FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

How Businesses Can Safeguard Their Communication Channels Against Hackers

By Anonymous
Efficient communication is a cornerstone of business success. Internally, making sure your team communicates seamlessly helps you avoid friction losses, misunderstandings, delays, and overlaps. Externally, frustration-free customer communication is directly correlated to a positive customer experience and higher satisfaction.  However, business communication channels are also a major target

Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks

By Newsroom
A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS). The SMS phishing messages are designed to propagate malicious links that are designed to capture victims' personally identifiable information (PII) and payment card details, SentinelOne 

U.S. State Government Network Breached via Former Employee's Account

By Newsroom
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee. "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency said in a joint advisory published

Section 702 Surveillance Fight Pits the White House Opposite Reproductive Rights

By Dell Cameron, Andrew Couts
Prominent advocates for the rights of pregnant people are urging members of Congress to support legislation that would ban warrantless access to sensitive data as the White House fights against it.

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

By Newsroom
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a

Microsoft Warns of COLDRIVER's Evolving Evasion and Credential-Stealing Tactics

By The Hacker News
The threat actor known as COLDRIVER has continued to engage in credential theft activities against entities that are of strategic interests to Russia while simultaneously improving its detection evasion capabilities. The Microsoft Threat Intelligence team is tracking under the cluster as Star Blizzard (formerly SEABORGIUM). It's also called Blue Callisto, BlueCharlie (or TAG-53),

DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software

By Newsroom
A variant of a ransomware strain known as DJVU has been observed to be distributed in the form of cracked software. "While this attack pattern is not new, incidents involving a DJVU variant that appends the .xaro extension to affected files and demanding ransom for a decryptor have been observed infecting systems alongside a host of various commodity loaders and infostealers," Cybereason

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

By Newsroom
A new study has demonstrated that it's possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established. The Secure Shell (SSH) protocol is a method for securely transmitting commands and logging in to a computer over an unsecured network. Based on a

Attention gamers! Motherboard maker MSI admits to breach, issues “rogue firmware” alert

By Paul Ducklin
Stealing private keys is like getting hold of a medieval monarch's personal signet ring... you get to put an official seal on treasonous material.

Beware: Tainted VPNs Being Used to Spread EyeSpy Surveillanceware

By Ravie Lakshmanan
Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis. A majority of the infections are said to originate in

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

By Ravie Lakshmanan
Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server. Successful exploitation of the

PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware

By Ravie Lakshmanan
The pay-per-install (PPI) malware downloader service known as PrivateLoader is being used to distribute a previously documented information-stealing malware dubbed RisePro. Flashpoint spotted the newly identified stealer on December 13, 2022, after it discovered "several sets of logs" exfiltrated using the malware on an illicit cybercrime marketplace called Russian Market. A C++-based malware,

What’s the Meaning of VPN? VPN Defined

By McAfee

A virtual private network (VPN) is a tool that enables users to protect their privacy while using an internet connection. VPNs create an encrypted tunnel — a private link between your device and the VPN server 

Essentially, this private link or tunnel keeps external influences out and allows your data to travel in an encrypted manner, enhancing security. The network’s privacy also makes sure your Internet Protocol (IP) address and browsing history is hidden online.  

[Text Wrapping Break]VPNs use several VPN protocols like OpenVPN, IPSec/IKEv2, PPTP, SSTP, and WireGuard to protect you. In particular, McAfee® Safe Connect VPN supports the OpenVPN protocol, which is an open-source and highly secure protocol running on TCP or UDP internet protocol and used by many VPN providers globally. [Text Wrapping Break][Text Wrapping Break]Read on to know more about how VPNs work and learn to install one. 

What does a VPN do?

The best way to stay secure online is to minimize your digital footprint. A good VPN service allows you to do exactly this, acting as an additional layer of protection for your online activities 

The primary function of a VPN is encryption. Most websites and online browsers already have some form of encryption. For example, when you purchase something on Amazon, you have to enter your credit card details and address. Encryption creates a private tunnel for data transmission between your device and Amazon to make sure no one else can watch what you’re doing.  

A VPN app does the same thing with an added level of security. The data that you pass to a VPN server is anonymized before it goes to the internet. In short, your device establishes an encrypted connection with the VPN server instead of connecting directly through the internet. So, the encryption protects your data and digital footprint from anyone outside the “private tunnel” between you and the secure VPN server 

Additionally, VPNs allow you to change or hide your IP address. An IP address is a number linked to a particular computer and network. Changing your IP address can trick the servers into thinking you’re connecting from a different geographical location. This can help improve security and provide additional benefits discussed below. 

You can also use a VPN to hide your IP address. This may be helpful if you’re trying to access content from other countries (for example, Netflix may have different content in different countries) or trying to keep your internet search history away from the prying eyes of a third-party like your internet service provider or a government. 

Using a VPN can help improve your online security. Nearly every internet activity — website and social media browsing, paying bills, online shopping, data sharing, and more — can be tracked by others. [Text Wrapping Break][Text Wrapping Break]Read on to learn about who typically uses a VPN and understand whether you should consider installing one. 

Who typically uses VPNs?

Given the extra security that VPN connections provide, you can gain something from using a VPN client. So, if you’re an individual concerned about your online privacy or just want to browse online anonymously — consider using a VPN. A VPN enables you to use the internet without third parties seeing your identity or identifying you via your search history since they don’t know what you were searching about or using the internet for. 

Big tech has had a long history of tracking private data for their gains. These companies regularly bundle data into coherent profiles and sell it to third parties. Additionally, they use private data to demonstrate targeted advertisements or manipulative content that makes you more likely to purchase their products. [Text Wrapping Break][Text Wrapping Break]So, it’s worthwhile to use a VPN if you regularly shop online or bank online. A VPN gives you that additional protection that can help prevent hackers or malicious third parties from accessing your information.[Text Wrapping Break][Text Wrapping Break]VPNs are excellent mechanisms for you to protect your privacy online. And you should consider your personal context and conduct thorough research to find the best VPN for your needs. 

VPNs are particularly helpful if you travel a lot, either for business or for leisure. While traveling, it’s inevitable that you connect to random or unknown Wifi networks and it may be the case that these networks are spying on you. However, if you’re using a VPN to browse the web, these WiFi networks can’t track you or your search history. This ensures you maintain anonymity and are safe while using the internet.  

Should you use a VPN on your personal computer?

Yes, an additional layer of protection to your online activities is always good practice. A VPN allows individuals using a personal computer to stay vigilant, protect their data, and maintain anonymity while allowing them to still enjoy their online experience.  

Benefits of VPNs for personal use

VPNs provide more benefits than just serving as an additional layer for cybercriminals to pass through.  

  • Data privacy: The biggest reason to use a VPN is data privacy. Internet service providers (ISPs) regularly collect customer data and sell it to advertisers for money. Using a VPN allows you to hide your location and prevents your data from falling into the wrong hands. VPNs allow you to browse the internet in peace, knowing that no third parties are aware of your identity or can trace particular internet activity back to you.  
  • Security on public networks: Internet access through public Wi-Fi hotspots may not be the safest. User data on public networks is unprotected, making it vulnerable to bad actors who can use software to get past firewalls. With VPN encryption, you can remain safe even while using public Wi-Fi network connections 
  • Secure online transactions: Think about the number of times you log into your bank account or give out credit card information on e-commerce sites. You can never be too safe when it comes to financial information.  
  • Change your location: Some content is geo-blocked for various reasons. It could be streaming services like Netflix limiting access to their services or different countries censoring content. VPNs can hide your IP address to trick servers into believing that your location is different from where your router is physically. This can give you access to a lot more content.  

Can you set up a VPN yourself?

Depending on the VPN you’re using, it can be a straightforward process to connect a VPN to your Mac, Windows, iPhone, or Android mobile device. McAfee’s VPN works with multiple platforms and operating systems, including Microsoft Windows, macOS, Android, and iOS 

Use this guide to quickly set up a VPN with your device in a few simple steps.  

Secure your browsing with a VPN from McAfee

With McAfee +, you can minimize your digital footprint through a secure connection channel without compromising your browsing experience. Connect to public networks, make financial transactions online, and keep your personal data safe with McAfee.  

With our bank-grade AES-256 bit encryption technology and automatic protection, McAfee VPN protection can help safeguard all your online activities — allowing you to enjoy the internet the way it was meant to be enjoyed. 

Explore our full suite of cybersecurity tools included in McAfee +, including our newest service, Personal Data Cleanup. We can help find and remove your personal data on some of the riskiest data broker sites.  

The post What’s the Meaning of VPN? VPN Defined appeared first on McAfee Blog.

How to Use DuckDuckGo’s Privacy-First Email Service

By David Nield
Tired of advertisers spying on your private communications? This beta promises to kick tracking technology to the curb.

Fast and Secure VPN on a Budget? Private Internet Access VPN Has You Covered

By The Hacker News
Back when the internet consisted of a handful of computers networked together across a few research institutions, nobody could have imagined that it would one day form the backbone of a new digital way of life. And that probably explains why none of the researchers who thought up its core technologies — things like packet switching and TCP/IP — gave much consideration to the need to secure the

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

By Ravie Lakshmanan
Virtual Private Network (VPN) provider ExpressVPN on Thursday announced that it's removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team (CERT-In). "Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located

Hackers Using PrivateLoader PPI Service to Distribute New NetDooka Malware

By Ravie Lakshmanan
A pay-per-install (PPI) malware service known as PrivateLoader has been spotted distributing a "fairly sophisticated" framework called NetDooka, granting attackers complete control over the infected devices. "The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (

Are You Still on the Fence About a Family VPN?

By Toni Birdsong

Chances are, you’ve heard the term VPN more and more lately but still can’t figure out exactly what it does or if your family needs one. You aren’t alone. The short answer is yes—you need a VPN on your family devices—and here’s why.  

One of the main reasons you’re hearing more about VPNs is that cybercrime and data breaches are skyrocketing—especially since the pandemic. Cybercriminals are devising more inventive ways to grab and misuse your data. Subscribing to a VPN service is one of the most practical and powerful ways consumers can fight back.  

What’s a VPN? 

VPN is an acronym for Virtual Private Network. And while it sounds complicated, it’s not. A VPN is an app you install on family devices to help keep data and online activity secure while using public Wi-Fi. Pretty simple, right? 

How does it work? 

When you connect your computer or phone to a VPN, the service sends your network traffic through the VPN server before going to the public Wi-Fi server. Because a VPN scrambles data, should a bad actor try to access your activity, all they will see is gibberish.  

 A VPN encrypts internet traffic and then bounces it around until it becomes scrambled, helping block geolocation-based tracking and offering more protection than an open network. Encryption makes it harder for cyber crooks to decipher your location, data, and online activity for malicious purposes.  

Benefits of a VPN 

1. Reduces risk on the go.

Anytime you or another family member uses public Wi-Fi—to stream, shop, or game—it’s possible that others can see your traffic. However, a VPN will encrypt your activity so that all a potential hacker will see is gibberish. 

2. Gives kids extra protection.

A VPN is a safeguard if your kids forget to turn off the Wi-Fi auto-connect feature on their phones. This can be a powerful feature if your kids connect to social networks, shopping, banking, or gaming sites throughout the day from locations outside the home.  

3. Restricts data mining. 

A VPN configured correctly can also keep companies from sharing your browsing habits and information with third parties. 

4. Multiple device security.

If everyone in your family has two devices and you have five family members, a bad actor has up to 10 potential entry points to steal your data or instigate a scam. With cybersecurity threats on the rise, a VPN provides security for all users on multiple devices, regardless of their safety habits. 

Top VPN Features 

When shopping for the best VPN for your family, it’s easy to get lost in an ocean of features. Here’s a shortcut to help you with the VPN features best for your family. Look for: 

1. Bank-grade encryption.

A quick search will render dozens of VPN options and not all protect consumers. Approximately 38% of Android VPN apps in the Google Play Store (some free) install malware rather than block it. Another study found that of 283 free VPN providers, 72% included trackers. Because of this standard practice, it’s essential to do your research and choose a VPN that delivers bank-grade encryption. Note: Many free VPNs make their money by sharing your data with third parties.  

2. Unlimited bandwidth.

Choose a VPN that allows you to maintain a secure network connection no matter how much time you spend online. 

3. Efficient speed.

With more work and school now remote, consider choosing a high-speed VPN that improves privacy without sacrificing the quality of your connection. 

4. Access to virtual locations.

Consider a VPN server that shows a different location than your point of entry, a feature that enhances anonymity, location, and browsing history. For example, you may be getting online in the United States, but your VPN server might show you are connected in Italy.  

What’s your digital defense? 

It’s important to note that a VPN does not provide 100% protection from cyber threats. However, to date, it is one of the safest ways your family can simultaneously enjoy the convenience of the internet and reduce risk on public Wi-Fi.

McAfee Total Protection subscribers already have access to unlimited VPN usage. If you haven’t already signed up, now’s a perfect time. McAfee Total Protection provides security for all your devices while your family shops, banks, games, and browses online. 

The post Are You Still on the Fence About a Family VPN? appeared first on McAfee Blog.

Private browsing vs VPN – Which one is more private?

By McAfee

To enjoy online life to the fullest these days, we often have to give out a certain amount of personal information. That also means the moment you go online you’re giving personal data away. Whether it’s your phone, a game console, or a connected speaker, someone, somewhere, is monitoring your connection. Knowing what data your device sends, and who has access to that information, is an important part of maintaining your online privacy. However, without the right tools, you’re probably giving away a lot more information than you realize. Many believe that one effective way to maintain online privacy is by using a private mode on a browser. 

However, it’s a common misconception that “private browsing” modes–like Google’s Incognito–protect your online privacy. It makes sense, they’re called “private browsing”, what else would they do? Well, if you’ve read the news lately, you may have seen that Google is in a $5 billion lawsuit specifically because of their private browsing mode.  

The thing is, incognito mode is often misunderstood. When you open an incognito window, you’re told that “You’ve gone incognito.” The explanation underneath says that your browsing history, website visits, cookies, and information you put in forms, won’t be saved. This is where the confusion starts. What the incognito explanation doesn’t tell you is that your browsing information isn’t blocked or hidden from advertisers while in incognito mode. So even though your browsing information “won’t be saved” on your device or available after you close the window, that doesn’t stop the internet from seeing everything you’ve been up to while in that session.  

For these reasons, more people use virtual private networks, or VPNs, to protect their browsing history from prying eyes. If you’re new to VPN, this might be the perfect time to learn about what they are, how they work and why you might choose a VPN over private browsing.   

What do virtual private networks do?   

VPN protects your devices by wrapping your internet connection in a secure tunnel that only you can access. This stops people —like those nosey advertisers—from seeing what sites you visit. With a secure connection to the Internet, every search request, every website you browse, is hidden from sight. It’s important to point out that VPN doesn’t make you anonymous; they make it so only you can see what you’re doing online. You can learn even more about VPN in this blog. 

What does incognito mode do?  

Without private browsing, your browser tells websites–and their owners–all kinds of things about you like what device you’re using, where you are, what sites you’ve visited, and when. Websites use this information to serve you relevant ads, but it can also be used to track your location and browsing habits. 

With private browsing, your browser window is isolated from the rest of your operating system. Isolating the browser is supposed to help block websites from seeing who you are, block cookies and prevent access to your browsing history, but even when using private browsing, tests like EFF’s Panopticlick privacy test can see what device you’re on, where you’re connecting, if you can accept cookies, your OS, and many other types personally-identifying information. 

What’s the difference between VPN and private browsing?  

VPN 

  • Encrypt your internet connection  
  • Help hide your browsing from snoops  
  • Help hide your search requests  
  • Help protect your personal information  
  • Can protect multiple devices  
  • Block some types of online tracking  

Private browsing 

  • Deletes personal data when you stop browsing  
  • Only active in one browser window   
  • Hides Internet activity from other users on shared devices  

Use private browsing alongside VPN  

We wouldn’t recommend using incognito mode instead of a VPN, ever. However, Incognito mode has its place in your online security toolkit,  as long as you don’t think of it as a replacement for other types of protection. For instance, if you share a device with other people, like family members, then you might want to use incognito mode to make sure your partner doesn’t accidentally find out how much you spent on their surprise birthday gift. But, if you’re concerned with advertisers tracking you and watching what you do online, then you should consider also using a VPN to protect your privacy.  

Ways to get VPN protection  

If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank, and browse online. 

The post Private browsing vs VPN – Which one is more private? appeared first on McAfee Blog.

Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis

By Trend Micro

We’ve all been spending more of our time online since the crisis hit. Whether it’s ordering food for delivery, livestreaming concerts, holding virtual parties, or engaging in a little retail therapy, the digital interactions of many Americans are on the rise. This means we’re also sharing more of our personal and financial information online, with each other and the organizations we interact with. Unfortunately, as ever, there are bad guys around every digital corner looking for a piece of the action.

The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.

It therefore pays to be careful about how you use your data and how you protect it. Even more: it’s time to get proactive and monitor it—to try and spot early on if it has been stolen. Here’s what you need to know to protect your identity data.

How identity theft works

First, some data on the scope of the problem. In the second quarter of 2020 alone 349,641 identity theft reports were filed with the FTC. To put that in perspective, it’s over half of the number for the whole of 2019 (650,572), when consumers reported losing more than $1.9 billion to fraud. What’s driving this huge industry? A cybercrime economy estimated to be worth as much as $1.5 trillion annually.

Specialized online marketplaces and private forums provide a user-friendly way for cyber-criminals and fraudsters to easily buy and sell stolen identity data. Many are on the so-called dark web, which is hidden from search engines and requires a specialized anonymizing browser like Tor to access. However, plenty of this criminal activity also happens in plain sight, on social media sites and messaging platforms. This underground industry is an unstoppable force: as avenues are closed down by law enforcement or criminal in-fighting, other ones appear.

At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.

There are various ways for attackers to get your data. The main ones are:

  • Phishing: usually aimed at stealing your log-ins or tricking you into downloading keylogging or other info-stealing malware. Phishing mainly happens via email but could also occur via web, text, or phone. Around $667m was lost in imposter scams last year, according to the FTC.
  • Malicious mobile apps disguised as legitimate software.
  • Eavesdropping on social media: If you overshare even innocuous personal data (pet names, birth dates, etc.,) it could be used by fraudsters to access your accounts.
  • Public Wi-Fi eavesdropping: If you’re using it, the bad guys may be too.
  • Dumpster diving and shoulder surfing: Sometimes the old ways are still popular.
  • Stealing devices or finding lost/misplaced devices in public places.
  • Attacking the organizations you interact with: Unfortunately this is out of your control somewhat, but it’s no less serious. There were 1,473 reported corporate breaches in 2019, up 17% year-on-year.
  • Harvesting card details covertly from the sites you shop with. Incidents involving this kind of “web skimming” increased 26% in March as more users flocked to e-commerce sites during lockdown.

 

The COVID-19 challenge

As if this weren’t enough, consumers are especially exposed to risk during the current pandemic. Hackers are using the COVID-19 threat as a lure to infect your PC or steal identity data via the phishing tactics described above. They often impersonate trustworthy institutions/officials and emails may claim to include new information on outbreaks, or vaccines. Clicking through or divulging your personal info will land you in trouble. Other fraud attempts will try to sell counterfeit or non-existent medical or other products to help combat infection, harvesting your card details in the process. In March, Interpol seized 34,000 counterfeit COVID goods like surgical masks and $14m worth of potentially dangerous pharmaceuticals.

Phone-based attacks are also on the rise, especially those impersonating government officials. The aim here is to steal your identity data and apply for government emergency stimulus funds in your name. Of the 349,641 identity theft reports filed with the FTC in Q2 2020, 77,684 were specific to government documents or benefits fraud.

What do cybercriminals do with my identity data?

Once your PII is stolen, it’s typically sold on the dark web to those who use it for malicious purposes. It could be used to:

  • Crack open other accounts that share the same log-ins (via credential stuffing). There were 30 billion such attempts in 2018.
  • Log-in to your online bank accounts to drain it of funds.
  • Open bank accounts/credit lines in your name (this can affect your credit rating).
  • Order phones in your name or port your SIM to a new device (this impacts 7,000 Verizon customers per month).
  • Purchase expensive items in your name, such as a new watch or television, for criminal resale. This is often done by hijacking your online accounts with e-tailers. E-commerce fraud is said to be worth around $12 billion per year.
  • File fraudulent tax returns to collect refunds on your behalf.
  • Claim medical care using your insurance details.
  • Potentially crack work accounts to attack your employer.

How do I protect my identity online?

The good news among all this bad is that if you remain skeptical about what you see online, are cautious about what you share, and follow some other simple rules, you’ll stand a greater chance of keeping your PII under lock and key. Best practices include:

  • Using strong, long and unique passwords for all accounts, managed with a password manager.
  • Enable two-factor authentication (2FA) if possible on all accounts.
  • Don’t overshare on social media.
  • Freeze credit immediately if you suspect data has been misused.
  • Remember that if something looks too good to be true online it usually is.
  • Don’t use public Wi-Fi when out-and-about, especially not for sensitive log-ins, without a VPN.
  • Change your password immediately if a provider tells you your data may have been breached.
  • Only visit/enter payment details into HTTPS sites.
  • Don’t click on links or open attachments in unsolicited emails.
  • Only download apps from official app stores.
  • Invest in AV from a reputable vendor for all your desktop and mobile devices.
  • Ensure all operating systems and applications are on the latest version (i.e., patch frequently).
  • Keep an eye on your bank account/credit card for any unusual spending activity.
  • Consider investing in a service to monitor the dark web for your personal data.

How Trend Micro can help

Trend Micro offers solutions that can help to protect your digital identity.

Trend Micro ID Security is the best way to get proactive about data protection. It works 24/7 to monitor dark web sites for your PII and will sound the alarm immediately if it finds any sign your accounts or personal data have been stolen. It features

  • Dark Web Personal Data Manager to scour underground sites and alert if it finds personal info like bank account numbers, driver’s license numbers, SSNs and passport information.
  • Credit Card Checker will do the same as the above but for your credit card information.
  • Email Checker will alert you if any email accounts have been compromised and end up for sale on the dark web, allowing you to immediately change the password.
  • Password Checker will tell you if any passwords you’re using have appeared for sale on the dark web, enabling you to improve password security.

Trend Micro Password Manager enables you to manage all your website and app log-ins from one secure location. Because Password Manager remembers and recalls your credentials on-demand, you can create long, strong and unique passwords for each account. As you’re not sharing easy-to-remember passwords across multiple accounts, you’ll be protected from popular credential stuffing and similar attacks.

Finally, Trend Micro WiFi Protection will protect you if you’re out and about connecting to WiFi hotspots. It automatically detects when a WiFi connection isn’t secure and enables a VPN—making your connection safer and helping keep your identity data private.

In short, it’s time to take an active part in protecting your personal identity data—as if your digital life depended on it. In large part, it does.

 

The post Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis appeared first on .

What is a VPN and How Does it Increase Your Online Security and Privacy?

By Trend Micro

The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?

What is a VPN?

A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.

How does a VPN work and why you need a VPN service?

Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.

    1. Safeguard personal information

    This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.

      1. Access better streaming contents from other locations

      One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.

        1. Enhance browsing privacy

        Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.

        Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.

          1. Save cost on communicating with family and friends abroad

          Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.

            1. Escape content-based bandwidth-throttling

            The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.

            Choosing the right VPN for you

            Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.

            Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:

            • Faster and more data is better. Using a VPN can often decrease the speed of your internet connection, so you should pick a provider that has a good number of servers and locations and doesn’t pre-throttle your bandwidth. Some also have data limits, so you should opt for those with a higher data limit per month
            • Provides the best encryption. Look for a VPN providing sophisticated ciphers such as 256-bit AES end-to-end encryption.
            • Ensures safe browsing. Look for VPN that can filter and block malicious websites, online fraud, and internet scams and automatically safeguard your internet connection.
            • Provides full anonymity. It is crucial that a VPN vendor has a clear privacy policy. Trusted VPNs will not track the user’s websites, payment information, or online transactions, and do not keep logs.
            • Supports simultaneous devices. Select a VPN that is compatible with your devices and operating systems and can provide you a good number of simultaneous connections on your devices.
            • Cost versus use case. Heavier business usage should be contrasted with everyday consumer use. To pay less for the service (VPNs typically cost from $5 to $12 per month per device, though multi-device bundles are less), you might accept some data limits, if your use case is lighter; sacrifice some speed, if you’re not streaming movies when you’re out and about, (unlikely during the coronavirus lockdown); or some cross-regional server-selection capability, if you’re not travelling in content-restricted regions (since out-of-country travel is also being hampered by the pandemic).

            Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.

            Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.

            Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.

            Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.

            Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.

            The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .

            Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1)

            By Trend Micro

            Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.

            To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.

            What’s going on?

            In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.

            This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include

            • Use of potentially insecure video conferencing applications. The number of daily meeting participants on Zoom surged from 10 million in December 2019 to roughly 200 million in March.
            • Visits to P2P/torrent sites or platforms for adult content. In search of entertainment, bored kids or teens in your household may have more time and inclination to do this.
            • Downloads of potentially malicious applications disguised as legitimate entertainment or gaming content.
            • More online shopping and banking. June alone generated $73.2 billion in online spend, up 76.2% year-on-year. Whenever you shop or bank online, financial data is potentially exposed.
            • Use of potentially insecure remote learning platforms. Educational mobile app downloads increased by a massive 1087% between March 2 and 16. The trend continues.
            • Logging on to corporate cloud-based services. This includes Office 365, to do your job remotely, or using a VPN to connect directly into the office.
            • For recreation, streaming and browsing on your smart TV. But even your smart TV is vulnerable to threats, as the FBI has warned.

            Risky behavior

            Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:

            • 80% have used their work laptop for personal browsing, with only 36% fully restricting the sites they visit.
            • 56% of employees have used a non-work app on a corporate device, and 66% have uploaded corporate data to it.
            • 39% often or always access corporate data from a personal device.
            • 8% admit to watching adult content on their work laptop, and 7% access the dark web.

            This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.

            What are the bad guys doing?

            Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.

            There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.

            It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.

            • Unsecured home routers and smart devices might be hijacked in more sophisticated attacks designed to steal data from corporate networks via the home worker.
            • Phishing attacks spoofing well-known brands or using COVID-19 information/news as a lure. Google is blocking 18 million malicious pandemic-themed emails every day. The end goal may be to hijack your online consumer accounts (Netflix, banking, email, online shopping) or work accounts. Other phishing emails are designed to install data-stealing malware, ransomware and other threats.
            • Attackers may target vulnerabilities in your home PCs and the apps you’re using (video conferencing etc) to gain remote access.
            • Business Email Compromise (BEC) attackers may try to leverage the lack of internal communications between remote workers to impersonate senior execs via email, and trick finance team members into wiring corporate funds abroad.
            • Kids exposing home networks and devices to malware on torrent sites, in mobile apps, on social media, and via phishing attacks potentially imitating remote learning/video conferencing platforms.
            • Kids searching for adult/inappropriate content, and/or those that are bored and over-share on social media. Unicef has warned that millions of children are at increased of online harm as lockdown means they spend more of their days online.
            • Mobile apps represent a potential source of malware, especially those found on unofficial app stores. There has also been a reported 51% rise in stalkerware – covert surveillance apps used by domestic abusers and stalkers to target victims.
            • The pandemic has led to a surge in e-commerce fraud where consumers are tricked into buying non-existent products or counterfeit goods including medical items.

            So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”

            Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.

            The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .

            Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2)

            By Trend Micro

            The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.

            Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.

            How you can stay safe online

            The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.

            Protect your smart home and router

            Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:

            • Regularly check for router firmware updates and apply as soon as they’re available. (If you’re using a home gateway (modem + router) firmware updates are done by your ISP, so you won’t have the option to do this.)
            • Change factory default admin passwords and switch on two-factor authentication if available.
            • Disable UPnP and any remote management features.
            • Use WPA2 on your router for encrypted Wi-Fi. Pick passwords for access that aren’t easily guessed.
            • Put the router in middle of house if possible, so the signal is not overly exposed to strangers outside. Likewise for extenders.
            • Invest in security for the entire home network from a reputable provider like Trend Micro.

            Secure your home office

            Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:

            • Again, apply a home network security solution. This protects your work devices, while also protecting the devices you use for recreation.
            • Apply any security updates to OS/software.
            • Install/maintain endpoint security software on all machines/devices.
            • Never use work laptops for personal use.
            • Switch on 2FA for any work accounts.
            • Use a VPN if applicable whenever connecting to the office.
            • Stay alert to phishing/BEC attempts.
            • Take advantage of any training courses to stay up-to-speed on the latest scams.
            • Disable macros in Office files – these are often used by hackers to run malware.

            Stay safe from phishing

            Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:

            • Be cautious of any unsolicited emails/texts/messages even if they appear legitimate.
            • Don’t click on any links/buttons in unsolicited messages, or download attachments.
            • Check directly with the sender rather than clicking through links or buttons provided or entering any confidential details.
            • Invest in cybersecurity tools from a trusted vendor like Trend Micro, to spot and block scam emails and malicious downloads/websites.

            Use video conferencing safely

            New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:

            • Check first for end-to-end encryption.
            • Only download videoconferencing apps from official iOS/Android stores and manufacturer websites.
            • Get familiar with privacy settings. Switch off camera access if you don’t want to appear on-screen.
            • Ensure you’re always on the latest software version.
            • Never click on links/open attachments in messages from unknown contacts.
            • Use a password manager to store long and strong log-ins, and switch on two-factor authentication (2FA) if available.

            Stay safe shopping and banking

            Next, protect your financial information and stay safe from e-commerce fraud by doing the following:

            • Install AV on all PCs and devices.
            • Always use the latest browser versions and HTTPS sites.
            • Never click through on sensational promos or ads on social media/in emails. Always visit the site directly.
            • Always be cautious: if special offers seem too good to be true, they usually are.
            • Use a secure browser, password manager, and 2FA in your online accounts.
            • Use a VPN app on any device you use to shop or bank.

            Think about online safety for kids

            They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:

            • Urge your kids to think before clicking, and before sharing on social media.
            • Make sure you have installed anti-malware from a reputable vendor on all their devices.
            • Look for security products that check/update their social media privacy settings.
            • Discourage or block downloads from P2P sites.
            • Set up parental controls to block inappropriate content and/or to regulate screen time and time on certain sites or with certain apps. Then set up admin protections, so they can’t change the settings.
            • Share your concerns around sexting.

            Mobile security best practices
            Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by

            • Sticking to the official Google Play and App Store marketplaces. Enforce this through smart settings on your children’s phones.
            • Running anti-malware on your mobile device, from a reputable company like Trend Micro.
            • Ensuring your family’s devices are using the latest OS version.
            • Ensuring your family devices have remote lock and wipe feature switched on, in case they’re lost or stolen.
            • Never brick or jailbreak the device, as this can expose it to security risks.

            How Trend Micro can help

            When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:

            Trend Micro Home Network Security

            Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution

            • Blocks dangerous file downloads during web browsing to stop ransomware, data theft, phishing, and other malware. Blocks remote access applications.
            • Protects all smart devices, such as smart TVs, thermostats, security cameras, etc., that don’t have their own security solutions.
            • Parental Controls and Guardian allow parents to track and restrict their children’s internet usage at home and on-the-go, which could free-up bandwidth for important conference calls.

            Trend Micro Security (PC and Mac)

            Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:

            • Web Threat Protection when browsing the internet, defending you against bad websites that can steal your data or download malicious files.
            • Machine Learning, to protect you from new and unknown threats.
            • Ransomware protection via Folder Shield, to stop unauthorized changes and back-up files encrypted by suspicious programs.
            • Anti-phishing and anti-spam protection for Outlook clients, as well as Gmail and Outlook webmail on the PC, and Gmail webmail on the Mac.
            • Privacy Scanner (for Facebook and Twitter), Social Networking Protection for protection against malicious links in social networks, Pay Guard for protecting your online banking and buying.
            • Parental Controls to limit which software and websites you kids may use.

            Trend Micro Mobile Security:

            Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.

            • Blocks dangerous websites and app downloads.
            • Helps protects your privacy on Twitter and Facebook.
            • Protects your kids’ devices.
            • Guards against identity theft.
            • Optimizes your device’s performance.

            Additional Trend Micro Tools:

            Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides

            • Wi-Fi Protection/VPN Proxy One Mac | iOS. VPNs with an emphasis on web threat protection or privacy, respectively. The first is available on all four platforms; the second is targeted for Apple devices.
            • Password Manager. Manages and encrypts your passwords, and automates your logins, while ensuring you use unique, strong passwords across all of your online accounts.
            • ID Security. Tracks your credentials, particularly the ones you use for buying and banking, to see if breaches of any of your identity data have led to their sale on the Dark Web. Notifies you when it has, so you can take steps to protect it.
            • Premium Services. Parents working from home are not expected to be IT or Security experts, so now’s the time to ensure professional help is around when you need it by signing up for one of Trend Micro’s premium service packages for help configuring, troubleshooting, optimizing, and disinfecting your devices if they get infected.

            Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.

            The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .

            Ransomware is Still a Blight on Business

            By Ed Cabrera (Chief Cybersecurity Officer)

            Ransomware is Still a Blight on Business

            Trends come and go with alarming regularity in cybersecurity. Yet a persistent menace over the past few years has been ransomware. Now mainly targeting organizations rather than consumers, and with increasingly sophisticated tools and tactics at their disposal, the cybercriminals behind these campaigns have been turning up the heat during the COVID-19 pandemic. That’s why we need industry partnerships like No More Ransom.

            Celebrating its fourth anniversary this week, the initiative has helped over four million victims fight the scourge of ransomware, saving hundreds of millions of dollars in the process. At Trend Micro, we’re proud to have played a major part, helping to decrypt over 77 million files for victims.

            Not going anywhere

            Ransomware has been with us for years, but only really hit the mainstream after the global WannaCry and NotPetya incidents of 2017. Unfortunately, that was just the start. Today, no sector is safe. We saw attacks rage across US municipalities, school districts and hospitals in 2019. Most recently, a major outage at a connected technology giant impacted everything from consumer fitness trackers to on-board flight systems.

            Such attacks can hit victim organizations hard. There are serious reputational and financial repercussions from major service outages, and the stakes have been raised even further as attackers now often steal data before encrypting victims’ files. A recent incident at a US cloud computing provider has led to data compromise at over 20 universities and charities in the UK and North America, for example. A separate ransomware attack on a managed service provider earlier this year may cost it up to $70m.

            The bad guys have shown no sign of slowing down during the pandemic — quite the reverse. Even as hospitals have been battling to save the lives of patients battling COVID-19, they’ve been targeted by ransomware designed to lock mission-critical systems.

            No More Ransom

            That’s why we need to celebrate public-private partnerships like No More Ransom, which provides helpful advice for victims and a free decryption tool repository. Over the past four years it has helped 4.2 million visitors from 188 countries, preventing an estimated $632 million in ransom demands finding its way into the pockets of cyber-criminals.

            At Trend Micro, we’re proud to have been an associate partner from the very start, contributing our own decryption tools to the scores available today to unlock 140 separate ransomware types. Since the start of No More Ransom, Trend Micro tools have been downloaded nearly half a million times, helping over 50,000 victims globally to decrypt more than 77 million files. We simply can’t put a price on this kind of intervention.

            https://www.europol.europa.eu/publications-documents/infographic-4th-anniversary-no-more-ransom

            Yet while the initiative is a vital response to the continued threat posed by ransomware, it is not all we can do. To truly beat this menace, we need to educate organizations all over the planet to improve their resilience to such malware threats. That means taking simple steps such as:

            • Backing up regularly, according to best practice 3-2-1 policy
            • Installing effective AV from a trusted vendor, featuring behavior monitoring, app whitelisting and web reputation
            • Training staff how to better spot phishing attacks
            • Ensuring software and systems are always on the latest version
            • Protecting the enterprise across endpoint, hybrid cloud, network and email/web gateways

            I’m also speaking on a panel today hosted by the U.S. Chamber of Commerce on NotPetya and general ransomware attack trends related to the pandemic. Join us to learn more about ransomware from law enforcement agencies, policy makers and businesses.

            If your organization has been impacted by ransomware, check the resources available on https://www.nomoreransom.org/ for advice and access to the free decryption tool repository.

            The post Ransomware is Still a Blight on Business appeared first on .

            From Bugs to Zoombombing: How to Stay Safe in Online Meetings

            By Trend Micro

            The COVID-19 pandemic, along with social distancing, has done many things to alter our lives. But in one respect it has merely accelerated a process begun many years ago. We were all spending more and more time online before the virus struck. But now, forced to work, study and socialize at home, the online digital world has become absolutely essential to our communications — and video conferencing apps have become our “face-to-face” window on the world.

            The problem is that as users flock to these services, the bad guys are also lying in wait — to disrupt or eavesdrop on our chats, spread malware, and steal our data. Zoom’s problems have perhaps been the most widely publicized, because of its quickly rising popularity, but it’s not the only platform whose users have been potentially at risk. Cisco’s WebEx and Microsoft Teams have also had issues; while other platforms, such as Houseparty, are intrinsically less secure (almost by design for their target audience, as the name suggests).

            Let’s take a look at some of the key threats out there and how you can stay safe while video conferencing.

            What are the risks?

            Depending on the platform (designed for work or play) and the use case (business or personal), there are various opportunities for the online attacker to join and disrupt or eavesdrop on video conferencing calls. The latter is especially dangerous if you’re discussing sensitive business information.

            Malicious hackers may also look to deliver malware via chats or shared files to take control of your computer, or to steal your passwords and sensitive personal and financial information. In a business context, they could even try to hijack your video conferencing account to impersonate you, in a bid to steal info from or defraud your colleagues or company.

            The bad guys may also be able to take advantage of the fact that your home PCs and devices are less well-secured than those at work or school—and that you may be more distracted at home and less alert to potential threats.

            To accomplish their goals, malicious hackers can leverage various techniques at their disposal. These can include:

            • Exploiting vulnerabilities in the video conferencing software, particularly when it hasn’t been updated to fend off the latest threats
            • Stealing your log-ins/meeting ID via malware or phishing attacks; or by obtaining a meeting ID or password shared on social media
            • Hiding malware in legitimate-looking video apps, links and files
            • Theft of sensitive data from meeting recordings stored locally or in the cloud.

            Zooming in on trouble

            Zoom has in many ways become the victim of its own success. With daily meeting participants soaring from 10 million in December last year to 200 million by March 2020, all eyes have been focused on the platform. Unfortunately, that also includes hackers. Zoom has been hit by a number of security and privacy issues over the past several months, which include “Zoombombing” (meetings disrupted by uninvited guests), misleading encryption claims, a waiting room vulnerability, credential theft and data collection leaks, and fake Zoom installers. To be fair to Zoom, it has responded quickly to these issues, realigning its development priorities to fix the security and privacy issues discovered by its intensive use.

            And Zoom isn’t alone. Earlier in the year, Cisco Systems had its own problem with WebEx, its widely-used enterprise video conferencing system, when it discovered a flaw in the platform that could allow a remote, unauthenticated attacker to enter a password-protected video conferencing meeting. All an attacker needed was the meeting ID and a WebEx mobile app for iOS or Android, and they could have barged in on a meeting, no authentication necessary. Cisco quickly moved to fix the high-severity vulnerability, but other flaws (also now fixed) have cropped up in WebEx’s history, including one that could enable a remote attacker to send a forged request to the system’s server.

            More recently, Microsoft Teams joined the ranks of leading business videoconferencing platforms with potentially deadly vulnerabilities. On April 27 it surfaced that for at least three weeks (from the end of February till the middle of March), a malicious GIF could have stolen user data from Teams accounts, possibly across an entire company. The vulnerability was patched on April 20—but it’s a reminder to potential video conferencing users that even leading systems such as Zoom, WebEx, and Teams aren’t fool-proof and require periodic vulnerability and security fixes to keep them safe and secure. This is compounded during the COVID-19 pandemic when workers are working from home and connecting to their company’s network and systems via possibly unsecure home networks and devices.

            Video conferencing alternatives

            So how do you choose the best, most secure, video conferencing software for your work-at-home needs? There are many solutions on the market today. In fact, the choice can be dizzying. Some simply enable video or audio meetings/calls, while others also allow for sharing and saving of documents and notes. Some are only appropriate for one-on-one connections or small groups, while others can scale to thousands.

            In short, you’ll need to choose the video conferencing solution most appropriate to your needs, while checking if it meets a minimum set of security standards for working at home. This set of criteria should include end-to-end encryption, automatic and frequent security updates, the use of auto-generated meeting IDs and strong access controls, a program for managing vulnerabilities, and last but not least, good privacy practices by the company.

            Some video conferencing options alongside Zoom, WebEx, and Teams include:

            • Signal which is end-to-end encrypted and highly secure, but only supports one-to-one calls.
            • FaceTime, Apple’s video chat tool, is easy-to-use and end-to-end encrypted, but is only available to Mac and iOS users.
            • Jitsi Meet is a free, open-source video conferencing app that works on Android, iOS, and desktop devices, with no limit on participants beyond your bandwidth.
            • Skype Meet Now is Microsoft’s free, popular conferencing tool for up to 50 users that can be used without an account, (in contrast to Teams, which is a paid, more business-focused platform for Office 365 users).
            • Google Duo is a free option for video calls only, while the firm’s Hangouts platform can also be used for messaging. Hangouts Meet is a more business-focused paid version.
            • Doxy.me is a well-known telemedicine platform used by doctors and therapists that works through your browser—so it’s up to you to keep your browser updated and to ensure the appropriate security and privacy settings are in place. Secure medical consultation with your healthcare provider is of particular concern during the shelter- and work-from-home quarantine.

            How do I stay safe?

            Whatever video conferencing platform you use, it’s important to bear in mind that cyber-criminals will always be looking to take advantage of any security gaps they can find — in the tool itself or your use of it. So how do you secure your video conferencing apps? Some tips listed here are Zoom-specific, but consider their equivalents in other platforms as general best-practice tips. Depending on the use case, you might choose to not enable some of the options here.

            • Check for end-to-end encryption before getting onboard with the app. This includes encryption for data at rest.
            • Ensure that you generate one-off meeting IDs and passwords automatically for recurring meetings (Zoom).
            • Don’t share any meeting IDs online.
            • Use the “waiting room” feature in Zoom (now fixed), so the host can only allow attendees from a pre-assigned list.
            • Lock the meeting once it’s started to stop anyone new from joining.
            • Allow the host to put attendees on hold, temporarily removing them from a meeting if necessary.
            • Play a sound when someone enters or leaves the room.
            • Set screen-sharing to “host only” to stop uninvited guests from sharing disruptive content.
            • Disable “file transfers” to block possible malware.
            • Keep your systems patched and up-to-date so there are no bugs that hackers can target.
            • Only download conferencing apps from official iOS/Android stores and manufacturer websites.
            • Never click on links or open attachments in unsolicited mail.
            • Check the settings in your video conferencing account. Switch off camera access if you don’t want to appear on-screen.
            • Use a password manager for video conferencing app log-ins.
            • Enhance passwords with two-factor authentication (2FA) or Single-Sign-On (SSO) to protect access, if available.
            • Install anti-malware software from a reputable vendor on all devices and PCs. And implement a network security solution if you can.

            How Trend Micro can help

            Fortunately, Trend Micro has a range of capabilities that can support your efforts to stay safe while using video conferencing services.

            Trend Micro Home Network Security (HNS) protects every device in your home connected to the internet. That means it will protect you from malicious links and attachments in phishing emails spoofed to appear as if sent from video conferencing firms, as well as from those sent by hackers that may have covertly entered a meeting. Its Vulnerability Check can identify any vulnerabilities in your home devices and PCs, including work laptops, and its Remote Access Protection can reduce the risk of tech support scams and unwanted remote connections to your device. Finally, it allows parents to control their kids’ usage of video conferencing applications, to limit their exposure.

            Trend Micro Security also offers protection against email, file, and web threats on your devices. Note too, that Password Manager is automatically installed with Maximum Security to help users create unique, strong passwords for each application/website they use, including video conferencing sites.

            Finally, Trend Micro WiFi Protection (multi-platform) / VPN Proxy One (Mac and iOS) offer VPN connections from your home to the internet, creating secure encrypted tunnels for traffic to flow down. The VPN apps work on both Wi-Fi and Ethernet connections. This could be useful for users concerned their video conferencing app isn’t end-to-end encrypted, or for those wishing to protect their identity and personal information when interacting on these apps.

            The post From Bugs to Zoombombing: How to Stay Safe in Online Meetings appeared first on .

            Teaming up with INTERPOL to combat COVID-19 threats

            By Trend Micro

            If the past couple of months have taught us anything, it’s that partnerships matter in times of crisis. We’re better, stronger and more resilient when we work together. Specifically, public-private partnerships matter in cybersecurity, which is why Trend Micro is always happy to reach out across industry, academia and law enforcement to offer its expertise.

            We are again delighted to be working with long-time partner INTERPOL over the coming weeks on a new awareness campaign to help businesses and remote workers stay safe from a deluge of COVID-19 threats.

            The new normal

            All over the world, organizations have been forced to rapidly adjust to the new normal: social distancing, government lockdowns and mass remote working. While most have responded superbly to the challenge, there’s no denying that IT security teams and remote access infrastructure are being stretched to the limit. There are understandable concerns that home workers may be more distracted, and therefore likely to click on phishing links, and that their PCs and devices may not be as well protected as corporate equivalents.

            At the same time, the bad guys have also reacted quickly to take advantage of the pandemic. Phishing campaigns using COVID as a lure have surged, spoofing health authorities, government departments and corporate senders. BEC attacks try to leverage the fact that home workers may not have colleagues around to check wire transfer requests. And remote infrastructure like RDP endpoints and VPNs are being targeted by ransomware attackers — even healthcare organizations that are simultaneously trying to treat critical patients infected with the virus.

            Getting the basics right

            That’s why Trend Micro has been pushing out regular updates — not only on the latest scams and threats we’re picking up around the globe, but also with advice on how to secure the newly distributed workforce. Things like improved password security, 2FA for work accounts, automatic software updates, regular back-ups, remote user training, and restricted use of VPNs can all help. We’re also offering six months free use of our flagship Trend Micro Maximum Security product to home workers.

            Yet there’s always more to do. Getting the message across as far and wide as possible is where organizations like INTERPOL come in. That’s why we’re delighted to be teaming up with the global policing organization to run a new public awareness campaign throughout May. It builds on highly successful previous recent campaigns we’ve collaborated on, to tackle BEC and crypto-jacking.

            This time, we’ll be resharing some key resources on social media to alert users to the range of threats out there, and what businesses and home workers can do to stay safe. And we’ll help to develop infographics and other new messages on how to combat ransomware, online scams, phishing and other threats.

            We’re all doing what we can during these difficult days. But if some good can come from a truly terrible event like this, then it’s that we show our strength in the face of adversity. And by following best practices, we can make life much tougher for the cybercriminals looking to profit from tragedy.

            The post Teaming up with INTERPOL to combat COVID-19 threats appeared first on .

            What do serverless compute platforms mean for security?

            By Trend Micro

            By Kyle Klassen Product Manager – Cloud Native Application Security at Trend Micro

            Containers provide many great benefits to organizations – they’re lightweight, flexible, add consistency across different environments and scale easily.

            One of the characteristics of containers is that they run in dedicated namespaces with isolated resource requirements. General purpose OS’s deployed to run containers might be viewed as overkill since many of their features and interfaces aren’t needed.

            A key tenant in the cybersecurity doctrine is to harden platforms by exposing only the fewest number of interfaces and applying the tightest configurations required to run only the required operations.

            Developers deploying containers to restricted platforms or “serverless” containers to the likes of AWS Fargate for example, should think about security differently – by looking upward, looking left and also looking all-around your cloud domain for opportunities to properly security your cloud native applications. Oh, and don’t forget to look outside. Let me explain…

            Looking Upward

            As infrastructure, OS, container orchestration and runtimes become the domain of the cloud provider, the user’s primary responsibility becomes securing the containers and applications themselves. This is where Trend Micro Cloud One™, a security services platform for cloud builders, can help Dev and Ops teams better implement build pipeline and runtime security requirements.  Cloud One – Application Security embeds a security library within the application itself to provide defense against web application attacks and to detect malicious activity.

            One of the greatest benefits of this technology is that once an application is secured in this manner, it can be deployed anywhere and the protection comes along for the ride. Users can be confident their applications are secure whether deployed in a container on traditional hosts, into EKS on AWS Bottlerocket, serverless on AWS Fargate, or even as an AWS Lambda function!

            Looking Left

            It’s great that cloud providers are taking security seriously and providing increasingly secure environments within which to deploy your containers. But you need to make sure your containers themselves are not introducing security risks. This can be accomplished with container image scanning to identify security issues before these images ever make it to the production environment.

            Enter Deep Security Smart Check – Container Image Scanning part of the Cloud One offering. Scans must be able to detect more than just vulnerabilities. Developer reliance on code re-use, public images, and 3rd party contributions mean that malware injection into private images is a real concern. Sensitive objects like secrets, keys and certificates must be found and removed and assurance against regulatory requirements like PCI, HIPAA or NIST should be a requirement before a container image is allowed to run.

            Looking All-Around

            Imagine taking the effort to ensure your applications, containers and functions are built securely, comply with strict security regulations and are deployed into container optimized cloud environments only to find out that you’ve still become a victim of an attack! How could this be? Well, one common oversight is recognizing the importance of disciplined configuration and management of the cloud resources themselves – you can’t assume they’re secure just because they’re working.

            But, making sure your cloud services are secure can be a daunting task – likely comprised of dozens of cloud services, each with as many configuration options – these environments are complex. Cloud One – Conformity is your cloud security companion and gives you assurance that any hidden security issues with your cloud configurations are detected and prioritized. Disabled security options, weak keys, open permissions, encryption options, high-risk exposures and many, many more best practice security rules make it easy to conform to security best practices and get the most from your cloud provider services.

            Look Outside

            All done? Not quite. You also need to think about how the business workflows of your cloud applications ingest files (or malware?).  Cloud storage like S3 Buckets are often used to accept files from external customers and partners.  Blindly accepting uploads and pulling them into your workflows is an open door for attack.

            Cloud One – File Storage Security incorporates Trend Micro’s best-in-class malware detection technology to identify and remove files infected with malware. As a cloud native application itself, the service deploys easily with deployment templates and runs as a ‘set and forget’ service – automatically scanning new files of any type, any size and automatically removing malware so you can be confident that all of your downstream workflows are protected.

            It’s still about Shared Responsibility

            Cloud providers will continue to offer security features for deploying cloud native applications – and you should embrace all of this capability.  However, you can’t assume your cloud environment is optimally secure without validating your configurations. And once you have a secure environment, you need to secure all of the components within your control – your functions, applications, containers and workflows. With this practical approach, Trend Micro Cloud One™ perfectly complements your cloud services with Network Security, Workload Security, Application Security, Container Security, File Storage Security and Conformity for cloud posture management, so you can be confident that you’ve got security covered no matter which way you look.

            To learn more visit Trendmicro.com/CloudOne and join our webinar on cloud native application threats https://resources.trendmicro.com/Cloud-One-Webinar-Series-Cloud-Native-Application-Threats.html

             

             

             

             

            The post What do serverless compute platforms mean for security? appeared first on .

            Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity

            By Wendy Moore

            The global public cloud services market is on track to grow 17% this year, topping $266 billion. These are impressive figures, and whatever Covid-19 may do short-term to the macro-economy, they’re a sign of where the world is heading. But while many organizations may describe themselves as “cloud-first”, they’re certainly not “cloud-only.” That is, hybrid cloud is the name of the game today: a blend of multiple cloud providers and multiple datacenters.

            Whilst helping to drive agility, differentiation and growth, this new reality also creates cyber risk. As IT leaders try to chart a course for success, they’re crying out for a more holistic, simpler way to manage hybrid cloud security.

            Cloud for everyone

            Organizations are understandably keen to embrace cloud platforms. Who wouldn’t want to empower employees to be more productive and DevOps to deliver agile, customer-centric services? But digital transformation comes with its own set of challenges. Migration often happens at different rates throughout an organization. That makes it hard to gain unified visibility across the enterprise and manage security policies in a consistent manner — especially when different business units and departments are making siloed decisions. An estimated 85% of organizations are now using multiple clouds, and 76% are using between two and 15 hybrid clouds.

            To help manage this complexity, organisations are embracing containers and serverless architectures to develop new applications more efficiently. However, the DevOps teams using these technologies are focused primarily on time-to-market, sometimes at the expense of security. Their use of third-party code is a classic example: potentially exposing the organization to buggy or even malware-laden code.

            A shared responsibility

            The question is, how to mitigate these risks in a way that respects the Shared Responsibility model of cloud security, but in a consistent manner across the organization? It’s a problem exacerbated by two further concerns.

            First, security needs to be embedded in the DevOps process to ensure that the applications delivered are secure, but not in a way that threatens the productivity of teams. They need to be able to use the tools and platforms they want to, but in a way that doesn’t expose the organization to unnecessary extra risk. Second, cloud complexity can often lead to human error: misconfigurations of cloud services that threaten to expose highly regulated customer and corporate data to possible attacks. The Capital One data breach, which affected an estimated 100 million consumers, was caused partly by a misconfigured Web Application Firewall.

            Simplifying security

            Fortunately, organizations are becoming more mature in their cloud security efforts. We see customers that started off tackling cyber risk with multiple security tools across the enterprise, but in time developed an operational excellence model. By launching what amount to cloud centers of excellence, they’re showing that security policies and processes can be standardized and rolled out in a repeatable way across the organization to good effect.

            But what of the tools security teams are using to achieve this? Unfortunately, in too many cases they’re relying on fragmented, point products which add cost, further complexity and dangerous security gaps to the mix. It doesn’t have to be like this.

            Cloud One from Trend Micro brings together workload security, container security, application security, network security, file storage security and cloud security posture management (CSPM). The latter, Cloud One – Conformity offers a simple, automated way to spot and fix misconfigurations and enhance security compliance and governance in the cloud.

            Whatever stage of maturity you are at with your cloud journey, Cloud One offers simple, automated protection from a single console. It’s simply the way cloud security needs to be.

            The post Cloud-First but Not Cloud-Only: Why Organizations Need to Simplify Cybersecurity appeared first on .

            ❌