up and running, since system reliability can degrade if it’s been awhile since you restarted your Mac.

Network Usage Monitor

If you want to keep an eye on your bandwidth consumption and avoid exceeding data caps, it’s useful to know the real-time download and upload speeds on your Mac. The Network Usage Monitor also provides a view of other network related information such as your Wi-Fi signal quality.

The Main Console

The Main Console is the core workplace in Trend Micro Cleaner One Pro and provides the following features, which are presented here grouped by purpose:

	Cleaning Tools (Junk Files, Big Files, Duplicate Files, Similar Photos and Disk Map) Application Management (Startup Manager and App Manager) Privacy Protection (File Shredder)

To access the Main Console, click System Optimizer in the Cleaner One Pro Apple Menu. The first time you do, you’ll need to authorize full access to your disk, so Cleaner One Pro can access more junk files. Simply click Grant Access in the System Optimizer window and watch the video or follow the written instructions. Complete the steps by closing Cleaner One Pro, then reload it. You’re now ready to begin optimizing.

Cleaning Tools

Junk Files

The hard drive on your Mac holds the entire Mac operating system and important files including your data. As you use your Mac, over time its hard drive will accumulate junk files. These junk files are generated by the system and other programs. Cleaner One Pro is equipped with advanced and efficient algorithms that scan and remove junk files within seconds. Click Scan to scan for Junk Files and when the scan is done, either check a whole category or individual items in the category, then click Remove.

Big Files

You may have a lot of clutter on your Mac in the form of big or old files that you probably no longer need and may have just forgotten about. Removing big unused files can recover a lot of disk space, but it could be time-consuming to delete them if done manually. Also, it is hard to select files for deletion if you don’t know the proper context— where the files are stored or how important they may be.

Big Files scanner provides a big file collector where you can easily spot and remove these files if you don’t need them anymore. Additionally, if you hover your mouse on a file, you’ll see a magnifier and a lock icon. Once you click the magnifier icon, you’ll locate the actual file. If you click the lock icon, the file will be added to the Ignore List, which will be locked.

Disk Map

Disk Map is a significant tool that helps you analyze the usage of your storage in a visual and interactive map. It quickly scans your drive and builds a visualization of files on the target folder of your Mac, allowing you to easily navigate the system. With Disk Map, you can find out the date when the file/folder was created, modified, and last opened. Furthermore, hovering your mouse on a folder then clicking the magnifier icon will direct you to the file’s location.

Duplicate Files

Another practice that you are probably comfortable doing is backing-up important files, photos, program installation files and apps on your hard drive. While this is a good practice, it creates duplicate files on your Mac that eventually add clutter and consume disk space. It’s also hard to find files in name searches when you have too many of them.

The Duplicate Files function lets you select a source folder where it will inspect and identify duplicate files on your Mac. In the scan results, an option called “Auto Select” helps you automatically select duplicate files. The information provided by “Auto Select” is listed below:

	Folder where duplicate files are located Dates modified Similar file names Other qualifications

You can choose Remove to Trash or Delete Permanently on the confirmation page.

Similar Photos

Often, you organize pictures of travels and life events, and also keep a copy to ensure you don’t lose those captured moments. But as digital photos pile up, often similar to others on your drive, they take up a lot of space. To assist you cleaning these up, use Similar Photos, and then choose your photo library to scan the photos on your Mac.

The result will display similar photos and you can choose the ones you don’t need, and the files will be added in the selected list. Click the Remove button to completely delete them from your hard drive.

That’s it for now! The second part of this blog will take up the remaining toolsets of Trend Micro Cleaner One Pro.

 Go to Cleaner One Mac for more information or to purchase the app.

 

 

The post Cleaner One Pro Speeds Up Your Mac: Part 1 appeared first on .

Are You Promoting Security Fluency in your Organization?

 

Migrating to the cloud is hard. The PowerPoint deck and pretty architectures are drawn up quickly but the work required to make the move will take months and possibly years.

 

The early stages require significant effort by teams to learn new technologies (the cloud services themselves) and new ways of the working (the shared responsibility model).

 

In the early days of your cloud efforts, the cloud center of expertise is a logical model to follow.

 

Center of Excellence

 

A cloud center of excellence is exactly what it sounds like. Your organization forms a new team—or an existing team grows into the role—that focuses on setting cloud standards and architectures.

 

They are often the “go-to” team for any cloud questions. From the simple (“What’s an Amazon S3 bucket?”), to the nuanced (“What are the advantages of Amazon Aurora over RDS?”), to the complex (“What’s the optimum index/sort keying for this DynamoDB table?”).

 

The cloud center of excellence is the one-stop shop for cloud in your organization. At the beginning, this organizational design choice can greatly accelerate the adoption of cloud technologies.

 

Too Central

 

The problem is that accelerated adoption doesn’t necessarily correlate with accelerated understanding and learning.

 

In fact, as the center of excellent continues to grow its success, there is an inverse failure in organizational learning which create a general lack of cloud fluency.

 

Cloud fluency is an idea introduced by Forrest Brazeal at A Cloud Guru that describes the general ability of all teams within the organization to discuss cloud technologies and solutions. Forrest’s blog post shines a light on this situation and is summed up nicely in this cartoon;

 

Our own Mark Nunnikhoven also spoke to Forrest on episode 2 of season 2 for #LetsTalkCloud.

 

Even though the cloud center of excellence team sets out to teach everyone and raise the bar, the work soon piles up and the team quickly shifts away from an educational mandate to a “fix everything” one.

 

What was once a cloud accelerator is now a place of burnout for your top, hard-to-replace cloud talent.

 

Security’s Past

 

If you’ve paid attention to how cybersecurity teams operate within organizations, you have probably spotted a number of very concerning similarities.

 

Cybersecurity teams are also considered a center of excellence and the central team within the organization for security knowledge.

 

Most requests for security architecture, advice, operations, and generally anything that includes the prefix “cyber”, word “risk”, or hints of “hacking” get routed to this team.

 

This isn’t the security team’s fault. Over the years, systems have increased in complexity, more and more incidents occur, and security teams rarely get the opportunity to look ahead. They are too busy stuck in “firefighting mode” to take as step back and re-evaluate the organizational design structure they work within.

 

According to Gartner, for every 750 employees in an organization, one of those is dedicated to cybersecurity. Those are impossible odds that have lead to the massive security skills gap.

 

Fluency Is The Way Forward

 

Security needs to follow the example of cloud fluency. We need “security fluency” in order to import the security posture of the systems we built and to reduce the risk our organizations face.

 

This is the reason that security teams need to turn their efforts to educating development teams. DevSecOps is a term chock full of misconceptions and it lacks context to drive the needed changes but it is handy for raising awareness of the lack of security fluency.

 

Successful adoption of a DevOps philosophy is all about removing barriers to customer success. Providing teams with the tools and autonomy they require is a critical factor in their success.

 

Security is just one aspect of the development team’s toolkit. It’s up to the current security team to help educate them on the principles driving modern cybersecurity and how to ensure that the systems they build work as intended…and only as intended.

The post Are You Promoting Security Fluency in your Organization? appeared first on .

Fixing cloud migration: What goes wrong and why?

 

The cloud space has been evolving for almost a decade. As a company we’re a major cloud user ourselves. That means we’ve built up a huge amount of in-house expertise over the years around cloud migration — including common challenges and perspectives on how organizations can best approach projects to improve success rates.

As part of our #LetsTalkCloud series, we’ve focused on sharing some of this expertise through conversations with our own experts and folks from the industry. To kick off the series, we discussed some of the security challenges solution architects and security engineers face with customers when discussing cloud migrations. Spoiler…these challenges may not be what you expect.

 

Drag and drop

 

This lack of strategy and planning from the start is symptomatic of a broader challenge in many organizations: There’s no big-picture thinking around cloud, only short-term tactical efforts. Sometimes we get the impression that a senior exec has just seen a ‘cool’ demo at a cloud vendor’s conference and now wants to migrate a host of apps onto that platform. There’s no consideration of how difficult or otherwise this would be, or even whether it’s necessary and desirable.

 

These issues are compounded by organizational siloes. The larger the customer, the larger and more established their individual teams are likely to be, which can make communication a major challenge. Even if you have a dedicated cloud team to work on a project, they may not be talking to other key stakeholders in DevOps or security, for example.

 

The result is that, in many cases, tools, applications, policies, and more are forklifted over from on-premises environments to the cloud. This ends up becoming incredibly expensive. as these organizations are not really changing anything. All they are doing is adding an extra middleman, without taking advantage of the benefits of cloud-native tools like microservices, containers, and serverless.

 

There’s often no visibility or control. Organizations don’t understand they need to lockdown all their containers and sanitize APIs, for example. Plus, there’s no authority given to cloud teams around governance, cost management, and policy assignment, so things just run out of control. Often, shared responsibility isn’t well understood, especially in the new world of DevOps pipelines, so security isn’t applied to the right areas.

 

Getting it right

 

These aren’t easy problems to solve. From a security perspective, it seems we still have a job to do in educating the market about shared responsibility in the cloud, especially when it comes to newer technologies, like serverless and containers. Every time there’s a new way of deploying an app, it seems like people make the same mistakes all over again — presuming the vendors are in charge of security.

 

Automation is a key ingredient of successful migrations. Organizations should be automating everywhere, including policies and governance, to bring more consistency to projects and keep costs under control. In doing so, they must realize that this may require a redesign of apps, and a change in the tools they use to deploy and manage those apps.

 

Ultimately, you can migrate apps to the cloud in a couple of clicks. But the governance, policy, and management that must go along with this is often forgotten. That’s why you need clear strategic objectives and careful planning to secure more successful outcomes. It may not be very sexy, but it’s the best way forward.

 

To learn more about cloud migration, check out our blog series. And catch up on all of the latest trends in DevOps to learn more about securing your cloud environment.

The post Fixing cloud migration: What goes wrong and why? appeared first on .

Cleaner One Pro Speeds Up Your Mac: Part 2

In Part 1 of this blog, we introduced Trend Micro Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we resume the discussion of how to make your Mac run faster with the remaining Cleaner One Pro features: System and Application Management, Privacy Protection, and Other Options.

System and Application Management

Startup Manager

Your Mac may get sluggish after a year or two of usage and you may find that booting up takes a lot longer. Doing a Startup Manager scan can help you reduce slowdown due to unwanted startup programs and services, to help your Mac boot faster.

Upon completing the scan, Startup Manager will identify apps under two categories: Login Items and Launch Agents.

Login Items are apps that run automatically upon login. You can manage these apps by enabling them to run automatically or disabling them to make your Mac more efficient. If you don’t need autorun, you can remove the apps from the list.

Launch Agents are background services that run automatically on System startup for the extension features of apps. You can manage these services by letting them run automatically or by disabling them to make your Mac boot faster. Similarly, you can remove these agents if you don’t need them or they’re broken.

 

App Manager

When a user installs an app that doesn’t meet their expectations, they’ll never use it again. In many cases, they remove the app by simply dragging it into the trash, assuming the action completely removes the app, but this is not always true. When you uninstall an app, there are often associated files left on your Mac, even after you have emptied the Trash. They’re known as leftovers.

Leftovers are an app’s associated files and folders that can include different languages, log files, agents, or processes that might try to start an application. App Manager aims to resolve this and helps you clean up your Mac by completely removing app leftovers. App Manager detects all app leftovers automatically so you can remove them with just one click.

 

Privacy Protection

File Shredder

Data security and privacy are especially important and managing these applies to anyone collecting and keeping data. Data that has reached its retention limit needs to be permanently removed from your file system and to be sure it can’t be recovered you need to overwrite the file with random series of binary data multiple times. This process is often referred to as shredding. With File Shredder, you can remove sensitive files from your hard disk without worrying that they can be recovered.

 

Other Options

Preferences

Preferences allows you to manage how the Cleaner One Pro app performs. In Preferences, you’ll see General, Notifications, Memory, Duplicates, Whitelists and Auto Select.

On the General tab, you can choose Auto start at login and other options according to how you would like Cleaner One Pro to behave during startup.

 

On the Notifications tab, you can disable the notification about smart memory optimization.

 

Cleaner One Pro is also equipped with a Smart Memory Optimization feature on the Memory tab. This feature uses artificial intelligence. You can set auto clean when your available memory is low or when an app is closed.

 

The Duplicates, Whitelists and Auto Select tabs work when you use the Duplicate Files feature on the main console. When there are too many duplicate files on your Mac, you can set the rules on the minimum file size, as well as which files to exempt or prioritize during deletion.

 

Air Support One

If you need technical assistance about Cleaner One Pro, click the robot icon either in the Apple Menu window or on the Main Console.

A chat support person will attend to your concerns or suggestions when using Cleaner One Pro. In case there is no available support engineer, you can send an email by clicking Send Email. Make sure to provide the correct email address.

More Tools

Aside from Cleaner One Pro for Mac, we offer Antivirus One for Mac—as well as Cleaner One for iPhone, which you can download by scanning the QR Code. You can also submit your ideas for Other Tools by clicking the panel.

 

An Optimized Mac

As you use your Mac over time, you need to maintain it to keep it running smoothly. Trend Micro Cleaner One Pro can clean up your disk space, help boost performance, and solve other Mac issues you might encounter during your daily work. As you consider it for your Mac, you may have remaining questions:

What’s the difference between the Free version and the Paid version? The Free version of Cleaner One Pro includes the Memory Optimizer, basic CPU and Network Monitoring, a Junk Files Cleaner, a Big Files Scanner, a Disk Map, and the Startup Manager. The Paid upgrade of Cleaner One Pro unlocks more features, including more Advanced CPU/Network Monitoring, a Duplicate Finder, a Similar Photos Scanner, an App Manager, and a File Shredder.

Is it safe to use Cleaner One Pro? Cleaner One Pro is notarized by Apple, which assures its users both security and privacy.

How can I download Cleaner One Pro? Cleaner One Pro is distributed via the official Trend Micro website and other authorized channels. Note that Cleaner One Pro is also available for Windows. To make it easy for the readers of this blog series, we’ve provided the download links here: Download Mac Version – Download Windows Version

Go to Cleaner One Windows or to Cleaner One Mac for more information or to purchase the apps.

The post Cleaner One Pro Speeds Up Your Mac: Part 2 appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2)

The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.

Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.

How you can stay safe online

The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.

Protect your smart home and router

Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:

Regularly check for router firmware updates and apply as soon as they’re available. (If you’re using a home gateway (modem + router) firmware updates are done by your ISP, so you won’t have the option to do this.) Change factory default admin passwords and switch on two-factor authentication if available. Disable UPnP and any remote management features. Use WPA2 on your router for encrypted Wi-Fi. Pick passwords for access that aren’t easily guessed. Put the router in middle of house if possible, so the signal is not overly exposed to strangers outside. Likewise for extenders. Invest in security for the entire home network from a reputable provider like Trend Micro.

Secure your home office

Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:

Again, apply a home network security solution. This protects your work devices, while also protecting the devices you use for recreation. Apply any security updates to OS/software. Install/maintain endpoint security software on all machines/devices. Never use work laptops for personal use. Switch on 2FA for any work accounts. Use a VPN if applicable whenever connecting to the office. Stay alert to phishing/BEC attempts. Take advantage of any training courses to stay up-to-speed on the latest scams. Disable macros in Office files – these are often used by hackers to run malware.

Stay safe from phishing

Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:

Be cautious of any unsolicited emails/texts/messages even if they appear legitimate. Don’t click on any links/buttons in unsolicited messages, or download attachments. Check directly with the sender rather than clicking through links or buttons provided or entering any confidential details. Invest in cybersecurity tools from a trusted vendor like Trend Micro, to spot and block scam emails and malicious downloads/websites.

Use video conferencing safely

New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:

Check first for end-to-end encryption. Only download videoconferencing apps from official iOS/Android stores and manufacturer websites. Get familiar with privacy settings. Switch off camera access if you don’t want to appear on-screen. Ensure you’re always on the latest software version. Never click on links/open attachments in messages from unknown contacts. Use a password manager to store long and strong log-ins, and switch on two-factor authentication (2FA) if available.

Stay safe shopping and banking

Next, protect your financial information and stay safe from e-commerce fraud by doing the following:

Install AV on all PCs and devices. Always use the latest browser versions and HTTPS sites. Never click through on sensational promos or ads on social media/in emails. Always visit the site directly. Always be cautious: if special offers seem too good to be true, they usually are. Use a secure browser, password manager, and 2FA in your online accounts. Use a VPN app on any device you use to shop or bank.

Think about online safety for kids

They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:

Urge your kids to think before clicking, and before sharing on social media. Make sure you have installed anti-malware from a reputable vendor on all their devices. Look for security products that check/update their social media privacy settings. Discourage or block downloads from P2P sites. Set up parental controls to block inappropriate content and/or to regulate screen time and time on certain sites or with certain apps. Then set up admin protections, so they can’t change the settings. Share your concerns around sexting.

Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by

Sticking to the official Google Play and App Store marketplaces. Enforce this through smart settings on your children’s phones. Running anti-malware on your mobile device, from a reputable company like Trend Micro. Ensuring your family’s devices are using the latest OS version. Ensuring your family devices have remote lock and wipe feature switched on, in case they’re lost or stolen. Never brick or jailbreak the device, as this can expose it to security risks.

How Trend Micro can help

When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:

Trend Micro Home Network Security

Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution

Blocks dangerous file downloads during web browsing to stop ransomware, data theft, phishing, and other malware. Blocks remote access applications. Protects all smart devices, such as smart TVs, thermostats, security cameras, etc., that don’t have their own security solutions. Parental Controls and Guardian allow parents to track and restrict their children’s internet usage at home and on-the-go, which could free-up bandwidth for important conference calls.

Trend Micro Security (PC and Mac)

Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:

Web Threat Protection when browsing the internet, defending you against bad websites that can steal your data or download malicious files. Machine Learning, to protect you from new and unknown threats. Ransomware protection via Folder Shield, to stop unauthorized changes and back-up files encrypted by suspicious programs. Anti-phishing and anti-spam protection for Outlook clients, as well as Gmail and Outlook webmail on the PC, and Gmail webmail on the Mac. Privacy Scanner (for Facebook and Twitter), Social Networking Protection for protection against malicious links in social networks, Pay Guard for protecting your online banking and buying. Parental Controls to limit which software and websites you kids may use.

Trend Micro Mobile Security:

Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.

	Blocks dangerous websites and app downloads. Helps protects your privacy on Twitter and Facebook. Protects your kids’ devices. Guards against identity theft. Optimizes your device’s performance.

Additional Trend Micro Tools:

Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides

Wi-Fi Protection/VPN Proxy One Mac | iOS. VPNs with an emphasis on web threat protection or privacy, respectively. The first is available on all four platforms; the second is targeted for Apple devices. Password Manager. Manages and encrypts your passwords, and automates your logins, while ensuring you use unique, strong passwords across all of your online accounts. ID Security. Tracks your credentials, particularly the ones you use for buying and banking, to see if breaches of any of your identity data have led to their sale on the Dark Web. Notifies you when it has, so you can take steps to protect it. Premium Services. Parents working from home are not expected to be IT or Security experts, so now’s the time to ensure professional help is around when you need it by signing up for one of Trend Micro’s premium service packages for help configuring, troubleshooting, optimizing, and disinfecting your devices if they get infected.

Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1)

Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.

To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.

What’s going on?

In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.

This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include

Use of potentially insecure video conferencing applications. The number of daily meeting participants on Zoom surged from 10 million in December 2019 to roughly 200 million in March. Visits to P2P/torrent sites or platforms for adult content. In search of entertainment, bored kids or teens in your household may have more time and inclination to do this. Downloads of potentially malicious applications disguised as legitimate entertainment or gaming content. More online shopping and banking. June alone generated $73.2 billion in online spend, up 76.2% year-on-year. Whenever you shop or bank online, financial data is potentially exposed. Use of potentially insecure remote learning platforms. Educational mobile app downloads increased by a massive 1087% between March 2 and 16. The trend continues. Logging on to corporate cloud-based services. This includes Office 365, to do your job remotely, or using a VPN to connect directly into the office. For recreation, streaming and browsing on your smart TV. But even your smart TV is vulnerable to threats, as the FBI has warned.

Risky behavior

Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:

	80% have used their work laptop for personal browsing, with only 36% fully restricting the sites they visit. 56% of employees have used a non-work app on a corporate device, and 66% have uploaded corporate data to it. 39% often or always access corporate data from a personal device. 8% admit to watching adult content on their work laptop, and 7% access the dark web.

This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.

What are the bad guys doing?

Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.

There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.

It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.

Unsecured home routers and smart devices might be hijacked in more sophisticated attacks designed to steal data from corporate networks via the home worker. Phishing attacks spoofing well-known brands or using COVID-19 information/news as a lure. Google is blocking 18 million malicious pandemic-themed emails every day. The end goal may be to hijack your online consumer accounts (Netflix, banking, email, online shopping) or work accounts. Other phishing emails are designed to install data-stealing malware, ransomware and other threats. Attackers may target vulnerabilities in your home PCs and the apps you’re using (video conferencing etc) to gain remote access. Business Email Compromise (BEC) attackers may try to leverage the lack of internal communications between remote workers to impersonate senior execs via email, and trick finance team members into wiring corporate funds abroad. Kids exposing home networks and devices to malware on torrent sites, in mobile apps, on social media, and via phishing attacks potentially imitating remote learning/video conferencing platforms. Kids searching for adult/inappropriate content, and/or those that are bored and over-share on social media. Unicef has warned that millions of children are at increased of online harm as lockdown means they spend more of their days online. Mobile apps represent a potential source of malware, especially those found on unofficial app stores. There has also been a reported 51% rise in stalkerware – covert surveillance apps used by domestic abusers and stalkers to target victims. The pandemic has led to a surge in e-commerce fraud where consumers are tricked into buying non-existent products or counterfeit goods including medical items.

So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”

Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .

What is a VPN and How Does it Increase Your Online Security and Privacy?

The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?

What is a VPN?

A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.

How does a VPN work and why you need a VPN service?

Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.

	Safeguard personal information

This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.

	Access better streaming contents from other locations

One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.

	Enhance browsing privacy

Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.

Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.

	Save cost on communicating with family and friends abroad

Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.

	Escape content-based bandwidth-throttling

The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.

Choosing the right VPN for you

Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.

Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:

Faster and more data is better. Using a VPN can often decrease the speed of your internet connection, so you should pick a provider that has a good number of servers and locations and doesn’t pre-throttle your bandwidth. Some also have data limits, so you should opt for those with a higher data limit per month Provides the best encryption. Look for a VPN providing sophisticated ciphers such as 256-bit AES end-to-end encryption. Ensures safe browsing. Look for VPN that can filter and block malicious websites, online fraud, and internet scams and automatically safeguard your internet connection. Provides full anonymity. It is crucial that a VPN vendor has a clear privacy policy. Trusted VPNs will not track the user’s websites, payment information, or online transactions, and do not keep logs. Supports simultaneous devices. Select a VPN that is compatible with your devices and operating systems and can provide you a good number of simultaneous connections on your devices. Cost versus use case. Heavier business usage should be contrasted with everyday consumer use. To pay less for the service (VPNs typically cost from $5 to $12 per month per device, though multi-device bundles are less), you might accept some data limits, if your use case is lighter; sacrifice some speed, if you’re not streaming movies when you’re out and about, (unlikely during the coronavirus lockdown); or some cross-regional server-selection capability, if you’re not travelling in content-restricted regions (since out-of-country travel is also being hampered by the pandemic).

Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.

Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.

Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.

Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.

Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.

The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .

Ransom from Home – How to close the cyber front door to remote working ransomware attacks

Coronavirus has caused a major shift to our working patterns. In many cases these will long outlast the pandemic. But working from home has its own risks. One is that you may invite ransomware attacks from a new breed of cyber-criminal who has previously confined his efforts to directly targeting the corporate network. Why? Because as a remote worker, you’re increasingly viewed as a soft target—the open doorway to extorting money from your employer.

So how does ransomware land up on your front doorstep? And what can a home worker do to shut that door?

The new ransomware trends

Last year, Trend Micro detected over 61 million ransomware-related threats, a 10% increase from 2018 figures. But things have only gotten worse from there. There has been a 20% spike in ransomware detections globally in the first half of 2020, rising to 109% in the US. And why is that?

At a basic level, ransomware searches for and encrypts most of the files on a targeted computer, so as to make them unusable. Victims are then asked to pay a ransom within a set time frame in order to receive the decryption key they need to unlock their data. If they don’t, and they haven’t backed-up this data, it could be lost forever.

The trend of late, however, has been to focus on public and private sector organizations whose staff are working from home (WFH). The rationale is that remote workers are less likely to be able to defend themselves from ransomware attacks, while they also provide a useful stepping-stone into high-value corporate networks. Moreover, cybercriminals are increasingly looking to steal sensitive data before they encrypt it, even as they’re more likely to fetch a higher ransom for their efforts than they do from a typical consumer, especially if the remote employee’s data is covered by cyber-insurance.

Home workers are also being more targeted for a number of reasons:

They may be more distracted than those in the office. Home network and endpoint security may not be up to company levels. Home systems (routers, smart home devices, PCs, etc.,) may not be up-to-date and therefore are more easily exposed to exploits. Remote workers are more likely to visit insecure sites, download risky apps, or share machines/networks with those who do. Corporate IT security teams may be overwhelmed with other tasks and unable to provide prompt support to a remote worker. Security awareness programs may have been lacking in the past, perpetuating bad practice for workers at home.

What’s the attack profile of the remote working threat?

In short, the bad guys are now looking to gain entry to the corporate network you may be accessing from home via a VPN, or to the cloud-hosted systems you use for work or sharing files, in order to first steal and then encrypt company data with ransomware as far and wide as possible into your organization. But the methods are familiar. They’ll

Try to trick you into dangerous behavior through email phishing—the usual strategy of getting you to click links that redirect you to bad websites that house malware, or getting you to download a bad file, to start the infection process. Steal or guess your log-ins to work email accounts, remote desktop tools (i.e., Microsoft Remote Desktop or RDP), and cloud-based storage/networks, etc., before they deliver the full ransomware payload. This may happen via a phishing email spoofed to appear as if sent from a legitimate source, or they may scan for your use of specific tools and then try to guess the password (known as brute forcing). One new Mac ransomware, called EvilQuest, has a keylogger built into it, which could capture your company passwords as you type them in. It’s a one-two punch: steal the data first, then encrypt it. Target malware at your VPN or remote desktop software, if it’s vulnerable. Phishing is again a popular way to do this, or they may hide it in software on torrent sites or in app stores. This gives them a foothold into your employer’s systems and network. Target smart home devices/routers via vulnerabilities or their easy-to-guess/crack passwords, in order to use home networks as a stepping-stone into your corporate network.

How can I prevent ransomware when working from home?

The good news is that you, the remote worker, can take some relatively straightforward steps up front to help mitigate the cascading risks to your company posed by the new ransomware. Try the following:

Be cautious of phishing emails. Take advantage of company training and awareness courses if offered. Keep your home router firmware, PCs, Macs, mobile devices, software, browsers and operating systems up to date on the latest versions – including remote access tools and VPNs (your IT department may do some of this remotely). Ensure your home network, PCs, and mobile devices are protected with up-to-date with network and endpoint AV from a reputable vendor. (The solutions should include anti-intrusion, anti-web threat, anti-spam, anti-phishing, and of course, anti-ransomware features.) Ensure remote access tools and user accounts are protected with multi-factor authentication (MFA) if used and disable remote access to your home router. Disable Microsoft macros where possible. They’re a typical attack vector. Back-up important files regularly, according to 3-2-1 rule.

How Trend Micro can help

In short, to close the cyber front door to ransomware, you need to protect your home network and all your endpoints (laptops, PCs, mobile devices) to be safe. Trend Micro can help via

The Home Network: Home Network Security (HNS) connects to your router to protect any devices connected to the home network — including IoT gadgets, smartphones and laptops — from ransomware and other threats. Desktop endpoints: Trend Micro Security (TMS) offers advanced protection from ransomware-related threats. It includes Folder Shield to safeguard valuable files from ransomware encryption, which may be stored locally or synched to cloud services like Dropbox®, Google Drive® and Microsoft® OneDrive/OneDrive for Business. Mobile endpoints: Trend Micro Mobile Security (also included in TMS) protects Android and iOS devices from ransomware. Secure passwords: Trend Micro Password Manager enables users to securely store and recall strong, unique passwords for all their apps, websites and online accounts, across multiple devices. VPN Protection at home and on-the-go: Trend Micro’s VPN Proxy One (Mac | iOS) solution will help ensure your data privacy on Apple devices when working from home, while its cross-platform WiFi Protection solution will do the same across PCs, Macs, Android and iOS devices when working from home or when connecting to public/unsecured WiFi hotspots, as you venture out and about as the coronavirus lockdown eases in your area.

With these tools, you, the remote worker, can help shut the front door to ransomware, protecting your work, devices, and company from data theft and encryption for ransom.

The post Ransom from Home – How to close the cyber front door to remote working ransomware attacks appeared first on .

Hash Functions in Blockchain

Introduction to hash functions Hash functions are one of the most extensively-used cryptographic algorithms in blockchain technology. They are cryptographic (but not encryption) algorithms that are designed to protect data integrity. In a nutshell, a hash algorithm is a mathematical function that transforms any input into a fixed size output. To be cryptographically secure — […]

The post Hash Functions in Blockchain appeared first on Infosec Resources.

---

Hash Functions in Blockchain was first posted on September 29, 2020 at 11:16 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

IoT Security Fundamentals: IoT vs OT (Operational Technology)

Introduction: Knowing the Notions  Industrial Internet of Things (IIoT) incorporates technologies such as machine learning, machine-to-machine (M2M) communication, sensor data, Big Data, etc. This article will focus predominantly on the consumer Internet of Things (IoT) and how it relates to Operational Technology (OT). Operational Technology (OT) is a term that defines a specific category of […]

The post IoT Security Fundamentals: IoT vs OT (Operational Technology) appeared first on Infosec Resources.

---

IoT Security Fundamentals: IoT vs OT (Operational Technology) was first posted on September 29, 2020 at 1:59 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis

We’ve all been spending more of our time online since the crisis hit. Whether it’s ordering food for delivery, livestreaming concerts, holding virtual parties, or engaging in a little retail therapy, the digital interactions of many Americans are on the rise. This means we’re also sharing more of our personal and financial information online, with each other and the organizations we interact with. Unfortunately, as ever, there are bad guys around every digital corner looking for a piece of the action.

The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.

It therefore pays to be careful about how you use your data and how you protect it. Even more: it’s time to get proactive and monitor it—to try and spot early on if it has been stolen. Here’s what you need to know to protect your identity data.

How identity theft works

First, some data on the scope of the problem. In the second quarter of 2020 alone 349,641 identity theft reports were filed with the FTC. To put that in perspective, it’s over half of the number for the whole of 2019 (650,572), when consumers reported losing more than $1.9 billion to fraud. What’s driving this huge industry? A cybercrime economy estimated to be worth as much as $1.5 trillion annually.

Specialized online marketplaces and private forums provide a user-friendly way for cyber-criminals and fraudsters to easily buy and sell stolen identity data. Many are on the so-called dark web, which is hidden from search engines and requires a specialized anonymizing browser like Tor to access. However, plenty of this criminal activity also happens in plain sight, on social media sites and messaging platforms. This underground industry is an unstoppable force: as avenues are closed down by law enforcement or criminal in-fighting, other ones appear.

At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.

There are various ways for attackers to get your data. The main ones are:

Phishing: usually aimed at stealing your log-ins or tricking you into downloading keylogging or other info-stealing malware. Phishing mainly happens via email but could also occur via web, text, or phone. Around $667m was lost in imposter scams last year, according to the FTC. Malicious mobile apps disguised as legitimate software. Eavesdropping on social media: If you overshare even innocuous personal data (pet names, birth dates, etc.,) it could be used by fraudsters to access your accounts. Public Wi-Fi eavesdropping: If you’re using it, the bad guys may be too. Dumpster diving and shoulder surfing: Sometimes the old ways are still popular. Stealing devices or finding lost/misplaced devices in public places. Attacking the organizations you interact with: Unfortunately this is out of your control somewhat, but it’s no less serious. There were 1,473 reported corporate breaches in 2019, up 17% year-on-year. Harvesting card details covertly from the sites you shop with. Incidents involving this kind of “web skimming” increased 26% in March as more users flocked to e-commerce sites during lockdown.

 

The COVID-19 challenge

As if this weren’t enough, consumers are especially exposed to risk during the current pandemic. Hackers are using the COVID-19 threat as a lure to infect your PC or steal identity data via the phishing tactics described above. They often impersonate trustworthy institutions/officials and emails may claim to include new information on outbreaks, or vaccines. Clicking through or divulging your personal info will land you in trouble. Other fraud attempts will try to sell counterfeit or non-existent medical or other products to help combat infection, harvesting your card details in the process. In March, Interpol seized 34,000 counterfeit COVID goods like surgical masks and $14m worth of potentially dangerous pharmaceuticals.

Phone-based attacks are also on the rise, especially those impersonating government officials. The aim here is to steal your identity data and apply for government emergency stimulus funds in your name. Of the 349,641 identity theft reports filed with the FTC in Q2 2020, 77,684 were specific to government documents or benefits fraud.

What do cybercriminals do with my identity data?

Once your PII is stolen, it’s typically sold on the dark web to those who use it for malicious purposes. It could be used to:

Crack open other accounts that share the same log-ins (via credential stuffing). There were 30 billion such attempts in 2018. Log-in to your online bank accounts to drain it of funds. Open bank accounts/credit lines in your name (this can affect your credit rating). Order phones in your name or port your SIM to a new device (this impacts 7,000 Verizon customers per month). Purchase expensive items in your name, such as a new watch or television, for criminal resale. This is often done by hijacking your online accounts with e-tailers. E-commerce fraud is said to be worth around $12 billion per year. File fraudulent tax returns to collect refunds on your behalf. Claim medical care using your insurance details. Potentially crack work accounts to attack your employer.

How do I protect my identity online?

The good news among all this bad is that if you remain skeptical about what you see online, are cautious about what you share, and follow some other simple rules, you’ll stand a greater chance of keeping your PII under lock and key. Best practices include:

Using strong, long and unique passwords for all accounts, managed with a password manager. Enable two-factor authentication (2FA) if possible on all accounts. Don’t overshare on social media. Freeze credit immediately if you suspect data has been misused. Remember that if something looks too good to be true online it usually is. Don’t use public Wi-Fi when out-and-about, especially not for sensitive log-ins, without a VPN. Change your password immediately if a provider tells you your data may have been breached. Only visit/enter payment details into HTTPS sites. Don’t click on links or open attachments in unsolicited emails. Only download apps from official app stores. Invest in AV from a reputable vendor for all your desktop and mobile devices. Ensure all operating systems and applications are on the latest version (i.e., patch frequently). Keep an eye on your bank account/credit card for any unusual spending activity. Consider investing in a service to monitor the dark web for your personal data.

How Trend Micro can help

Trend Micro offers solutions that can help to protect your digital identity.

Trend Micro ID Security is the best way to get proactive about data protection. It works 24/7 to monitor dark web sites for your PII and will sound the alarm immediately if it finds any sign your accounts or personal data have been stolen. It features

Dark Web Personal Data Manager to scour underground sites and alert if it finds personal info like bank account numbers, driver’s license numbers, SSNs and passport information. Credit Card Checker will do the same as the above but for your credit card information. Email Checker will alert you if any email accounts have been compromised and end up for sale on the dark web, allowing you to immediately change the password. Password Checker will tell you if any passwords you’re using have appeared for sale on the dark web, enabling you to improve password security.

Trend Micro Password Manager enables you to manage all your website and app log-ins from one secure location. Because Password Manager remembers and recalls your credentials on-demand, you can create long, strong and unique passwords for each account. As you’re not sharing easy-to-remember passwords across multiple accounts, you’ll be protected from popular credential stuffing and similar attacks.

Finally, Trend Micro WiFi Protection will protect you if you’re out and about connecting to WiFi hotspots. It automatically detects when a WiFi connection isn’t secure and enables a VPN—making your connection safer and helping keep your identity data private.

In short, it’s time to take an active part in protecting your personal identity data—as if your digital life depended on it. In large part, it does.

 

The post Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis appeared first on .

Format String Vulnerabilities: Use and Definitions

Introduction In the previous article, we understood how print functions like printf work. This article provides further definition of Format String vulnerabilities. We will begin by discussing how Format Strings can be used in an unusual way, which is a starting point to understanding Format String exploits. Next, we will understand what kind of mistakes […]

The post Format String Vulnerabilities: Use and Definitions appeared first on Infosec Resources.

---

Format String Vulnerabilities: Use and Definitions was first posted on September 30, 2020 at 10:29 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction to Printing and Format Strings

Introduction This article provides an overview of how printing functions work and how format strings are used to format the data being printed. Developers often use print functions for a variety of reasons such as displaying data to the users and printing debug messages. While these print functions appear to be innocent, they can cause […]

The post Introduction to Printing and Format Strings appeared first on Infosec Resources.

---

Introduction to Printing and Format Strings was first posted on September 30, 2020 at 11:09 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Networking fundamentals (for Network security professionals)

Introduction To understand Network Security, it’s imperative that we understand networking fundamentals and networking basics. In this post, we will be learning about networking basics and fundamentals to get started with Network Security.  We cannot cover whole networking in a single post so we will be focusing only on core networking concepts needed for network […]

The post Networking fundamentals (for Network security professionals) appeared first on Infosec Resources.

---

Networking fundamentals (for Network security professionals) was first posted on September 30, 2020 at 12:03 pm.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Average CCNP salary 2020

Introduction The CCNP, or Cisco Certified Network Professional, is a certification endorsing IT professionals who have the knowhow and skill to set up, configure and manage local and wide-area networks within an enterprise. CCNP certification takes you through video, voice, wireless and advanced security issues. Since the training module and examinations for the CCNP certification […]

The post Average CCNP salary 2020 appeared first on Infosec Resources.

---

Average CCNP salary 2020 was first posted on September 29, 2020 at 9:59 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Cyber Security Awareness: A Critical Checklist

October 2020 marks the 17^th year of National CyberSecurity Awareness Month, where users and organizations are encouraged to double their efforts to be aware of cybersecurity issues in all their digital dealings—and to take concrete steps to increase their privacy and security as necessary. The Cybersecurity & Infrastructure Security Agency (CISA), in conjunction with the National Cyber Security Alliance (NCSA) has announced a four-week security strategy under the theme “Do Your Part. #BeCyberSmart”. (You can use the NCSAM hashtag #BeCyberSmart during October to promote your involvement in raising cybersecurity awareness.) Their schedule includes the following:

 

 

	Week of October 5 (Week 1):If You Connect It, Protect It Week of October 12 (Week 2):Securing Devices at Home and Work Week of October 19 (Week 3):Securing Internet-Connected Devices in Healthcare Week of October 26 (Week 4):The Future of Connected Devices

Here in Trend Micro’s Consumer Division, we’d like to do our part by providing a breakdown of the security issues you should be aware of as you think about cybersecurity—and to give you some tips about what you can do to protect yourself and your family while working, learning, or gaming at home. To help, we’ve also taken a look back at articles we’ve written recently to address each category of threat—and to provide some quick links to access our library of relevant blogs all in a single place.

The range of threats

As you think about potential threats during Cybersecurity Awareness Month and beyond, keep in mind our basic breakdown of where and how threats arise, which we outlined at the beginning of the year in our Everyday Cyber Threat Landscape blog. An updated summary is given here:

Home network threats: Our homes are increasingly powered by online technologies. Over two-thirds (69%) of US households now own at least one smart home device: everything from voice assistant-powered smart speakers to home security systems and connected baby monitors. But gaps in protection can expose them to hackers. There were an estimated 105m smart home attacks in the first half of 2019 alone. With home routers particularly at risk, it’s a concern that 83% are vulnerable to attack. In the first half of 2020, Trend Micro detected over 10.6 billion suspicious connection attempts on home routers’ unavailable ports—an issue made more worrisome by recent lab-based evidence that home routers are riddled with insecurities, as the Fraunhofer Home Router Security Report 2020 shows. This means you need to take steps to mitigate your router’s weaknesses, while deploying a home network security solution to address other network insecurities and to further secure your smart devices.

Relevant Blogs:

	A Better Route to Router and Home Network Security Keep Your Smart Home Safe: Here’s What You Can Do Today to Secure Your Products COVID-19: How Do I Work From Home Securely?

Endpoint threats: These are attacks aimed squarely at you the user, usually via the email channel. Trend Micro detected and blocked more than 26 billion email threats in the first half of 2019, nearly 91% of the total number of cyber-threats. These included phishing attacks designed to trick you into clicking on a malicious link to steal your personal data and log-ins or begin a ransomware download. Or they could be designed to con you into handing over your personal details, by taking you to legit-looking but spoofed sites. Endpoint threats sometimes include social media phishing messages or even legitimate websites that have been booby-trapped with malware. All this means is that installing endpoint security on your PCs and Macs is critical to your safety.

Relevant Blogs:

Online Phishing: How to Stay Out of the Hackers’ Nets How to Stay Safe as Online Coronavirus Scams Spread 21 Tips to Stay Secure, Private, and Productive as your Work from Home on Your Mac Top Tips for Home Cybersecurity and Privacy In A Coronavirus-Impacted World (Part 1) Top Tips for Home Cybersecurity and Privacy In A Coronavirus-Impacted World (Part 2) Ransom from Home – How to Close the Cyber Front Door to Remote Working Ransomware Attacks

Mobile security threats: Hackers are also targeting our smartphones and tablets with greater sophistication. Malware is often unwittingly downloaded by users, since it’s hidden in normal-looking mobile apps, like the Agent Smith adware that infected over 25 million Android handsets globally in 2019. Users are also extra-exposed to social media attacks and those leveraging unsecured public Wi-Fi when using their devices. Once again, the end goal for the hackers is to make money: either by stealing your personal data and log-ins; flooding your screen with adverts; downloading ransomware; or forcing your device to contact expensive premium rate phone numbers that they own. The conclusion? Installing a mobile security solution, as well as personal VPN, on your Android or iOS device, should be part of your everyday security defense.

Relevant Blogs:

	Defend Yourself Against Mobile Malware What is a VPN and How Does It Protect Your Online Security and Privacy? Suspicious Apps on Android: How to Stay Safe Part 1: Mobile Banking and Buying – the Good and the Bad Part 2: Mobile Banking and Buying – Best Practices

Identity data breaches are everywhere: The raw materials needed to unlock your online accounts and help scammers commit identity theft and fraud are stored by the organizations you interact with online. Unfortunately, these companies continued to be targeted by data thieves in 2019. As of November 2019, there were over 1,200 recorded breaches in the US, exposing more than 163 million customer records. Even worse, hackers are now stealing card data direct from the websites you shop with as they are entered in, via “digital skimming” malware. That said, an increasingly popular method uses automated tools that try tens of thousands of previously breached log-ins to see if any of them work on your accounts. From November 2017 through the end of March 2019, over 55 billion such attacks were detected. Add these to the classical phishing attack, where email hoaxes designed to get you to unwittingly hand over your data—and your data and identity can be severely compromised. In this category, using both a password manager and an identity security monitoring solution, is critical for keeping your identity data safe as you access your online accounts.

Relevant Blogs:

	Pay Guard Secures Your Online Transactions Are Your Passwords Secure Enough? Identity Fraud: How to Protect Your Identity Data, Accounts, and Money During the Coronavirus Crisis

How Trend Micro can help

Trend Micro fully understands these multiple sources for modern threats, so it offers a comprehensive range of security products to protect all aspects of your digital life—from your smart home network to your PCs and Macs, and from your mobile devices to your online accounts. We also know you need security for your email and your social networks, or simply when browsing the web itself.

Trend Micro Home Network Security: Provides protection against network intrusions, router hacks, web threats, dangerous file downloads and identity theft for every device connected to the home network.

Trend Micro Premium Security Suite: Our new premium offering provides all of the products listed below for up to 10 devices, plus Premium Services by our highly trained pros. It includes 24×7 technical support, virus and spyware removal, a PC security health check, and remote diagnosis and repair. As always, however, each solution below can be purchased separately, as suits your needs.

Trend Micro Security:Protects your PCs and Macs against web threats, phishing, social network threats, data theft, online banking threats, digital skimmers, ransomware and other malware. Also guards against over-sharing on social media. Trend Micro Mobile Security:Protects against malicious app downloads, ransomware, dangerous websites, and unsafe Wi-Fi networks. Trend Micro Password Manager:Provides a secure place to store, manage and update your passwords. It remembers your log-ins, enabling you to create long, secure and unique credentials for each site/app you need to sign-in to. Trend Micro WiFi Protection:Protects you on unsecured public WiFi by providing a virtual private network (VPN) that encrypts your traffic and ensures protection against man-in-the-middle (MITM) attacks. Trend Micro ID Security (Android, iOS): Monitors underground cybercrime sites to securely check if your personal information is being traded by hackers on the Dark Web and sends you immediate alerts if so, so you can take steps to address the problem.

The post Cyber Security Awareness: A Critical Checklist appeared first on .

Using Merlin agents to evade detection

Introduction While penetration testing and Red Teaming are crucial to check a system’s security and to validate potential entry-points in the infrastructure, sometimes establishing an initial foothold on the target can be a big challenge due to host IDS agents, host firewalls, antivirus or even due to bypass security appliances that are inspecting internal network […]

The post Using Merlin agents to evade detection appeared first on Infosec Resources.

---

Using Merlin agents to evade detection was first posted on October 13, 2020 at 8:07 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Open-source application security flaws: What you should know and how to spot them

Introduction Open-source software helped to revolutionize the way that applications are built by professionals and enthusiasts alike. Being able to borrow a non-proprietary library to quickly prototype and build an application not only accelerates progress in projects, but also makes things easier to work with. Open-source libraries when creating applications is not the only positive […]

The post Open-source application security flaws: What you should know and how to spot them appeared first on Infosec Resources.

---

Open-source application security flaws: What you should know and how to spot them was first posted on October 19, 2020 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com