Daily Archives: October 8, 2018

Stay Smart Online Week 2018

Time for a Cyber Safety Check-Up?

Aussies love the internet. And the statistics just confirm it. In 2018, 88% of us describe ourselves as active internet users. And our social media usage is up there with some of the most prolific users worldwide with 60% of us active users on Facebook and 50% of us logging in at least once a day.

So, an annual reminder to take stock of our digital lives is a very good idea! Stay Smart Online Week is an initiative from the Australian Government designed to ensure we are all up to date with the latest cyber safety know-how. Kicking off from the 8th of October, I believe this annual event is the ideal opportunity for a yearly cyber safety check up.

We Are Choosing to Ignore the Risks

Research conducted by McAfee shows that many of us are very aware of the risks associated with our online behaviour but simply choose to ignore them. For example, 30% of Aussie parents are continuing to regularly post pics of their kids online despite 50% of us being concerned by the associated risks including paedophilia, stalking and cyberbullying. Is it the lure of likes, the surge of dopamine or just the face we are all time poor that affects our rational brain?

Keeping It Simple

I know many of us feel a little overwhelmed at the thought of staying on top of our online safety. We don’t know where to start, have very little time and, quite frankly, we’d rather be doing something else! But not taking your online safety seriously is a little like leaving like leaving your house unlocked. It puts your privacy and even your financial safety at risk.

But the good news is there are a host of simple, quick, steps you can take to ensure you are doing all you can to protect yourself online. So, make yourself a cuppa and let’s get to work. Here are 3 three things you can start to put in place today to secure yourself and your devices.

1. Protect ALL Your Devices

I bet if you added up the internet connected devices in your household, you’d be staggered at the figure. My latest count was over 30! And the figure is only going to increase. Research shows that by 2025 there will be approximately 75 billion connected devices worldwide from wearables and pacemakers to thermometers and smart plugs.

These devices will absolutely make our lives easier, but the reality is that many internet-connected devices (IoT) lack built in security features making them vulnerable to hacking and malware. In 2018 alone, McAfee uncovered numerous major security flaws in virtual assistants and smart plugs.

Here’s what you need to do:

  • Install comprehensive security software on your laptops, tablets and smartphones. McAfee’s Total Protection software will ensure you and your devices are protected against viruses, malware spyware and ransomware.
  • Secure your Internet Connected Devices. While there is no security software for Internet Connected (IoT) devices, you can still minimise the risks by changing the default password on your devices straight after purchasing and ensure you keep the device’s software up to date. And spend some time researching your purchases before committing. Focus on devices that have been on the market for a while, have a name brand, or have a lot of online reviews. Chances are that the device’s security standards will be higher, due to being vetted by the masses.

2. Think Before You Click

Our love of ‘all things celebrity’ has not escaped the attention of online scammers. In fact, these scammers spend a lot of time creating celebrity based professional looking websites that promise celebrity news stories or movie downloads. Unfortunately, the promised content requires a malicious link to be clicked that usually contains spyware or malicious software. These sites may also require users to set up an account. Unsuspecting visitors will then provide their email addresses and passwords to the site not realising that their details have been compromised.

New McAfee research reveals that Aussie model, MTV VJ and Orange is the New Black actress, Ruby Rose is the most dangerous celebrity to search for online. Using terms such as ‘free torrent’, ‘sex tape’ and ‘free pics’, McAfee was able to determine the riskiest celebrities to search for across the globe, as consumers often drop their guard in the name of convenience and speed to access content from their favorite celebs.

Here’s what you need to do:

  • Be careful what you click. Users looking for a sneak-peek of Ruby Rose starring in Batwoman should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.
  • Apply system and application updates as soon as they are available. Very often the operating system and application updates include security fixes. Applying updates is an important step to help ensure devices stay protected.
  • Use parental control software. Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimise exposure to potentially malicious or inappropriate websites.

3. Protect Your Personal Information Online

Most consumers would think twice when asked for their credit card information or address online but don’t take the same precautions when posting photos of themselves and their children online.

Recent McAfee research shows that despite 50 percent of parents being concerned by the risks such as pedophilia, stalking and cyberbullying when posting photos of their children online, 30 percent post a picture of their child online once a week, and 40 percent post photos of their child in school uniform on a regular basis.

Here’s what you need to do:

  • Set Ground Rules with Friends and Family. Be clear with friends and family about your expectations when they post images of your kids. If you are uncomfortable with anything they post, you are well within your rights to ask them to remove it.
  • Don’t Forget About Your Child’s Digital Reputation. Everything that is posted about someone forms part of their digital reputation. Always consider whether what you are considering posting could negatively impact this. And encourage your teens to regularly check the posts and images they are tagged in online too.
  • Ask for Consent But Be Prepared for Your Child to Say NO. Asking for an older child’s consent before you post pics is essential but be prepared for them to say NO! Remember, a good relationship is built on trust and respect!

So, go forth and continue to enjoy everything the internet has to offer BUT please take some time this Stay Smart Online Week to check in and see whether you may need to ‘tweak’ any of your online behaviours. And while you are at it – don’t forget about the kids. Why not put it on the agenda to discuss around the dinner table this week? Some of the most important conversations you will ever have with your kids will be around the dinner table!

Take Care

Alex xx

 

The post Stay Smart Online Week 2018 appeared first on McAfee Blogs.

Risky Business Feature: Named source in “The Big Hack” has doubts about the story

In this podcast hardware security expert Joe Fitzpatrick, a named source in Bloomberg’s “Big Hack” piece, explains why he felt uncomfortable reading the story when it was published.

He also provided Risky.Biz with emails he sent to Bloomberg, prior to the story’s publication, that said the hardware back-dooring the article described “didn’t make sense”.

The View From a Veracode Solution Architect: My Top 5 Lessons Learned

I recently had an interesting question from a prospective customer:

What are the top 5 lessons learned from implementing your solution at companies similar to ours?

After careful thought, and soliciting input from my fellow solution architects in the EMEA region, I came up with the list below. We’re sharing it here in the hopes it proves useful to others as they work to develop software both quickly and securely.

1. Start with a clear policy

Which applications need to be tested? How is business criticality defined for applications? What flaws must be remediated? When?

A clear policy covering the AppSec lifecycle needs to be in place to be able to work towards a successful program. When it comes to defining the flaws that must be fixed and the timeframe allowed, it is critical that this be kept as simple as possible and changed as little as possible.

Get details in our Everything You Need to Know About AppSec Policies guide.

2. Bring the business with you

Successful AppSec programs depend upon cooperation between security and development and a shared sense of accountability, and this extends through every level of the organisation. Regular communication with your peers and alignment of your goals will allow you to lead in the same direction and provide clear messages to the development teams. In addition, make sure that development teams are aware of all the tools and services that are available to help them – from IDE plugins to remediation coaching.

Get details in our Everything You Need to Know About Getting Buy-In for Your AppSec Program guide.

3. Automate everything that you can

Automation is key in any AppSec implementation as reducing manual intervention will allow your program to cost-effectively scale and go faster. Integrating scanning into the SDLC toolchain and synchronising results into the ticketing system as work items provide a feedback loop for development. In addition, finding ways to automate scoping, on-boarding, and governance allows you to focus on improvement rather than leg work.

Get details on integrating AppSec into your development processes.

4. If in doubt, have a readout

The Veracode Security Consulting team can help with everything from preparing code for scanning and configuring scans to finding the best way to improve the security of your application. The goal of your program should be to reduce the risk that your applications pose to the business, and our experience shows that app teams who engage with our ASCs test more effectively and fix more flaws, thus reducing risk more efficiently.

Find out more about our Security Consulting.

5. Measure and improve

The key to continuously improving your AppSec program is to have meaningful metrics in place and to use them to guide your changes. This means that you must gain control of your app inventory (you cannot measure what you don’t know) and ensure that all in-scope apps undergo regular testing, regardless of code changes (unless gathered regularly, metrics become less meaningful).

Get details in our Everything You Need to Know About Measuring Your AppSec Program guide.

Pulling it All Together

We’ve been helping customers secure their application landscape for more than a decade, and we’ve learned what works. Find out how all the above lessons come together on the path toward AppSec success in Everything You Need to Know About Maturing Your AppSec Program.

CVE-2018-5401 (dcu_210e_firmware, marine_pro_observer, rp_210e_firmware)

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The devices transmit process control information via unencrypted Modbus communications. Impact: An attacker can exploit this vulnerability to observe information about configurations, settings, what sensors are present and in use, and other information to aid in crafting spoofed messages. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.

CVE-2018-5402 (dcu_210e_firmware, marine_pro_observer, rp_210e_firmware)

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App use an embedded webserver that uses unencrypted plaintext for the transmission of the administrator PIN Impact: An attacker once authenticated can change configurations, upload new configuration files, and upload executable code via file upload for firmware updates. Requires access to the network. Affected releases are Auto-Maskin DCU-210E, RP-210E, and the Marine Pro Observer Android App. Versions prior to 3.7 on ARMv7.