Daily Archives: October 5, 2020

Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List

Most Dangerous Celebrity

Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List

During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.

To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.

The Top Ten Most Dangerous Celebrities

Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).

 

Most Dangerous Celebrity

Lights, Camera, Security

Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.

With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.

Secure Yourself From Malicious Search Results

Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:

Be careful what you click

Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.

Refrain from using illegal streaming sites

When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.

Protect your online safety with a cybersecurity solution

 Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.

Use a website reputation tool

Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.

Use parental control software

Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

 Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.

How Searching For Your Favourite Celebrity May Not End Well

Most Dangerous Celebrity

How Searching For Your Favourite Celebrity May Not End Well

2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, many of us have devoured digital content to entertain ourselves. But our love affair with online entertainment certainly hasn’t gone unnoticed by cybercriminals who have ‘pivoted’ in response and cleverly adapted their scams to adjust to our insatiable desire for content.

Searching For Our Favourite Celebrities Can Be A Risky Business

Cybercriminals are fully aware that we love searching for online entertainment and celebrity news and so devise their plans accordingly. Many create fake websites that promise users free content from a celebrity of the moment to lure unsuspecting Aussies in. But these malicious websites are purpose-built to trick consumers into sharing their personal information in exchange for the promised free content – and this is where many come unstuck!

Who Are The Most Dangerous Celebrities of 2020?

McAfee, the world’s leading cybersecurity company, has researched which famous names generate the riskiest search results that could potentially trigger consumers to unknowingly install malware on their devices or unwillingly share their private information with cybercriminals.

And in 2020, English singer-songwriter Adele takes out the top honours as her name generates the most harmful links online. Adele is best known for smashing the music charts since 2008 with hit songs including ‘Rolling in the Deep’ and ‘Someone Like You’. In addition to her award-winning music, Adele is also loved for her funny and relatable personality, as seen on her talk show appearances (such as her viral ‘Carpool Karaoke’ segment) and concert footage. Most recently, her weight-loss and fitness journey have received mass media attention, with many trying to get to the bottom of her ‘weight-loss’ secrets.

Trailing Adele as the second most dangerous celebrity is actress and star of the 2020 hit show Stan ‘Love Life’ Anna Kendrick, followed by rapper Drake (no. 3), model and actress Cara Delevingne (no. 4), US TikTok star Charli D’Amelio (no. 5) and singer-songwriter Alicia Keys (no. 6). Rounding out the top ten are ‘Sk8r Boi’ singer Avril Lavigne (No. 7), New Zealand rising music star, Benee (no. 8), songstress Camila Cabello (no. 9), and global superstar, singer and actress Beyonce (no. 10).

Most Dangerous Celebrity

Aussies Love Celebrity Gossip

Whether it was boredom or the fact that we just love a stickybeak, our love of celebrity news reached new heights this year with our many of us ‘needing’ to stay up to date with the latest gossip from our favourite public figures. Adele’s weight-loss journey (no.1), Drake’s first photos of ‘secret son’ Adonis (no. 4), and Cara Delevingne’s breakup with US actress Ashley Benson (no. 5), all had us Aussie fans flocking to the internet to search for the latest developments on these celebrity stories.

We’ve Loved New Releases in 2020

With many of us burning through catalogues of available movies and TV shows amid advice to stay at home, new release titles have definitely been the hottest ticket in town to stay entertained.

Rising to fame following her roles in ‘Twilight’ and musical comedy ‘Pitch Perfect’, Anna Kendrick (no. 2) starred in HBO Max series ‘Love Life’ which was released during the peak of COVID-19 in Australia, as well as the 2020 children’s film ‘Trolls World Tour’. R&B and pop megastar Beyonce (no. 10) starred in the 2019 remake of Disney cult classic ‘The Lion King’ and released a visual album ‘Black Is King’ in 2020.

Music Has Soothed Our Souls This Year 

While live concerts and festivals came to a halt earlier this year, many of us are still seeking music – both old and new – to help us navigate these unprecedented times. In fact, musicians make up 50% of the top 10 most dangerous celebrities – hailing from all genres, backgrounds and generations.

Canadian rapper Drake (No. 2) sparked fan interest by dropping his ‘Dark Lanes Demo Tapes’ album including hit songs ‘Chicago Freestyle’ and ‘Tootsie Slide’ that went massively viral on TikTok. New Zealand singer Benee also came out of the woodwork with viral sensations Supalonely and Glitter topping charts and reaching global popularity on TikTok.

Known for her enormously successful R&B/Soul music in the early 2000s, Alicia Keys (no. 6) released a string of new singles in 2020. Camila Cabello’s ‘Senorita’ duet with Canadian singer and now boyfriend Shawn Mendes, was Spotify’s most streamed song of 2019. The couple continued to attract copious attention as fans followed stories reporting on the lovebirds self-isolating together in Miami earlier this year.

How to Avoid Getting Caught In An Online Celebrity Scam

Please don’t feel that getting caught by an ill-intentioned cybercrime is inevitable. If you follow these few simple tips, you can absolutely continue your love of online entertainment and all things celebrity:

  1. Be Careful What You Click

If you are looking for new release music, movies or TV shows or even an update on your favourite celebrity then ALWAYS be cautious and only click on links to reliable sources. Avoid ‘dodgy’ looking websites that promise free content – I guarantee these sites will gift you a big dose of malware. The safest thing is to wait for official releases, use only legitimate streaming sites and visit reputable news sites.

  1. Say NO to Illegal Streaming and Downloading Suspicious Files

Yes, illegal downloads are free but they are usually riddled with malware or adware disguised as mp3 files. Be safe and use only legitimate music streaming platforms – even if it costs a few bucks! Imagine how devastating it would be to lose access to everything on your computer thanks to a nasty piece of malware?

  1. Protect Your Online Safety With A CyberSecurity Solution

One of the best ways of safeguarding yourself (and your family) from cybercriminals is by investing in an  comprehensive cybersecurity solution like McAfee’s Total Protection. This Rolls Royce cybersecurity package will protect you from malware, spyware, ransomware and phishing attacks. An absolute no brainer!

  1. Get Parental Controls Working For You

Kids love celebrities too! Parental control software allows you to introduce limits to your kids’ viewing which will help minimise their exposure to potentially malicious or inappropriate websites when they are searching for the latest new on TikTok star Charlie D’Amelio or go to download the latest Benee track.

I don’t know how my family of 6 would have survived this year without online entertainment. We’ve devoured the content from three different streaming services, listened to a record number of hours on Spotify and filled our heads with news courtesy of online news sites. And while things are looking up, it will be a while before life returns to normal. So, please take a little time to educate your family on the importance of ‘thinking before you click’ and the perils of illegal downloading. Let’s not make 2020 any more complicated!!

Stay safe everyone!

 

Alex x

The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.

MITRE ATT&CK for Cloud: Adoption and Value Study by UC Berkeley CLTC

Are you prepared to detect and defend against attacks that target your data in cloud services, or apps you’ve built that are hosted in the cloud? 

Background 

Nearly all enterprises and public sector customers we work with have enabled cloud use in their organization, with many seeing a 600%+ increase1 in use in the March-April timeframe of 2020, when the shift to remote work rapidly took shape. 

The first step to developing a strong cloud security posture is visibility over the often hundreds of services your employees use, what data is within these services, and then how they are being used collaboratively with third parties and other destinations outside of your control. 

With that visibility, you can establish full control over end-user activity and data in the cloud, applying your policy at every entry and exit point to the cloud.  

That covers your risk stemming from legitimate use by employees, external collaborators, and even API-connected marketplace apps, but what about your adversaries? If someone phished your CEO, stole their OneDrive credentials and exfiltrated data, would you know? What if your CEO used the same password across multiple accounts, and the adversary had access to apps like Smartsheet, Workday, or Salesforce? Are you set up to detect this kind of multi-cloud attack? 

Our Research to Uncover the Best Solution  

Most enterprise security operations centers (SOCs) use MITRE ATT&CK to map the events they see in their environment to a common language of adversary tactics and techniques. This helps to understand gaps in protection, model how attackers progress from access to exfiltration (or encryption/destruction), and to plan out security policy decisions.  

The original ATT&CK framework applied to Windows/Mac/Linux environments, with Android/iOS included as well. For cloud environments, the MITRE ATT&CK framework has a shorter history (released October 2019), but is quickly gaining adoption as the model for cloud threat investigation 

In collaboration with the University of California Berkeley’s Center for Long-Term Cybersecurity (CLTC) and MITRE, we sought to uncover how enterprises investigate threats in the cloud, with a focus on MITRE ATT&CK. In this initiative, researchers from UC Berkeley CLTC conducted a survey of 325 enterprises in a wide range of industries, with 1K employees or above, split between the US, UK, and Australia. The Berkeley team also conducted 10 in-depth interviews with security leaders in various cybersecurity functions.  

Findings 

MITRE has done an excellent job identifying and categorizing adversary tactics and techniques used in the cloud. When asked about the prevalence of these tactics observed in their environment, 81% of our survey respondents had experienced each of the tactics in the Cloud Matrix on average. 58% had experienced the initial access phase of an attack at least monthly. 

Given the frequency in which most enterprises experience these adversary tactics and techniques, we found widespread adoption of the ATT&CK Cloud Matrix, with 97% of our respondents either planning to or already using the Matrix. 

In the full report, we explore deeper implications of using MITRE ATT&CK for Cloud, including consensus on the value it brings to enterprise organizations, challenges with implementation, and many more interesting results from our investigation. Head to the full report here to dive in.  

One of the most promising benefits of MITRE ATT&CK is the unification of events derived from endpoints, network traffic, and the cloud together into a common language. Right now, only 39% of enterprises correlate events from these three environments in their threat investigation. Further adoption of MITRE ATT&CK over time will unlock the ability to efficiently investigate attacks that span multiple environments, such as a compromised endpoint accessing cloud data and exfiltrating to an adversary destination. 

This research demonstrates promising potential for MITRE ATT&CK in the enterprise SOC, with downstream benefits for the business. 87% of our respondents stated that adoption of MITRE ATT&CK will improve cloud security in their organization, with another 79% stating that it would also make them more comfortable with cloud adoption overall. A safer transition to cloud-based collaboration and app development can accelerate businesses, a subject we’ve investigated in the past2MITRE ATT&CK can play a key role in secure cloud adoption, and defense of the enterprise overall.  

Dive into the full research report for more on these findings! 

White Paper

MITRE ATT&CK® as a Framework for Cloud Threat Investigation

81% of enterprise organizations told us they experience the adversary techniques identified in the MITRE ATT&CK for Cloud Matrix – but are they defending against them effectively?

Download Now

 

1https://www.mcafee.com/enterprise/en-us/forms/gated-form.html?docID=3804edf6-fe75-427e-a4fd-4eee7d189265&eid=LAVVPBCF  

2https://www.mcafee.com/enterprise/en-us/forms/gated-form.html?docID=75e3a9dc-793e-488a-8d8a-8dbf31aa5d62&eid=5PES9QHP 

The post MITRE ATT&CK for Cloud: Adoption and Value Study by UC Berkeley CLTC appeared first on McAfee Blogs.

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020

Most Dangerous Celebrity

Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020

During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.

To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.

Thanks to her recent starring roles, American actress Anna Kendrick has found herself at the top of McAfee’s 2020 Most Dangerous Celebrities list.

The Top Ten Most Dangerous Celebrities

You probably know Anna Kendrick from her popular roles in films like “Twilight,” Pitch Perfect,” and “A Simple Favor.” She also recently starred in the HBO Max series “Love Life,” as well as the 2020 children’s film “Trolls World Tour.” Kendrick is joined in the top ten list by fellow actresses Blake Lively (No. 3), Julia Roberts (No. 8), and Jason Derulo (No. 10). Also included in the top ten list are American singers Mariah Carey (No. 4), Justin Timberlake (No. 5), and Taylor Swift (No. 6). Rounding out the rest of the top ten are American rapper Sean (Diddy) Combs (No. 2), Kate McKinnon (No. 9), and late-night talk show host Jimmy Kimmel (No. 7).

Most Dangerous Celebrity

Lights, Camera, Security

Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.

With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows and movies to watch. However, people must understand that torrent or pirated downloads can lead to an abundance of cyberthreats. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.

Secure Yourself From Malicious Search Results

Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:

Be careful what you click

 Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.

Refrain from using illegal streaming sites

When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.

Protect your online safety with a cybersecurity solution

 Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.

Use a website reputation tool

 Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.

 Use parental control software

 Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

 

The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.

Check Out the McAfee Most Dangerous Celebrity 2020

Most Dangerous Celebrity

Attention Streamers: Check Out the McAfee Most Dangerous Celebrity 2020 List

During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.

To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.

Known for his BAFTA-winning celebrity chat show and BBC radio show, the UK’s national treasure, Graham Norton, has found himself at the top of McAfee’s 2020 Most Dangerous Celebrities list.

The Top Ten Most Dangerous Celebrities

Graham Norton is a household name thanks to his hugely popular talk show, The Graham Norton Show, which has seen him interview A-listers including Nicole Kidman, Hugh Grant and Helen Mirren. He is also known for his BBC radio show, as well as his inimitable Eurovision commentary. Not shy of celebrity friends, Norton is joined in the top ten list by fellow national treasures such as Ricky Gervais (No.2), and Idris Elba (No.7) and Mary Berry (no.10). Also included in the top ten list are British actor Tom Hardy (No.3) and Gavin and Stacey star, Ruth Jones (No.4). Rounding out the rest of the top ten are UK’s very own Mick Jagger (No.5), Aussie actress Margot Robbie (No.6) and models Kate Moss (No.8) and Bella Hadid (No.9).

 

Lights, Camera, Security

Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.

With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for celebrity gossip and new shows or movies to watch. For example, given Graham is strongly associated with malicious search terms, indicates that online criminals are using Britain’s love for celebrity gossip and the Eurovision for personal gain. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.

Secure Yourself From Malicious Search Results

Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:

Be careful what you click

Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.

Refrain from using illegal streaming sites

When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.

Protect your online safety with a cybersecurity solution

Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.

Use a website reputation tool

Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.

Use parental control software

Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.

Stay Updated

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Check Out the McAfee Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.

Most Dangerous Celebrity 2020 Sweepstakes

McAfee “Most Famous to Most Dangerous to Search for Online” 2020 MDC Sweepstakes

Terms and Conditions

NO PURCHASE OR PAYMENT OF ANY KIND NECESSARY TO ENTER OR WIN. A PURCHASE WILL NOT INCREASE YOUR CHANCES OF WINNING.

THIS SWEEPSTAKES IS INTENDED FOR PLAY IN THE UNITED STATES ONLY AND VOID IN FLORIDA, NEW YORK, AND RHODE ISLAND, AND WILL BE GOVERNED BY U.S. LAW.  DO NOT ENTER IF YOU ARE NOT BOTH ELIGIBLE AND LOCATED IN THE UNITED STATES, EXCLUDING FLORIDA, NEW YORK AND RHODE ISLAND, AT THE TIME OF ENTRY.

  1. Sweepstakes Period:

The McAfeeMost Famous to Most Dangerous to Search for Online” 2020 MDC Sweepstakes (the “Sweepstakes”) begins at 8:00:00 AM Pacific Daylight Time (“PDT”) on 10/6/2020 and ends at 5:00:00 PM PDT on 10/25/2020 (“Sweepstakes Period”). The Sweepstakes Administrator’s computer will be the official timekeeping device.

  1. How To Enter:

During the Sweepstakes Period, visit https://www.mcafee.com/en-us/consumer-support/2020-most-dangerous-celebrity.html (the “Website”), or the appropriate McAfee social handles listed below, and complete the following to receive the corresponding entries into the Sweepstakes:

Action # Entries Received Detail
Social Comment – Facebook or Twitter

 

 

@McAfee

https://www.facebook.com/McAfee/

 

 

 

@McAfee_Home

https://twitter.com/mcafee_home?lang=en

 

 

 

1 (per comment) Go to the website to review the instructions and terms & conditions.

 

Click through to the applicable McAfee social page(s).

 

Follow that McAfee social handle.

 

Find the social posts using the campaign hashtag (#RiskyCelebSweeps)

 

Comment only on those posts for means of entry.

 

1 comment = 1 entry into the sweepstakes for a chance to win.

 

Commenting on any of the sweepstakes specific posts (using #RiskyCelebSweeps) during the sweepstakes time frame allows for an entry for a chance to win the grand prize.

 

 

  1. Eligibility:

The Sweepstakes is open to legal residents of the United States, excluding residents of Florida, New York and Rhode Island and where otherwise prohibited by law, who are 18 years of age or older at the time of entry. Employees of McAfee, LLC, and each of their respective parents, subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.

  1. Winner Selection/Odds:

There will be one grand prize winner. The prize winner will be selected at random from the final pool of entrants (commenters) on the applicable sweepstakes social posts. Anyone who comments on any of the sweepstakes posts, within the sweepstakes time period, is included in the Prize entry pool. Limit one (1) prize per person per household. By participating, entrants acknowledge the McAfee Privacy Notice and agree to be bound by the Official Sweepstakes Rules and the decisions of the Sponsor which shall be final and binding in all respects. The odds of winning depend on the total number of eligible entries received.

  1. Winner Notification:

Prize winner will be notified the week of 10/26/20.  No winners will be announced prior to this time.  All winners will be notified by the official McAfee Facebook (https://www.facebook.com/McAfee/ ) or McAfee_Home Twitter (https://twitter.com/McAfee_Home) page. McAfee will not ask you to provide any credit card information to claim a prize. Prize winner will be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within (4) days of written notification, or prize may be forfeited. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within four (4) calendar days from the first notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then prize may be forfeited. Sponsor is not responsible for any change of email address, mailing address and/or telephone number of entrants.  Sponsor reserves the right to select an alternative winner should the first winner fail to claim the prize.

  1. Prize:

GRAND PRIZE – Approximate ARV = $900

  • iPad Air
  • Disney+ subscription for 1-year (includes Disney, Pixar, Marvel, Star Wars, Nat. Geo)
  • Spotify Premium for 1-year
  • $200 Visa Gift Card

Limit one (1) prize per person per household. Prizes are non-transferable and no cash equivalent or substitution of prize is offered. Subscriptions are subject to the terms and conditions available at https://www.mcafee.com/en-us/consumer-support/2020-most-dangerous-celebrity.html. If a prize, or any portion thereof, cannot be awarded for any reason, Sponsor reserves the right to substitute prize with another prize of equal or greater value. Prize winner will be solely responsible for all federal, state and/or local taxes, and for any other fees or costs associated with the prizes they receive, regardless of whether it, in whole or in part, are used. Since the prize value exceeds $600, the prize winner will be issued a W-9 form to fill out and return prior to receiving their prize. The sweepstakes Sponsor must mail a copy of the 1099-MISC form postmarked by January 31st of the year following the year in which the winner won the prize.

  1. Internet/Limitations Of Liability:

Sponsor and others are not responsible for interrupted or unavailable network server or other connections; for miscommunications; failed telephone or computer transmissions; for jumbled, scrambled or misdirected entries or transmissions; for phone, electrical, network, computer hardware or software or program malfunctions, failures or difficulties; for other errors, omissions, interruptions, or deletions of any kind, whether human, typographical, mechanical or electronic; or for any damage to any person’s computer related to participating in the Sweepstakes. Sponsor and others are not responsible for illegible, unintelligible, late, lost, stolen on entries not received; for incorrect or inaccurate entry information, whether caused by Website users or by any of the equipment or programming associated with or utilized in the Sweepstakes; or for any typographical, technical or human errors which may occur in the processing of any entries in this Sweepstakes. Persons found tampering with or abusing any aspect of this Sweepstakes as solely determined by Sponsor will be disqualified and may be subject to prosecution. Any person attempting to enter using multiple email addresses, multiple identities, any bot, robotic or any other device or artifice to enter multiple times with different identities or email addresses or to interfere with the proper play of this Sweepstakes or to be otherwise behaving in an unsportsmanlike manner as determined by Sponsor will be disqualified from participation in the Sweepstakes. If in the judgment of Sponsor, the Sweepstakes is compromised by virus, bugs, non-authorized human intervention or other causes beyond the control of Sponsor, which corrupts the administration, security, fairness or proper play of the Sweepstakes, Sponsor reserves the right, in its sole discretion, to modify, discontinue, suspend or terminate the Sweepstakes and randomly award the prizes from among all eligible, non-suspect entries received prior to any such modification, discontinuation, suspension or termination. Should multiple users of the same email account enter the Sweepstakes and a dispute thereafter arise regarding the identity of the entrant, the authorized account holder of said email account at the time of entry will be considered the entrant.  “Authorized account holder” is defined as the natural person who is assigned an email address by an Internet access provider, online service provider or other organization which is responsible for assigning email addresses or the domain associated with the submitted email address. In the event of a dispute as to the identity of an entrant based on his/her Facebook or Twitter account, the authorized Facebook or Twitter account holder submitted at time of entry will be deemed the entrant. Please see the privacy notice located at http://www.mcafee.com/us/about/privacy.html or details of Sponsor’s policies regarding the use of personal information collected in connection with this Sweepstakes. If you are selected as a winner, your information may also be included in a publicly-available winners list.

CAUTION: ANY ATTEMPT TO DELIBERATELY DAMAGE ANY WEBSITE OR UNDERMINE THE LEGITIMATE OPERATION OF THE SWEEPSTAKES IS A VIOLATION OF CRIMINAL AND CIVIL LAWS. SHOULD SUCH AN ATTEMPT BE MADE, THE SPONSORS RESERVE THE RIGHT TO SEEK DAMAGES OR OTHER REMEDIES (INCLUDING WITHOUT LIMITATION ATTORNEYS’ FEES) FROM ANY SUCH PERSON(S) RESPONSIBLE FOR THE ATTEMPT TO THE FULLEST EXTENT PERMITTED BY LAW.

  1. Release:

By participating in the Sweepstakes, each entrant releases and agrees to indemnify and hold harmless Sponsor, Prize Providers and others from and against any and all costs, claims, damages, (including, without limitation, any special, incidental or consequential damages), or any other injury, whether due to negligence or otherwise, to person(s) or property (including, without limitation, death or violation of any personal rights, such as violation of right of publicity/privacy, libel, or slander), due in whole or in part, directly or indirectly, to participation in the Sweepstakes, or arising out of participation in any Sweepstakes-related activity, or the receipt, enjoyment, participation in, use or misuse, of any prize.

 

  1. Publicity Rights:

By accepting a prize, the winner agrees to allow Sponsor and Sponsor’s designees the perpetual right to use his/her name, biographical information, photos or likeness, and statements for promotion, trade, commercial, advertising and publicity purposes, at any time or times, in all media now known or hereafter discovered, worldwide, including but not limited to on the Internet, without notice, review or approval and without additional compensation except where prohibited by law.  Any collection of personal information from entrants will be governed by the McAfee Privacy Policy.

 

  1.  Disputes:

EACH ENTRANT AGREES THAT ANY DISPUTES, CLAIMS, AND CAUSES OF ACTION ARISING OUT OF OR CONNECTED WITH THIS CONTEST OR ANY PRIZE AWARDED WILL BE RESOLVED INDIVIDUALLY, WITHOUT RESORT TO ANY FORM OF CLASS ACTION, AND EXCLUSIVELY BY THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF DELAWARE OR THE APPROPRIATE STATE COURT LOCATED IN DOVER OR WILMINGTON, DELAWARE. THESE OFFICIAL RULES ARE GOVERNED BY THE LAWS OF THE STATE OF DELAWARE WITHOUT REGARD TO CHOICE OF LAW OR CONFLICT OF LAWS RULES.  YOU WAIVE ANY AND ALL OBJECTIONS TO JURISDICTION AND VENUE IN THESE COURTS AND HEREBY SUBMIT TO THE JURISDICTION OF THOSE COURTS.

 

  1. Limitations of Liability:

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE SPONSOR OR THE RELEASED PARTIES BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF USE, LOSS OF PROFITS OR LOSS OF DATA, WHETHER IN AN ACTION IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR OTHERWISE, ARISING OUT OF OR IN ANY WAY CONNECTED TO YOUR PARTICIPATION IN THE CONTEST OR USE OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE, EVEN IF A RELEASED PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

 

TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL THE AGGREGATE LIABILITY OF THE RELEASED PARTIES (JOINTLY) ARISING OUT OF OR RELATING TO YOUR PARTICIPATION IN THE CONTEST OR USE OF OR INABILITY TO USE ANY EQUIPMENT PROVIDED FOR USE IN THE CONTEST OR ANY PRIZE EXCEED $10.  THE LIMITATIONS SET FORTH IN THIS SECTION WILL NOT EXCLUDE OR LIMIT LIABILITY FOR PERSONAL INJURY OR PROPERTY DAMAGE CAUSED BY PRODUCTS RENTED FROM THE SPONSOR, OR FOR THE RELEASED PARTIES’ GROSS NEGLIGENCE, INTENTIONAL MISCONDUCT, OR FOR FRAUD.

  1. The Sweepstakes and the Official Rules are governed by US law and are subject to all applicable federal, state and local laws and regulations. All issues and questions concerning the construction, validity, interpretation and enforceability of the Official Rules, or the rights and obligations of Entrant and Sponsor in connection with the Sweepstakes, shall be governed by, and construed in accordance with, the laws of the State of New York, U.S.A., without giving effect to the conflict of laws rules thereof, and any matters or proceedings which are not subject to arbitration as set forth above, in these Official Rules and/or for entering any judgment on an arbitration award, shall take place in the State of New York.

 

Winner’s List:  For a list of winners, mail a self-addressed, stamped envelope to: “Most Famous to Most Dangerous to Search for Online” to 100 Crown Street, New Haven, CT 06510. Requests must be received by 11/30/20.

 

Sponsors: McAfee Corporate Headquarters, 2821 Mission College Blvd., Santa Clara, CA 95054

 

Administrator: Response Marketing, 100 Crown Street 3rd Floor, New Haven, CT 06510

 

The post Most Dangerous Celebrity 2020 Sweepstakes appeared first on McAfee Blogs.

File Integrity Monitoring (FIM): Your Friendly Network Detective Control

Lateral movement is one of the most consequential types of network activity for which organizations need to be on the lookout. After arriving at the network, the attacker keeps ongoing access by essentially stirring through the compromised environment and obtaining increased privileges (known as “escalation of privileges”) using various tools and techniques. Attackers then use […]… Read More

The post File Integrity Monitoring (FIM): Your Friendly Network Detective Control appeared first on The State of Security.

Reducing Cloud Infrastructure Risk through Skills: Meet the Forescient Cyber Range

There’s no question that cloud services can accelerate business with instant computing power, on-demand scalability, ease of access, and built-in security controls.  However, these features are also attractive to hackers.  According to McAfee Cloud Adoption and Risk Report 2019, the average enterprise organization experiences 31.3 actual cloud-related security threats each month, a 27.7% increase over the same period last year.

3 ways Microsoft helps build cyber safety awareness for all

This tumultuous year has brought paradigm shifts across every facet of daily life. A global pandemic has pushed much of our lives online—work, school, entertainment, shopping, and socializing. But one thing remains unchanged: people everywhere share a common need for safety. Today, our need for personal safety includes the digital realm. At Microsoft, we believe that a secure online experience helps empower people to do more, create more, and have trust in the technology that connects us all. It’s no wonder that cybersecurity is a vital part of everything we build.

“People are both my first and last line of defense” –Bret Arsenault, Microsoft Chief Information Security Officer

Now as we kick off Cybersecurity Awareness Month, it’s worth taking a moment to reflect on the purpose of this initiative and how Microsoft is helping to empower people around the world with seamless, integrated security. We want to help to create a safer world for everyone so that online learning, remote work, community building, and even shopping online can be enriching experiences 

My first 12 calendar weeks at Microsoft have been packed—from my first introduction at Microsoft Inspire to sharing our security, compliance, and identity innovations at Microsoft Ignite last week. In between, we’ve shared insights from our customers about their journeys to create a more secure workplace during this time of global transformation. I’m committed to listening and learning from all of you, and excited to share my enthusiasm for this dynamic industry.   

Throughout October, Microsoft will join the National Cybersecurity Alliance and other industry partners to promote online safety for consumers and businesses. I’m energized to share our plans to empower people and organizations worldwide and invite you to learn more about our efforts.  

Security awareness for all

Most of us think we’re too smart to fall for a phishing scam, and our confidence only grows when we’re logged onto a company network. Statistics show that nearly one in three security breaches starts with a phishing attackcosting the affected organization an average of $1.4 millionWith the rise in people working from home, new attacks such as consent phishing have cropped up to take advantage of remote workers dealing with home-life distractions. Terranova has partnered with Microsoft to create the Gone Phishing Tournament™ during October, using real lures (phishing emails) to capture accurate click-through statisticsproviding organizations with data-backed insights to grow their security awareness programs. 

Microsoft security help and learning will feature five new articles during October—localized for 36 languages and updating every Monday—each covering security topics that affect all types of users. The first of which, easy tips to improve cybersecurity, provides information on how to uninstall unused apps that might be compromising your security, as well as how to get rid of unwanted browser extensions. Visitors also learn how to do a deep scan for malware using Microsoft Defender Offline and how to reset their devices to factory settings using Windows 10.  

This week of October 5, “Keys to the kingdom: Securing your devices and accounts” explains how multifactor authentication (MFA) works, as well as the advantages of using the free Microsoft Authenticator app to secure your smartphone. Look for more articles on secure networking, scams and attacks, and backup and recovery to follow throughout the month. Year ‘round, the Microsoft security help & learning page is updated with educational content for students, parents, remote workers and anyone who wants to arm themselves with up-to-date information on protecting against cyber threats.  

Cybersecurity workshops

Microsoft Store will also be running virtual workshops throughout the month of October in support of Cybersecurity Awareness Month. Attendees for “Work safer and smarter with Microsoft 365” will learn how Microsoft 365 Business helps safeguard their data and lowers security risks with Windows Defender and Windows 10 device management, as well as providing app protection for Office mobile apps on iOS and Android—including a single login for all apps and services.  

“Work better together with Microsoft Teams” enables users to experience the flexibility and highly secure access Teams delivers for organizations of any size. Both workshops feature security component designed to help users stay safe and secure online. Microsoft will also feature cybersecurity resources and content on our new Small and Medium Business (SMB) Resource Centerlaunching today, October 5. Delivered the same week, our first SMB newsletter will also include cybersecurity information and resources. 

Diverse hiring for smarter AI

Building diverse cyber teams is a major source of passion and advocacy for me. It isn’t just the right thing to do; it gives us a strategic advantage as a company and as a defender against threat actors worldwide who would seem to sew confusion and harmHow? AI remains one of the best tools to confront cyber threats. But effective, responsible AI requires the input and ideas of a diverse group. This diversity of thought is not just about gender or ethnic diversityIt’s both of those, certainly, but so much more. Effective AI requires diversity of experiences, cultures, opinions, education, perspectives, and many other factors. On a team where everyone has similar skills and backgrounds, members risk sinking into groupthink and losing creativity. Data shows that diverse teams make better decisions than individuals 87 percent of the timeAnd it makes perfect sense. If we’re building solutions for all, we need to include all in the building of those solutions.  

By ensuring diversity in our teams, we help create AI systems that warrant people’s trustwhile moving closer to futureproofing against bias in tech. At Microsoft, we’ve forged partnerships, created initiatives, and built in transparency as part of our holistic approach to address systemic issues contributing to the low representation of women in cybersecurity. Listen to the podcast session where Bret Arsenault, Microsoft CISO  talks with Ann Johnson, Corporate Vice President of Business DevelopmentSecurity, Compliance & Identity at Microsoft, about why investing in diverse teams isn’t just the right thing to dothe future of cybersecurity depends on it. And be sure to watch our panel discussion, Future Proofing Against Bias, happening October 21 at EWF (Executive Women’s Forum) 

Microsoft is working every day to help empower users to achieve more while staying safe and secure.   Behind our technical innovations are people hungry to do more. We want to create an inclusive world where every human being can be a cybersecurity hero. For more information on how you can enable your security team and organization to be #cybersmartvisit our cybersecurity website.   

To learn more about Microsoft Security solutions visit the Microsoft Securitywebsite.  Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity and please reach out to me on Linkedin or follow me at @vasujakkal.  

The post 3 ways Microsoft helps build cyber safety awareness for all appeared first on Microsoft Security.

On Risk-Based Authentication

Interesting usability study: “More Than Just Good Passwords? A Study on Usability and Security Perceptions of Risk-based Authentication“:

Abstract: Risk-based Authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional features during login, and when observed feature values differ significantly from previously seen ones, users have to provide additional authentication factors such as a verification code. RBA has the potential to offer more usable authentication, but the usability and the security perceptions of RBA are not studied well.

We present the results of a between-group lab study (n=65) to evaluate usability and security perceptions of two RBA variants, one 2FA variant, and password-only authentication. Our study shows with significant results that RBA is considered to be more usable than the studied 2FA variants, while it is perceived as more secure than password-only authentication in general and comparably se-cure to 2FA in a variety of application types. We also observed RBA usability problems and provide recommendations for mitigation.Our contribution provides a first deeper understanding of the users’perception of RBA and helps to improve RBA implementations for a broader user acceptance.

Paper’s website. I’ve blogged about risk-based authentication before.

Secure Your SaaS Apps With Security Posture Management Platform

As security professionals who have spent more than a few years in the industry, we know a good challenge when we see one. SaaS and cloud-based technologies are growing rapidly, offering organizations convenience and constant feature refreshes without the need to install and deploy software on-premises. However, even when referred to as 'a game-changer,' many organizations are still highly

Veracode Makes DevSecOps a Seamless Experience With GitHub Code Scanning

Developers face a bevy of roadblocks in their race to meet tight deadlines, which means they often pull from risky open source libraries and prioritize security flaws on the fly. In a recent ESG survey report, Modern Application Development Security, we saw that 54% of organizations push vulnerable code just to meet critical deadlines, and while they plan for remediation on a later release, lingering flaws only add to risky security debt. With speed a critical factor in what makes or breaks the success of your application deployments, that means the health of your code ??? and your security ??? is on the line.

GitHub Actions are an intuitive way to solve the need for speed without sacrificing quality, helping your developers stay on schedule by enabling them to build, test, and deploy code directly from GitHub. And with over 50 million developers on GitHub, plus more than 200,000 automated fixes merged into GitHub repositories since May of 2019, it???s clear that GitHub is a hotspot for developers. When paired with the right application security (AppSec) scan types and SaaS-based approaches, this integration makes GitHub Actions an invaluable part of your development team???s workflow.

That???s why we???re excited to announce our new GitHub Action to help streamline your AppSec workflow for the developers on your team. The action is directly embedded within the native GitHub code scanning user interface, ensuring your DevSecOps practices are seamless, efficient, and effective. By making Veracode???s AppSec tools accessible in a familiar interface like GitHub, developers on your team can jump right into secure coding with critical testing and analysis that won???t halt projects or slow production down.

The Veracode solution to enhanced workflows

Developers can perform Veracode???s Static Policy Scan or Pipeline Scan and see the results of that scan within the GitHub Security tab. The ability to invoke Veracode???s Static Analysis (SAST) scans from within their own GitHub projects significantly expands the testing capability for developers leveraging GitHub workflows, and allows them to build security into their DevOps processes to scale development across their team.

That???s less downtime and fewer bottlenecks for faster innovation. With such a high frequency of commits flowing through GitHub (more than 2,000 direct contributors made commit contributions to TensorFlow alone in 2019), Veracode???s multi-scan and SaaS-based solutions mean that our customers have a leg-up when it comes to harnessing GitHub Actions for speed and efficiency.ツ?ツ?

This functionality comes as part of GitHub code scanning launch, with our GitHub Action available in the GitHub Marketplace. ???Veracode is a leader in application security and truly understands the importance of shifting left in the development lifecycle to enable teams to find and fix flaws at scale,??? says John Leon, VP of Business Development at GitHub. ???With software development moving at breakneck speed, this new GitHub Action further enables our joint customers to develop secure software, without compromising speed or quality ??? all within a familiar interface.???

My Code, Our Code, Production Code???

Veracode???s Static Analysis solution was a natural addition to GitHub???s new code scanning feature as it enables DevSecOps with fast, automated, and actionable security feedback. This feedback is delivered directly to developers in their pipeline through each critical My Code, Our Code, and Production Code stage.

Working within the GitHub environment, your developers have the control they need. Scan results are converted into GitHub code scanning alerts and developers receive clear remediation advice to keep their projects moving forward with fewer delays. Once code is at the deployment stage, the Veracode Policy Scan provides a robust assessment of your application code ??? and an audit trail for compliance to prove security efforts.

Veracode scan results (from more than 15 trillion lines of code to date) are highly accurate as a result of the intelligence of our SaaS platform, meaning there???s no need for manual tuning when you need to adjust course. Ready to scale your DevSecOps initiatives for efficiency? Visit the GitHub Marketplace to get started.ツ?

Cybersecurity Awareness Month: If You Connect It, Protect It

#BeCyberSmart

Cybersecurity Awareness Month: If You Connect It, Protect It

October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.

We live in a day and age when even lightbulbs can be hacked.

Perhaps you’ve caught the stories in the news: various devices like home cameras, smart appliances, and other Internet of Things (IoT) devices falling prey to hackers and attacks, such as when the Mirai botnet took out large swathes of the internet in 2016. As posted by Statista, estimates project that the world will have nearly 40 billion IoT devices in the next five years and upwards of 50 billion by 2030. That’s in homes and businesses alike, ranging anywhere from digital assistants, smart watches, medical devices, thermostats, vehicle fleet management devices, smart locks, and yes, even the humble lightbulb—and like our computers, laptops, smartphones, and tablets, they all need to be protected.

The reason is simple: your network is only as safe as the weakest device that’s on it. And we’re putting so much more on our networks than ever before. In effect, that means our homes have more targets for hackers than ever before as well. In the hands of a dedicated crook, one poorly protected device can open the door to your entire network—much like a thief stealing a bike by prying open the weak link in a chain lock. Therefore, so goes the saying, “If You Connect It, Protect It.”

The Eight-Point List for Protecting Your IoT Devices

What’s challenging is that our IoT devices don’t always lend themselves to the same sort of protections like our computers, laptops, and phones do. For example, you can’t actually install security software directly on them. However, there are things you can do to protect those devices, and the network they’re on too.

1) Do your IoT homework

Just because that new smart device that’s caught your eye can connect to the internet doesn’t mean that it’s secure. Before you purchase, read up on reviews and comments from other customers. Look for news articles about the device manufacturer too. The fact of the matter is that some IoT device manufacturers are much better at baking security protocols into their devices than others, so look into their track record to see if you can uncover any issues with their products or security practices. Information such as this can help you make an even more informed choice.

2) Don’t use the default—Set a strong, unique password

One issue with many IoT devices is that they often come with a default username and password. This could mean that your device, and thousands of others just like it, all share the same credentials, which makes it painfully easy for a hacker to gain access to them as those default usernames and passwords are often published online.

When you purchase an IoT device, set a fresh password using a strong method of password creation.  And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager. It acts as a database for all your passwords and stores new codes as you create them. As always, don’t store them in an unprotected file on your computer, which can be subject to a hack or data loss.

3) Use two-factor authentication

Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to make sure that we’re logging in we really are who we say we are. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own, like your mobile phone. Thus when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.

4) Secure your internet router

Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all of your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. If you’re renting your router or you’ve purchased it through your internet provider, they should have help documentation that can guide you through this the process. Likewise, if you purchased your own, your manual should provide the guidance you need.

As we mentioned above, the first thing to do is change the default password and name of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you’re unsure, reach out to your internet provider or check the documentation that came with your router.

5) Set up a guest network specifically for your IoT devices

Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.

6) Use a VPN and a comprehensive security solution

Another line of defense that can hamper hackers is using a VPN, which allows you to send and receive data while encrypting your information so others can’t read it. When your data traffic is scrambled that way, it’s shielded from prying eyes, which helps protect your network and the devices you have connected to it.

7) Update!

As with our computers, laptops, phones, tablets, and apps, make sure you have the latest software updates for your IoT devices. The reasons here are the same: one, they’ll make sure you’re getting the latest functionality from your device; and two, updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.

8) Protect your phone

You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” our smartphones—so protecting our phones has become yet more important. Whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.

And protect your other things too

And of course, let’s not forget our computers and laptops. While we’ve been primarily talking about IoT devices here, it’s a good reminder that computers and laptops need protection too. Using a strong suite of security software like McAfee® Total Protection, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.

If you connect it, protect it

We’re connecting our homes and ourselves with IoT devices at an tremendous rate—now at an average of 10 connected devices in our homes in the U.S. Gone by are the days when all we had was a computer or phone or two to look after. Now, even when we’re not in front of a laptop or have a smartphone in our hand, we’re still online, nearly all the time. Take this week to make sure that what you’ve connected is protected. Even that little lightbulb.

Stay Updated 

To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Cybersecurity Awareness Month: If You Connect It, Protect It appeared first on McAfee Blogs.

5 Reasons Why You Should Avoid Free VPNs

Virtual Private Network (VPN) is a technology that offers total security for all your digital activities. It serves as a barrier against third-party groups, hackers, cyber threats, malware, and sensitive data leakage. 

More than ever, we need to invest with high-end protection to ensure our privacy is never compromised. VPNs are of high demand due to the current condition where most people stay at home and work remotely. With increased online activity, it’s high time to protect your privacy. 

Free VPNs are enticing and offer ‘great’ security without extra cost. Their services are too-good-to-be-true, which you need to doubt and stay away from it. 

Are There Alternatives To Top-Rated VPN Providers? 

The threat of using free VPN is high as it does not offer robust encryption compared to paid services. It is better to pay for a cheap VPN service than to compromise your security. Affordable VPN services offer powerful data encryptions for people with limited budgets. They provide standard encryption technology to ensure your privacy is protected and your digital activities are secured. 

There are a few reliable and trusted VPN solutions that offer affordable VPN instead of using free services that threaten your security. These are great alternatives that won’t hurt your wallet but will surely be of great help, especially if you’re a constant internet explorer. 

5 Facts Why Free VPNs Are A No-No

Free VPN software keeps records of your digital activities and sells them to third parties. They offer encryptions that don’t ‘really’ mask your activities nor protect your identity. Free VPN services log all your sensitive data which is already a threat to your privacy. Aside from that, here are five things you need to remember: Free VPNs are a no-no. 

  1. Monitor And Sell All Collected Data

VPNs act as your protective barrier against digital threats while you’re online. It secures all your data, online activities, and private information against prying eyes, government surveillance, etc. VPNs blocked hackers and your ISP from collecting or selling data to gain profit. 

Free VPN shifts the message, and you become their milking cow to fund the service they offer in exchange for the data they collected from you. These sensitive data are then sold to third parties, and prose threats not just to your information, but your privacy is at stake. 

  1. Leaks IP Addresses

Robust VPN solutions offer total security and encryption on all your digital activities and traffic. It serves as your secret portal in the world wide web against cyber threats, hackers, and prying eyes. 

Using free VPN is like a tunnel with tons of holes that can leak your data or IP address. Hackers can track your activity, prying eyes can monitor you, and worse can expose you to tons of privacy threats. 

  1. They Are Not Safe

Free VPN solutions are risky. They are a dangerous threat to your security and privacy. Running a VPN service is pricey and offering it for free to users is fishy. That means your data are the menu served for other people to devour. 

  1. Aggressive Ads

Free VPNs practice aggressive ads that can go over a hit where you land into a hazardous site. It can expose you to tons of threats and hackers that can instantly access your information and files. High volume ads can also weigh your system down and affect browsing experience aside from privacy threats. 

  1. Malware Exposure 

Free VPN solutions contain malware that can damage not just your privacy but your devices. You have higher chances to get exposed with these nasty bugs when you download such software. Mobile ransomware and malware can steal your sensitive information like social security details and bank login details. 

Conclusion

Free VPNs are enticing and offer ‘robust security’ without the need to pay for hundreds of dollars a year. However, your security is at stake, together with your sensitive data, and information. 

Though it can help you stream region-restricted websites, you need to reconsider options and potential threats. Free VPNs are not safe; if you want to secure your digital presence, you can opt for an affordable VPN solution that offers high-end encryption to ensure your privacy and data is protected against potential hacks.

The post 5 Reasons Why You Should Avoid Free VPNs appeared first on CyberDB.

Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon. Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10—the most critical rating of severity. Zerologon is a vulnerability that affects the cryptographic authentication […]… Read More

The post Zerologon: Tripwire Industrial Visibility Threat Definition Update Released appeared first on The State of Security.

30 Ransomware Prevention Tips

Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. But paying the ransom doesn’t mean that your organization will get its affected data back. Let’s not forget that ransomware also continues to evolve as a threat category. Beginning in […]… Read More

The post 30 Ransomware Prevention Tips appeared first on The State of Security.

Your cyber security risk mitigation checklist

Are you trying to figure out the best way to protect your organisation from cyber attacks and data breaches?

It can be tricky to know where to begin, which is why our Cyber Security Risk Scorecard contains a simple guide to help you secure your systems.

We’ve run through some of the essential steps in this blog, or download the full, free checklist from our website.

Install firewalls

Firewalls are one of many types of software that organisations should implement to protect their systems.

They are designed to create a buffer between your IT systems and external networks, by monitoring network traffic and block anything that could damage your computers, systems and networks.

This will help prevent cyber criminals from breaking into your networks and block outgoing traffic that originates from a virus.

Install antivirus software

Antivirus software is another essential technological defence – and contrary to what the name implies, it isn’t just designed to root out viruses.

Modern antivirus generally includes protection against a range of threats, including malware, ransomware, keyloggers, Trojan horses, worms, adware and spyware.

The software works by scanning your computer or network, looking for riles that match its built-in database of known malicious programs. The more advanced the software is, the larger that database will be and the more likely it is that it will detect a problem.


Our Cyber Security Scorecard provides a checklist of essential security controls.

Patch management

When software providers fix a vulnerability on their applications, its users are required to download the update (or ‘patch’).

Organisations tend to use many software providers, each of which releases regular patches – Microsoft, for examples, fixes vulnerabilities so often that the term ‘Patch Tuesday’ was coined.

As such, it makes sense to create a patch management plan to help you keep track of updates you’ve applied and to make sure each one has been installed successfully.

Conduct a cyber security risk assessment

A cyber security risk assessment helps organisations evaluate their weaknesses and gain insights into the best way to address them.

ISO 27001, the international standard that sets out the specification for an ISMS (information security management system), is built around risk assessments and contains step-by-step guidance on how to complete the process.

You don’t need to certify to ISO 27001 to follow its advice – or even follow the rest of the Standard’s guidance – although doing so clearly has many benefits.

Create an information security policy

Information security policies are the result of a risk assessment. They describe the vulnerabilities that have been identified and the measures that the organisation has adopted to prevent them.

The document should contain a thorough outline of each risk, the relevant control(s) and the organisation’s continual improvement strategy, including when and how they will review the effectiveness of the control.

Encrypt sensitive data

In an information security context, encryption is a way of ‘scrambling’ sensitive data, ensuring that it can only be accessed by authorised personnel with a decryption key.

By encrypting data, you guarantee that even if criminal hackers break into your systems, they are unable to view your files. This helps mitigate the risk of data breaches and could prevent a GDPR (General Data Protection Regulation) violation.

Create a remote working policy

The COVID-19 pandemic has reshaped the way organisations work, with the majority planning to permanently switch to remote working – whether that’s on a full-time basis or giving employees the opportunity to come into the office a few days a week.

As you will no doubt know, remote working comes with unique information security challenges, which you’ll need to address in a dedicated policy.

This will include guidance on storing devices securely, creating and maintaining strong passwords, and an acceptable use policy for visiting websites that aren’t work-related.

Organisations should also explain the technical solutions that they’ve implemented to protect sensitive data and how employees can comply with them. For example, we recommend applying two-factor authentication to any third-party service that you use.

Conduct vulnerability scans

Many cyber attacks are automated, with criminals searching for and exploiting known vulnerabilities.

Organisations can prevent these attacks by conducting their own scans to identify weaknesses before crooks exploit them.

But that’s not the only benefit of vulnerability scanning. The process will also help you determine the overall effectiveness of your security measures, save you time and money in the long run.

Conduct penetration tests

Penetration tests are a controlled form of hacking in which a cyber security professional, working on behalf of an organisation, attempts to find exploits in the same way that a criminal would.

These tests are more rigorous than automated scans, as they enable the actor to leverage weaknesses and gain a true insight into the way a criminal might access your sensitive information.

Penetration testers may, for example, exploit system misconfigurations or send staff phishing emails to gather login credentials.

With the vulnerabilities the ethical hacker discovers, organisations can implement defences to stop criminals before they’ve had a chance to target the organisation.

Create a business continuity plan

A business continuity plan outlines the steps an organisation must take to ensure its critical processes continue operating in the event of a major disruption.

This information is put into a document, which is regularly tested, developed and improved upon to make sure the organisation has recovery strategies in place for a range of threats.

Download our free checklist

You can learn more about the steps you should take to prevent and respond to cyber security incidents by downloading our Cyber Security Risk Scorecard.

This free document contains twenty questions you should ask yourself to determine whether you have the necessary defences in place.

It’s designed to give a broad indication of your organisation’s overall readiness, helping you understand what your next steps should be and how urgently you need to address cyber security.


The Weekly Round-up: subscribe now

The post Your cyber security risk mitigation checklist appeared first on IT Governance UK Blog.

The Evergreen Make Utility: A cost-effective way of deployments on Cloud

It might be difficult to find a software engineer who does not know ‘Make’ utility. ‘GNU Make’ is a tool which controls the generation of executables and other stuff related to the application code building. Capabilities of ‘Make’ are many ranging from simple code compilation and installation to collection of…