Category Archives: data protection

NCSAM: Six Tips to Help Keep your Business Secure

During the last half of the 1990s, there was a concern for employees using their own home desktop computers to dial in to the corporate network from home. Thousands of articles and hundreds of conference sessions discussed the associated risks and then how to mitigate them through documented policies and the use of new tools. […]… Read More

The post NCSAM: Six Tips to Help Keep your Business Secure appeared first on The State of Security.

Why You Should Practice and Drill to Prepare for a Cyber Emergency

Nowadays, businesses operate in a ubiquitous computing environment, relying on information technology to enable the speed and agility of modern business practices from payroll to public offerings. With the vast amount of email content and links that are populating employee inboxes, just one click on a phishing scam can cause a cyber emergency that results in the loss of millions of dollars and customer loyalty — not to mention a lengthy remediation process that amasses additional costs over time.

Spammers Don’t Take Days Off, So Neither Should You

According to the Ponemon Institute’s “2018 Cost of a Data Breach Study,” the average cost of a data breach globally is around $3.86 million. The cost of a mega breach — an event that involves the loss of 1 million to 50 million records — is between $40 million and $350 million, depending on the number of compromised records.

Of the security events recorded in the study, 48 percent were caused by malicious or criminal attacks, including the use of phishing and social engineering techniques to gain unauthorized access to corporate networks. Inboxes are slammed with spam every day of the week, increasing the odds of successful compromise.

The IBM X-Force Kassel research team operates a network of globally distributed spam honeypots, which collect billions of unsolicited email items. Last year, the research team pulled a sample of worldwide data to gain insight into when attackers’ spam bots were the most active.

A look at the same sample size from 2018 echoes last year’s findings: Spammers never rest. However, they are primarily active on Tuesdays and Wednesdays, clocking in at 21 percent and 22 percent, respectively. In addition, they tend to take a less aggressive stance on Saturday (4 percent) and Sunday (9 percent), when offices are less populated and therefore not as target-rich of an environment.

Spam Data, Incident Response

A 5-Step Approach to Avoiding a Cyber Emergency

Any coach or instructor will tell you that you get what you train for. In the heat of the moment, our practiced reactions determine the speed and course of our actions. To provide better online security throughout the organization, user vigilance must be a practiced part of the daily workflow.

The U.S. Fire Administration outlined five key components for designing an effective fire safety education program. In cybersecurity, we can apply that same approach to train personnel to consistently avoid the flames of phishing and react effectively to inadvertent compromise.

1. Assess Your Environment

Begin by gathering information about your workforce and network security posture to identify where risks and vulnerabilities may exist. If you’re going to build a safe and consistent security environment, governance is key. Employees must understand what the organization deems right or wrong. Likewise, network defenders should be well-versed in existing policies and procedures for addressing cyber emergencies.

Using examples of previously successful breaching techniques — such as mimicking the phishing scams that already made it through the organization’s safety net — can help you determine how familiar employees are with the dangers of current-day deception and social engineering scams. Meet with IT managers to learn what procedures are in place to help protect against exposure and minimize risk. This is also a great time to ask network defenders about secure email gateways, orchestration and automation, password protection, and two-factor authentication (2FA).

Finally, whether hosted locally or in the cloud, a best practice for email security is to take a layered approach. Digital fortification — from the network perimeter down to individual device hardening — that is built into corporate IT planning can help reduce exposure and risk.

2. Develop a Clear Escalation Map

Every emergency action plan needs to identify key internal and external stakeholders. Who should respond and who needs to be notified if a malicious link is accessed and the network is set ablaze?

Speed and calmness are everything in this moment. Companies that have an in-house incident response (IR) team or an on-call service to confirm and respond to a breach stand to substantially reduce losses in the event of a compromise. According to the “2018 Cost of a Data Breach Study,” companies with a low mean time to identify (MTTI) a breach — less than 100 days — saved more than $1 million. Likewise, companies with a low mean time to contain (MTTC) a breach — less than 30 days — saved more than $1 million compared to those that took longer than 30 days.

A company’s IR plan should clearly outline who to contact in different departments and ranks — in network security, the C-suite and the IR team component, but also the PR team and the company’s legal counsels. The plan should make it easy to reach them, know their responsibilities and have a clear view of their resources for carrying out mission-critical functions in the event of a cyber emergency.

3. Plan and Implement Your Incident Response

Once you have analyzed your risk environment and identified stakeholders, it’s time to establish objectives and create a plan of action. In case of suspected activity, employees should be able to recognize a phishing scam, whether via email or on the phone, and react appropriately as part of their everyday workflow. To do this, you need to recognize, react and repeat.


Establish what “normal” looks like to help personnel readily identify what key indicators should not be trusted. For example:

  • Was the email solicited or did it come out of the blue? While some criminals craft very personal emails, most cast a wide net that can be avoided.
  • Do you recognize the sender, and does the domain check out?
  • Does it read, and is it formatted, like a legitimate email?
  • Do the embedded links point to authentic domains?


Identify the next steps that personnel should take when something alarming appears. Is the organization set up to enable quick and effective reporting of suspicious emails and activity? Ensure that any employee can easily report an issue to IT security and the IR team. If a user identifies something malicious, a referenceable policy should be in place that clearly states where to forward it and how to flag it. Statistics should then be captured from these events and used to help establish trending threats.

If an employee has already clicked a link, identify what needs to happen next to correct the situation, from pulling the plug to quarantining the network. If a larger issue is confirmed or an attack is underway, each corporate player should know his or her role. Decisive action can save priceless moments when reacting to a digital threat.


Drills should happen monthly, quarterly and double during the holiday season. After all, what’s more enticing than a gift card during the shopping season? Security-savvy reactions aren’t built in a day; they become a part of the culture, a practiced reaction to inbox items that look and smell “phishy.”

4. Market Your Plan to Management and Teams

Gone are the days when droning through a stale slide deck will satisfy a training requirement. People learn in a variety of ways; if you want employees to remember and adhere to your plan, it needs to be engaging. Those in charge of security awareness training would be wise to reach, frame and connect their content with the target audience, a practice known as role-based training, to fit each role’s specific risk factors and likely attack scenarios.

Training needs to be memorable and interactive, so don’t skimp on quizzes, visual reminders, mock phishing campaigns and even companywide giveaways. There’s nothing like a security reminder on a new thermal cup. A spoonful of sugar is a small price to pay to boost organizationwide security awareness.

5. Evaluate Your Plan, Then Evaluate Again

An unexamined plan isn’t worth practicing. Training must be systematic to yield results. Simulate relevant attack scenarios that may affect the organization as authentically as possible and collect the stats on response times and accuracy. Do it again in a quarter, in a month or at random. Crunch the numbers and compare the results. Are employee responses improving? If not, how can the program be improved?

Remember to systematically return to the first step in this approach: assess your environment. In addition to internal review, an outside set of professional eyes on your network to perform periodic penetration testing can help expose previously undiscovered vulnerabilities. Criminal phishing methodologies and the ways by which they target employees are evolving every day, and a good IR plan should too.

Empower Your Users to Adapt to Evolving Threats

The need to establish a corporate culture of cyber awareness has become an accepted tenet of digital enterprise security. To help online safety become second nature across the organization, employees must be able to recognize the sparks of all kinds of scams and learn to react appropriately. Employers, in turn, must give their users the resources they need to continuously adapt to evolving threats and act as a protective layer that can help avoid losses from a cyber emergency.

The post Why You Should Practice and Drill to Prepare for a Cyber Emergency appeared first on Security Intelligence.

Is Employee Negligence Threatening Your Information Security?

Between bring-your-own-device (BYOD) policies, shadow IT and an increasingly mobile workforce, companies today are wrapped up in broad potential attack surfaces from employee negligence. When it comes to information security, offsite and remote workers, vulnerable paper trails, unmanned computers, and a host of other forms of employee negligence pose increasing risks to U.S. companies.

“Risky employee behavior and bad habits, coupled with a lack of employer-led training, is not only breeding a culture of lax information security, but is posing serious legal, financial and reputational risks to U.S. businesses of all sizes,” said Monu Kalsi, vice president of Shred-it.

How Can Companies Train Out Employee Negligence?

Many of the riskiest offenses are ones that employees might not even consider potentially negligent or dangerous behavior, such as leaving a computer unlocked or unattended when leaving the office for the day. These might seem like small oversights, but they can have dire consequences.

Many enterprises now include security training in their onboarding process to teach end users about data protection and cybersecurity best practices. Unfortunately, those efforts often do not extend beyond the first month or so of work.

When training programs occur infrequently, employees are less likely to retain essential information, leaving them unprepared to act in accordance with the security guidelines in place. A lot changes in a year’s time, and you’ll need your employees to know about those changes in order to fix their habits.

Establishing Remote Control Over Mobile Security

Despite the ongoing increase in remote workers, as reported in Gallup’s “State of the American Workplace Report,” security training and best cyber hygiene practices are still not a priority among U.S. businesses, according to Shred-it’s “2018 State of the Industry Report.” The latter survey found that over half of small business owners have no policy in place for remote workers.

“Training needs to address the evolving status of your business and the industry in general, which means it needs to be frequent and ongoing,” Kalsi said.

How to Create a Security-Focused Culture

Forty-seven percent of C-Suite executives and 42 percent of small business owners reported internal human error as the source of data compromise in Shred-it’s study, reinforcing the critical need to increase employee awareness around data security.

“In order to establish a culture that is committed to data security, training must be continuous,” Kalsi said.

The problem is that so many organizations don’t really understand what continuous training entails. What does the curriculum even look like?

“Conducting regular information sessions and providing accessible training opportunities for staffers both old and new is a great rule of thumb to ensure all employees have resources available to them to help them understand your company’s security policies,” Kalsi said.

Implementing regular review procedures can also help to identify issues as soon as they arise so that you can be sure sensitive information is handled properly in daily functions across the business. Vetting and training internal staff is just as important as evaluating external partners before working together and exchanging sensitive information.

Don’t Forget About Non-Cyber Risks

Although seldom discussed, mistakes in the treatment of physical data can also lead to a breach. For example, the U.S. Department of Homeland Security experienced a breach back in February when an employee left Super Bowl security plans in the seat pocket of a commercial passenger plane, as reported by CNN.

“Of course, mistakes happen,” Kalsi conceded, “but establishing a culture that equally prioritizes physical and cybersecurity ensures that employees are as prepared as possible,”

Updating the workplace policy to reflect all of these lesser-known security risks is key to arming staff with the knowledge and skills they need to effectively protect your business. Teaching employees basics like how to properly dispose of a hard drive will significantly reduce your risk of a breach.

“As long as hard drives are still physically intact, all private information can be retrieved,” said Kalsi. “This means that if your hard drive disposal process includes erasing, reformatting, wiping or degaussing, you’re still vulnerable.”

Employees need to understand the pain points where both physical and digital data could be at risk. Consistently reminding employees to be security-aware in their daily habits will help reshape the way they perceive data security and your organization’s priorities overall.

The post Is Employee Negligence Threatening Your Information Security? appeared first on Security Intelligence.

Working Together to Ensure Better Cybersecurity

For many, it’s hard to picture a work environment that doesn’t revolve around the use of technology. Digital, cloud-based services coupled with access through mobile and IoT devices have completely reshaped organizations by streamlining business processes and enabling people to work anywhere, anytime. Thanks to these advances, there have also been a variety of recent shifts in how employers and employees interact with each other, ranging from liberal remote work policies companies asking employees to bring their own devices to work.

Often these changes feel remarkable, efficient and convenient, as they make our work lives much more efficient – but these advancements also create concerns around cybersecurity. Many devices contain both personal and professional data , and when we take our work home or on the go with us, we’re not constantly protected by a company firewall, safe Wi-Fi, or other standard cybersecurity measures. Regardless of what industry you are in, online safety is no longer just IT’s problem. Cybersecurity is now a shared responsibility between an organization and its employees.

Naturally, these changes require education and communication around cybersecurity best practices in order to develop positive habits that will keep both employers and employees safe. Getting a habit to stick also requires an organization to develop culture of security in tandem, in which every individual and department is accountable for cybersecurity and bands together with the shared objective of staying secure.

October is National Cybersecurity Awareness Month, which is a great time to look at how everyone can be a part of the cybersecurity solution within their organization. If cybersecurity has not historically not been a priority within an organization, starting a conversation about it can be difficult, whether you’re an employee or an employer. Consider using these tips to start thinking about personal cybersecurity and how that translates into an overall cybersecurity plan within your organization.

Employers can take the following steps:

  • Identify which company assets are of greatest value, then ensure security measures are in place. Employee, customer, and payment data are all assets that cybercriminals could leverage via phishing, malware, password breaches, and denial-of-service (DoS) attacks. Begin to develop a formal cybersecurity plan based on your specific needs.
  • Set up an alert system. Put a system into place that will alert employees and your organization of an incident. This also includes an avenue for employees to report problems they might notice before they become widespread. The sooner people know about a vulnerability, the faster they can respond and take action.
  • Develop a response plan. Practice an incident response plan to contain an attack or breach. Keep in mind the goal of maintaining business operations in the short term while assessing the long-term effects of the cyber incident.

Employees can follow these guidelines:

  • Regularly update your device’s software. This is the easiest way to ensure your devices are equipped with vital patches that protect against flaws and bugs that cybercriminals can exploit.
  • Take security precautions, even if your company isn’t there yet. Professional and personal information is often intertwined on our devices – especially our mobile phones. Keep all your data secure with comprehensive mobile security, such as McAfee® Mobile Security. Then work within your organization to develop a cybersecurity plan that works for all.

Interested in learning more about IoT and mobile security trends and information? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Working Together to Ensure Better Cybersecurity appeared first on McAfee Blogs.

Top tips for securing your financial institution

For financial business leaders it’s important to understand that cyber-security is now a key business enabler, rather than simply a part of the overall IT strategy.As anyone working in the

The post Top tips for securing your financial institution appeared first on The Cyber Security Place.

Simplify Your Security With an Open Cloud-Based Platform

Today, IBM Security is putting a stake in the ground to dramatically improve its odds in the battle against cyberattacks with the announcement of IBM Security Connect, a first-of-its-kind cloud-based platform. Built on open technologies, IBM Security Connect is capable of analyzing federated security data across unconnected tools and environments.

Valuing Simplicity Over Complexity

One of the biggest challenges facing security professionals right now is the complexity that results from the use of disconnected, problem-specific tools from dozens of different vendors, almost none of which work together. Users are forced to switch between applications, move data between tools or integrate solutions to uncover meaningful insights. This creates undue inefficiency and ultimately requires more skilled resources than companies can hire. The complexity also hinders the level of collaboration needed to effectively combat threats.

It’s no wonder why the security industry is falling further and further behind.

We at IBM recognized this problem early on and responded by building the IBM Security Immune System, which integrates solutions to enable security professionals to more quickly and accurately find and stop anomalies wherever they occur. We’ve been infusing our immune system with artificial intelligence (AI) to detect attacks more quickly, accurately and at scale, and we have led the industry in openness.

However, in the current threat landscape, this is no longer enough.

A Cloud-Based Platform That Is Open, Simple and Connected

Security must be more open, simple and connected to meet today’s challenges. With these challenges in mind, we have dramatically enhanced our approach, leveraging the cloud to make us more effective and better able to protect our clients at unprecedented scale and speed.

A Cloud-Based Platform That Is Open, Simple and Connected


Grounded in open standards and communities, organizations will derive more accurate insights with the ability to connect to and share all security data. Security vendors and partners will be able to leverage IBM Security Connect as a single point of integration for IBM Security’s entire portfolio of products, experts and services.


Until now, getting insight from data has meant moving all security data to one spot, a task made virtually impossible due to multiple security information and event management (SIEM) tools, data lakes, endpoint detection and response (EDR) solutions, and cloud object stores. IBM Security Connect solves this challenge. For the first time in our industry, we can connect or federate data where it is in its current tools and environments, on-premises or in multiple clouds, to improve security visibility and efficiency. The hassle of migrating data or integrating complicated products can be significantly reduced for many security use cases.

This federation of data enables our existing solutions, such as QRadar, Guardium and Resilient, to connect to currently disconnected data sources to search and analyze data for threats and risks.

For example, users of our new IBM Security Connect federated search app will be able to search data across their QRadar, Splunk, EDR platforms and data lakes to hunt for threats.


Collaboration, both within and among organizations, is a necessity. Security teams need to connect to a global community of other users, aggregate their insights and build on each other’s solutions to make everyone stronger.

IBM Security Connect brings customers the power of collective intelligence and the ability to connect insights from all parts of our security immune system and partner ecosystem. Insights about a device, IP address and user, as well as database vulnerabilities and threats, can easily be shared across all products and applications integrated with the platform, providing instantaneous context for security investigations.

Joining Forces to Protect Businesses and Society

The open, simple and connected nature of IBM Security Connect’s cloud-based platform will not only make it easier for organizations to build out and share their security solutions quickly and easily, but also to tap into just the capabilities they need.

IBM Security Connect is expected to be generally available early next year and will bring the ease of cloud scalability without the pain of data migration, increase efficiency through seamless workflows and enhance current security investments.

As an industry, we have come a long way in the fight to protect businesses and society, with ever more sophisticated and effective solutions. But we know that no one company can go it alone, and that to truly stop the spread of attacks, we need work to together, share our knowledge and collaborate on the answer.

We believe that IBM Security Connect will accelerate us all in the right direction.

Get connected

The post Simplify Your Security With an Open Cloud-Based Platform appeared first on Security Intelligence.

Tech Giants Concerned About Australia’s Encryption Laws

Cyber law changes proposed in Australia specifically state that companies will not be required to implement encryption backdoors, but tech giants are still concerned that the current form of the legislation is too vague and leaves a lot of room for interpretation.

read more

SecurityWeek RSS Feed: Tech Giants Concerned About Australia’s Encryption Laws

Cyber law changes proposed in Australia specifically state that companies will not be required to implement encryption backdoors, but tech giants are still concerned that the current form of the legislation is too vague and leaves a lot of room for interpretation.

read more

SecurityWeek RSS Feed

GDPR Fear is Stifling Employees, Here’s How to Fix It

More than three months after GDPR came into effect, businesses have found themselves between a rock and a hard place – taking every step possible to correct protocols, policies and

The post GDPR Fear is Stifling Employees, Here’s How to Fix It appeared first on The Cyber Security Place.

Google to Encrypt Android Cloud Backups With Your Lock Screen Password

In an effort to secure users' data while maintaining privacy, Google has announced a new security measure for Android Backup Service that now encrypts all your backup data stored on its cloud servers in a way that even the company can't read it. Google allows Android users to automatically backup their essential app data and settings to their Google account, allowing them to simply restore it

Cybersecurity Future Trends: Why More Bots Means More Jobs

As the technological world hurls into the 2020s and cybersecurity future trends become reality, many experts expect the industry to evolve rapidly. Among the paradigm shifts still to come from digital innovation, data protection is bound to change and expand beyond the capabilities of today’s most common tools.

Above all, expect artificial intelligence (AI) to take a bigger role in cybersecurity as the IT industry seeks more efficient ways to shut down attacks immediately — or even before they happen.

Hiring AI Cybersecurity Guards

In the near future, new AI-powered solutions will look for anomalies in enterprise systems while matching patterns in threat actor behavior to predict when attacks are coming, said Shashi Kiran, chief marketing officer at Quali, a vendor of cloud automation services. Companies will also use AI tools to analyze user behavior and dig through system logs to spot problems, noted Laura Lee, executive vice president of rapid prototyping at cybersecurity training vendor Circadence. Lee said she expects AI-powered cybersecurity training to become more common as well.

In addition, AI systems will soon be able to analyze data from multiple sources, provide virtual assistants with special knowledge in cybersecurity and assist with penetration testing. In the coming decades, the “full scope of AI will be brought to bear in cybersecurity training environments to provide intelligent advisers, feedback and an AI adversary to practice against,” Lee added.

Planning for Obsolescence

Newer AI systems should provide capabilities that traditional antivirus products can’t. Many current security products focus largely on signature-based detection or analytics from patterns of suspicious activity, said Jason Rebholz, senior director of strategic partnerships at cybersecurity vendor Gigamon.

“With the emergence of AI, the basic decision-making can be offloaded to software,” he added. “While this isn’t a replacement for the analyst, it provides more time for them to perform more advanced decision-making and analysis, which is not easily replaced with AI.”

An AI-Driven Coding Evolution

Some security experts see big things for AI, with a sort of evolution built into its abilities.

“Imagine a world where cyberdefenses adapt and evolve with no human intervention,” said Kathie Miley, chief operating officer (COO) at Cybrary, another cybersecurity training company. “By putting AI into practice with evolutionary algorithms, software will also be able to assess current state, improve upon itself or kill off components no longer ideal for survival.”

Miley offered the example of a developer who accidentally creates a program with a structured query language (SQL) injection vulnerability: “AI will catch it and correct it with no human involvement, because it knows [the vulnerability is] dangerous to the application’s survival.”

Unfortunately, AI-trained systems won’t be exclusive to defenders. As Miley noted, threat actors “will be able to use AI to evolve their attacks without lifting a finger. It’s a race to who is stronger — the good guys or the bad guys.”

Why Cybersecurity Future Trends Won’t Exclude Humans

But even as AI takes a more central role in many organizations’ cybersecurity efforts, the need for qualified cybersecurity professionals will not diminish.

“Until AI evolves and wipes out humans, there will always be a place for people in the cybersecurity field,” Miley said. “Regulations, compliance, ethics and needs will need to be determined by us carbon life forms. However, tasks such as monitoring attacks and coding errors — and even coding itself — will certainly be automated at some point in the near future.”

Miley added that she sees a strong demand for security architects and governance, risk and compliance professionals in the coming years.

How AI Will Help Bridge the Skills Gap

New ways of automating some cybersecurity functions will help the industry bridge the cybersecurity skills gap that’s been growing since 2014. A recent Cybersecurity Ventures report forecast a shortage of 3.5 million open cybersecurity positions by 2021.

Bret Fund, founder and CEO of cybersecurity training academy SecureSet, argued that automated tools will require more refined skill sets.

“We will still have an education problem that will be exacerbated by the new skills required to interpret and analyze AI,” he predicted.

In addition, many small and medium-sized businesses will adopt AI tools more slowly than large enterprises will, meaning plenty of cybersecurity jobs will be available, Fund added.

Cybersecurity Workers: Seize the Day

Lee noted that demand is growing for cybersecurity workers with data science expertise as organizations look to maximize the value of the data they collect. She said she also foresees a shift in cybersecurity jobs that will “place soft skills and strategy at equal importance as required technical skills.”

Cybersecurity analysts, penetration testers and incident response professionals will be popular with job recruiters for several years, she added. However, those jobs may be changing, with more workers “expected to carry competencies in strategic thinking, creativity, problem-solving, working in teams and reporting alongside business objectives.”

Augmenting Automating With a Human Touch

According to Cesar Cerrudo, chief technology officer (CTO) of cybersecurity and penetration testing vendor IOActive Labs, paint-by-the-numbers cybersecurity jobs will soon be a thing of the past.

“Jobs that consist of repetitive tasks and tasks that don’t require creativity will disappear,” he said. “Having broad knowledge on past, latest and upcoming threats, along with broad vision in cybersecurity, will be required to achieve better results. You can’t properly secure a technology without anticipating what it will look tomorrow or in the next year.”

As technologies and their security measures carry us into 2020, forecasting threat trends will be the name of the game. Machine learning won’t replace the cybersecurity workforce any time soon, but get ready for a new face (or lack thereof) on your security operations center (SOC). Developing a broader skill set now and keeping an open mind will help you best prepare for the security industry of the future.

The post Cybersecurity Future Trends: Why More Bots Means More Jobs appeared first on Security Intelligence.

As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack

Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more than six million websites with malware scanners to arrive at this figure, noting that there was also a six percent decrease in websites being blacklisted over the previous year.

Many internet users rely on these search engines to flag malicious websites and protect them as they surf the web, but this decline in blacklisting sites is leaving many users just one click away from a potential attack. This disregard of a spam attack kit on search engine results for these infected sites can lead to serious disruption, including a sharp decline in customer trust. Internet users need to be more vigilant than ever now that search engines are dropping the ball on blacklisting infected sites, especially considering that total malware went up to an all-time high in Q2, representing the second highest attack vector from 2017-2018, according to the recent McAfee Labs Threats Report.

Another unsettling finding from the report was that incidents of cryptojacking have doubled in Q2 as well, with cybercriminals continuing to carry out both new and traditional malware attacks. Cryptojacking, the method of hijacking a browser to mine cryptocurrency, saw quite a sizable resurgence in late 2017 and has continued to be a looming threat ever since. McAfee’s Blockchain Threat Report discovered that almost 30,000 websites host the Coinhive code for mining cryptocurrency with or without a user’s consent—and that’s just from non-obfuscated sites.

And then, of course, there are just certain search terms that are more dangerous and leave you more vulnerable to malware than others. For all of you pop culture aficionados, be careful which celebrities you digitally dig up gossip around. For the twelfth year in a row, McAfee researched famous individuals to assess their online risk and which search results could expose people to malicious sites, with this year’s Most Dangerous Celebrity to search for being “Orange is the New Black’s” Ruby Rose.

So, how can internet users protect themselves when searching for the knowledge they crave online, especially considering many of the most popular search engines simply aren’t blacklisting as many bot malware infected sites as they should be? Keep these tips in mind:

  • Turn on safe search settings. Most browsers and search engines have a safe search setting that filters out any inappropriate or malicious content from showing up in search results. Other popular websites like iTunes and YouTube have a safety mode to further protect users from potential harm.
  • Update your browsers consistently. A crucial security rule of thumb is always updating your browsers whenever an update is available, as security patches are usually included with each new version. If you tend to forget to update your browser, an easy hack is to just turn on the automatic update feature.
  • Be vigilant of suspicious-looking sites. It can be challenging to successfully identify malicious sites when you’re using search engines but trusting your gut when something doesn’t look right to you is a great way of playing it safe.
  • Check a website’s safety rating. There are online search tools available that will analyze a given URL in order to ascertain whether it’s a genuinely safe site to browse or a potentially malicious one infected with bot malware and other threats.
  • Browse with security protection. Utilizing solutions like McAfee WebAdvisor, which keeps you safe from threats while you search and browse the web, or McAfee Total Protection, a comprehensive security solution that protects devices against malware and other threats, will safeguard you without impacting your browsing performance or experience.

To keep abreast of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack appeared first on McAfee Blogs.

Radware Blog: Protecting Sensitive Data: A Black Swan Never Truly Sits Still

The black swan – a rare and unpredictable event notorious for its ability to completely change the tides of a situation. For cybersecurity, these nightmares can take the form of disabled critical services such as municipal electrical grids and other connected infrastructure networks, data breaches, application failures, and DDoS attacks. They can range from the […]

The post Protecting Sensitive Data: A Black Swan Never Truly Sits Still appeared first on Radware Blog.

Radware Blog

#CyberAware: Teaching Kids to Get Fierce About Protecting Their Identity

Identity ProtectionIt wasn’t Kiley’s fault, but that didn’t change the facts: The lending group denied her college loan due to poor credit, and she didn’t have a plan B. Shocked and numb, she began to dig a little deeper. She discovered that someone had racked up three hefty credit card bills using her Social Security Number (SSN) a few years earlier.

Her parents had a medical crisis and were unable to help with tuition, and Kiley’s scholarships didn’t cover the full tuition. With just months left before leaving to begin her freshman year at school, Kiley was forced to radically adjusted her plans. She enrolled in the community college near home and spent her freshman year learning more than she ever imagined about identity protection and theft.

The Toll: Financial & Emotional

Unfortunately, these horror stories of childhood identity theft are all too real. According to Javelin Strategy & Research, more than 1 million children were the victim of identity fraud in 2017, resulting in losses of $2.6 billion and more than $540 million in out-of-pocket costs to the families.

The financial numbers don’t begin to reflect the emotional cost victims of identity theft often feel. According to the 2017 Identity Theft Aftermath report released by the Identity Theft Resource Center, victims report feeling rage, severe distress, angry, frustrated, paranoid, vulnerable, fearful, and — in 7% of the cases — even suicidal.

Wanted: Your Child’s SSNIdentity Protection

Sadly, because of their clean credit history, cyber crooks love to target kids. Also, identity theft among kids often goes undiscovered for more extended periods of time. Thieves have been known to use a child’s identity to apply for government benefits, open bank or credit card accounts, apply for a loan or utility service, or rent a place to live. Often, until the child grows up and applies for a car or student loan, the theft goes undetected.

Where do hackers get the SSN’s? Data breaches can occur at schools, pediatrician offices, banks, and home robberies. A growing area of concern involves medical identity theft, which gives thieves the ability to access prescription drugs and even expensive medical treatments using someone else’s identity.

6 Ways to Build #CyberAware Kids

  1. Talk, act, repeat. Identity theft isn’t a big deal until it personally affects you or your family only, then, it’s too late. Discuss identity theft with your kids and the fallout. But don’t just talk — put protections in place. Remind your child (again) to keep personal information private. (Yes, this habit includes keeping passwords and personal data private even from BFFs!)
  2.  Encourage kids to be digitally savvy. Help your child understand the tricks hackers play to steal the identities of innocent people. Identity thieves will befriend children online and with the goal of gathering personal that information to steal their identity. Thieves are skilled at trolling social networks looking at user profiles for birth dates, addresses, and names of family members to piece together the identity puzzle. Challenge your kids to be on the hunt for imposters and catfishes. Teach them to be suspicious about links, emails, texts, pop up screens, and direct messages from “cute” but unknown peers on their social media accounts. Teach them to go with their instincts and examine websites, social accounts, and special shopping offers.Identity Protection
  3. Get fierce about data protection. Don’t be quick to share your child’s SSN or secondary information such as date of birth, address, and mothers’ maiden name and teach your kids to do the same. Also, never carry your child’s (or your) physical Social Security card in your wallet or purse. Keep it in a safe place, preferably under lock and key. Only share your child’s data when necessary (school registration, passport application, education savings plan, etc.) and only with trusted individuals.
  4. File a proactive fraud alert. By submitting a fraud alert in your child’s name with the credit bureaus several times a year, you will be able to catch any credit fraud early. Since your child hasn’t built any credit, anything that comes back will be illegal activity. The fraud alert will remain in place for only 90 days. When the time runs out, you’ll need to reactivate the alert. You can achieve the same thing by filing an earnings report from the Social Security Administration. The report will reveal any earnings acquired under your child’s social security number.
  5. Know the warning signs. If a someone is using your child’s data, you may notice: 1) Pre-approved credit card offers addressed to them arriving via mail 2) Collection agencies calling and asking to speak to your child 3) Court notices regarding delinquent bills. If any of these things happen your first step is to call and freeze their credit with the three credit reporting agencies: Equifax, Experian, and TransUnion.
  6. Report theft. If you find a violation of your child’s credit of any kind go to to report the crime and begin the restoring your child’s credit. This site is easy to navigate and takes you step-by-step down the path of restoring stolen credit.

Building digitally resilient kids is one of the primary tasks of parents today. Part of that resilience is taking the time to talk about this new, digital frontier that is powerful but has a lot of security cracks in it that can negatively impact your family. Getting fierce about identity protection can save your child (and you) hours and even years of heartache and financial loss.


Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post #CyberAware: Teaching Kids to Get Fierce About Protecting Their Identity appeared first on McAfee Blogs.

Gazorp Malware Builder Offers Free, Customized AZORult Attacks on the Dark Web

Gazorp, a free malware builder spotted on the dark web, lets would-be threat actors create customized AZORult attacks.

First discovered by Check Point Research on Sept. 17, the new builder makes it easy to generate custom samples of the AZORult infostealer. According to Gazorp’s creators, developing malware with the tool is “as simple as 2×2”: Prospective users provide their command-and-control (C&C) address, download the malware builder, install the panel and deploy their new creation in the wild.

Gazorp builds samples of AZORult version 3.0, which was released five months ago. Since that time, two newer versions — 3.1 and 3.2 — have been released, limiting the efficacy of Gazorp’s version. As Check Point made clear, however, the outdated version has “multiple stealing capabilities which can be leveraged by any actor to gather victim information and misuse it.”

Gazorp’s Expanding Threat Capabilities

Gazorp’s authors have added several new panel features and code upgrades to boost the impact of their AZORult version. Notable improvements include the addition of a global heat map that provides country-by-country statistics and the ability to create a complex mutex based on multiple factors, including admin, user, system and guest authorities. In addition, this Gazorp version includes vulnerability and bug fixes to version 3.0, along with visual user interface (UI) enhancements.

But that’s not all. The malware builder also includes a Telegram channel link that features the ongoing work of Gazorp’s authors. Users who visit the channel can get updates on new features, add their own suggestions and donate bitcoin to help drive future improvements. The creators made it clear: “More donations, more updates.” According to Check Point, it appears the project will evolve over time and “possibly produce new variants for AZORult.”

How to Protect Enterprise Data From a Malware Builder

Tackling the problem of custom malware code starts with consistent patching. Security experts note that “the bulk of security issues simply come down to software patching,” and this is certainly the case with Gazorp. Given its use of outdated AZORult code, regular security patching will frustrate most free-to-play malware attackers.

Security teams should also consider investing in security-as-a-service (SECaaS) solutions. Check Point noted that new Gazorp attacks may begin to emerge at a higher scale as more attackers discover the service. Attempting to track evolving, emerging infections without the benefit of on-demand security resources quickly becomes an exercise in frustration — and could lead to network compromise.

Source: Check Point Research

The post Gazorp Malware Builder Offers Free, Customized AZORult Attacks on the Dark Web appeared first on Security Intelligence.

Why Healthcare Cyberattacks Should Be a Concern for Consumer Data Collectors

Criminals know how lucrative healthcare cyberattacks can be. As reported by Forbes, an electronic health record (EHR) could be worth hundreds, even thousands, of dollars on the black market. And unlike a credit card or financial record, a medical record is a living document that can be used by criminals over a person’s lifetime — there’s no closing down a health record. For example, a threat actor could use sensitive information about health conditions and diseases to extort a victim for years.

“From a purely monetary perspective, medical records, depending upon their completeness, can fetch upwards of $1,000 per record,” according to RedLock’s Matt Chiodi. “Contrast that number with credit cards, where the typical value is $30.”

Unfortunately, with its value fully realized, medical information is now more susceptible to theft due to the pervasiveness of electronic records. Over the last decade, healthcare clinics and hospitals have widely adopted EHR systems to save on costs. However, while they’re more efficient than paper systems, digital records are also vulnerable to cyberattacks.

Healthcare Cyberattacks Beyond the Doctor’s Office

Hospitals and medical clinics aren’t the only healthcare entities that need to keep their data secure and private. DNA and genomics-analysis services also store sensitive biodata in the interest of serving their clients. Are the threats that these types of companies face the same as a traditional healthcare provider? What kinds of attacks do they need to guard against? And what are they already doing to shore up defenses and protect customer data?

“The general fear is actually with the customer signing away their DNA profile to a testing company,” said Chris Jordan, CEO of the security firm Fluency. “There has been little concern of the theft for malicious intent, mainly due to the mapping to value of the data. The real threat is that the value is unknown, meaning that two years down the road people might start seeing a value to the data, and your DNA data may be on a system with inadequate protection.”

Is Your Company at Risk of a Different Kind of Infection?

Cybercriminals exploit healthcare organizations for a variety of purposes, including data manipulation through loss, leakage and spoofing. One of the most common threats targeting the sector is ransomware, as evidenced by the massive WannaCry attack that infected hundreds of thousands of endpoints on healthcare networks in more than 150 countries around the world in May 2017.

As Bloomberg reported, attacks of all kinds against healthcare organizations have increased in the last year and show no signs of slowing — particularly when it comes to phishing and ransomware attacks used to gain access to private data.

According to Rami Muleys, head of application security business development at Positive Technologies, the threat of ransomware is evolving to become even more targeted.

“Moving forward, there’s a chance that cybercriminals could change tactics and, instead of destroying sensitive data, use it for targeted attacks,” he explained. “As an example, a patient with a sexually transmitted disease could find themselves blackmailed; a patient with an allergy could be attacked with his or her allergen.”

Critical Condition: How to Keep Healthcare Data Private

What are businesses that collect biodata doing to protect sensitive data and client information?

A spokesperson for personal genomics and biotechnology company 23andMe noted that customer data is stored in “walled-off segregated computing environments” and protected by a “comprehensive security program that utilizes de-identification — which protects an individual’s identity by removing all registration information, name, email address, etc. to protect the unique set of information associated with our service.”

The spokesperson also noted that each customer can choose whether to participate in research or share his or her data, and that the company does not share personal information without explicit consent.

Beyond policies, basic security practices are more important than ever for today’s healthcare workforce.

“Healthcare organizations should perform regular security assessments of their systems,” Muleys advised. “Not just the usual HIPAA compliance assessments, but beyond formal requirements, including practical penetration tests.”

The stakes are just as high for heathcare-related businesses that gather and store data about clients’ health and genetic backgrounds. Companies that work in this space will see an increased level of scrutiny as more data breaches inevitably hit the sector in the coming months and years. Security managers at these enterprises need to keep their data privacy and security strategies front and center in business planning.

Listen to the podcast

The post Why Healthcare Cyberattacks Should Be a Concern for Consumer Data Collectors appeared first on Security Intelligence.

Signing Up for Benefits? Beware of Phishing Attacks

In addition to being National Cyber Security Awareness Month (NCSAM) in the US, October also marks the beginning of a lucrative two-month phishing season. Over the next two months, the vast majority of companies will have employees review and enroll in benefits, with many organizations also beginning their holiday party and charity campaign planning. These activities provide a window of opportunity for threat actors to strike with phishing attacks that appear legitimate.

Why Benefits Enrollment Periods and Holiday Party Planning Can Be Risky

The email below may look familiar. It’s something you would probably roll your eyes at and begrudgingly complete after you receive a second notice. It usually includes a link, which often sends you to a third-party website, such as a health insurer or financial institution.

Each of these pieces of information is extremely helpful in creating a phishing attack. For example, a threat actor could make a website that looks similar to the one that employees see annually for benefits enrollment. After all, benefits pages for most companies are readily available, which makes cloning them a simple task.

Once employees log in to a malicious site with their credentials, it’s game over. Criminals can use those details to log in to company networks or systems via a virtual private network (VPN), Outlook Web Access (OWA), or some other email web client or employee site, such as a real benefits page.

However, it’s not just benefits enrollment season that makes these next two months phishing gold; it’s also the time of year when planning kicks off for holiday parties and charity campaigns — two more common and highly lucrative phishing targets.

The above email, which came from a real phishing engagement, yielded 29 sets of credentials out of 41 targets. The promise of a gift certificate likely helped increase victim participation.

How to Protect Yourself and Your Organization From Phishing Attacks

How can organizations and individuals defend against these types of phishing attacks? First and foremost, regardless of the type of email, don’t ever click any links in the body.

Visit the website you know — the employee benefits page, for example — and log in there. The same principle applies to credit card fraud — look for the phone number on the back of the credit card and call the credit card company directly.

If you get an email about your company’s holiday party or charity campaigns, especially around the holidays, natural disasters or national tragedies, always verify them through other channels. Typically, companies put this information on their internal homepage, as well as sending out an email. Do a quick check to make sure there really is a food truck survey, for example, especially when a gift is promised. If you don’t find anything on the internal homepage or news update site, ask your manager about the email before clicking any of the links. He or she should be able to tell you if it’s real or not.

For companies looking to prevent that one employee from clicking on a malicious link, penetration testing services can help by conducting phishing scenarios targeted toward company executives and employees using the same tactics, techniques and procedures (TTPs) as criminals.

A test phishing engagement can start important conversations within the organization about how it’s everyone’s job to help protect the company’s data and networks. Practice makes perfect, as they say, so why not practice what would happen if a phishing campaign targeted your business? Not only will it serve as a reminder for employees, it can also test your incident response processes to ensure you’re ready when real phishing attacks come for your data.

Listen to the podcast

The post Signing Up for Benefits? Beware of Phishing Attacks appeared first on Security Intelligence.

As IoT Security Concerns Rise, Are Solutions Keeping Up?

Many objects nowadays can be turned into internet-connected devices, and any one of them can make its way into the workplace. In fact, Gartner expects more than 65 percent of enterprises will deploy Internet of Things (IoT) products by 2020.

While employees may enjoy the benefits offered by IoT technologies, chief information security officers (CISOs) and other security decision-makers have a different view of these devices. IoT security, particularly the risk of personal data exposure, is quickly becoming one of their top priorities.

Some IoT Security Concern Is Based on Personal Experience

Not surprisingly, as the number of IoT devices in the workplace increases, so do the security threats associated with them. Over the next couple of years, we should expect that more than a quarter of cyberattacks will directly involve the IoT, Gartner warns.

With this in mind, researchers with Tripwire polled attendees at this year’s Black Hat USA to gauge their concerns about IoT security. Sixty percent of participants said they were more worried about IoT security in 2018 than they were last year, and even those who weren’t more or less concerned still reported feeling worried about the security of IoT devices.

Some of this concern comes from personal experience: About 20 percent of respondents said they personally encountered an IoT-related attack at work or on their home network. But perhaps the more alarming statistic is that 14 percent said their IoT devices may have suffered an attack, but they didn’t know for sure.

As Craig Young, a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team, points out, too many security professionals lack the basic tools, security systems and knowledge to determine if their devices have been compromised, and that could lead to serious trouble down the road.

The Business Value of IoT Solutions

Eliminating IoT from the enterprise is not an option. For many organizations, IoT solutions add significant business value. As Consumer Goods Technology reported, “One of the most game-changing aspects of smart, connected products is how they allow product companies to create new consumer needs and establish new user habits. These new smart connected products rely on new habits, on trying to predict what will tick and what will be a hit with today’s consumers.”

Based on a 2017 Forrester report, Network World reports that the IoT improves business value in three ways:

  1. Improved product functions through design.
  2. Better business operations with digital automation.
  3. Enhanced consumer services.

However, all this IoT technology also creates a larger attack landscape for threat actors that organizations aren’t prepared for. As the aforementioned Gartner report states, “IoT security is often beyond the average IT leader’s skill set, as it involves managing physical devices and objects rather than virtual assets.” Security of IoT devices, the report continues, is often a barrier to the IoT’s overall effectiveness, which, in turn, hurts its business value.

IoT Data Is a Nightmare for the GDPR and Other Privacy Laws

The IoT also generates massive amounts of data, and this sets up another security issue. According to the Tripwire survey, the top issue surrounding IoT security is protection of personal data, followed by botnets and network compromise.

Because of how IoT devices collect data, it is more difficult to ensure data privacy for consumers, especially under the European Union’s General Data Protection Regulation (GDPR) and other new privacy laws. “The aggregation and correlation of data from various sources make it increasingly possible to link supposedly anonymous information to specific individuals and to infer characteristics and information about them,” wrote Cameron F. Kerry for Brookings.

Data generated from a smart city’s web of cameras and meters, for example, is nearly impossible to protect under privacy regulations. How do you alert thousands of otherwise anonymous people that their personal information is being gathered and stored? The onus falls on the security departments of the smart city to ensure the IoT devices they are using are secure, as are all aspects of data collation and storage. At the same time, as we’ve seen, security experts are still trying to figure out the best way to approach the IoT’s flaws and vulnerabilities.

Embrace Time-Tested Techniques to Secure the IoT

There are solutions on the horizon. The 2018 Global PKI Trends Study from the Ponemon Institute and Thales found that the IoT is “the fastest-growing trend in the deployment of applications that use public key infrastructure (PKI).”

“For safe, secure IoT deployments, organizations need to embrace time-tested security techniques, like PKI, to ensure the integrity and security of their IoT systems,” said John Grimm, senior director of security strategy at Thales eSecurity.

IoT security jumped in importance for many security professionals this year because IoT use has increased within many organizations. Now, our tools and solutions need to catch up.

Five Indisputable Facts about IoT Security

The post As IoT Security Concerns Rise, Are Solutions Keeping Up? appeared first on Security Intelligence.

The State of Security: A Practical Guide to CCPA for U.S. Businesses

Inspired by Europe’s General Data Protection Regulation (GDPR), the State of California has set a new precedent with the passage of the California Consumer Privacy Act (CCPA). The major data incidents last year have driven citizens into a frenzy about securing their data, and states have rushed to developing and passing policies and legislation. California […]… Read More

The post A Practical Guide to CCPA for U.S. Businesses appeared first on The State of Security.

The State of Security

A Practical Guide to CCPA for U.S. Businesses

Inspired by Europe’s General Data Protection Regulation (GDPR), the State of California has set a new precedent with the passage of the California Consumer Privacy Act (CCPA). The major data incidents last year have driven citizens into a frenzy about securing their data, and states have rushed to developing and passing policies and legislation. California […]… Read More

The post A Practical Guide to CCPA for U.S. Businesses appeared first on The State of Security.

The Wild West of Data Risk Management in the Age of Cloud, Mobile and Digital Transformation

As enterprises undergo digital transformation and explore new opportunities offered by cloud technology, many lose sight of the digital risks they’ve encountered along the way. Like the pioneers who headed into the Wild West more than a century ago, companies today face a range of unseen dangers as they move unwittingly into potentially hostile territory. From developers and engineers collaborating via cloud-based, consumer-focused data sharing platforms to independent contractors retaining access credentials long after their projects are completed, the risks to critical data are expanding along with the attack surface.

Whether it’s digital transformation, cloud computing, extended supply chains or outsourcing, it’s imperative for organizations to establish a formal data risk management program that’s more than just a governance, risk and compliance program designed to check the boxes for auditors. Data risk management programs put mission-critical data — an organization’s crown jewels — at the center of the effort. Ensuring the confidentiality, integrity and availability of that data, no matter where it lives or who touches it, is the top priority.

Round Up the Posse: The Importance of Multiple Stakeholders

To be successful, a data risk management program requires the involvement of multiple stakeholders, including data owners; line-of-business managers; IT and security professionals; legal, HR and finance departments; and multiple members of the C-suite, all the way up to the CEO. All these parties have a hand in identifying the enterprise’s crown jewels, where they are located, who handles or processes them and where they flow not only within the organization, but outside of it as well.

An effective program also requires input from security professionals who can understand how the inherent risks of ownership, privilege rights, locality, sensitivity and complexities associated with third-party application integrations can be used as backdoors into mission-critical data or cause serious business disruption.

Other common challenges organizations encounter when developing a data risk management program include:

  • Manual process bottlenecks that greatly impact the organization’s ability to scale;
  • Siloed IT systems, each with their own data store, that lack sufficient controls and make it difficult to prioritize risk, thereby creating the potential for exposure;
  • Friction between IT operations and security teams due to the lack of a common language and differing priorities, which makes it hard for them to work in concert to prioritize risks and take immediate remediation actions in the event of a serious breach; and
  • The ability to distinguish between pedestrian events and those that could disrupt business operations, such as the theft and disclosure of sensitive intellectual property (IP).

Take the Reins: Developing Measurements That Actually Mean Something

Successful data risk management programs require security professionals to develop key performance indicators (KPIs) or risk measurements that actually mean something to business executives. Tactical metrics and reporting from tools designed to serve the needs of security analysts do not translate well into the language of business risk. However, by ingesting useful data from a range of security tools that can then be combined with other strategic operational metrics and contextual information, it’s possible to present such data to business executives in a way that allows them to better grasp where existing security controls are adequate and where additional resources are needed.

Such tools include security information and event management (SIEM), data loss prevention (DLP), application security, security response management, vulnerability assessment, and data monitoring systems. A dashboard that takes all that highly technical data and boils it down to sensible risk measurements can benefit multiple stakeholders within an organization as they work to mature their data risk management practices. A data risk manager with a business-centric approach can reduce the time it takes to investigate and remediate threats, and potentially avoid or minimize damages and cost.

Circle the Wagons: It’s Time for a Focused Data Risk Management Program

As enterprises embrace digitization, cloud and IT automation, most are still in the pioneering stages — if they’ve begun at all — of developing a data risk management program. With a vastly expanded threat surface, highly sophisticated and well-funded threat actors seemingly immune to law enforcement, and increasingly complex and porous organizational structures, it’s time to circle the wagons around mission-critical data assets. There’s no better time to create a programmatic approach by automating and orchestrating data risk management.


The post The Wild West of Data Risk Management in the Age of Cloud, Mobile and Digital Transformation appeared first on Security Intelligence.

You gotta fight, for your right, to erasure

According to Article 17 of the European Union’s General Data Protection Regulation (GDPR), all personal data that is no longer necessary must be removed and deleted. This aspect of the law, also known as “the right to erasure,” grants any user or customer the right to request that an organization deletes all data related or associated to them without undue delay, within 30 days. Moreover, the regulation carries heavy fines if a business does not … More

The post You gotta fight, for your right, to erasure appeared first on Help Net Security.

Aussie Ruby Rose is McAfee’s Most Dangerous Celebrity

Keeping up to date with celebrity gossip is a sport for many of us. Staying on top of what your favourite celebrity wore to the latest Hollywood shindig and, of course who they were with can be very time consuming and often require extensive searching! But did you know that searching for your favourite celebrity can actually put your personal security at risk?

Every year McAfee, the device-to-cloud cybersecurity company, undertakes global research, entitled Most Dangerous Celebrities, to identify which celebrities generate the riskiest search results which could potentially expose fans to malicious websites and risky downloads. And in 2018, the top spot was filled for the first time ever by an Australian celebrity: actress and television presenter Ruby Rose.

The very talented Ruby Rose kicked off her career as a hugely popular VJ (video jockey) on MTV. Before long, she went on to enjoy great success as a model, television presenter and then actress with her role as Stella Carlin in the cult series Orange Is The New Black. Ruby’s casting as Batwoman in the upcoming television series would have no doubt assisted in propelling her to first position.

Who Are the Most Dangerous Celebrities to Search For in 2018?

In the global list of Most Dangerous Celebrities, American reality TV star, Kristin Cavallari finished behind Rose at No. 2, followed by French actress Marion Cotillard (No. 3), the original Wonder Woman Lynda Carter (No. 4), Aussie actress Rose Byrne (No. 5), star of Will and Grace Debra Messing (No. 6), reality TV star Kourtney Kardashian (No. 7), actress Amber Heard (No. 8), American morning TV show host Kelly Ripa (No. 9), and finally Orange Is The New Black actor, Brad William Henke round out the top 10.

American actress Lucy Liu topped Australia’s list of the Most Dangerous Celebrities to search for. The top 10 list was littered with Aussie celebrities as well, including Naomi Watts (No. 2), Cate Blanchett (No 4.), Elle Macpherson (No.9) and Margot Robbie (No.10).

Interestingly, Aussie morning TV show host Sonya Kruger came in at number 17 on the list, a notable mention after appearing alongside other Australian TV stars, such as Carrie Bickmore and Georgie Gardiner in the recent fake Facebook ads scamming unsuspecting victims into purchasing face cream subscriptions. The recent Facebook scam demonstrates how cybercriminals capitalise on our love of celebrity when trying to trap unsuspecting consumers into scams.

Cybercriminals Capitalise on our ‘Celebrity Culture’

Online scammers and cybercriminals are always looking at new ways to get their hands on our private information with the aim of making big bucks. Tapping into our love of celebrity, cybercriminals will create professional looking websites that contain downloads which contain spyware or malware. These malicious celebrity sites may also require users to set up an account. Unsuspecting visitors will then provide their email addresses and passwords to the site not realising that their details have been compromised.

Our fast-paced modern lives mean that we often cut corners in the name of speed and convenience. Some of us are just so keen to view the promised content about our favourite celebrity that we drop our guard and don’t take the time to ensure the site is legitimate.

But not taking the time to ensure a link is safe means fans are not only putting their devices at risk of infection from viruses, but themselves at risk of identity theft.

How to Avoid Being Targeted by a Cyber Criminal

One of the best ways of staying safe online and avoiding falling victim to a scam is to adopt safe searches practices. Here are my top tips to ensure you stay out of trouble!

1. Think Before You Click

Users looking for a sneak-peek of Ruby Rose’s upcoming Batwoman series should be cautious and only download directly from a reliable source. The safest thing to do is to wait for the official release instead of visiting a third-party website that could contain malware.

2. Apply Updates as Soon as they are Available

Device and app updates will often include security fixes. Applying updates is an important step to help ensure devices stay protected.

3. Browse with Security Protection

Searching and browsing without security software is a little like navigating a foreign city with any guidelines. McAfee Total Protection is a comprehensive security solution that can help keep devices protected against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor which can help identify malicious websites – very helpful!

4. Use Parental Control Software

Kids are fans of celebrities too, so ensure that limits are set on the child’s device and use software that can help minimise exposure to potentially malicious or inappropriate websites.

Whether you celebrity watch because you are enamoured, envious or inspired, please don’t let your hobby put you at risk of identity theft. Ensure you (and your kids) search safely so you can stay out of the way of cybercrims and their scams!

Alex x


The post Aussie Ruby Rose is McAfee’s Most Dangerous Celebrity appeared first on McAfee Blogs.

SMB Security Best Practices: Why Smaller Businesses Face Bigger Risks

Data breaches that compromise hundreds of thousands — or millions — of records tend to grab the most headlines, but small- and medium-sized businesses (SMBs) are far from immune to cyberattacks.

SMB security is full of holes, and these vulnerabilities are often the most damaging, according to recent research. For example, Verizon’s “2018 Data Breach Investigations Report” found that about 58 percent of all data breaches target small businesses. In addition, 60 percent of SMBs hit with a data breach close within six months, according to Switchfast Technologies, even though more than half of all small business leaders don’t believe they’re targets.

Small Businesses Are Easy Targets

“Think your business is too small to be targeted by a hacker? Think again,” said Chris Stoneff, vice president of security solutions at secure remote access provider Bomgar. “If your business handles any financial information or valuable data about your customers, then guess what? You’re a target for cyberattacks.”

As large enterprises increasingly focus on improving cybersecurity, cybercriminals may take the path of least resistance.

“If that path is via a smaller business with tempting customers,” Stoneff added, “you better believe they will take the easy route.”

At the same time, many small businesses don’t have a lot of money to spend on cybersecurity. In fact, nearly half of all small businesses fail within five years, according to the U.S. Small Business Administration, and cash flow problems account for a huge number of those closures.

Why You Shouldn’t Skimp on SMB Security

Cybersecurity is not the place for SMBs to cut costs, said John Watkins, vice president and chief information officer (CIO) of inRsite IT Solutions, a cloud and security provider for SMBs.

“If you don’t take cybersecurity seriously, and one day you’re forced to pay $8,000 in bitcoin to — hopefully — unlock your QuickBooks data, just remember, you saved $500 by not getting a firewall,” Watkins quipped.

Clearly, small businesses — even those with razor-thin profit margins — shouldn’t skimp on their cybersecurity protections. But assuming budgets are tight, how can SMBs make the most of their spending?

Many cybersecurity experts still recommend the basics:

  • Use multifactor authentication to sign on to company devices.
  • Require strong passwords.
  • Deploy antivirus, antispyware and firewall protection.
  • Identify the sensitive data you hold and encrypt it.
  • Regularly update software.
  • Train employees on cybersecurity.

A business-grade firewall is one of the essential basics no SMB should ignore, Watkins said.

“No, the ISP modem is not good enough,” he said. “Just run a Google search on the model number of your modem and you’ll find 10 articles listing the default admin password for it.”

Building a Holistic Security Strategy

SMB cybersecurity efforts should focus on their people and processes, “coupled with the support of reliable, well-implemented tools and technologies,” said Chris Duvall, senior director at The Chertoff Group, a company that advises clients on security and risk management.

Beyond the basics, Duvall urged SMBs to consider a virtual private network (VPN) to protect traffic in and out of their networks and a password management tool to help employees store their credentials in a single, secure location. Small businesses should also look into commercial products that package a number of security tools, such as intrusion detection and prevention systems, together.

What to Look For in an MSSP

Managed security service providers (MSSPs) enable small businesses to outsource their cybersecurity protections for a monthly fee. MSSPs can be useful for a resource-strapped SMB, Duvall noted, “but using the right MSSP and ensuring regular and detailed communication is key.” He added that with managed service becoming a popular offering in the cybersecurity industry, some companies are “labeling themselves as MSSPs but are not capable of, or qualified to, manage the security of other organizations.” SMBs should do their homework and request a “proof-of-concept” period before signing an MSSP contract.

Mike Baker, founder and principal of managed cybersecurity provider Mosaic451, agreed that outsourced services can help SMBs fight off attackers. An SMB’s IT staff can “get bogged down by providing the basics — such as routine system monitoring, software upgrades, training on new systems and services, help desk support, and the seemingly endless number of meetings,” he said. The best way to find a managed service provider, then, is through word of mouth.

“It’s always better to go with an actual referral,” Baker said. “Go with someone you know. Go with someone that a peer knows.”

Online ratings, “random top-10 lists and whatnot are paid-for marketing,” he added. “Trust them at your peril.”

Why You Must Actively Manage Your Data

Watkins and other cybersecurity professionals also advised SMBs to frequently back up their data. A cloud service is a good way to make copies that are protected from direct attacks on the business. Ransomware remains a serious threat, and some network-attached storage device makers include software to encrypt and replicate a business’ data in the cloud.

SMBs should have at least three backups of their data, Watkins recommended.

“One of the most devastating things that can happen to an SMB is data loss,” he said. “Whether caused by lightning frying your PC or cryptoware infecting your server, data loss can literally bring a business to the brink of closure.”

Frequent backups, a managed security provider, a VPN, and a well-rounded package of antivirus and intrusion detection tools are among the protections SMBs should consider to better secure their data, but establishing these defenses is only the beginning. To sustain a successful enterprise security strategy, organizations must regularly audit the efficacy of each tool and team, establish a culture of security from the top down, and scale consistently through growth phases.

The post SMB Security Best Practices: Why Smaller Businesses Face Bigger Risks appeared first on Security Intelligence.

IT Security Expert Blog: Cyber Security Roundup for September 2018

September 2018 started with a data breach bang, with British Airways disclosing a significant hack and data loss; 380,000 of the airlines' website and mobile app customers had their debit and credit card details lifted via a maliciously injected script.  The breach even caused BA owners, IAG, shares to drop by 4% in value. And to compound matters, there were several claims made that the BA website wasn't PCI DSS compliant, implying if they were PCI DSS compliant, their customer's personal and payment card information would still be safe.  For further details about this breach see my blog posts; British Airways Customer Data Stolen in Website and Mobile App Hack and British Airways Hack Update: Caused by Injected Script & PCI DSS Non-Compliance is Suspected.

Facebook continues to make the wrong type of headlines after a massive user data breach was confirmed by social media giant at end of the month. Facebook said at least 50 million users’ data was at risk after hackers exploited a vulnerability the Facebook code. Facebook doesn’t know who is behind the attack, however, the FBI is investigating. 

There was an embarrassment at Tory Conference after a conference App flaw revealed the personal data of senior UK government cabinet ministers, with Boris Johnson, Michael Gove, Gavin Williamson among those whose their personal information made available,including their phone numbers

There were several large data breach fines were handed out in September, Tesco Bank was hit by a whopping £16.4 by the Financial Conduct Authority (FCA). The FCA said Tesco had security deficiencies which left account holders vulnerable to a cyber attack in November 2016 which netted the bad guys, via 34 transactions, £2.26 million The FCA reported the cyber criminals exploited weaknesses in the bank's design of its debit card, its financial crime controls and in its financial crime operations team to carry out the attack over a 48-hour period. 

Equifax was fined the maximum pre-GDPR law amount of £500K by the Information Commissioner's Office (ICO) after the US-based credit reference agency failed to protect the personal data of 15 million UK citizens.  ICO ruled Equifax's UK branch had "failed to take appropriate steps" to protect UK citizens' data. It added that "multiple failures" meant personal information had been kept longer than necessary and left vulnerable.

The ICO also fined Bupa £175K, for not having good enough security to prevent the theft of 547,000 customer records by an employee.  Uber has paid £133m to settle legal claims to customers and drives, as a result of trying to cover up a huge breach which occurred in 2016 from regulators. The ride-hailing company paid off hackers to the tune of $100,000 to delete the data they robbed from Uber's cloud servers. The personal data from 57 million Uber accounts also included information about 600,000 driving license numbers. 

The MoD and GCHQ are looking to beef up Britan's Cyber Attack capabilities, announcing a plan to recruit a 2,000 strong cyber force to tackle the Russian threat. Meanwhile across the pond, the Mirai creators have done a deal to keep themselves out of jail in return for helping the FBI catch cybercrooks, which has echoes of the approach the FBI took with cheque fraud expert, Frank Abagnale, the subject of book and movie "Catch me if you Can".

Bristol Airport was impacted by a ransomware attack, which took down their arrival and departure screens for a couple of days, and a Scottish Brewery was also hit by ransomware attack through infected CV it had received through an online job advertisement

Europol warned of 15 ways that you could become a Cyber Crime Victim, and there was an excellent article in the New York Times on the Bangladesh’s Central Bank Cyber Theft



IT Security Expert Blog

Cyber Security Roundup for September 2018

September 2018 started with a data breach bang, with British Airways disclosing a significant hack and data loss. 380,000 of the airlines' website and mobile app customers had their debit and credit card details lifted via a maliciously injected script.  The breach even caused BA owners, IAG, to drop in value 4%. And to compound matters, there were several claims made that the BA website wasn't PCI DSS compliant, implying if they were PCI DSS compliant, their customer's personal and payment card information would still be safe.  For further details about this breach see my blog posts; British Airways Customer Data Stolen in Website and Mobile App Hack and British Airways Hack Update: Caused by Injected Script & PCI DSS Non-Compliance is Suspected.

Facebook continues to make all the wrong kind of privacy headlines after a massive user data breach was confirmed by the social media giant at the end of the month. Facebook said at least 50 million users’ data was at risk after hackers exploited a vulnerability the Facebook code. Facebook CEO Mark Zuckerberg said he doesn’t know who is behind the cyber attack, however, the FBI are investigating. 

There was a good measure of embarrassment at the Tory Conference after a flaw in the conference App revealed the personal data of senior UK government cabinet ministers, with Boris Johnson, Michael Gove, Gavin Williamson among those whose their personal information and phones numbers made available.

There was a number of large data breach fines handed out in September, Tesco Bank was hit by a whopping £16.4 by the Financial Conduct Authority (FCA), the fine would have been doubled if it weren't for Tesco's good co-operation with the FCA investigation. The FCA said Tesco had security deficiencies which left their bank account holders vulnerable to a cyber attack in November 2016. The attack netted the bad guys, via 34 transactions, a cool £2.26 million. The FCA report said the cyber criminals had exploited weaknesses in the bank's design of its debit card, its financial crime controls and in its financial crime operations team, to carry out the attack over a 48-hour period. 

Equifax was fined the maximum pre-GDPR law amount of £500K by the Information Commissioner's Office (ICO) after the US-based credit reference agency failed to protect the personal data of 15 million UK citizens. The ICO ruled Equifax's UK branch had "failed to take appropriate steps" to protect UK citizens' data. It added that "multiple failures" meant personal information had been kept longer than necessary and left vulnerable.

The ICO also fined Bupa £175K, for not having good enough security to prevent the theft of 547,000 customer records by an employee.  Uber has paid £133m to settle legal claims to customers and drivers, as a result of trying to cover up a huge breach which occurred in 2016 from their regulators. The ride-hailing company admitted to paying off hackers to the tune of $100,000 to delete the data they robbed from Uber's cloud servers. The personal data stolen was from 57 million Uber accounts, also included information about 600,000 driving license numbers. 

Looks like the MoD and GCHQ are looking to beef up Britan's Cyber Offense capabilities, announcing a plan to recruit a 2,000 strong 'cyber force' to take on the Russian threat. Meanwhile across the pond, the Mirai creators have done a deal to keep themselves out of jail in return for helping the FBI catch cybercrooks, which has echoes of the approach the FBI took with con artist and cheque fraud expert Frank Abagnale, the subject of book and movie "Catch me if you Can".

Bristol Airport was impacted by a ransomware attack, which took down their arrival and departure screens for a couple of days, and a Scottish Brewery was also hit by ransomware attack through infected CV it had received through an online job advertisement

Europol warned of 15 ways you could become a Cyber Crime Victim, and there was an excellent article in the New York Times on the Bangladesh’s Central Bank Cyber Theft


New ATM Attack Uses Customer-Built Skimmers to Steal Credit Card Data and PINs

The U.S. Secret Service is investigating a series of crimes involving advanced automated teller machine (ATM) skimmers.

In mid-August, the FBI warned global banks about ATM “cash-out” attacks. According to Krebs on Security, the U.S. Secret Service is investigating a new series of crimes that use advanced, custom-built ATM skimmers.

Skimmers, which have been around for years, allow criminals to steal magnetic stripe data when a card is inserted into a compromised card reader.

Not Your Father’s ATM Attack

The latest attack is particularly sophisticated because the skimmer doesn’t sit inside the card reader slot; it sits on top of it and is undetectable from the outside. The installation can only be performed from the inside the ATM, so the criminals drill a hole in the ATM fascia to insert the skimmer.

Using an endoscope, they align the skimmer with specific parts of the card reader and secure it with magnets. They also discretely plant video surveillance cameras inside the ATM, which capture customers typing in their personal identification number (PIN). Finally, the hole is covered with something that will blend into the ATM, such as a metal plate, sign or some other kind of labeling.

This is not a generic attack. The skimmer was clearly designed to fit the physical and electronic specifications of a specific card reader model. Most likely, the criminals obtained an ATM in the product line they were targeting. This would allow them to perfect the skimmer design and practice installing it in private.

How Penetration Testing Can Help Protect ATMs From Advanced Skimmers

X-Force Red, IBM Security’s team of veteran hackers, is aware of other incidents in which criminals have stolen entire ATMs to reverse engineer the software and hardware and develop sophisticated attacks.

Unfortunately, there is no single solution to protect against skimmers. Field staff can be trained to identify compromised machines, but some ATMs may be infrequently visited. Remote monitoring, including video and tamper sensors, is obviously critical.

For this specific attack, placing an internal barrier around the card reader will make the skimmer installation significantly more complicated, if not impossible. If it is properly implemented, upgrading to a card reader that uses on-head encryption will prevent a skimmer from retrieving data through circuit monitoring.

To proactively protect ATMs and connected infrastructure, X-Force Red recommends performing comprehensive ATM penetration testing. It entails testing the ATM hardware, software, network and backend infrastructure. The test will uncover critical vulnerabilities that companies should remediate quickly before attackers find them. In the case of this latest attack, a penetration test would uncover hardware vulnerabilities that could enable criminals to plant the skimmer and camera.

X-Force Red has an ATM testing team that performs comprehensive testing for banks and independent ATM operators around the world. The team has yet to perform a test that does not uncover at least one critical vulnerability.

Source: Krebs on Security

The post New ATM Attack Uses Customer-Built Skimmers to Steal Credit Card Data and PINs appeared first on Security Intelligence.

Don’t Overlook Your Data Blind Spots: 5 Tips for Protecting Unstructured Data

We all know that data is the most valuable intangible asset for a digital business. As data continues to grow in volume, variety and velocity, organizations are forced to take a fresh look at their data management and protection practices. In fact, data protection is now front and center in how organizations manage business risks and protect business outcomes, particularly when it comes to unstructured data.

Data Is Changing, and So Should Your Organization

As data becomes more fluid, dynamic and distributed, so do the challenges around protecting it. IDC predicted that the amount of data created will grow exponentially over the next several years and reach 44 zettabytes by 2020.

What does this mean for your organization? According to Forrester, the average organization holds more than 100 TB of unstructured data within its data centers. Another Forrester report noted that sprawling network drives and SharePoint sites are among the top concerns. With this in mind, lack of ownership and governance of unmanaged file share and storage platforms imposes significant hidden risks to an organization’s critical assets.

Unlike traditional data stores such as databases, there is little to no control or predictability of the data in unstructured repositories because access permissions are amorphous and frequently change over time. At the same time, organizations have to deal with evolving compliance mandates, the skills shortage and the proliferation of security tools from an array of vendors.

How to Avoid Unstructured Data Blind Spots

While many organizations have acknowledged and realized the need for data protection strategies and implemented risk mitigation controls such as data loss prevention (DLP) and encryption, very few have taken a systematic approach that encompasses the protection of both structured and unstructured data repositories. Data security tools are often implemented in a siloed and ad hoc fashion, resulting in operational inefficiencies and data security blind spots.

However, this could soon change: According to Gartner, 40 percent of organizations will be consolidating and rationalizing data security solutions into centralized data-centric audit and protection (DCAP) tools by 2020 — significantly higher than the 5 percent that are doing so today. What’s more, the introduction of regulations such as the European Union (EU)’s General Data Protection Regulation (GDPR) and California’s impending Consumer Privacy Act are also forcing organizations to take a holistic look at their data protection programs and expand their scope to unstructured repositories such as files shares.

As these pressures mount, organizations should consider the following five key security and compliance actions to reduce potential blind spots:

  1. Understand your sensitive data footprint through automated file discovery and classification of file content.
  2. Implement intelligent access management by analyzing document metadata to understand the ownership, so the right owners have access to the right data.
  3. Apply out-of-the-box polices to monitor and detect anomalous or malicious file access patterns, then leverage the insights to use remediation controls such as encryption, isolation, archival and/or elimination of redundant and outdated data, and access that may lead to unnecessary business risk.
  4. Minimize compliance costs with automated, auditable reporting, so the right people can get the right reports at the right time, and avoid potential regulatory fines and unnecessary and time-consuming manual work.
  5. Collaborate and partner with a single data protection vendor for centralized visibility and control of all data assets, thereby eliminating the need for diverse vendor technologies, overcoming security blind spots and reducing operational challenges.

Why You Should Invest in Comprehensive Data Protection

The main motivation for an enterprise to invest in a robust cybersecurity program is to build resiliency and ensure continuous availability of its assets. Data protection is the last line of defense and often the most critical one as threat actors continuously develop new tactics to circumvent perimeter controls.

Organizations must ensure that they address data protection requirements in their entirety using discovery, classification and protection controls across all their data assets, irrespective of their type or where they reside. Remember: The highest number of data risks reside in places — such as unstructured data repositories — that are the most intuitive, yet the most ignored.

To learn more about securing your unstructured data repositories, explore Guardium Data Protection for Files

The post Don’t Overlook Your Data Blind Spots: 5 Tips for Protecting Unstructured Data appeared first on Security Intelligence.

#CyberAware: Will You Help Make the Internet a Safe Place for Families?

National Cyber Security Awareness MonthDon’t we all kinda secretly hope, even pretend, that our biggest fears are in the process of remedying themselves? Like believing that the police will know to stay close should we wander into a sketchy part of town. Or that our doors and windows will promptly self-lock should we forget to do so. Such a world would be ideal — and oh, so, peaceful — but it just isn’t reality. When it comes to making sure our families are safe we’ve got to be the ones to be aware, responsible, and take the needed action.

Our Shared Responsibility

This holds true in making the internet a safe place. As much as we’d like to pretend there’s a protective barrier between us and the bad guys online, there’s no single government entity that is solely responsible for securing the internet. Every individual must play his or her role in protecting their portion of cyberspace, including the devices and networks they use. And, that’s what October — National Cyber Security Awareness Month (NCSAM) — is all about.

At McAfee, we focus on these matters every day but this month especially, we are linking arms will safety organizations, bloggers, businesses, and YOU — parents, consumers, educators, and digital citizens — to zero in on ways we can all do our part to make the internet safe and secure for everyone. (Hey, sometimes the home team needs a huddle, right!?)

8 specific things you can do!

National Cyber Security Awareness Month

  1. Become a NCSAM Champion. The National Cyber Security Alliance (NCSAM) is encouraging everyone — individuals, schools, businesses, government organizations, universities — to sign up, take action, and make a difference in online safety and security. It’s free and simple to register. Once you sign up you will get an email with a toolbox packed with fun, shareable memes to post for #CyberAware October.
  2. Tap your social powers. Throughout October, share, share, share great content you discover. Use the hashtag #CyberAware, so the safety conversation reaches and inspires more people. Also, join the Twitter chat using the hashtag #ChatSTC each Thursday in October at 3 p.m., ET/Noon, PT. Learn, connect with other parents and safety pros, and chime in.National Cyber Security Awareness Month
  3. Hold a family tech talk. Be even more intentional this month. Learn and discuss suggestions from STOP. THINK. CONNECT.™ on how each family member can protect their devices and information.
  4. Print it and post it: Print out a STOP. THINK. CONNECT.™ tip sheet and display it in areas where family members spend time online.
  5. Understand and execute the basics. Information is awesome. But how much of that information do we truly put into action? Take 10 minutes to read 10 Tips to Stay Safe Online and another 10 minutes to make sure you take the time to install a firewall, strengthen your passwords, and make sure your home network as secure as it can be.National Cyber Security Awareness Month
  6. If you care — share! Send an email to friends and family informing them that October is National Cybersecurity Awareness Month and encourage them to visit for tips and resources.
  7. Turn on multi-factor authentication. Protect your financial, email and social media accounts with two-step authentication for passwords.
  8. Update, update, update! This overlooked but powerful way to shore up your devices is crucial. Update your software and turn on automatic updates to protect your home network and personal devices.

Isn’t it awesome to think that you aren’t alone in striving to keep your family’s digital life — and future — safe? A lot of people are working together during National Cyber Security Awareness Month to educate and be more proactive in blocking criminals online. Working together, no doubt, we’ll get there quicker and be able to create and enjoy a safer internet.



Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post #CyberAware: Will You Help Make the Internet a Safe Place for Families? appeared first on McAfee Blogs.

Feature, Bug or Just a Huge Security Risk? Skype for Business, Examined

Here at Heimdal Security, we spread our time between providing security tools to prevent serious attacks like ransomware or next-gen malware and providing the education necessary to keep personal data safe across various platforms and devices.

Sometimes, it becomes obvious that tools and education alone won’t keep users truly safe online, nor will they enforce their privacy. Sometimes, ubiquitous, extremely popular services release some features that truly boggle the mind. Skype for Business is one.

This week, we discovered a serious security risk and privacy breach with the Skype for Business app. It was not related to hacking and other cyber-attacks but a pure “feature”, whose purpose and value we haven’t yet been able to decipher.

If you do a Skype for Business call with “screen-sharing” turned on, be prepared to share more than what you wanted.

Once the person who started screen-sharing hangs up, the desktop-sharing function will continue. The people at the other end of the line will still see what’s happening there.

If the person who had hosted the session does not notice the tiny warning at the top, they will continue sharing whatever they’re doing on the screen. Spreadsheets with sensitive financial data, inbox contents, private messages on Facebook, all of them will be seen by the other person.

Had a cybercriminal participated in a conversation like this, they would have had a field day with the info obtained. In some areas, a competitor could do seriously damage with how much information they are able to see.

We thought that we had stumbled upon a serious security flaw. Imagine our surprise when, after a few seconds of Googling the issue and thinking about contacting Microsoft, we came across this thread. No, screen sharing after ending a call is a “feature, not a bug”. Never mind the fact that a regular Skype user first calls someone to start a meeting, then opens a presentation, then closes the call and assumes that the entire interaction ended.

Why would someone possibly want for their screen to still be visible to the other person, even though the dialogue ended? Even if, by chance, that was the case, the tiny ribbon that lets you know screen-sharing has such an unobtrusive design, a regular user will definitely miss it. For such a security-sensitive feature, you’d think neon colors were in order. Certainly, a pleasant design should not be the only priority for Skype for Business.

After all, the people using it do have plenty of sensitive information that should not leak.

Here is what the caller who initiated screen-sharing can see once he/she hangs up.

skype for business screen share issue

Here is what’s visible to the ones that just left that call. Spoiler: it’s everything the initial caller is currently doing.

skype for business share screen issue

And, finally, this is the placement of the ribbon that was designed to let the user know their screen is still being broadcast. It’s almost black, on top of a browser bar of the same color. If someone had a secondary display and they were to continue working on the screen with the Skype for Business window, it would have been almost impossible to spot that message.

skype for business screen sharing issue

What’s worse is that this is something that’s been signaled plenty of times.

Microsoft’s response? “It’s an expected behavior,” said a customer representative. He followed that an invitation to “vote for this feedback” at another link. And a recommendation to “close the Skype for Business chat window to end Skype call and screen sharing at the same time.”

Yes, the official suggestion is to close the entire window, not press the button that’s for ending the call.

Give it a bit more time, and instead of customer support signaling a bad UI design (user interface) and the developers fixing it, someone will tell you to put a sticker on your webcam if you want to stop broadcasting. This is not to mention what a huge GDPR infringement this Skype for Business bug is. Some experts point out that even sharing usernames in unencrypted communications or on screens can be against the General Data Protection Regulation.


Microsoft is not alone in this and could probably pin this one on miscommunication, not bad intentions.

What users have to do is to secure their device with the essential security layers and remain updated with current news, so they can act swiftly and protect themselves and their valuable data.

The post Feature, Bug or Just a Huge Security Risk? Skype for Business, Examined appeared first on Heimdal Security Blog.

Solution to Skills Gap Is Strong Cyber Culture

According to a new study released by (ISC)2, organizations that have made a strong investment in cybersecurity technology are better able to retain the talent they need to protect against both

The post Solution to Skills Gap Is Strong Cyber Culture appeared first on The Cyber Security Place.

Don’t Let Privileged Accounts Be a Privilege to Outsiders

Privileged accounts are essential to businesses both big and small, but these accounts pose a greater security threat than meets the eye. Sometimes, clicking on a malicious link is all

The post Don’t Let Privileged Accounts Be a Privilege to Outsiders appeared first on The Cyber Security Place.

Following the Clues With DcyFS: A File System for Forensics

This article concludes our three-part series on Decoy File System (DcyFS) with a concrete example of how a cyber deception platform can also be a powerful tool for extracting forensic summaries. Using that data can expedite postmortem investigations, reveal attributing features of malware, and characterize the impact of attackers’ actions. Be sure to read part 1 and part 2 for the full story.

File System Overlays as Blank Canvases

When using Decoy File System (DcyFS), each subject’s view contains a stackable file system with an overlay layer. This layer helps protect files on the base file system, providing data integrity and confidentiality. The overlay also acts as a blank canvas, recording all created, modified and deleted files during suspicious user activity or the execution of an untrusted process.

These records are essential to piecing together what happens during a cyberattack as the overlay provides evidence of key indicators of compromise (IoCs) that investigators can use. To demonstrate the forensic capabilities of our approach, we created a module that analyzes overlays for IoCs and tested it with five different types of malware. The IoCs were sourced from the ATT&CK for Enterprise threat model.

DcyFS and the Forensics of Malware

Let’s take a closer look at the five malware types we identified with DcyFS’s analysis module and the IoCs collected through the file system overlays. We’ll also discuss how the file system actively helped protect critical systems from malware in our tests.


Most malware is designed to persist on an infected endpoint and relaunch after a system reboot. The exact mechanism for persistence is dependent on whether the malware gains access to administrator privileges on the endpoint. If it does not, then the malware will typically modify user profile files that are run on startup.

Malware running with escalated privileges can modify systemwide configurations in order to persist. This is achieved by dropping initialization scripts into the system run-level directories. In certain cases, malware will create reoccurring tasks that ensure the malware is run on a schedule, persisting across reboots.

Each time a piece of malware modifies a system file, the changes are recorded on DcyFS’s overlay, enabling the forensic analyzer to easily identify malicious activity. Furthermore, since DcyFS provides per-process views to the malware, no file changes by the malware persist across the global file system view. This also means the malware is not restarted on a reboot.

Dynamic Link Library (DLL) Injection

Some malware, such as Umbreon and Jynx2, are not executables, but rather libraries designed to be preloaded by system processes. The libraries replace important system application programming interface (API) calls to change the functionality of a running application. In this way, an Apache web server can be turned into a backdoor, or a Bash shell can be hijacked to mine bitcoins in the background.

In Umbreon’s case, the malware replaces C API calls such as “accept,” “access” and “open” to hide its presence on the file system from an antivirus system or the system user. Umbreon also creates a user, and hides its presence using injected API calls. Such file system changes are identified by DcyFS, as is the injected malicious library. Furthermore, since the library is only loaded in its own view, it cannot be injected into any process running on the system.

Binary Downloaders (Modifiers)

Cybercrime is a mercurial commodity business, where large criminal syndicates rent access to extensive botnets to other attackers. These bots are designed to send malicious spam or download various pieces of malware, such as banking Trojans, bitcoin miners and keyloggers, to collect stolen data that can be monetized by the syndicate.

With administrative access to an infected endpoint, bots will try to download malware into many system directories, creating redundancy in hopes that the defender will miss one when detected. As a result, newly installed binary downloads on a file system are a key IoC.

Aside from downloading new binaries, malware can also alter existing system binaries to make them secretly engage in nefarious activities. While running on DcyFS, these binary modifiers only appear to modify the overlay they can access — they are unable to modify the applications in the global view of the base file system. Consequently, they are never truly executed, but the modified binary appears prominently on the overlay, where it can be extracted and analyzed by a forensics team.


Typically, skilled attackers will try to cover their tracks to evade detection. One way of doing this is by saving malware into hidden files, such as any file starting with a period, or modifying programs such as “ls” or “dir” so that malware files are ignored when the contents of a directory are displayed to a user.

Another technique for hiding one’s presence is to remove entries from a user’s history profile or deleting task entries that conduct antivirus scans. Finally, killing or deleting antivirus software is another mechanism for ensuring that malicious activities are not uncovered. With DcyFS, each step used to cover one’s tracks is highlighted on the file system’s overlay.

Ransomware and Beyond

Ransomware has become a prominent part of the attack ecosystem, wreaking havoc on individuals and companies alike. The Erebus ransomware, for example, cost South Korean companies millions of dollars in ransom payments to rescue their own and their customers’ data.

Recent ransomware attacks have capitalized on strong, asymmetrical encryption as the main technique to hold victims’ data for ransom. However, other malware, such as KillDisk and Shamoon, simply destroys important files and cripples system infrastructure without the option to undo the destruction.

When dealing with ransomware on the endpoint, the malware attempts to run through directories and locate preconfigured file extensions to encrypt. When that process begins, our forensic analysis looks for indication of encryption in the overlay file system, such as file MIME type, to find evidence of a ransomware attack. It can also characterize attacks by measuring their information footprint in the file system. The DcyFS forensics analyzer generates three indicators that estimate the impact of the following file system changes introduced by programs:

  • Binary differences — Average percentage of modified bytes across copied files.
  • Information gain — Average information gain across copied files measured as the difference between the entropies of base and overlay files.
  • Write entropy — Average write entropy across overlay files.

DcyFS also actively protects files from ransomware using the overlay. This allows the ransomware to “believe” it has succeeded, but enables the user to subvert the attack without any damage to critical infrastructure.

Humanize Your Security Problems With DcyFS

DcyFS is a security Swiss army knife. On one hand, the file system is a passive sensor, monitoring access to one of the most important commodities companies have: their data. It is also a forensic tool, allowing security practitioners to collect key evidence when an attack occurs. On the other hand, DcyFS is an active security control that can hide and help protect data while baiting attackers into revealing themselves.

Our research team believes that tools like DcyFS will be a big part of the next generation of cyberdefense. Agile and versatile tools of this kind not only identify attacks as they occur, but actively engage and react to the attacker. They turn security from a technical problem, as it is often cast, into a human problem, where adversaries and defenders engage like they do on any battlefield.

The post Following the Clues With DcyFS: A File System for Forensics appeared first on Security Intelligence.

Understanding California’s Consumer Privacy Act: The ‘American GDPR’

As enterprises around the world deal with legislative backlash following years of unfettered data collection, companies are confused about how to achieve compliance not only with the General Data Protection Regulation (GDPR), but also with California’s Consumer Privacy Act (CCPA). If you are one of them, rest assured that you are not alone in your confusion — and you’d better believe there’s more to come.

Several months after GDPR went into effect, 27 percent of companies reported that they had yet to start the GDPR compliance process, according to GDPR.Report. Still, the threat of additional regulations looms.

When the California legislation goes into effect on Jan. 1, 2020, more than 500,000 American businesses will be subject to the CCPA, according to a recent report from Varonis. In addition, 58 percent of companies have more than 100,000 folders open to everyone. Sensitive data is at risk, and in 15 months, companies will be required to allow consumers to review the data they have collected on them, demand deletion of data and opt out of having the data sold to third parties. Organizations face fines of $7,500 for violations.

Navigating the ‘American GDPR’

Since Labor Day weekend, two new state law amendments have come into effect. In its privacy statute, Colorado expanded the terms of what data will be protected. Additionally, the statute now includes a mandated 30-day breach notification. The clock starts ticking the moment the company discovers the breach. New York’s department of financial services similarly updated its cybersecurity guidance under NY State 23 NYCRR 500 Law.

The new requirements mandate risk assessments by application, as well as limits on data retention. The revisions added information access monitoring requirements and stipulated that all private information be encrypted, both at rest and in transit.

“The web of cyber data privacy laws continues to grow both in volume and complexity,” said Pravin Kothari, CEO of cloud security vendor CipherCloud, in an email interview. “These sort of regulations will need to be handled by Federal omnibus. The expense and risk to businesses in attempting to implement a rolling thunder of different regional and/or state data privacy laws will be overpowering.”

With increasing focus on regulations, the burden is falling on companies to manage and secure sensitive data while also providing customers greater control over their sensitive information. As if complying with GDPR and CCPA were not complicated enough, additional legislation is likely forthcoming in the U.S. — other states are bound to introduce their own laws, which sets a high bar for U.S. companies when it comes to data privacy.

There’s Still Time to Prepare for the Consumer Privacy Act

The good news is that Jan. 1, 2020 is still about 15 months away. While companies are all over the spectrum in terms of how far they have to go, there is still time to work through some of the confusion the market is sensing to iron out the compliance wrinkles.

“Determining the best practices for compliance with the upcoming laws depends in large part [on] how risk-averse companies are,” said Arshad Noor, creator and chief technology officer (CTO) of StrongKey. “Those companies that are already compliant with GDPR will find themselves well-prepared to deal with new acts across the U.S. in different states.”

While GDPR defines a data subject as a human being and any data above them, California defines the person as a human, business, entity or object, according to Noor.

“We tend to think of consumer privacy as my information, name, date of birth, gender, but California has created categories of data which include metadata, IP addresses and more,” Noor said. “It’s an interesting notion about privacy that I don’t think anyone has thought of.

Between now and 2020, a lot will be clarified about the different categories of data and the fundamentals of what needs to be protected. But don’t wait for clarification to begin moving toward compliance. The first step is to establish a policy that guides the company’s day-to-day practices. Once that policy is defined, Noor said, “Look at specific requirements of the law. Companies will have to have a link or button on the home page that allows a consumer to say ‘Please delete all my information.'”

Currently, the law requires that websites or businesses dealing with California customers allow those users to make a direct request of their right to be forgotten. That will be mandatory, so processes must be in place for compliance. Others stipulations are not as explicitly stated, so now is the time to start thinking about what companies should be doing. The law does provide for companies to collect data they need for doing business, which is why each organization needs to be able to identify what information they actually need.

Take a Minimalist Approach to CCPA Compliance

To start your CCPA compliance journey, identify where and how your organization’s data is stored and then begin the process of permanently deleting any clutter out of those systems and clearing it up.

“If it’s not necessary to conduct business, consider getting rid of that information,” Noor advised. “They need to know which applications use what data and where they have stored it. So, they should begin to take an inventory of the data, starting now.”

In addition, there may be residual information left after your cleanup, so it’s important to think about protecting what is left. At a minimum, companies should encrypt the information and eliminate user passwords from web applications. Many applications may have sensitive information, so companies need to identify that data and choose whether to keep what they have collected.

“They should define how they use the data and make that visible in their policy as well as in their notices to consumers,” Noor explained. “Be clear about what information is being collected, how it is used and to whom it is sold.”

Improving Compliance — and Guidelines

Once a policy is in place, the next step is to implement procedures. Identifying appropriate procedures requires asking questions such as:

  • How do I address requests from consumers in my ecosystem?
  • How do consumers delete their data?
  • What is the process for identifying all information across all systems?

By addressing these gaps now, you can keep from getting caught in the regulatory cold.

When California’s data breach prevention law was made public, most jurisdictions didn’t want to go anywhere near it. The legislature didn’t take long to issue federal law. While the U.S. government could choose not to propose federal privacy protection legislation, businesses should be working with congress to try to bring uniform law. Waiting for congress to act may take too long and could result in 48 more different pieces of legislation. Talk about a compliance nightmare.

The post Understanding California’s Consumer Privacy Act: The ‘American GDPR’ appeared first on Security Intelligence.

When It Comes to Cloud Data Protection, Defend Your Information Like a Guard Dog


These days, enterprises are increasingly running their business from the cloud. But the portion of your business that’s running in this environment presents numerous security challenges. When it comes to cloud data protection, it’s not just credit card numbers and personally identifiable information (PII) that need protecting, but also the data that represents the majority of your company’s value: your intellectual property. This includes your product designs, marketing strategy, financial plans and more. To add to the complexity, much of that data is stored in disparate repositories.

How do you know if you’re doing enough to protect the cloud-stored data that’s most crucial to your business? To keep malicious actors away from your cloud-bound crown jewels, you need the cybersecurity equivalent of a guard dog — one that knows when to bark, when to bite and when to grant access to those within its circle of trust.

Let’s take a closer look at some challenges related to protecting data in the cloud and outline key considerations when selecting a cloud security provider.

What to Do When Data Is Out of Your Hands

Data that’s stored in the cloud is inherently accessible to other people, including cloud service providers, via numerous endpoints, such as mobile devices and social media applications. You can no longer protect your sensitive data by simply locking down network access.

You need security against outside threats, but you also need it on the inside, all the way down to where the data resides. To address this, look for a provider that offers strong data encryption and data activity monitoring, inside and out.

Data Is Here, There and Everywhere

With the growth of mobile and cloud storage, data is here, there, in the cloud, on premises, and everywhere in between. Some of it is even likely stored in locations you don’t know about. Not only does everyone want access to data, they expect access to it at the click of a mouse. A complete cloud data protection solution should have the following:

  • Mature, proven analytical tools that can analyze your environment to automatically discover data sources, analyze those data sources to discover the critical, sensitive, regulated data, and intelligently and automatically uncover risks and suspicious behavior.
  • Protection with monitoring across all activity, both network and local, especially the actions of privileged users with access to your most sensitive data. Of course, you should also protect data with strong encryption.
  • Adaptability to your changing and expanding environment, with a security solution that can support hybrid environments and seamlessly adjust to alterations in your IT landscape.

How to Gain Visibility Into Risks and Vulnerabilities

Detecting risks of both internal and external attacks is more challenging as data repositories become more virtualized. Common vulnerabilities include missing patches, misconfigurations and exploitable default system settings.

Best practices suggest authorizing both privileged and ordinary end users according to the principle of least privilege to minimize abuse and errors. A robust cloud data protection solution can help secure your cloud and hybrid cloud infrastructure with monitoring and assessment tools that reveal anomalies and vulnerabilities.

Choose the Right Data-Centric Methodology

A data-centric methodology should go hand in hand with the solutions outlined above to support cloud data protection. Make sure your data security solution can do the following:

  • Automatically and continuously discover data sources that you may not have realized existed. This means classifying the data in those databases to understand where you have sensitive, regulated and high-risk data.
  • Harden data sources and data. For data sources, that means understanding what vulnerabilities exist and who has access to data based on entitlement reports. For hardening data, your solution should enable you to set policies around who has access and when access needs to be blocked, quarantined or possibly allowed but masked before granting access.
  • Monitor all users, especially privileged users, to be able to prove to auditors that they are not jeopardizing the integrity of your data.
  • Proactively protect with blocking, quarantining and masking, as well as threat analytics that cover all data sources and use machine learning. Threat analytics can help you understand which activities represent normal, everyday business and which are suspect or anomalous — information that humans can’t possibly uncover on a large scale.

Find a Guard Dog for Your Cloud Data Protection

If your organization is just starting out with data protection, consider a software-as-a-service (SaaS) risk analysis solution that can enable you to quickly get started on the first two steps outlined above. By starting with a solution that supports discovery, classification and vulnerability assessments of both on-premises and cloud-based data sources, you can make demonstrable progress with minimal time and technology investment. Once you have that baseline, you can then start investigating more comprehensive data activity monitoring, protection and encryption technologies for your cloud-bound data.

The post When It Comes to Cloud Data Protection, Defend Your Information Like a Guard Dog appeared first on Security Intelligence.

Regtech to account for 40% of global compliance spend by 2023

A new study from Juniper Research has found that spending on Regtech platforms will exceed $115 billion by 2023, up from an estimated $18 billion in 2018. The research found increased regulatory pressures, as demonstrated by the recent GDPR implementation, are driving businesses towards Regtech to meet greater compliance challenges. According to the research, any heavily regulated business sector not prioritising Regtech adoption would risk damaging fines from failing to keep pace with regulatory changes. … More

The post Regtech to account for 40% of global compliance spend by 2023 appeared first on Help Net Security.

How Do You Know if Your Privileged Accounts Are at Risk?

Privileged access management (PAM) is one of the biggest priorities for security teams, but it brings some difficult challenges. Privileged users — your IT administrators or business super users — hold the keys to the organization’s crown jewels, or your network, systems and sensitive data.

As a result, threat actors actively target privileged accounts as an entry point to move throughout an IT environment, compromising systems and stealing sensitive company and customer data. That’s why the misuse and abuse of privileged credentials is a major concern for IT security professionals. Stringent security and compliance requirements are often put in place as a result, which can create a lot of work for IT teams to document privileged account use for audits, manually update credentials, and keep track of privileged users and their entitlements.

There must be a better way — but where do you start, and how do you know if your privileged accounts are at risk?

5 Questions to Help You Protect Privileged Accounts

As a first step, determine whether you are managing privileged credentials effectively to mitigate the risks of a privileged account attack. Below are five questions to help you improve your ability to discover privileged credential misuse and refine your incident response plans for such attacks.

1. Do You Have Visibility Into Your Privileged Access Risks?

Many organizations simply don’t know the full breadth of privileged credentials that exist in their IT environment until they conduct an eye-opening compliance audit. Privileged access is often a highly manual and outdated process managed with spreadsheets or insecure cloud applications.

Unknown privileged accounts in the IT environment can cripple an organization because they often lead to undetected cyberbreaches. In fact, a Forrester study found that 80 percent of data breaches involve the use of privileged account access. If an organization doesn’t have clear visibility into all its privileged accounts, there’s a higher likelihood that such a breach will go undetected.

Even if you are adequately managing privileged access in your current environment, your security team may not be prepared to apply the right controls to new applications and systems. Even sophisticated organizations often lack a systematic way to manage the deployment of new assets into the IT environment and their associated security controls.

2. Can You Adequately Secure Privileged Credentials?

Once you know what types of privileged accounts you have, you may find that your accounts are not adequately secured. Find out if privileged credentials are shared frequently among your IT admins. If credentials are visible to the end-user admins, that’s a red flag for significant risk.

Passwords and secure shell (SSH) keys that are static or reused can also pose potential risks. Passwords and SSH keys need to be rotated, randomized and expired regularly. A threat actor can execute many types of attacks, such as phishing, man-in-the-middle (MitM) and pass the hash, using static passwords to obtain root access to your systems and data.

Does your organization have a policy of least privilege? Least privilege means giving users the minimum entitlements needed to accomplish their intended tasks. Users should log into their systems and environments as normal users by default and receive elevated privileges only for as long as is needed to execute a privileged action. Organizations that don’t have a policy of least privilege may be putting privileged accounts at serious risk.

Another area to review is multifactor authentication (MFA) and authorization controls. These solutions can make it more difficult for attackers to misuse privileged credentials, but they can be costly to deploy across your entire environment. Many legacy systems may not even support modern MFA capabilities without expensive upgrades. A robust PAM solution can help you sidestep this issue; you just need to protect the credential vault with MFA rather than retrofitting every legacy system.

3. Can You Detect Inappropriate Privileged Account Use?

Another key question is whether you have the ability to monitor privileged accounts for unusual behaviors and log activity information for review.

Detecting inappropriate privileged account use starts with monitoring. Once that access data is available, threat analytics can be applied to privileged accounts to establish a baseline of normal behavior, catch deviations and trigger alerts. Scoring algorithms can be used to categorize normal behavior, taking into account the patterns of individual users and their activities. These algorithms can then pick up deviations from the norm and categorize their severity with a risk score. If you set the right thresholds, the risk score can kick off an alert and an incident response plan.

The ability to quickly identify these malicious behaviors is key. The faster you detect them, the faster you can respond to privileged account attacks.

4. Can You Act Quickly When Suspicious Privileged Account Use Occurs?

Are your incident response practices and workflows ready to address a scenario in which a privileged account is hijacked by an attacker or malicious insider? Can you automatically shut down a privileged session based on unusual activity, or are you relying on a manual process?

Having the right controls in place to immediately react to a risk factor can prevent an attack from escalating. By contrast, a manual process means you are dependent on the response time of an analyst to stop a threat, which could leave the attacker enough time to cause irreparable harm.

5. Can You Recover Privileged Credentials After an Incident?

In the event of stolen data records or system failure, you need to be able to recover and restore critical data quickly. Either way, the PAM solution needs to be robust and include break-glass procedures to allow access to critical systems in the event of a failure.

However, this is not easy because it requires coordination across multiple teams, so everyone uses the same playbooks. If you don’t have high availability and redundancy set up for PAM systems, your privileged accounts are likely at risk too.

Threat actors that successfully obtain privileged credential access may be able to change passwords, locking your admins out of critical systems and applications. A recovery of privileged credentials allows your organization to maintain control of these accounts in the event of a cyberattack.

A Comprehensive Approach to Privileged Access Management

Answering these five questions and acting on them to protect privileged accounts requires a comprehensive approach to privileged access management. Privileged account attacks can quickly escalate from an undetected security incident into a full-blown data breach. That’s why it’s crucial to develop a methodical and strategic process for managing privileged access. Doing so narrows your overall attack surface and improves your security posture.

Register for the webinar to learn how to narrow your privileged account attack surface

The post How Do You Know if Your Privileged Accounts Are at Risk? appeared first on Security Intelligence.

McAfee Blogs: Mobile and Digital Payments: Worth the Risk?

Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on instant gratification. From accessing information on the web to doing work –and now sending and receiving digital payments– our devices and applications support us while we’re on the go. Whether we’re paying a friend for dinner, our roommate for rent, or otherwise, many of us use peer-to-peer (P2P) mobile and digital payment apps rather than cash to settle our bills.

P2P mobile and digital payment apps like Cash App, PayPal, Venmo, and Zelle have changed the way we transfer money; today it’s faster, simpler, and easier than ever. In fact, they’re so popular that it’s estimated that in 2018, $700 billion will be transferred in this manner. With so much money being sent and received in this way, the ease of transfer begs the question, how secure are these apps?

While some have turned to using cryptocurrency and blockchain to curtail the known dangers of traditional mobile payment apps, recent cryptojacking incidents have proven that even this new technology is not foolproof when it comes to cybersecurity and the determination of cybercriminals. And while the convenience of digital payments can’t be denied, we seem to be prioritizing ease of use over security. Let’s take a look at how digital payments work, as well as their security implications.

How Digital Payments Work

P2P apps like Venmo, Cash App, and others essentially all work in the same way.  Functioning as a digital wallet, users link the app to their bank accounts or credit and debit cards. Then the app adds or subtracts money based on when users receive or send a payment. From there, users can “cash out” their balance to their preferred digital property, such as the account attached to a card or bank account.

P2P Money Transfer Apps and Cybersecurity Concerns

On the surface, digital money transfers may seem harmless, when in fact, they could lead to a headache of unforeseen cybersecurity concerns. The good news is that most money transfer apps will reimburse you for fraudulent charges. However, if someone has physical access to your phone and you don’t keep it locked, they can send money to themselves or others and you won’t get that money back.

Aside from the obvious concern of losing your phone, if you use an unsecured network to transfer money, it’s easier for someone to launch a phishing attack to gain access to your data. That’s because some payment apps will send request links from other users to download the app on their device. These links can be manipulated by cybercriminals and often contain just a letter or number off so that these changes go unnoticed by day-to-day users. When clicked on, a user can be redirected to a web page and presented with malware or a virus and might be prompted to download it– giving an unfriendly host access to your financial information. Thankfully, leveraging your data plan or a VPN rather than an unsecured or pubic Wi-Fi network can help create an extra layer of protection, making it more difficult for cybercriminals to access your sensitive data.

Lastly, there are often unforeseen holes in software that provide backdoor access to your financial information. Meticulously updating the software on your mobile device can help patch up known security issues, also making it easier to protect your data.

Tips to Stay Safe While Using Peer-to-Peer Money Transfer Apps

If you already use a peer-to-peer money transfer app or are on the fence about downloading one, here are some tips to take into account. By practicing multiple security habits simultaneously, your financial information is much more likely to remain safe on your devices and apps:

  • Set up additional security measures. P2P payment platforms require access to sensitive financial information. Check your account settings to see if you can enable multi-factor authentication, PIN/Password requirement, or use fingerprint recognition.
  • Check your preferred app’s permission or settings. Some might share information about your transactions on social media or on the platform itself, like Venmo. Make adjustments to these settings if and when you see fit.
  • Update your software and apps. It’s a best practice to update software and apps when prompted to help seal vulnerabilities when they’re found.
  • Be aware of where you are conducting your money transfers. Opt to use your data plan or a secure, private Wi-Fi network when using a P2P payment app. If you connected to public Wi-Fi, cybercriminals could use the holes in these networks to access your personal banking information and possibly access your P2P app account. If you must use public Wi-Fi, then it’s a good idea to use a Virtual Private Network (VPN).
  • Confirm the deposit went through. When you receive a payment, that money is added to your in-system balance. This is where it will remain until you initiate the transfer to your bank account or use it for another transaction within the app. If you transfer the balance to your bank, confirm it went through. This could take anywhere from a few days to a week. If it takes longer, it’s worth investigating to stop suspicious behavior in its tracks.
  • Be wary of scammers and cybercriminals. If you don’t know the person to which you are sending a digital transfer (say to purchase tickets to an event), look for poor spelling or grammar from them and read links carefully. If something doesn’t look right, that’s often a tell-tale sign that you’re being led astray. Try to find an alternative way to pay, or better yet – find someone who is more trustworthy.

Interested in learning more about IoT and mobile security tips and trends? Stop by, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Mobile and Digital Payments: Worth the Risk? appeared first on McAfee Blogs.

McAfee Blogs

Mobile and Digital Payments: Worth the Risk?

Thanks in part to the convenience that our mobile devices provide for us, much of the world operates now on instant gratification. From accessing information on the web to doing work –and now sending and receiving digital payments– our devices and applications support us while we’re on the go. Whether we’re paying a friend for dinner, our roommate for rent, or otherwise, many of us use peer-to-peer (P2P) mobile and digital payment apps rather than cash to settle our bills.

P2P mobile and digital payment apps like Cash App, PayPal, Venmo, and Zelle have changed the way we transfer money; today it’s faster, simpler, and easier than ever. In fact, they’re so popular that it’s estimated that in 2018, $700 billion will be transferred in this manner. With so much money being sent and received in this way, the ease of transfer begs the question, how secure are these apps?

While some have turned to using cryptocurrency and blockchain to curtail the known dangers of traditional mobile payment apps, recent cryptojacking incidents have proven that even this new technology is not foolproof when it comes to cybersecurity and the determination of cybercriminals. And while the convenience of digital payments can’t be denied, we seem to be prioritizing ease of use over security. Let’s take a look at how digital payments work, as well as their security implications.

How Digital Payments Work

P2P apps like Venmo, Cash App, and others essentially all work in the same way.  Functioning as a digital wallet, users link the app to their bank accounts or credit and debit cards. Then the app adds or subtracts money based on when users receive or send a payment. From there, users can “cash out” their balance to their preferred digital property, such as the account attached to a card or bank account.

P2P Money Transfer Apps and Cybersecurity Concerns

On the surface, digital money transfers may seem harmless, when in fact, they could lead to a headache of unforeseen cybersecurity concerns. The good news is that most money transfer apps will reimburse you for fraudulent charges. However, if someone has physical access to your phone and you don’t keep it locked, they can send money to themselves or others and you won’t get that money back.

Aside from the obvious concern of losing your phone, if you use an unsecured network to transfer money, it’s easier for someone to launch a phishing attack to gain access to your data. That’s because some payment apps will send request links from other users to download the app on their device. These links can be manipulated by cybercriminals and often contain just a letter or number off so that these changes go unnoticed by day-to-day users. When clicked on, a user can be redirected to a web page and presented with malware or a virus and might be prompted to download it– giving an unfriendly host access to your financial information. Thankfully, leveraging your data plan or a VPN rather than an unsecured or pubic Wi-Fi network can help create an extra layer of protection, making it more difficult for cybercriminals to access your sensitive data.

Lastly, there are often unforeseen holes in software that provide backdoor access to your financial information. Meticulously updating the software on your mobile device can help patch up known security issues, also making it easier to protect your data.

Tips to Stay Safe While Using Peer-to-Peer Money Transfer Apps

If you already use a peer-to-peer money transfer app or are on the fence about downloading one, here are some tips to take into account. By practicing multiple security habits simultaneously, your financial information is much more likely to remain safe on your devices and apps:

  • Set up additional security measures. P2P payment platforms require access to sensitive financial information. Check your account settings to see if you can enable multi-factor authentication, PIN/Password requirement, or use fingerprint recognition.
  • Check your preferred app’s permission or settings. Some might share information about your transactions on social media or on the platform itself, like Venmo. Make adjustments to these settings if and when you see fit.
  • Update your software and apps. It’s a best practice to update software and apps when prompted to help seal vulnerabilities when they’re found.
  • Be aware of where you are conducting your money transfers. Opt to use your data plan or a secure, private Wi-Fi network when using a P2P payment app. If you connected to public Wi-Fi, cybercriminals could use the holes in these networks to access your personal banking information and possibly access your P2P app account. If you must use public Wi-Fi, then it’s a good idea to use a Virtual Private Network (VPN).
  • Confirm the deposit went through. When you receive a payment, that money is added to your in-system balance. This is where it will remain until you initiate the transfer to your bank account or use it for another transaction within the app. If you transfer the balance to your bank, confirm it went through. This could take anywhere from a few days to a week. If it takes longer, it’s worth investigating to stop suspicious behavior in its tracks.
  • Be wary of scammers and cybercriminals. If you don’t know the person to which you are sending a digital transfer (say to purchase tickets to an event), look for poor spelling or grammar from them and read links carefully. If something doesn’t look right, that’s often a tell-tale sign that you’re being led astray. Try to find an alternative way to pay, or better yet – find someone who is more trustworthy.

Interested in learning more about IoT and mobile security tips and trends? Stop by, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Mobile and Digital Payments: Worth the Risk? appeared first on McAfee Blogs.

Facebook Increases Security For Political Campaign Staff

Facebook is introducing new security tools for political campaign staff, concerned about dirty tricks in the run-up to the mid-term elections. On his personal Facebook page, CEO Mark Zuckerberg admitted

The post Facebook Increases Security For Political Campaign Staff appeared first on The Cyber Security Place.

Reconciling Trust With Security: A Closer Look at Cyber Deception With DcyFS

This article is the second in a three-part series that provides a technical overview of Decoy File System (DcyFS). This original research was recently showcased in a paper titled “Hidden in Plain Sight: Filesystem View for Data Integrity and Deception,” which appeared at the 15th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) in Paris in June 2018.

Our previous blog post introduced the concepts underpinning the overall design of Decoy File System (DcyFS) as part of using cyber deception tactics to protect against attacks on networked environments. Central to its security and deceptive capabilities is DcyFS’s ability to modulate subject trust through a hierarchical file system organization that explicitly encodes trust relations between different execution contexts.

The core principle of DcyFS’s trust model is that of least privilege, which means that legitimate subjects only require access to directories, files and file types relevant to their work and do not need to know about other files on the system. In this post, we detail how a trust model based on this principle is built into DcyFS’s architecture and describe its effects on process execution.

DcyFS’s Architecture

The core component of DcyFS is a set of security domains that provides each process with a customized view of the file system computed as the union of the base file system and its overlay (see Figure 1).

Architectural overview of DcyFS

Figure 1: Architectural overview of DcyFS

To alter the resulting union between layers, each overlay has the ability to:

  1. Hide base files;
  2. Modify their content by overlaying a different file with the same name; and
  3. Inject new files into the overlay that are not present in the original host system.

File writes are stored in the overlay, protecting base files from being overwritten. This forms the basis of a stackable file system that can be mounted atop different base file system types (e.g., block, network) to offer data integrity protection and detection of attacks that aim to tamper with or steal data.

To separate file system views, DcyFS transparently combines two file systems, which we term the “base” file system and the “overlay” file system. The base file system is the main host file system and is read-only, while the overlay is a read-write file system that can control what is visible to a running process.

When a file with the same name appears in both file systems, the one in the overlay is visible to the process. When a directory appears in both file systems, both directories’ contents are merged in the process view. A file or directory is hidden from view by injecting a character device on the overlay. To hide a base file or directory, DcyFS simply marks it as deleted in the overlay.

Decoy files are similarly placed in carefully chosen locations inside the overlay mount, and existing files can further be replaced or redacted for cyber deception.

Creating Security Domains to Isolate Views

To implement the separation between the base layer and its overlays, DcyFS creates persistent and reusable security domains to transparently isolate file system views. Security domains enforce coherent views of the file system and form the basis for defining DcyFS’s trust model. Each security domain has its own profile, which contains the list of files and directories that are viewable within that domain. These include files that are deleted, replaced or injected in the domain view.

The Trust Model

DcyFS’s file system view isolation is policy-driven, defined by associations between mount namespaces, file system objects and users with security domains. Similar to data classification models, each security domain sd ∈ (Γ, ≤) is assigned a rank denoting its level of trust relative to the other domains. Security domains, therefore, comprise a partially ordered lattice (Γ) ordered by trust scores (≤), with the untrusted domain (sdunt) at the bottom denoting untrusted execution and the root domain (sdroot) at the top denoting trusted execution. Meet operation U denotes greatest lower bound, which is used to determine the proper domain of execution of new programs. DcyFS uses this model to determine in which security domain to execute new processes.

This decision point extends the semantics of the kernel’s exec(filename, args) function to compute the following parameters:

  • Target execution domain as sdfilename U sdargs U sduser U sdns.
  • The meet between the security domains of filename, args computed across all arguments denoting file paths.
  • User, the set of security domains associated with a user.
  • ns, the parent process’ security domain, denoted by the current mount namespace.

Including sdns in the security domain determination of a newly launched process limits its execution to its parent process’ security domain, thus preventing lower-ranking domains from accidentally or maliciously spawning child processes in higher-ranking domains. In our research implementation, this property is seamlessly encoded in the security domains’ mount namespace hierarchy.

To illustrate, Figure 2 describes a simple security domain setup for a client desktop. It includes domains to separate internet-facing applications (sdbrowser), word processing tools (sddocs) and programming environments for scripted languages (sdscripts).

In this context, a web browser running in sdbrowser may download a PDF document from the internet, which gets stored in the browser domain. To visualize its contents, a trusted user (sdroot) opens the file in a PDF viewer (sddocs). As a result, DcyFS executes the viewer in the browser domain — the greatest lower bound of the domains involved in the security domain determination — so that the potentially malicious PDF file has no access to the user’s documents (kept separated in sddocs).

Similarly, if a process running in sdscripts spawns a second process not authorized to execute in the scripts domain, DcyFS moves the subprocess task to the untrusted domain (sdunt). This is to protect against attacks where a trusted process (e.g., Bash) is exploited to install and launch untrusted malware. The rule also prevents malware from gaining entry to another security domain by running trusted applications.

Security domains lattice example

Figure 2: Security domains lattice example

Root Domain

The root domain is a special mount namespace that fuses together a writable base file system mount with all the read-only overlay file system mounts from the other domains into a single, unified view. This enhances usability by overcoming merging issues that arise from DcyFS’s ability to separate file system views.

The root domain is reserved for a few special programs — such as a file browser, terminal, file copying tools and object collisions when multiple overlays share the same fully qualified object path names — and handled by stacking overlays according to the trust order relative to each domain.

Since the file system is a combination of the base file system and the overlays of the other domains, the file browser can transparently open files and launch applications in their native security domains to help protect the integrity of the root domain. Furthermore, specialized copying tools allow files to be copied or moved between domains as desired.

Blinding Attackers With File System Opacity

DcyFS leverages its overlay infrastructure to conceal its existence from attackers and curtail access to explicit information about its kernel modules, configuration objects and overlay mounts. This is achieved by bootstrapping the file system with configuration rules that hide and redact specific file system objects.

For example, /proc/mounts (/proc/self/mount* and /etc/mtab are redacted to conceal overlay mount point information and bind mounts into the overlays. As a result, DcyFS’s kernel live patch and kernel module are hidden from file system views. Similarly, the file system hides its configuration, usermode helper components (e.g., decoy generation, configuration parsing, forensics data extraction) and working directory where overlays and logs persist in the base file system.

File System Denial and Cyber Deception

DcyFS provides data integrity by strictly enforcing a policy that all writes are made to the overlay layer and never to the underlying base. Writes to base files are first copied up to the overlay layer before being written using copy-on-write. This has the desirable effect of preserving the integrity of the base file system. Changes made by untrusted processes do not affect the base, protecting legitimate users from seeing malicious changes as well as effectively keeping a pristine copy of the file system that can revert to the point immediately before the malicious process started.

DcyFS can hide specific files and directories from a user or a process to help protect against sensitive data leaks. Additionally, the file system can generate encrypted files and implant decoys in the overlay to shadow sensitive files in the base file system. DcyFS transparently monitors and logs access to files classified as more sensitive, confidential or valuable. Moreover, only the untrusted process is affected by hidden and decoy files, leaving legitimate users free of any effects or confusion.

It is worth noting that trusted processes can also benefit from security domains. DcyFS can launch a trusted process atop an overlay to hide unnecessary files and directories or inject decoys to catch potential insiders. Furthermore, certain directories can be bind mounted from the base file system to give trusted processes the ability to directly view and modify them. For example, we might run a database server, providing it with a fake overlay view of the entire file system, but giving it direct write access to the directories in which it writes data. As a result, if the database application is compromised, damage is limited to the data directory only.

A Look Forward

We envision security domains being configured using standard operating system policies, similar to how SELinux policies are shipped with Linux, to mitigate potential security weak points that can result from manual configuration. Default policies could also be attached to software installed from app stores, or repositories such as Linux’s package managers. In the future, we plan to investigate ways to automate this process through the application of different notions of trust (e.g., policy-, reputation-, and game-theoretic-based).

Finally, a word about portability. Our initial implementation was developed for Linux to leverage its virtual file system capabilities and mature mount namespace implementation. Recently, Windows Server 2016 has been released with native namespace support and an overlay file system driver mirroring its open-source counterpart. This new release could facilitate the future realization of DcyFS’s architectural blueprint for Windows-based environments.

The post Reconciling Trust With Security: A Closer Look at Cyber Deception With DcyFS appeared first on Security Intelligence.

Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes

A group of researchers from Queen’s University (Canada) have proposed a new approach for keeping important documents safe: creating so many believable fakes that attackers are forced either to exfiltrate them all or to try to find the real one from within the system. Of course, both actions carry an increased risk of detection. They’ve also demonstrated that creating and maintaining many fakes can be relatively inexpensive for the defenders, that the real document can … More

The post Preventing exfiltration of sensitive docs by flooding systems with hard-to-detect fakes appeared first on Help Net Security.

New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value

Analyst firm Gartner recently published a report titled, “Implement a Risk-Based Approach to Vulnerability Management.” It focused on a risk-based approach for a vulnerability management process and includes several statements and recommendations that our X-Force Red team strongly supports. Some of them include:

  • “A vulnerability is only as dangerous as the threat exploiting it.”
  • “Vulnerability rating schemes that don’t take into account what threat actors are leveraging in the wild can cause organizations to address less risky issues first.”
  • “Implement a risk-based approach that correlates asset value, the severity of vulnerabilities and threat actor activity via the use of threat intelligence and analytics to calculate a realistic risk rating.”
  • “Prioritizing treatment of vulnerabilities commonly targeted by exploit kits, malware, ransomware and threat actors, while also considering asset criticality and external exposure, will focus remediation on the elimination of imminent risks.”

How Can Security Teams Optimize the Vulnerability Management Process?

X-Force Red built X-Force Red Vulnerability Management Services (VMS) with these same methodologies in mind. One of the biggest challenges plaguing security teams worldwide is figuring out which vulnerabilities, out of hundreds of thousands that are uncovered daily, to remediate first.

With limited time and resources, security teams manually sift through each vulnerability, trying to decipher which one could cause the most harm to their organization. Many have relied on the Common Vulnerability Scoring System (CVSS), but those scores do not factor in the importance of an exposed asset, or whether the vulnerability is actively weaponized by criminals.

As a result, security teams often waste time following up on false positives and minimal risk vulnerabilities, while the most dangerous ones remained unpatched.

Inside X-Force Red’s Vulnerability Ranking Formula

X-Force Red set out to help organizations tackle the prioritization problem by focusing on the same key components covered in Gartner’s recent report: weaponization, severity and asset value. X-Force Red VMS includes automated ranking.

Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value

This image is from X-Force Red. It shows how X-Force Red VMS ranks vulnerabilities, with the most critical one being clearly stated on the top of the pyramid. The ranking is based on if the vulnerability is being weaponized, value of the exposed asset and criticality.

After a scan produces an extensive list of vulnerabilities, our proprietary analytics correlate the criticality, asset value and active exploits. We then automatically rank the vulnerabilities, prioritizing those that have been weaponized to expose a high-value asset. Whereas manual prioritization methods typically take four to five days to complete, our ranking is done within minutes, enabling remediation to begin immediately.

The core function of our ranking formula is prioritizing vulnerabilities by risk. A broken door on a safe is a serious vulnerability; a broken door on a safe with a burglar outside is a more serious vulnerability. We train your enterprise to start by securing the latter.

We apply that philosophy to every vulnerability we detect, and, based on its latest report, it’s clear Gartner shares that view.

Download the report, “Prioritizing Vulnerabilities: Gartner Report Provides Risk-Based Strategy”

The post New Gartner Report Recommends a Vulnerability Management Process Based on Weaponization and Asset Value appeared first on Security Intelligence.

How Can Media Companies Be More Confident in Their Cybersecurity Strategy and Policy?

While many industries have matured their cybersecurity strategy and policy as the digital landscape has evolved, others — such as media companies — remain unsure how to advance.

With more consumers relying on the internet for their entertainment and information consumption, media enterprises are tasked with providing a flawless user experience and continuous content delivery. But the industry is prey to a growing number of predators. As a result, a recent Akamai study titled “The State of Media Security” found that only 1 percent of media companies are “very confident” with their cybersecurity efforts.

What Challenges Do Media Companies Face?

The threat of a distributed denial-of-service (DDoS) attack, which could slow services or result in downtime, is only one of the many security challenges media companies face. Also of concern is the potential for malicious actors to steal content or breach systems and access customer networks.

“It’s not surprising that media companies aren’t confident about their security levels,” said Elad Shapira, head of research at Panorays. “They are an ongoing target, whether by political activists or nation states … Then there are those hackers just trying to leverage their skills to make money from the content they steal.”

SQL injections, Domain Name System (DNS) attacks, content pirating and DDoS attacks are among the greatest threats to the media industry. The dynamic nature of the digital ecosystem, where digital partners can change by the day, enables bad actors to optimize the reach of their malicious campaigns.

“Media organizations in particular should be afraid of their heavily trafficked digital assets, which not only serve as touch points to prospects and customers, but also provide entry points to bad actors,” said Chris Olson, CEO of The Media Trust. “These miscreants often target third-party code providers and digital advertising partners, who tend to have weaker security measures in place.”

In the past, security discussions at media companies focused largely on piracy, said Shane Keats, director of global industry strategy, media and entertainment at Akamai. It’s now incumbent upon media companies to recognize that security has extended far beyond digital rights management.

Why Do Cybercriminals Target Media Companies?

Cybercriminals rarely discriminate when it comes to their targets — which means that in the eyes of a criminal, media companies look an awful lot like retailers and banks.

“With the rise of subscription-based monetization, media companies are now increasingly capturing personally identifiable information (PII) and payment card information (PCI) that [looks] no different from the PII and PCI captured by an e-commerce company,” said Keats. “Successfully stealing a streaming video on demand (SVOD) customer database with a million customer records yields the same ROI as one stolen from an online retailer.”

Whether protecting against credentials-stuffing from malicious bots or careless contractors in the vendor landscape, media companies need to practice good security hygiene and be wary of the security practices of partners who have access to their customers’ networks. As has been the case in so many major breaches, all an attacker has to do is compromise one of those partners to gain access to the firewall and steal content, customer data and executive communications.

How Can Medial Companies Improve Cybersecurity Strategy and Policy?

In addition to acquiring a reputable cloud security firm to help investigate the attack surfaces exposing their businesses, media companies also need to ensure that they have solutions to protect each of those points.

“Find a firm that has enough scale to be able to see a ton of threats, both traditional and emerging, and ask the firm to help you understand how to best secure your apps and architecture beyond buzzwords,” Keats advised. “When you do this information session, get your different stakeholders in the room so that you can look at your security posture as a team. This is not the time for turf wars.”

By taking the following steps, media companies can enhance their security strategy and feel more confident that they are protected against current and emerging threats:

  • Discover and prioritize impacts of assets. Not all assets are created equal. An online release of a video prior to its debut screening may create reputational and financial damage to a company, but the credit card details of subscribers are under regulatory control. Each company needs to consider its assets and how they impact the business.

  • Collaborate with direct and indirect third parties. Websites have an average of 140 third parties who execute anywhere from 50 to 95 percent of their code. Most website owners only know, at most, half of the third parties with whom they do business.

  • Vet third parties. Media companies should ask their third and downstream parties the hard questions about security and follow up with frequent audits of security measures. Companies should enforce their digital policies through service-level agreements (SLAs) and contract clauses.

  • Place safety measures around these assets. Safety measures should span various levels, including networks and IT to prevent a DDoS attack, as well as on applications to avoid account breaches. Consider the human element to prevent disgruntled employees from exposing sensitive and proprietary data. Media companies should continuously scan assets in real time to identify and terminate any threats.

  • Create an incident response plan. This is not just a technological approach, but a step that must involve various teams and processes. In case of an attack against the company, there should be an advanced, detailed and well-rehearsed plan to respond.

A data breach poses a significant financial and reputational risk to media companies. To avoid becoming the next headline, businesses need to thoroughly understand not only their own risks, but also the risks that their suppliers pose.

Once media companies understand those risks, they can take measures to continuously protect against emerging threats. Collaboration throughout the organization, as well as with extended partners, will help to enforce strong digital policies and remediate unauthorized activities within the digital ecosystem.

The post How Can Media Companies Be More Confident in Their Cybersecurity Strategy and Policy? appeared first on Security Intelligence.

Could the Photos You’re Sharing Online Be Putting Your Child at Risk?

sharing photos risksConfession time. I’m a mom that is part of the problem. The problem of posting photos of my kids online without asking for their permission and knowing deep down that I’m so excited about sharing, I’m not paying much attention at all to the risks.

Why do I do it? Because I’m madly in love with my two wee ones (who aren’t so wee anymore). Because I’m a proud parent who wants to celebrate their milestones in a way that feels meaningful in our digital world. And, if I’m honest, I think posting pictures of my kids publically helps fill up their love tank and remind them they are cherished and that they matter. . . even if the way I’m communicating happens to be very public.

Am I that different than most parents? According to a recent McAfee survey, I’m in the majority.

Theoretically, I represent one of the 1,000 interviewed for McAfee’s recent Age of Consent survey* that rendered some interesting results.

Can you relate?

  • 30% of parents post a photo of their child to social media daily.
  • 58% of parents do not ask for permission from their children before posting images of them on social media.
  • 22% think that their child is too young to provide permission; 19% claim that it’s their own choice, not their child’s choice.

The surprising part:

  • 71% of parents who share images of their kids online agree that the images could end up in the wrong hands.
  • Parents’ biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%).
  • Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

If this mere sampling of 1,000 parents (myself included) represents the sharing attitudes of even a fraction of the people who use Facebook (estimated to be one billion globally), then rethinking the way in which we share photos isn’t a bad idea.

We know that asking parents, grandparents, friends, and kids themselves to stop uploading photos altogether would be about as practical as asking the entire state of Texas to line up and do the hokey pokey. It’s not going to happen, nor does it have to.

But we can dilute the risks of photo sharing. Together, we can agree to post smarter, to pause a little longer. We can look out for one another’s privacy, and share in ways that keep us all safe.

Ways to help minimize photo sharing risks:

  • Pause before uploading. That photo of your child is awesome but have you stopped to analyze it? Ask yourself: Is there anything in this photo that could be used as an identifier? Have I inadvertently given away personal information such as a birthdate, a visible home addresses, a school uniform, financial details, or potential passwords? Is the photo I’m about to upload something I’d be okay with a stranger seeing? sharing photos risks
  • Review your privacy settings. It’s easy to forget that when we upload a photo, we lose complete control over who will see, modify, and share that photo again (anywhere they choose and in any way they choose). You can minimize the scope of your audience to only trusted friends and family by customizing your privacy settings within each social network.  Platforms like Facebook and Instagram have privacy settings that allow you to share posts (and account access) with select people. Use the controls available to boost your family privacy.
  • Voice your sharing preferences with others. While it may be awkward, it’s okay (even admirable) to request friends and family to reign in or refrain from posting photos of your children online. This rule also applies to other people’s public comments about your vacation plans, new house, children’s names or birthdates, or any other content that gives away too much data. Don’t hesitate to promptly delete those comments by others and explain yourself in a private message if necessary.
  • Turn off geotagging on photos. Did you know that the photo you upload has metadata assigned to it that can tell others your exact location? That’s right. Many social networks will tag a user’s location when that user uploads a photo. To make sure this doesn’t happen, simply turn off geotagging abilities on your phone. This precaution is particularly important when posting photos away from home.
  • Be mindful of identity theft. Identity theft is no joke. Photos can reveal a lot about your lifestyle, your habits, and they can unintentionally give away your data. Consider using an identity theft protection solution like McAfee Identity Theft Protection that can help protect your identity and safeguard your personal information.

* McAfee commissioned OnePoll to conduct a survey of 1,000 parents of children ages one month to 16 years old in the U.S.

The post Could the Photos You’re Sharing Online Be Putting Your Child at Risk? appeared first on McAfee Blogs.

You: The First, Last and Best Data Protection and Privacy Defense – Part 2

As part of this two-part series, let’s now look to another exhibit demonstrating of how people act as the first, last and best data and privacy defense. Exhibit B: Potentially Unwanted Leaks If you have some technical literacy, you may have heard of potentially unwanted programs (“PUPs”). It’s all that glop and gloop – malware, […]… Read More

The post You: The First, Last and Best Data Protection and Privacy Defense – Part 2 appeared first on The State of Security.

Trending: IoT Malware Attacks of 2018

Since January 1st of 2018, a barrage of cyberattacks and data breaches have hit almost every industry, targeting businesses large and small, many of which are now from IoT devices. By 2025, it is estimated that there will be approximately 75 billion connected devices around the world. With more IoT devices ­–from wearables and pacemakers to thermometers and smart plugs–on the market and in the home, cybercriminals are keen to leverage them in attacks. This heightened interest is due to the vulnerabilities in many IoT devices, not to mention their ability to connect to each other, which can form an IoT botnet.

In a botnet scenario, a network of internet-connected devices is infected with malware and controlled without the users’ knowledge, in order to launch ransomware and DDoS attacks (distributed denial-of-service). Once unleashed, the consequences of botnet attacks can be devastating. This possible reality sounds like the plot of a science fiction movie, one which we hypothesized in our 2018 Threats Prediction Report. As we head into this year’s final months, we take a look at how this year’s threats compared to our predictions for you, the consumer.

At the end of 2017, we predicted that the convenience and ease of a connected home could lead to a decrease in privacy. Our devices already transmit significant data, with or without the knowledge of the consumer, back to the corporations the devices are made. This unprecedented access to consumer data is what is driving cybercriminals to become more familiar with IoT botnet attacks. Just in 2018 alone, we’ve seen smart TVs, virtual assistants, and even smart plugs display detrimental security flaws that could be exploited by bad actors. Some IoT devices were used to facilitate botnet attacks, like an IoT thermometer and home Wi-Fi routers. In 2017, these security concerns were simply predictions- but now they are very much a reality. And while the window to get ahead of these attacks is closing, consumers need to be prepared in case your IoT devices go haywire.

Be the difference in your home when it comes to security and IoT devices. Protect both you and your family from these threats with these tips:

  • When buying an IoT device, make security a priority. Before your next IoT purchase, do your research. Prioritize purchasing devices that have been on the market for a while, have a name brand, or have a lot of online reviews. If you follow this protocol, the chances are that the device’s security standards will be higher, due to being vetted by the masses.
  • Change default device passwords. As soon as you bring a new device into your home, change the password to something difficult to guess. Cybercriminals often know the default settings and can use them to access your devices. If the device has advanced security options, use them.
  • Keep your software up-to-date. To protect against potential vulnerabilities, manufacturers often release software updates. Set your device to auto-update, if possible, so you always have the latest software.
  • Use a comprehensive security program. It’s important to think about security holistically. Not all IoT devices are restricted to the home; many are mobile (such as smart watches). If you’re out and about, you may need to connect to an unsecured network – say an airport with public Wi-Fi. Your kids may have devices. The scenarios may be different, but the risk is the same. Protect your network of connected devices no matter where you are and consider a suite of security products to protect what matters.

Interested in learning more about IoT and mobile security tips and trends? Stop by, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Trending: IoT Malware Attacks of 2018 appeared first on McAfee Blogs.

Here Are The Essential Security Tips To Stay Safe On Social Media

When you say “social media”, the first thing that comes to mind is fun and entertainment. Social media is mostly about this.

Everyone has a social account on at least one platform. Whether it is Facebook, Twitter, Instagram or LinkedIn, we can easily stay in touch with friends and family, share memorable moments of our lives, follow experts from our professional area, or just read the news.

Social media habits may differ from one person to another, but the reality is we spend a lot of time on these networks. This is why we should ask ourselves more often:

“Do we really know how to stay safe on social media and avoid becoming easy targets for cyber criminals?”

Nowadays, privacy and security should be top priorities for us.

In this guide, you will find actionable and useful security tips to help you stay safe on social media.

You will also learn about the best security practices you need to apply to protect your most valuable data.

How to better secure your Facebook account

There’s no doubt that Facebook is one of the most used and popular social networks out there with over 2 billion people using the platform on a daily basis. Who doesn’t have a Facebook account these days?

It is the platform that helps us better connect with friends and family, and keep up with what they’re doing. But it’s also the place where we share a lot of personal information, so securing our online accounts need to be of utmost importance.

In light of the recent scandal between Cambridge Analytica and Facebook that involved a massive amount of personal information of about 50 million Facebook users, it raised lots of questions on how data is controlled and managed by this platform. I want to believe it was actually a wake-up call suggesting that privacy and security should have serious attention from us.

Follow these basic security tips so you can stay safe on the platform:

  • Do not share your password with others and make sure you always set a unique and strong one. Use this security guide that will teach you how to easily manage passwords like a pro and keep malicious actors away.
  • If you’ve logged in from a different computer/device you’ve shared with others, remember to always log out and don’t check “Keep me logged in”
  • Use two-factor authentication feature which can be activated by clicking the Setup button from Settings. Confirm this action by enabling it and re-enter your password, and then you will receive an email or a code via your mobile phone saying that two-factor authentication has been activated
  • Strongly advise you to accept friend requests from people you know in real life, or at least, verify if you have a few friends in common. There are many Facebook fake accounts used by malicious people who might spam or impersonate you
  • If you notice something suspicious on Facebook, report it immediately. You can do this here.

If you care about your data (and we know you do), make sure you got all covered in terms of security by reading this useful Facebook privacy and security guide.

Apply these security measures to better secure your Twitter account

I don’t know about you, but I am a big fan of this platform and love to tweet :-), look out for cyber security specialists and inspiring people, or read news from people and brands I follow.

Whether it’s for personal use or business reasons, this network is a great option to promote yourself, your company, as well as to reach out to someone and stay up to date with various topics you may be interested in.

We strongly recommend to apply these basic security and privacy tips to strengthen your Twitter account:

  • Always use strong and unique passwords for your Twitter account, and consider choosing a password manager to encrypt and better secure them. This rule should be followed to ensure safety for every social platform;
  • Use two-factor authentication system as a second layer of protection to enhance safety and verify your identity each time you sign in;
  • Activate the option “Protect my tweets” from Settings and Privacy -> Privacy and safety module, if you want to get some control over the info shared and who is following you;
  • Do not click on suspicious links you receive via private messages, because you could be exposed to phishing attacks used by cyber criminals or malicious persons who want to obtain your Twitter credentials or any other personal information;
  • Revise and pay attention to third-party apps that connect to your account, and implicitly have access to your personal data.
  • if you ever connect to your Twitter account from someone else’s computer, do not forget to log out and delete all the data of the browser or app.

We have a dedicated article on how you can secure your Twitter account in 10 basic steps that we recommend to check out so you can be one step ahead of scammers.

These actionable tips help me better secure my social media accounts
Click To Tweet

Privacy and security tips for your LinkedIn account

LinkedIn, the largest professional social network has more than 562 million users and is focused on bringing together professionals from all over the world. It keeps you connected with people you’ve worked or with whom you want to collaborate at some point in the future. It is also the place where you can find freelance projects, and, why not, your future dream job, could be one click or message away 🙂

Given the increase of phishing attacks which are still one of the most widespread and effective methods used by cybercriminals, it is essential to be aware of these scams on LinkedIn too. You don’t want to see your sensitive data exposed out there, right?

Follow these pro security tips to boost your LinkedIn security and privacy today and keep your data away from prying eyes:

  • Do not use generic and easy to crack passwords such as “Abcd123” or “Password123” like the Western Australian government employees did, because malicious actors can easily break them. Secure them by using a password manager that generates complex and unique passwords, and stores them in an encrypted database.
  • Choose wisely what information you share in your public profile and limit the data you make visible by reviewing and editing your sensitive data.
  • Have a look at those third-party apps you authorized to connect to your LinkedIn account because they get access to all your data. Make sure you authorize only the trusted ones and remember to deactivate those you are not using anymore.
  • Be very careful about potential phishing messages that might request sharing personal or sensitive information. Don’t! For that, you need to understand how phishing works and this in-depth guide is exactly what you are looking for.

Keep in mind that all our social accounts are very vulnerable to data privacy breaches and other malicious methods. The bad guys will always find creative ways to steal any personal information, including your valuable data from LinkedIn. Do not forget that when you share private information.

Follow these pro tips to better secure your Instagram account

Instagram is the photo and video-sharing social media network where you can explore beautiful places and images. For visual artists, it is also an excellent platform where they can share and promote their work and projects.

However, it is in our best interest to keep in mind the risks we could be exposed to when we share personal information. Especially now that it has become such a popular platform, with more than 1 billion monthly active users.

Security wise, Instagram seems to make efforts to enhance protection for its users. Recently, the company announced its plans to boost security and privacy by adding new security tools: support for third-party two-factor authentication (2FA) instead of traditional text-based 2FA, account verification and “about this account” new feature.

Besides these new security tools, here are some great tips that will help you keep your account safe:

  • Activate two-factor authentication feature as an extra layer of protection for your Instagram account. This way, you are one step ahead of cyber criminals who won’t be able to take over your account.
  • Change your passwords regularly and make sure you use strong and unique ones, so no one can break them. If you want to change it, use these simple steps.
  • Think twice before you give access to third-party apps and revoke access to those you don’t use anymore, appear suspicious or you simply can’t remember them
  • Do not share sensitive data in your photos or captions, because you don’t want to expose personal information to everyone following you on Instagram, especially, if your account is public
  • Don’t reveal your location to others and make sure the service is turned off, especially for the check-ins made at home, at work or while on a vacation.
  • Make your account private, so you can share your photos and videos with people you only approve to see them, like your friends and family.

We have an essential guide on how to secure your Instagram account and increase it, so no cyber criminals and scammers get access to it.

Security tips to keep your Snapchat account safe 

Snapchat is both a social media network and a messaging platform which is more popular among teenagers and young people. According to a new report, analysts forecast that by 2019 Snapchat will have almost 5 million regular users aged 18-24 years, half a million more than Facebook.

Bill Fisher, senior analyst at eMarketer stated:

Many younger social network users are forgoing Facebook altogether in favor of more appealing mobile-first alternatives, such as Snapchat.

Snapchat shows instant messages, photos or videos that are deleted instantly, after they’ve been viewed by all recipients, but oh, snap! “How secure is your data on this social platform?”

Here’s how you can add extra levels of security to avoid seeing your data in the hands of hackers:

  • Enable two-factor authentication feature to make the account more secure and add double security layer when logging in. You can do this using an SMS verification code or an authenticator app. Here’s how to activate it.
  • Do not accept friend requests from people you don’t know, and stick to friends-only. For security measures, Snapchat has the option “friends-only” set by default, which means only those that follow you back can see your Snaps and vice versa.
  • Make your videos and stories posted to the “My Story” section are visible only for people you know or customize them from the Setting menu, but avoid making them available to prying eyes.
  • For more privacy, hide your profile from the “See me in quick add” section which can show your profile to random people who might want to add you. You can disable it from the Settings menu.
  • If you want to keep your Snapchat activity more private, don’t share screenshots or photos of your Snapcodes with others!
  • We keep saying this piece of advice until everyone understands its importance that applies to every online account or service used: Make sure you use only strong and unique passwords for Snapchat too. You don’t realize how easily malicious actors can hack them.

How do you secure your social media accounts?

All of these security and privacy tips may not be new to any of you, but we live in a world of oversharing on social media and it helps remind you how to stay safe on the most important and used networks: Facebook, Twitter, LinkedIn, Instagram or Snapchat.

Have you applied any of these security measures? Do you have others we should add? Let us know, we’d love to know your thoughts!

The post Here Are The Essential Security Tips To Stay Safe On Social Media appeared first on Heimdal Security Blog.

Cyber Security Roundup for August 2018

The largest data breach disclosed this month was by T-Mobile, the telecoms giant said there had been "unauthorised access" to potentially 2 million of their 77 million customer accounts. According to the media, a hacker took advantage of a vulnerability in a T-Mobile API (application programming interface). It was a vulnerable API used by Air Canada mobile App which was also exploited, resulting in the compromise of 20,000 Air Canada customer accounts. Air Canada promptly forced a password change to all of its 77 million customer accounts as a result, however, the airline faced criticism from security experts for advising a weak password strength. Namely, a password length of 8, made up of just characters and digits. Both of these hacks underline the importance of regularly penetration testing Apps and their supporting infrastructure, including their APIs.

Hackers stole up to 34,000 Butlin guest records, reportedly breaching the UK holiday camp firm through a phishing email. Dixons Carphone upped the estimated number of customer records breached in a hack last year from 1.2 million to 10 million, which includes 5.9 million payment cards. There was no explanation offered by Dixons to why it had taken so long to get a grip on the scale of the data breach, which was reported as occurring in July 2017.

Huawei continues to face scrutiny over the security of their products after the UK National Cyber Security Centre (NCSC) issued a warning about using the Chinese tech manufacturing giant's devices in a security report. Huawei recently took over from Apple as the world's second largest provider of smartphones. A 16 year old Australian 'Apple fanboy' found himself in court after hacking into Apple's network.

On the international scene, Microsoft announced it had thwarted Russian data-stealing attacks against US anti-Trump conservative groups, by taking down six domains which hosted mimicked websites, which were likely to be used in future phishing campaigns. The Bank of Spain's website was taken out by a DDoS attack, and a Chinese Hotel Group's 140Gb customer database was found for sale on the dark web. The PGA golf championship was hit by a ransomware, and the FBI arrested three key members of the notorious FIN7 hacking group, the group is said to be responsible for stealing millions of credit card and customer details from businesses across the world.

On the personal front, the EC-Council confirmed my Computer Hacking Forensic Investigation (CHFI) certification had been renewed until 2021. I dropped into B-Sides Manchester this month, the highlight was a demonstration of a vulnerability found by Secarma researches, namely a PHP flaw which places CMS sites at risk of remote code execution

There was plenty of critical security patches released by the usual suspects, such as Microsoft, Cisco, and Adobe, the latter firm released several out-of-band patches during August. A critical update was released for Apache Struts (popular web server) and a reminder that Fax machines and all-in-one devices network devices could be used as a way into corporate networks by hackers.

Finally, there were a couple of interesting cybercrime articles posted on the BBC's news website this month,  Cyber-Attack! Would your firm handle it better than this? and Unpicking the Cyber-Crime Economy


Family Tech: How Safe is Your Child’s Personal Data at School?

Kids and Personal DataRight about now, most kids are thinking about their chemistry homework, the next pep rally, or chiming in on their group text. The last thing on their minds as they head back to school is cybersecurity. But, it’s the one thing — if ignored — that can wreck the excitement of a brand new school year.

You’ve done a great job, parent. You’ve equipped their phones, tablets, and laptops with security software. And, you’ve beefed up safeguards on devices throughout your home. These efforts go a long way in protecting your child’s (and family’s) privacy from prying eyes. Unfortunately, when your child walks out your front door and into his or her school, new risks await.

No one knows this season better than a cybercriminal. Crooks know there are loopholes in just about every school’s network and that kids can be easy targets online. These security gaps can open kids up to phishing scams, privacy breaches, malware attacks, and device theft.

The school security conversation

Be that parent. Inquire about your school’s security protocols.  The K-12 Cybersecurity Resource Center reports that 358 school breaches have taken place since January of 2016.  Other reports point to an increase in hackers targeting school staff with phishing emails and seeking student social security numbers to sell on the dark web.

A few questions to consider:Kids and Personal Data

  • Who has physical and remote access to your student’s digital records and what are the school’s protection practices and procedures?
  • How are staff members trained and are strong password protocols in place?
  • What security exists on school-issued devices? What apps/software is are being used and how will those apps collect and use student data?
  • What are the school’s data collection practices? Do data collection practices include encryption, secure data retention, and lawful data sharing policies?
  • What is the Bring Your Own Device (BYOD) policy?

The data debate

As K-12 administrators strive to maintain secure data collection practices for students, those same principles may be dubious as kids move on to college. As reported by Digiday, one retailer may be quietly disassembling privacy best practices with a bold “pay with data” business model. The Japanese coffee chain Shiru Café offers students and faculty members of Brown University free coffee in exchange for entering personal data into an online registry. Surprisingly, the café attracts some 800 customers a day and is planning on expanding its business model to more college campuses.

The family conversation

Keep devices close. Kids break, lose, lend, and leave their tech unattended and open to theft. Discuss responsible tech ownership with your kids. Stolen devices are privacy gold mines.

Never share passwords. Kids express their loyalty to one another in different ways. One way that’s proving popular but especially unsafe nowadays is password sharing. Remind kids: It’s never okay to share passwords to devices, social networks, or school platforms. Never. Password sharing opens up your child to a number of digital risks.

Safe clicking, browsing practices. Remind kids when browsing online to watch out for phishing emails, fake news stories, streaming media sites, and pop-ups offering free downloads. A bad link can infect a computer with a virus, malware, spyware, or ransomware. Safe browsing also includes checking for “https” in the URL of websites. If the website only loads with an “http,” the website may not be enforcing encryption.Kids and Personal Data

Be more of a mystery. Here is a concept your kids may or may not latch on to but challenge them to keep more of their everyday life a mystery by posting less. This includes turning off location services and trying to keep your whereabouts private when sharing online. This challenge may be fun for your child or downright impossible, but every step toward boosting privacy is progress!

Discuss the risk of public Wi-Fi. Kids are quick to jump on Wi-Fi wherever they go so they can use apps without depleting the family data plan. That habit poses a big problem. Public Wi-Fi is a magnet for hackers trying to get into your device and steal personal information. Make sure every network your child logs on to requires a password to connect. Go a step further and consider using a Virtual Private Network (VPN) for added security for your whole family.

Want to connect more to digital topics that affect your family? Stop by, and follow @McAfee_Family on Twitter. Also, join the digital security conversation on Facebook.

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post Family Tech: How Safe is Your Child’s Personal Data at School? appeared first on McAfee Blogs.

How to Avoid Falling Prey to Sextortion

When it comes to the world of online scams, sextortion is one of the most common ones and a threat that’s not going away anytime soon. Because this threat is so pervasive and can take so many forms, we thought it would be best to do a write-up and offer you ways to protect yourself online and avoid sextortion scams.

What is sextortion?

It’s a form of blackmail in which a cybercriminal or a former friend or romantic partner tries to extract favors or financial gain from a victim.

Ever since the web became a daily destination for a majority of people, there have been cases of sextortion through the use of webcams, the threat of intimate pictures leaking and hundreds and thousands of victims. We believe that, with proper education, such damaging attacks could be averted or, at the very least mitigated.

Even though most people exercise caution in sending potentially compromising pictures and videos, sometimes even the best of us could be exposed to sextortion. A survey of 1,631 victims of sextortion revealed how every online user is, at one point or the other, potentially liable to become a sextortion victim.

Here’s why:

  • They were in a wanted romantic or sexual relationship—72% of those who knowingly provided images
  • Perpetrators pressured them to provide images or made them feel bad—51%
  • Perpetrators tricked them into providing images—15%
  • Perpetrators threatened or forced them to provide images—13%
  • They expected to be paid for the images—2%
  • They thought the pictures would be used for purposes such as modeling or acting—2%

But what if no one actually has compromising pictures of you?

Sextortion that demands a Bitcoin payment

Enter 2018’s most popular sextortion scam. It circulates via email and the cybercriminal will send you one of your own passwords to prove they have compromising images of you. Of course, they don’t, but some people have been fooled. Cybercriminals obtain stolen passwords and then simply fire off a flurry of emails to their owners, making threats and demanding hefty payments.

Here is one such email received by the mom of one Heimdal Security team member. After laughing for a bit at the sheer audacity of it, we had to investigate a bit further and see if anyone fell victim to it.


What’s worse is the fact that, in this case, 24 hours before the email above was sent, someone already fell victim to this scam. A simple search of the bitcoin address provided by the cybercriminal shows that someone sent 0.26 BTC there.


On July 17, one Bitcoin traded for around $7,500, which means a sextortion victim paid almost $2,000 after receiving a bogus email. If this scam were to circulate back in December 2017, that same victim would have paid around $5000.

This type of sextortion scam demanding payment in bitcoin is so widespread, it’s unbelievable. Just hours after Reddit officially announced they had a breach, due to the fact that employees relied on SMS-based two-factor authentication, plenty of users found threatening emails in their inbox. Why? The Reddit data breach exposed quite a few old usernames and passwords. Cybercriminals took those passwords to provide some “legitimacy” to their common online scam. Even one of Reddit’s employees received the sextortion message, pointing out the ways cybercriminals try to monetize stolen email databases.

Other types of scams and how to steer clear of online scams

As long as people will continue to have digital lives, sextortion will, in one way or another, remain one of the most common types of online scams. Whether it will come from a known person, after a phishing attack or as part of a spray-and-pray email scam campaign, there’s no question about it, it will happen time and time again.

As a regular user, you can’t prevent or anticipate all the tactics a cybercriminal might adopt. What you can do is remain vigilant and spend a bit of time educating yourself on the various types of online scams.

We gathered here quite a few resources:

How to proactively stop scams from even reaching you

As we said in our analysis over what happened at Facebook and how your privacy was breached, the best way to stop online scams (sextortion included) is to make sure your own defenses are up.

Here are the five essential steps to protect your privacy:

  1. Always consider the type of information or pictures you post or share online. Ask yourself: “What would I do if someone threatened to show this to everyone I know?” (more on this here and here, in our guide to protecting yourself against doxxing)
  2. Keep your devices and PC updated and protected not just with antivirus, but with a tool that can block infected links (more on this here)
  3. Use strong passwords and, to avoid reusing them, consider trying a password manager that can generate unique ones for every account
  4. Go on every social media account you have and review the privacy settings. Also, take the time to consider what friends and followers you have.
  5. Learn how to spot phishing attempts that could lead to a criminal obtaining your passwords and other sensitive information.

Here are a few quick tips to avoid phishing, one of the most common ways in which scammers can get to you:

  • Be careful what you click on in emails, especially when it comes to attachments.
  • Consider having an email just for subscriptions and another one for actually important stuff. Both of them should be secured strong (and different!) passwords.
  • Always hover your mouse over links and check where they go (a misspelled letter almost always means a compromised link)
  • Always check the sender and, if you don’t know the person, it’s probably best to not click on any attachments.
  • Secure your valuable accounts with two-factor authentication that relies on unique codes, not texts messages (it avoids the risk of SMS-hijacking). That way, even if someone gets your password, they’ll still be unable to login into your account.
  • Periodically check if your email addresses were compromised in a data breach (unfortunately, they happen quite often) using a tool like this.

If you want to know more, we have a mega-guide with phishing prevention tips here.

We want to know if you’ve been exposed to scams like these or ever received threatening messages of this type. It would be great if you’d comment below (and even include a screenshot!) to help others better spot scams.

Do you have another tip for staying safe? Let us know.

Spend time with your family, not updating their apps!
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus


Download Heimdal FREE

The post How to Avoid Falling Prey to Sextortion appeared first on Heimdal Security Blog.

Many UK SMBs still lax in data protection, new study unveils

Strict new regulations set in place by the European Union this year are being treated rather superficially by some small and medium businesses (SMBs) in the UK, even though noncompliance can attract fines of up to 20 million euros, or 18 million pounds.

Although Britain is soon to separate itself from the EU, the country still has to obey the Union’s new law (GDPR) regarding data protection until Brexit time. Only 35% of SMBs have company storage centralized with on-site servers, while 29% use cloud-based storage solutions, and 23% of SMB employees reportedly use portable storage (such as USB drives) as their primary way to store company data, according to a poll by storage solutions maker Seagate.

Not only is storing company data in disparate locations highly risky, Seagate warns, it’s also time-consuming for staff sifting through documents to find what they need. As a case in point, the survey found 49% of UK SMB employees who work remotely report difficulty accessing work files out of the office. And 46% of staff at companies with 50-99 employees run out of space for data at least once per month.

Backup-wise, British SMBs seem quite conscientious. Backups occur on average 15.4 times per month (about once every two days), and 28% of those surveyed said they back up their data at least once per day.

Still, SMBs could do more to protect their data, Seagate found. 52% of workers at companies with 10-249 employees delete unused items from their work computers only once per month. 44% of UK SMB workers either aren’t sure of their company’s GDPR policy, or say it doesn’t have one.

15% said their company has suffered a data breach or cyberattack at some point in time, and 23% said their company has no incident response plan in place. Well over a third (37%) didn’t even know if there was such a plan in place.

Seagate advises lagging SMBs to communicate to their employees “the importance of following agreed procedures to ensure data is handled safely and effectively.”

At the other end of the spectrum, technology giants like IBM know all too well the dangers of carrying sensitive corporate data on portable media. In a new, company-wide policy instated earlier this year, the company began banning all removable storage, seeking to avoid potential financial and reputational damage stemming from a misplaced or misused USB drive.

Back to School: Cybersecurity in the Classroom

It’s hard to believe that summer is coming to an end and that back-to-school time is around the corner. For some kids, that means cyberbullies are traded in for school bullies and social engagement will turn into in-person interactions. But for others — dubbed Extreme Internet Users — the screen stays. When it comes time to go back to the classroom, the six hours or more a day these kids spent online during summer may be curtailed in favor of educational screen time instead.

Every year around this time, I reflect on how much has changed for children, especially when it comes to mobile devices in the classroom. This trend has become increasingly popular and, on the rise, as technology has improved, education adapts to rapid changes, and our world becomes more interconnected. Either these devices are given to kids or their classrooms by their school, or parents are encouraged to purchase one for their child to help support internet research and to digitize note-taking and homework.

Regardless of whether you’re a technophile or technophobe when it comes to leveraging screens in education, one thing is for sure – their presence in learning environments is here to stay. And with this shift, security is of the utmost importance.

Since January 2016, there have been 353 cybersecurity incidents in the United States related to K-12 public schools and districts. These attacks range include phishing, ransomware, DoS attacks and breaches that have exposed personal data. However, the question – what motivates cybercriminals to target schools? – still persists. The answer is complex, because what cybercriminals could exploit depends on what they want to accomplish.  Extorting school faculty, hacking private student data, disrupting school operations, or disabling, compromising, or re-directing school technology assets are all regular tools of the trade when it comes to hacking schools.

You may not be able to control how your child’s school thinks about cybersecurity, but you can take matters into your own hands. There are steps you can take to make sure your child is ready to face the school year head-on, including protecting their devices and their data.

  • Start a cybersecurity conversation. Talk with school faculty about what is being done in terms of a comprehensive cybersecurity plan for your child’s school. It’s worth starting the conversation to understand where the gaps are and what is being done to patch them.
  • Install security software on all devices. Don’t stop at the laptop, all devices need to be protected with comprehensive security software, including mobile devices and tablets.
  • Make sure all device software is up-to-date. This is one of the easiest and best ways to secure your devices against threats.
  • Teach your child how to connect securely on public Wi-Fi networks. Public Wi-Fi networks are notoriously used as backdoors by hackers trying to gain access to personal information. If Wi-Fi is absolutely necessary, ensure the network is password protected. However, if you want a secure encrypted connection, consider using a virtual private network (VPN).
  • Designate a specific date and time for regular data back-ups. If ransomware hits, you won’t have to pay to get your child’s information back. You can back up that personal data to a physical external hard drive or use an online backup service, such as Dropbox or Google Drive. That way you can access your files even if your device gets compromised.
  • Understand your child’s school bring your own device (BYOD) policy. Each school is different when it comes to BYOD and understanding your child’s school policy will save you a headache down the road. Some schools buy devices for students to rent, with parents having to pay for any incidentals, and some ask parents to buy the devices outright. Take the time to understand your child’s school policy before accidents happen.

Interested in learning more about IoT and mobile security tips and trends? Stop by, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Back to School: Cybersecurity in the Classroom appeared first on McAfee Blogs.

20+ Security Forums for Free Malware Removal Help

Malware can hide in places you probably haven’t though about them before, If you’ve been affected by malware, it’s important to know where you can ask for help.  We recommend checking out (and bookmark) this useful list of security forums that will provide guides and step-by-step instructions to solve your malware issues.

Don’t be so sure and believe that “this can’t happen to me”, especially today when we are dealing with malware as a business (MaaS) that it’s alive and growing day by day.

We think that one of the easiest and cheapest ways to address your malware problems is on a security forum. That’s the place where other people have encountered the same problem as yours and found a solution.

But with so many security forums out there, which one should you choose?

We have organized a list of security malware forums below, places where you can find professional insights and assistance when in trouble.

The security forums from this list can help you on a variety of topics, from best practices, how-to articles, step-by-step guides to security news and friendly advice. So, feel free to bookmark the article and use it accordingly.

1. Major Geeks

Major Geeks is the place where you find not just a good malware section in the support forum, but also lots of useful reviews for beginners to improve the computer performance.


This security website provides step-by-step instructions on removing malware, security news, including plenty of useful articles and free utilities that can help to remove malicious software from the system.

3. TechSupport Forum

A very well organized forum that addresses many online security issues, from spyware, malware, Windows problems, networking to hardware related subjects. Their technical articles are a good source of information to stay up-to-date and learn more about technology.

4. What the Tech?

This forum defines itself as a community of volunteers who provide IT knowledge and answer to various technical questions. The Spyware/ Malware/ Virus Removal section contains instructions to provide solutions to common spyware/ malware infections. Only trained people are allowed to offer help with infection removal processes.

5. Geeks To Go!

The team behind this forum say it is a helpful hub, where you can find answers and free support for your malware and technical questions, including malware removal, how-to guides, and tutorials.

6. Malware removal

This forum defines itself as providing 100% free of charge malware removal help from well-trained helpers and security experts to people with infected systems, so they have a clean and safe computer. A malware library of tips and tricks is available.

8. Sensors Tech Forum

This is the forum where you can find solutions to your PC issues and educate yourself about malware, so you learn how to remove it or prevent from getting infected in the first place.


DSLReports is an online location where you can find security news, technical information and reviews on software. Their forum on security and privacy addresses technical issues and malware removal tools.

10. Bleeping Computer

Bleeping Computer is one of the best security forums online and we recognize it as a source of inspiration for all of us, whether we talk about security news or forum. It defines itself as a community that provides free original content and tutorials that anyone can understand.

11. Malware Tips

MalwareTips forum is an online community where you can find security news, how-to articles and guides, troubleshooting, technical and malware advice. It’s the place where you can also find plenty of useful resources, reviews and many more.

You’ll get all the assistance you need to clean infected PCs and avoid getting infected with malware.

12. Computer Hope Forum

Here’s another security forum that includes a good spyware/ malware removal section and plenty of others places where you can find advice related to computer software, from anti-spyware tools, scanners to antivirus and Trojan protection utilities.

13. Malwarebytes

The Malwarebytes forum, from the renowned security provider, comes with a malware removal section and an FAQ area that you can use. It also offers a Tools section and a general computer support area, where you can find self-help articles and general computer help.

14. TechSpot

Virus and Malware Removal forum from TechSpot, the PC technology publication, comes with product guides, software recommendations and technical advice on software issues and malware problems. If you are encountering a malware issue, make sure you check out this forum and get help.

15. Cyber Tech Help

Here’s a helpful community in which you’ll find free assistance and guidance when they are dealing with a technical problem or a malware is reaching your device. At the same time, it is a great place to look for tutorials and news articles.

16. Spybot Forum

Here are useful malware and rootkit removal tools that provides free help and analysis in case you’ve been infected with malware. If you access their forum, you will find a team of authorized volunteer analysts who can assist and offer guidance with malware removal.

17. Tech Support Guy

Need help to remove your malware infection? We recommend to check out this malware forum and ask for help, whenever you have a technical problem. There’s a group of volunteers who are experts in Windows, Mac, Linux, and more, offering you free technical support and hardware issues, including malware removal.

18. Technet Forum

This forum belongs to Microsoft provides antimalware and antispyware support to users, and it’s a great place to discuss with the community about any technical issue you may encounter.

19. BestTechie

The BestTechie Malware Removal forum is the place where you can receive malware removal assistance, find self-help guides and learn how to clean the toughest malware from the system.

20. Techie7

Techie7 is a security forum that provides free resources and support to advanced users and beginners alike on a variety of computer issues, from malware and spyware to the Windows operating system.

21. TechRepublic Forum

We advise you have a look at this friendly community of IT experts that can help with any of your malware questions, from learning how to detect, fix or remove all types of malicious threats. A good place to seek recommendations and ask malware related matters.

22. MalwareTips Forum

Here is another security forum in which you can share your cyber security knowledge and get in touch with people from this field, as well as to discuss and find out useful guides on how to remove malware, the latest cyber security news and many more.

23. Gladiator Security Forum

An extensive forum where you can find answers and solutions to many security-related issues, from news and alerts to data breaches, online threats or info about security software products. For a fast solution, you can address your issue to a special malware help area or you can receive advice on what security software to use.

24.LandzDown Forum

The forums from LandzDown have the purpose to help users get their computers “cleaned up” from malware or any other forms of malicious software, like spyware, rootkits or adware. At the same time, they don’t forget to have a bit of fun, so you will find the “Jokes” section, including general software news and many more.

25. SpywareInfo

This forum comes in handy with to main security sections offered to its readers and users. You can access the “Malware removal” part to find information on how you can get rid of rootkits, spyware and other types of malware. Or, you can check out a program or software to make sure it’s not dangerous for your system from the Spywatch section.

26. Wilders Security Forums

Wilders Security Forums cover a wide array of topics, from spyware, malware, and privacy issues to antivirus software, backup options, firewalls and virtualization.


Keeping your online assets safe from cybercriminals requires constant attention and continuous learning.

All these forums that address online security are free and easy to use by anyone and we recommend you check them out at any time you are encountering a problem.

How do you keep safe from malware? What malware forums would you recommend?

This list isn’t complete, and we’ll continue to constantly keep it up to date. If you have any recommendations or know other security forums that should be on this list, please let us know.

This article was initially written by Andra Zaharia in March 2015 and updated by Ioana Rijnetu in August 2018

The post 20+ Security Forums for Free Malware Removal Help appeared first on Heimdal Security Blog.

How Your Data Makes Them Money, at the Edge of The Law: The Rise and Fall of Social Media Giants

You lost almost $150 billion for Facebook. If you know the value of privacy, care about what happens to your data and the legality of the companies you support, if you own a business that relies on social platforms or is adjacent to them, you’re probably responsible for what happened in the past 48 hours at Facebook.

If you read this blog and followed our protection guides, then you’re probably doubly aware of your responsibility. What are you responsible for? For turning the tide.

On Thursday, the social media giant released its quarterly earnings report and, while the numbers did not look scary on the surface, the market was actually hit by a tsunami.

What happened

facebook q2 2018 earnings report


After the Cambridge Analytica breach, the General Data Protection Regulation (GDPR) put in place earlier this year, Facebook’s rise finally stopped and even reversed, just like the tide.

With the report out, shares price fell down by 19%. In actual money, that dip translates to between $120 to $150 billion lost in Facebook’s market cap. As CNBC pointed out, no company in U.S. history managed to actually lose more than $100 billion in just one day. Intel came close, at the end of the dot-com bubble that was essentially a reset button for the whole of the Internet. In third place is Microsoft, whose stock went down 14%, or around $80 billion, on April 3rd, 2000.

Why? A judge’s hammer came down and decided that Microsoft Corp. violated antitrust laws and used its power to stifle competition. Is it not a coincidence that two out of the three biggest market earthquakes happened because a tech giant was walking at the edge of the law, trying to find a way to use it to drown competition while also undermining the landscape in which it was established.

Facebook does not want to provide a good experience to you, inasmuch as it wants to sell you things. It wants to keep you engaged, not happy, on its platform, in order to turn around and sell your attention to the highest bidder. Facebook Ads Manager, even with no previous experience of the platform, lets you play around like this.

(For practice’s sake, the following ad is being set up by the owner of a small coffee shop who wants to draw in commuters from Moira to Belfast. He/she also hopes that those commuters will not only stop for an iced coffee but they’ll also be inclined to post on social media the delicious drink. He excluded people who have a paleo diet because he doesn’t think they’d be interested. He also offers vegan options, so he left that one open.)

facebook ads manager targeting how it works

These settings are what is available now to advertisers, though you should know they were even more granular before the Cambridge Analytica incident, Facebook’s own Watergate. As you can see in the screenshot above, there is a notice that a lot of these options will no longer be available in the near future.

The poker-faced reason for why these ad targeting settings exist is that users freely share their personal info with Facebook and other social media giants. It’s meaningless little streams of information for the individual, which can indeed provide much better ads, but for Facebook and other giants is the actual revenue stream and the temptation to bend the rules.

As recent events revealed, the companies holding that data themselves are vulnerable to speculators like Cambridge Analytica.

You see, the online advertising ecosystem thrives under very specific conditions: it has to know exactly what Facebook users are doing and thinking at the moment so that they can serve up the best ad. And Facebook does have a history of questionable privacy practices and security incidents.

facebook timeline of privacy breaches and incidents

It’s easy to cast blame on one company alone but it would be unfairly singling them out since the practices of handling large amounts of data have not always fallen into the “fair” category and have always carried the “risky” label.

Google was slammed with a $2.8 billion fine for antitrust violations this summer, for almost the same tricks that brought the hammer down on Microsoft almost 2 decades ago.

“Today, mobile internet makes up more than half of global internet traffic. It has changed the lives of millions of Europeans. Our case is about three types of restrictions that Google has imposed on Android device manufacturers and network operators to ensure that traffic on Android devices goes to the Google search engine. In this way, Google has used Android as a vehicle to cement the dominance of its search engine. These practices have denied rivals the chance to innovate and compete on the merits. They have denied European consumers the benefits of effective competition in the important mobile sphere. This is illegal under EU antitrust rules,” said Commissioner Margrethe Vestager.

Coming back to the past few months and the events of the last 48 hours, Facebook lost the trial in the public court and now it’s losing ground with investors too.

For privacy and security-oriented individuals, this is good news, though it doesn’t come from a good place.

Like the investment firm who is now calling for Mark Zuckerberg to step down from his position said,  “this lack of independent board Chair and oversight has contributed to Facebook missing, or mishandling, a number of severe controversies, increasing risk exposure and costs to shareholders.”

You could agree fully with the statement and sentiment. You could sigh and say “capitalism”. However, we’re here to look at it from the perspective of privacy and security. In this context, it’s a signal to you is that you have to be even more vigilant than usual.

Right now, more than ever, investors are pushing companies to the limit of legality, in the name of profits. They’re not saying “be careful with users’ data and their wellbeing, they’re saying “be careful the users don’t realize what you’re doing with their data” and “make sure you assuage their fears.”

“Looking ahead, we will continue to invest heavily in security and privacy because we have a responsibility to keep people safe,” he said.

It sounds nice but we are sure you know better by now. You need to invest in your own security and privacy because your and your business’s valuable data should not be at the mercy of giants.

Where to go from here

If you’re a home user, use one of our privacy guides to start protecting your digital life, they’re quite easy to follow and will ensure that you’re safe not just from cybercriminals, but also from those companies that sit at the edge of the law.

If you’re approaching this from an organization’s perspective, reach out to us for the best tools to protect your and your customers’ interests. For a healthy digital economy in which all parties are satisfied, security and compliance are essential.


Disclosure: This post probably ended up after we spent a very small sum to buy advertising space on a social platform. The only criteria we used to “target” you was the fact you speak English and value both privacy and security. We know that’s what you also look for when you come to us for cybersecurity expertise.

The post How Your Data Makes Them Money, at the Edge of The Law: The Rise and Fall of Social Media Giants appeared first on Heimdal Security Blog.

Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug

Similar to smartphones and computers, Bluetooth is one of the modern-day pieces of tech that has spread wide and far. Billions of devices of all types around the world have the technology woven into their build. So when news about the BlueBorne vulnerabilities broke back in late 2017, everyone’s ears perked up. Fast forward to present day and a new Bluetooth flaw has emerged, which affects devices containing Bluetooth from a range of vendors—including Apple, Intel, Google, Broadcom, and Qualcomm.

Whether it’s connecting your phone to a speaker so you can blast your favorite tunes, or pairing it with your car’s audio system so you can make phone calls hands-free, the pairing capabilities of Bluetooth ensures the technology remains wireless. And this bug affects precisely that — Bluetooth’s Secure Simple Pairing and Low Energy Secure Connections, which are capabilities within the tech designed to assist users with pairing devices in a safe and secure way.

Essentially, this vulnerability means that when data is sent from device to device over Bluetooth connections, it is not encrypted, and therefore vulnerable. And with this flaw affecting Apple, Google and Intel-based smartphones and PCs, that means millions of people may have their private data leaked. Specifically, the bug allows an attacker that’s within about 30 meters of a user to capture and decrypt data shared between Bluetooth-paired devices.

Lior Neumann, one of the researchers who found the bug, stated, “As far as we know, every Android—prior to the patch published in June—and every device with a wireless chip from Intel, Qualcomm or Broadcom is vulnerable.” That includes iPhone devices with a Broadcom or Qualcomm chip as well.

Fortunately, fixes for this bug within Apple devices have already been available since May with the release of iOS 11.4. Additionally, two Android vendors, Huawei and LG, say they have patched the vulnerability as well. However, if you don’t see your vendor on this list, or if you have yet to apply the patches – what next steps should you take to secure your devices? Start by following these tips:

  • Turn Bluetooth off unless you have to use it. Affected software providers have been notified of these vulnerabilities and are working on fixing them as we speak. But in the meantime, it’s crucial you turn off your Bluetooth unless you absolutely must use it. To do this on iOS devices, simply go to your “Settings”, select “Bluetooth” and toggle it from on to off. On Android devices, open the “Settings” app and the app will display a “Bluetooth” toggle button under the “Wireless and networks” subheading that you can use to enable and disable the feature.
  • Update your software immediately. It’s an important security rule of thumb: always update your software whenever an update is available, as security patches are usually included with each new version. Patches for iOS and some Android manufacturers are already available, but if your device isn’t on the list, fear not – security patches for additional providers are likely on their way.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Millions of iOS and Android Users Could Be Compromised by Bluetooth Bug appeared first on McAfee Blogs.

Are Fake Apps Taking Over Your Phone?

It seems some malicious app developers have taken the phrase “fake it ‘til you make it” to heart, as fake apps have become a rampant problem for Android and iPhone users alike. Even legitimate sources, such as Google Play and Apple’s App Store, have been infiltrated with illegitimate applications, despite their own due diligence in combating this phenomenon.

After downloading a fake app, cybercriminals leverage ransomware or malware through ads to run in the background of your device to do damage, making it difficult to notice something’s off. But while you’re minding your own business, your personal data –such as usernames, photos, passwords, and credit card information– can be compromised.

Malicious apps have become more challenging to detect, and even more difficult to delete from a device without causing further damage. The trend of fake apps shows no sign of slowing down either, as bad actors have become more brazen with the apps they work to imitate. From Nordstrom to Fortnite to WhatsApp, it seems no business or industry is off limits.

Luckily, cybercriminals have yet to figure out a sure-fire way to get their fake apps onto our devices. By paying extra attention to detail, you can learn to identify a fake app before downloading it. Here’s how:

  • Check for typos and poor grammar. Double check the app developer name, product title, and description for typos and grammatical errors. Malicious developers often spoof real developer IDs, even just by a single letter, to seem legitimate. If there are promises of discounts, or the description just feels off, those signals should be taken as red flags.
  • Look at the download statistics. If you’re attempting to download a popular app like WhatsApp, but it has an inexplicably low number of downloads, that’s a fairly good indicator that an app is most likely fraudulent.
  • Read what others are saying. When it comes to fake apps, user reviews are your ally. Breezing through a few can provide vital information as to whether an app is authentic or not, so don’t be afraid to crowdsource those insights when you can.

If you do find yourself having accidentally downloaded a fake app, there are steps you can take to rid your phone of it. Here’s what to do:

  • Delete the app immediately or as soon as you notice anything suspicious. If you can’t find it, but you’re still having issues, the app could still be on your device. That’s because, in the interest of self-preservation, fake apps can try and protect themselves from disposal by making their icon and title disappear. If that happens, go to your installed apps page(s) and look for blank spaces, as it may be hiding there.
  • Check the permissions. After installation, check the app’s permissions. Fake apps usually give long lists of frivolous requests in an effort to get access to more data.
  • Clear the app’s cache and data. If you do find the app you want to delete, this is the first step you must take in order to get the app completely off your phone.
  • Take it into your provider. If you’re still having issues after you’ve deleted an app, consider taking your device into your provider to run a diagnostic test.
  • Factory reset. As a last resort, if you can’t find the app because it has “disappeared,” or traces of the app and malware linger, the best way to ensure it is completely gone is to wipe the data, factory reset your device, and start over. This is why it is vital to have backups of your devices.

Even as this ever-growing trend of malicious developers spoofing legitimate applications to gain access to victims’ personal information continues, we can deter their advances simply by paying closer attention to detail. Remember to be vigilant about being aware of the signs to avoid fake apps at all costs.

Interested in learning more about IoT and mobile security tips and trends? Stop by, follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Are Fake Apps Taking Over Your Phone? appeared first on McAfee Blogs.

Cyber Security Roundup for July 2018

The importance of assuring the security and testing quality of third-party provided applications is more than evident when you consider an NHS reported data breach of 150,000 patient records this month. The NHS said the breach was caused by a coding error in a GP application called SystmOne, developed by UK based 'The Phoenix Partnership' (TTP). The same assurances also applies to internally developed applications, case-in-point was a publically announced flaw with Thomas Cook's booking system discovered by a Norwegian security researcher. The research used to app flaw to access the names and flights details of Thomas Cook passengers and release details on his blog. Thomas Cook said the issue has since been fixed.

Third-Third party services also need to be security assured, as seen with the Typeform compromise. Typeform is a data collection company, on 27th June, hackers gained unauthorised access to one of its servers and accessed customer data. According to their official notification, Typeform said the hackers may have accessed the data held on a partial backup, and that they had fixed a security vulnerability to prevent reoccurrence. Typeform has not provided any details of the number of records compromised, but one of their customers, Monzo, said on its official blog that is was in the region of 20,000. Interestingly Monzo also declared ending their relationship with Typeform unless it wins their trust back. Travelodge one UK company known to be impacted by the Typeform breach and has warned its impacted customers. Typeform is used to manage Travelodge’s customer surveys and competitions.

Other companies known to be impacted by the Typeform breach include:

The Information Commissioner's Office (ICO) fined Facebook £500,000, the maximum possible, over the Cambridge Analytica data breach scandal, which impacted some 87 million Facebook users. Fortunately for Facebook, the breach occurred before the General Data Protection Regulation came into force in May, as the new GDPR empowers the ICO with much tougher financial penalties design to bring tech giants to book, let's be honest, £500k is petty cash for the social media giant.
Facebook-Cambridge Analytica data scandal
Facebook reveals its data-sharing VIPs
Cambridge Analytica boss spars with MPs

A UK government report criticised the security of Huawei products, concluded the government had "only limited assurance" Huawei kit posed no threat toUK national security. I remember being concerned many years ago when I heard BT had ditched US Cisco routers for Huawei routers to save money, not much was said about the national security aspect at the time. The UK gov report was written by the Huawei Cyber Security Evaluation Centre (HCSEC), which was set up in 2010 in response to concerns that BT and other UK companies reliance on the Chinese manufacturer's devices, by the way, that body is overseen by GCHQ.

Banking hacking group "MoneyTaker" has struck again, this time stealing a reported £700,000 from a Russia bank according to Group-IB. The group is thought to be behind several other hacking raids against UK, US, and Russian companies. The gang compromise a router which gave them access to the bank's internal network, from that entry point, they were able to find the specific system used to authorise cash transfers and then set up the bogus transfers to cash out £700K.


Here Are the Biggest Cybersecurity Threats to Watch out for in 2018

Cybercriminals are always evolving their tactics in order to steal and compromise data. To stay ahead of them, we compiled the biggest cybersecurity threats in 2018, from cryptojacking to already-infected smartphones, and provided actionable tips for you to stay safe online. As the old saying goes, prevention is better than the cure!

1. Getting their info compromised in massive data leaks

There’s no question about it, the biggest risk for users comes without them even having a choice or an input in the matter. It’s, of course, data leaks.

Beyond the Equifax hack and the Cambridge Analytica scandal and their far-reaching implications, it seems that every month brings a new data leak from a major company.

To help combat this, Firefox announced that they will implement Troy Hunt’s Have I Been Pwned tool into their browser, allowing users to check if their email address was compromised. It’s a great start but it’s not enough.


Unfortunately, as a user, there’s not much you can do about the big services getting hacked. You can, however, protect yourself to the best of your ability, which will eliminate a large number of attack angles on your data and finances.

How to protect yourself:

  1. For non-essential services like newsletters, promotions and various sign-ups, use one or more “burner” email addresses that are not used for your important accounts
  2. Periodically check if your main email address shows up in Have I Been Pwned or Firefox Monitor
  3. Secure every login with two-factor authentication
  4. Carefully consider how much personal information you give away on social media


Tips on how to minimize personal impact in the case of a #databreach
Click To Tweet


2. Smartphones shipping with malware and malicious apps

Mobile malware is one of the fastest growing types of malware and this trend has continued for a few years. Because smartphones have become replacements for desktop computers and laptops for many people, the data they collect and contain is a very appealing target for cybercriminals.

It goes without saying that you should never download apps from unknown sources and stick to the official app stores. However, malicious apps can regularly bypass security measures in the Google Play Store or Apple’s App Store.

Trend Micro actually uncovered apps that promised “smartphone security”, not to mention a host of malicious apps that claimed to clean up storage space or optimize battery usage. All of them actually harvested user data and location, while also pushing advertising in multiple ways. Even the App Store, usually having strict review processes, accidentally allowed a calendar app to secretly mine cryptocurrency in the background.

Just how bad is it?

In 2017, out of around 3.5 million apps in Google Play Store, 700.000 of them were deemed “problematic” – they were either app clones or they were designed to steal information, intercept text messages and send phishing links to the user’s list of contacts.

Maybe 2018 is better. Well, that’s a big maybe. Even with Google Play Protect and other measures from other smartphone or OS makers, things slip by.

top mobile malware families 2018 sophos


Some devices actually ship with malware on them, straight from the factory floor!

In 2017, cybersecurity experts from Checkpoint pointed out that more than 30 high-end smartphones were infected with malware somewhere in the supply chain, before even reaching consumers.

In 2018, Dr. Web drew the alarm that dozens of low-cost Android phones were shipping with the powerful banking Trojan called Triada.

How to protect yourself:

  1. Don’t be lured by the appeal of cheap smartphones if you don’t know the brand – do research before buying a device and make sure the brand has an established community.
  2. Update your apps everytime you receive a notification or let them update automatically. A security patch applied immediately can and will protect you from a lot of malicious attacks on your smartphone.
  3. Take the time to review app permissions when you install them and periodically check those permissions in case they were reset after an update. Does a photo scanning app actually need permission to access your location? No, it does not.
  4. When searching for and installing an app, take a minute and read some reviews about it, checking both the high and low scores. If it doesn’t have reviews yet promises a widely-needed functionality, steer clear of it.
  5. Try to back up your smartphone data at least twice a month

Smartphones are shipping with #malware. Here’s what you should know.
Click To Tweet

3. Ransomware attacks on cloud services

Ransomware is one of the biggest threats for both home users and organizations. Attacks that will encrypt data and then demand hefty ransoms are obviously a profitable endeavor for criminals.

What’s really bad is that usually, a ransomware attack can be minimized if someone has a back-up of their data. That data is usually in the cloud and the cloud can be hit by ransomware.

Petya itself, one of the most virulent strains, was spread through an infected file on Dropbox, one of the most popular backup solutions. Clearly, ransomware in the cloud is a major problem for everyone.

According to MIT, this is one of the six biggest cyber threats. Just like in the case of data breaches, you cannot stop your cloud provider from getting infected, but you can take measures to protect yourself from ransomware.

ransomware statistics 2018 kaspersky

How to protect yourself:

We put together this mega-guide on ransomware protection, but in short, here’s what you should do:

  1. Keep your valuable data backed up, both locally and in the cloud, preferably in multiple locations
  2. Don’t rely on Antivirus alone, as this reactionary software can’t handle the newest strains. Use a proactive tool capable of blocking infections at their source and stopping dangerous links


4. Cryptojacking that affects their hardware

As we explained in our protection guide against cryptojacking, this type of attack involves hijacking your computer’s hardware in order to mine cryptocurrency for the criminals.

One of the most popular ways to do this was to target a vulnerable website and inject a script (Coinhive has been the most popular). Then, unprotected visitors on that website had their computers enslaved in order to mine cryptocurrency.

Cryptojacking has been one of the most popular attacks this year, almost surpassing ransomware, and it’s constantly evolving.

How to protect yourself:

  1. Use a reputable antivirus and, alongside it, an anti-malware solution that constantly scans traffic and blocks infected domains
  2. On any browser, use an Adblocker that has can stop cryptocurrency-mining scripts. One example is uBlock Origin but you can also use the popular extension NoScript
  3. Always update your software, especially your browser, since some cryptojacking targets the browser directly


Spend time with your family, not updating their apps!
Let THOR FREE Silently and automatically update software Close security gaps Works great with your favorite antivirus


Download Heimdal FREE

5. Financial losses and data compromise due to cryptocurrency trading

The end of 2017 marked a crazy in the world of cryptocurrency, with the value of Bitcoin reaching $20K. At the same time, cybercriminals also had an even bigger incentive to get creative with their attacks.

Beyond cryptojacking, which usually affects those who are not invested in cryptocurrencies, those who owned any type of virtual coins were prime candidates to lose their money.

In  June, the sixth-biggest crypto exchange in the world, Bithumb, was hacked, and around $30 million was lost. Fortunately, those users who kept their coins there were reimbursed, but others were not so lucky.

In February, another crypto exchange (BitGrail) was hacked. The attackers took off with $195 million worth of Nano cryptocurrency belonging to users. That incident blew up in a scandal after the company initially refused to refund users. And that’s only the attacks on the exchanges themselves.

cryptojacking cryptocurrency hacks

Cryptocurrency holders around the world are constantly targeted by ever-evolving attacks aimed at their virtual wallets.

One cryptocurrency trader and YouTube personality, Ian Balina, was targeted in a hack and lost almost $2 million dollars. Another, Peter Saddington, told the press that someone used social engineering on Verizon’s customer service then targeted him. He lost a “significant amount” of money and a lot of valuable data.

“It fundamentally changed my life. I lost everything. I lost 13 years of emails,” he said.

In January, a criminal stole $150.000 by tricking would-be investors in an ICO sale to send their payments to a fraudulent wallet address using good, old-fashioned phishing. Wired had a great write-up on why it’s so easy to hack a cryptocurrency fundraiser.

Even the popular Hola VPN chrome extension was hacked and replaced with a compromised one designed to steal cryptocurrency.

How to protect yourself:

While it’s impossible to control for all outcomes, especially a data breach, there are some steps you can take:

  1. If you invest in cryptocurrency do not tell others about this. Specifically, don’t post on social media about it.
  2. Use this guide to secure your assets before even considering investing, as security best practices will help you have a good base.
  3. Keep your funds in multiple wallets
  4. Secure all your logins with two-factor authentication
  5. Stay on top of the news to keep up with the latest types of scams. A dose of paranoia when involved in crypto is one of the healthiest things you can do.

Actionable tips to safely use #cryptocurrency
Click To Tweet


6. Scams with advanced social engineering tactics

We try to keep up with the most popular or creative online scams and gather them in our prevention guides so that you can stay safe. Fossbytes wrote a very good rundown on the types of social engineering techniques that can compromise your info, from phishing to baiting and the “quid pro quo”, where criminals pose as support employees.

However, with the rise of AI and machine learning, those criminals can efficiently automate their attacks in order to maximize their reach.

“Machine learning models can now match humans at the art of crafting convincing fake messages, and they can churn them out without tiring,” warns MIT Technology Review.

How to protect yourself:

  1. Learn how to spot a phishing link and understand how other techniques like vishing or spear phishing work
  2. Install a traffic scanner on your PC that can block malicious links and attempts to connect to infected domains
  3. Avoid posting too much personal information on social media


7. IoT devices like smart locks or smart assistants being hacked

In May, an NYTimes piece perfectly articulated privacy advocates’ biggest concerns and one of the biggest cybersecurity threats, citing a group of Berkeley researchers who managed to attack Alexa.

“Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.

A group of students from University of California, Berkeley, and Georgetown University showed in 2016 that they could hide commands in white noise played over loudspeakers and through YouTube videos to get smart devices to turn on airplane mode or open a website.

This month, some of those Berkeley researchers published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text. So while a human listener hears someone talking or an orchestra playing, Amazon’s Echo speaker might hear an instruction to add something to your shopping list.”

amazon echo

While the reporter and researchers underlined that, to the extent of their knowledge, fortunately, no such attacks have been spotted in the wild.

By exploiting the “re-prompt” feature that makes Alexa clarify an order, Checkmarx tricked Amazon Echo to record everything spoken even if the wake word wasn’t used. It was just this year’s headline, as in 2017 one security researcher, Mark Barnes, showed off how to install malware on an Amazon Echo.

Of course, Amazon is a huge company, so it invests plenty in securing their devices and their reputation. However, there is no such thing as unhackable software, so you need to exercise caution.

How to protect yourself:

  1. Consider if you do need to have a device like a voice assistant connected to every smart appliance you own. “Convenience versus privacy and security” is a debate everyone should have with themselves before purchasing devices and software.
  2. If you own a device like this, make sure you connect it to a secure WiFi. Use this guide to enhance the security of your home network.
  3. Be careful about allowing smart devices access to your credit card. Last year, an Amazon Echo owner woke up to find Alexa had purchased a lot of dollhouses.
  4. Take stock of who visits your home and what kind of access your friends and family have to your voice assistant


While not all of them are new and most are based on tactics already seen, these are the biggest cybersecurity threats for users in 2018. If you have one more to add to the list (or even a great security tip!) let us know below. We’d love your input!

The post Here Are the Biggest Cybersecurity Threats to Watch out for in 2018 appeared first on Heimdal Security Blog.

Why Malware as a Business is on the Rise

The alarming growth of malware attacks in the last years should concern each of us, but what is more important, should make us AWARE of the risks and consequences. Taking action and preventing these malicious activities operated by cybercriminals has to be a top priority IF we want to stay safe online.

The reality is that cyber attackers now use different strains of malware, much more sophisticated and agile that prove to be effective and successful, challenging us to build a stronger defense against them.

Malware evolves at a rapid pace because of advanced malware mastering the art of evasion. Thus, traditional antivirus engines find it difficult to detect attacks in the first stages. Malware is getting bigger and bigger. It fuels growth, innovation and encourages malicious actors to easily reach their goals.

In this article, we’ll have an in-depth analysis of malware and learn: where it hides, what are the most dangerous malware attacks so far, why malware a profitable business for cybercriminals and offer actionable security tips to help you better prevent these attacks and keep yourself (and your digital assets) safe.

Why malware attacks keep happening?

In the context of this ever-changing threat landscape that never ceases to challenge everyone from home users, organizations to security researchers and communities, this question makes a good point.

It’s simple. Malware still works, and humans have their contribution to helping attackers succeed with their malicious plans.

True fact: Throughout our old habits that seem to die hard (not updating our software frequently, or reusing the same password for various online accounts), we maintain security holes that malicious actors are exploiting and fueling this growing malware business.

According to a report from Trustwave security company, 22 percent of respondents (security respondents) said that “preventing malware, including ransomware, was their biggest security threat and obligation for 2018”, while the second biggest pressure was identifying vulnerabilities (17%) and the third one (13%) was preventing social engineering and phishing attacks.

Paul Edmunds, Head of Technology at the National Crime Agency’s National Cyber Crime Unit (NCCU) states that:

 It’s really important to understand the impact that malware has. It’s a massive criminal enabler that underlines most cybercrime. It’s an infrastructure that’s used for compromising devices to conduct most of the prominent attacks that you see.

The evolution of malware

Before we understand its impact, let’s take a few steps back and have a look at how malware evolved lately to become such a serious and threatening business to everyone.

The malware market evolved from something that was tested and probably used for fun, – with hackers creating programs to see how they can gain access to unauthorized places and then focusing on money and going for stealing personal data – into a more targeted attack vector.

Did we ask for malware? No, but there’s a big business out there and we are all responsible in a way or another for making it alive and growing.

According to Cisco 2018 Annual Cybersecurity Report, the evolution of malware was “one of the most important developments in the attack landscape in 2017”. “Malware is becoming more vicious. And it’s harder to combat. We now face everything from network-based ransomware worms to devastating wiper malware.”

This graphic from AV-Test shows the growth of total malware over the last five years:

Here's how malware evolved


Also, did you know that “in the second half of 2017 on average 795 new malware specimen were discovered per hour i.e. 13 per minute.”?


Regardless of the smartphone landscape, mobile malware is one of the fastest types of malware, targeting more and more Android users. In the first quarter of 2018, the G DATA security experts detected “an average of 9,411 new malware every day for the popular Android operating system”. This means: A new malware appearing every 10 seconds.

The rise of ransomware attacks

Perhaps a clear evolution of malware economy has seen last year with the two massive and devastating cyber attacks: WannaCry and (non)Petya.

The first one was called by Europol an attack of “an unprecedented level” that took down entire networks and caused business disruption across 150 countries and infecting more than 200,000 computers. Not to mention about the financial damage caused, because many companies and public institutions have had their computers and data encrypted, and the only way to get it back was to pay a ransom.

If during the WannaCry ransomware, cyber criminals used the EternalBlue method, with (non)Petya ransomware outbreak, – that also spread fast and had self-replicating abilities. -, they changed the type of malware from ransomware to wiper. How is this different? The purpose of a wiper is to destroy and damage, while ransomware is mainly focused on making money.

In 2018, malware is even more agile, and Gandcrab ransomware is a great example. It is a fast-growing malware that’s been used and spread in waves of spam campaigns. While it reached the version 4 already, this piece of malware was initially distributed via exploit kits which abuses software vulnerabilities found in systems.

Here’s what you need to know about the growth of malware as a business.
Click To Tweet

The newest version 4 of this malware family includes “different encryption algorithms, a new .KRAB extension, new ransom note name, and a new TOR payment site”. So far, Gandcrab is one of the most prevalent and biggest ransomware attacks in 2018. Here’s a more in-depth and technical analysis of how Gandcrab ransomware evolved if you want to dive into this topic.

If you’ve been hit by any of these ransomware attacks or others, we strongly advise you NOT to pay the ransom to get your data back. Instead, check out this list of decryption tools to unlock your data for free.

5 key places where malware can hide

Malware authors often look out for new techniques to hide their malicious files which often go unnoticed by antivirus software or threat intelligence analysis.

Here are the most common places where malware can hide:

  • Email attachments – Most of the security alerts we’ve written talk about malware being delivered via emails to potentially infect victims’ computers. Sadly, many people still download, open, click and enable malicious attachments to run on their computers. Here the example of a variant of Trickbot malware in which cybercriminals lure victims into clicking on a malicious word document attached in the email.
  • Links sent via email – Another common place where malware can hide is a link received via email which is more tempting for users to simply click it than downloading an attachment. This mindless clicking behavior is known and exploited by cybercriminals.
  • Traffic redirect – Another place that malicious actors exploit to hide malware is in the Internet traffic(especially in the browser). As we spend most of the time reading online, browsing blogs or buying on the Internet, it’s easy to become a target. Traffic redirect may be invisible for the unskilled users, so they land on sites where malware is hidden in the code of the page or on the ads listed on the site.
  • Software updates – Probably the story of compromised versions of CCleaner software apps is the best example here. Hackers spread hidden malware in the version 5.33 of the CCleaner software which has been downloaded by more than two million users. Full story here.
  • Hidden and infected mobile apps – Given the rise of mobile apps, we’re likely to download and install all kind of apps on our device, without taking any caution. Here’s an example of malware threat known as hidden administrator app that targets Android users. It is an infected app that installs itself with administrator privileges and takes control of your mobile device.

If you want to find out more about how and where cybercriminals hide their malicious code in files, links, apps we use on a daily basis, read this guide.

Why Malware is a profitable business for malicious authors

Just like any other business, the purpose of malware authors is to turn it into a big and profitable business of millions (or even billions of dollars). To do that, it’s important for them to know and ask for the right price.

Making money from malware has proved to be a winning option for cybercriminals. Usually, they choose rich and developed countries, target large and successful organizations, from where they can extort a lot of money and access their valuable data.

As the number of ransomware attacks continue to grow exponentially, its authors will keep making a lot of money, because most of the victims choose to pay the ransom.

According to the Telstra Security Report, more than half of businesses who were victims of a ransomware attack have paid the ransom and they would do it again. “Some 60 percent of ransomware victims in New Zealand and 55 percent in Indonesia paid the ransom, making it the highest for Asia. In Europe, 41 percent of respondent ransomware victims paid up.”

On top of that, another research conducted by Cybersecurity Ventures estimates that ransomware damages will cost the world more than $8 billion in 2018 and they will reach $11.5 billion annually by 2019.

The attackers behind Wanna cry ransomware may have caused global panic among users and organizations, but what about its financial costs? In total, it has been estimated that they made $143,000 in Bitcoin of this massive attack.

The Gandcrab ransomware that continues to evolve and quickly being spread into various spam campaigns “has infected over 50,000 victims and claimed an estimated $300-600K in ransom payments”, according to Check Point Research. In the figure below, you can see the attack by geographic location of a target.


The success of Bitcoin cryptocurrency and its price reaching a historic $20K at the end of 2017 influenced the rise of cryptojacking malware attacks.

New findings from Check Point research stated that “the number of global organizations affected by crypto-mining malware more than doubled from the second half of 2017 to the first six months of this year, with cybercriminals making an estimated $2.5 billion over the past six months.”

The research also discovered that hackers are now targeting cloud services because most businesses store their sensitive data there. And there are more cyber security threats that should concern us and determine to implement solid prevention and security measures.

All these examples from above show that malware business is still growing, by switching from a macroeconomic level to microeconomic level. The malware market, like any other, offers a wide range of products to fit users’ diverse needs. You can find APTs, ransomware, banking trojans, cryptojacking, data breach, online scams, malware families with as many names as you can possibly wish for. Just like when you go to the supermarket and you have a plethora of vegetables and fruits to choose from.

Today’s malware is more targeted, but not necessarily more sophisticated. They still exploit software vulnerabilities found in devices, and that’s not something too complicated about it. Today malicious actors are both agile and creative and try techniques that still work. Today next-gen malware attacks have the ability to evade detection and bypass antivirus programs users install on their computers to keep their data safe.

Security measures to apply against malware attacks

We might not have asked for a malware market, but we are still serving it through unpatched software, by not backing up data, not getting enough education and knowledge of cyber security and many more.

Time to act is right NOW!

Malware threats are wide spreading and difficult to combat, so, once again, we emphasize that prevention is the best strategy to stay safe online.

Make sure you don’t fall victim to malware and follow these cyber security measures:

  • Always keep your software patched and up to date, including the operating system and every application you’re using on a daily basis;
  • Keep a backup with all your important data on external sources like a hard drive or in the cloud (Google Drive, Dropbox, etc.). This guide shows you how to do it;
  • Once again, we urge you: Do NOT OPEN emails or click on suspicious files/attachments. Be very cautious!
  • Remember to set strong and unique passwords with the help of a password management system. This security guide comes in handy.
  • Use a reliable antivirus program as a basic protection for your device, but also consider including a proactive cyber security solution as a second layer of defense for maximum protection.
  • Always secure your browsing while navigating the Internet and click on websites that include only HTTPS certificate;
  • Teach yourself (and master basic cyber security) to easily spot online threats delivered via emails, social engineering attacks or any other method attackers may use.
  • We remind you that security is not just about using a solution or another, it’s also about improving our online habits and being proactive every day.

Will malware as a business continue to grow? I think it will, as long as was – and still is – heavily sustained by ransoms paid by victims who want immediate access to their valuable data. It will continue to grow as long as we don’t apply basic security measures that can make us less vulnerable to these attacks.

This article was initally written by our CEO, Morten Kjaersgaard, in 2015, but refreshed and improved by Ioana Rijnetu in July 2018.

The post Why Malware as a Business is on the Rise appeared first on Heimdal Security Blog.

Time to Take a Good, Hard Look at Your Cybersecurity Health

What happens when your livelihood is at stake, thanks to someone stealing your identity or draining your account? The real-life possibilities are nerve-wracking, to say the least. The constant barrage of cyberthreats we face as consumers today is exhausting. Just this month, two major situations were revealed.  A Florida marketing firm, Exactis, had their database on a publicly accessible server. The information exposed ranged from phone numbers, home, and email addresses to the number, age, and gender of a customer’s children. As of now, social security numbers and credit card data have not been leaked. However, what makes this breach particularly anxiety-inducing is that now cybercriminals have the ability to improve the success rate of socially engineered attacks. For example, phishing attacks could become rampant through social media and email.

To add insult to injury, last week, researchers found a way to discover everything you type and read on your phone simply by studying the differing power levels of a smart battery. By implanting a micro-controller into a phone’s battery, they could record the power flowing in and out of the device. Then, with the use of AI, power flows were matched with specific keystrokes. Using this technique, the researchers proved that cybercriminals could record passwords, monitor website activity, access call records, and know the last time the camera was used. Smart batteries are attractive targets because they are not as secure as your phone. In fact, they expose all personal data. While the possibilities are stressful, the good news is that this attack remains theoretical.

The seemingly endless string of security events and the stress they cause can take a serious toll on our well-being. While we can’t prevent breaches from occurring, it’s important to remember that we can be prepared to take the right steps to minimize any damage when one hits. Whether we’re dealing with the repercussions of a data breach, or adapting to new vulnerabilities, developing positive security habits can help improve and maintain your digital health. Taking care of your mobile devices to ensure they remain secure – and therefore optimally functional – is like taking care of your own well-being; to maintain cybersecurity health, you have to perform basic upkeep.

To help you prepare in advance for the next data breach and ensure your device remains in good cybersecurity health, here are some habits you should consider picking up, stat:

  • Be aware of your surroundings. Mindfulness is a habit that can be developed, provides almost instant results, can support longevity, general awareness and well-being. We can learn a lot from mindfulness when it comes to cybersecurity. By taking a little bit of time to be aware of our surroundings, we can prevent vulnerabilities and potential threats simply by paying attention.
  • Set up alerts. Just like going to a doctor regularly for check-ups, you should “check-up” on your accounts. Not all data breaches expose financial data, but personal data that is leaked can still be used to access your financial accounts. Talk with your bank or financial planner about setting up a fraud alert on your cards to maintain control of your accounts.
  • Stay away from untrustworthy emails or messages. The mantra “no bad vibes” is surprisingly full of wisdom. Ridding your life of energy suckers and toxic people supports health – and the same goes for malicious messages. If you see a suspect item from an unknown source in your inbox or via a direct message or comment on social media, do not click on the message. If you do open it, be sure not to click on any links. To be safe, delete the email or message altogether.
  • Avoid public Wi-Fi when possible. Just as sleep is a panacea of sorts that helps to fight off bugs, giving your phone a break from public Wi-Fi is one of the best things you can do to ensure your cybersafety. The use of public Wi-Fi can offer cybercriminals a backdoor into your phone. By spoofing a legitimate website, they can gain access to your sensitive information. Give your device a much-needed break until you can use Wi-Fi you trust, you’ll save yourself a serious headache.
  • Switch up your passwords. It’s been said that variety is the spice of life, the secret to a happy relationship, and a way to stay engaged and aware in old age. The same is true when it comes to your passwords. When you mix it up, you keep cybercriminals guessing. Passwords are your data’s first defense against cybercriminals. Be sure to change them every so often and never use “1234” or “password.” If remembering a difficult password or remembering a multitude of them is hard, consider using a password manager.
  • Consider investing in identity theft protection. Vitamins are excellent supplements to a healthy diet, adding in additional nutrition when and where you need it — but not meant to be taken as the sole way to maintain health. Identity theft protection can be a supplement of sorts to your already positive security habits. With McAfee Identity Theft Protection, users can take proactive steps toward protecting their identities with personal and financial monitoring and recovery tools.

The power of habit actually dictates 40% of our day. As with your body and mind, the more you create healthy, positive habits, the easier it is to maintain health. The same is true for your security “health.” The more you express safe habits, the easier it will become and the safer you will be – both in the short and long term.

Interested in learning more about IoT and mobile security tips and trends? Stop by, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post Time to Take a Good, Hard Look at Your Cybersecurity Health appeared first on McAfee Blogs.

Report: Gaming Addiction is a Real Thing. So What Can Parents Do Next?

It’s one of my biggest parenting regrets to date: About a decade ago, I failed to put limits around my teen’s passion for playing video games. He loved them, and I let him.

I convinced myself that my son’s video gaming provided him with an instant community where he daily climbed to the top of the scoreboard. A personal, consistent win for my first-born, more quiet child, right?

Looking back, I lied to myself at crucial moments along the way. I minimized his growing obsession by calling it a hobby. As he grew more engaged with gaming, he became more distant from our family. I ignored the fact that he was acquiring friends I didn’t know and forfeiting time outdoors for his preferred virtual landscape.

When our relationship hit several rough patches in later years, I failed to connect that friction back to his topheavy gaming habits. All the while, as a mom, I knew deep down (in my mom “knower”) I could have — should have — done more to limit his gaming.

New Findings

Not surprising, the World Health Organization (WHO) just recently classified a new form of addiction called “gaming disorder.” That designation means health professionals can now treat dangerous levels of video gaming as a legitimate addiction.

Thankfully, my son’s one-time excessive gaming didn’t reach the addiction level even though it was serious enough to negatively impact our family dynamic.

I can’t go back. However, if there’s a parent who can learn from my heartache in this area, I hope this post might help.

The Upside

We know gaming isn’t the enemy. In fact, gaming has been credited with helping kids overcome depression, anxiety, and social insecurities. Gaming is also blowing open new doors in education as we understand how today’s digital learners (many of whom are gamers) consume information and find solutions. We know gaming skills are helping build tomorrow’s cybersecurity experts, app developers, programmers, military strategists, surgeons, and leaders.

With the benefits understood, balance is the magic word when it comes to the healthy use of any technology we welcome into our homes.


The WHO’s official definition of “gaming disorder” includes:

  • A pattern of behavior for at least 12 months in which gaming is out of control.
  • The pattern of behavior must show an “increased priority given to gaming” to the point that gaming “takes precedence over other interests and daily activities.”
  • A “continuation or escalation of gaming despite the occurrence of negative consequences,” or behavior that affects one’s relationships, education, or occupation.

So what can you do if you recognize even one of the warning signs above? Plenty. It’s never too late to make changes in your family. All you need is knowledge, action, and some mad follow-through skills.

5 Ways to Help Kids Balance Gaming

Set and enforce time limits. Start setting technology time limits when your kids are young. If your kids are older, don’t shy away from announcing new house rules starting today. Yes, kids may complain, but experts agree: Rules help kids feel loved and safe. Parental control software will help you set time limits on your child’s device usage and help minimize exposure to potentially malicious or inappropriate websites. Another tip: Set a timer on your smartphone or go old school and crank up that kitchen timer. Take it from this regret-filled mom: Time limits will make every difference in helping kids find balance.

Be a role model. You can’t tell your kids they have to get off of Call of Duty then spend the next eight hours constructing high-scoring word combos on Words with Friends. Model smart tech use and moderation. Even place that kitchen timer next to you if you need it.

Roll up your sleeves — get gaming. Jump into the game with your kids so you can better understand the content, the community, and the messages coming into your home. Get a glimpse into the appeal of the game for your child and the skills needed to advance. Once you have this perspective, you will intuitively know how to monitor your child’s time on specific games. This is also a great opportunity to share your values on certain topics or narratives addressed in games.

Stay safe while gaming. Gaming’s purpose is fun, so it’s rare that a child or even a parent is focused too much on safety when kids log on to play. Still, there are safety risks. A recent McAfee survey found that parents are concerned with issues connected to gaming such as sexual predators, data risks, inappropriate content, and bullying, but few take steps to remedy those concerns. Several products such as McAfee Total Protection can help keep connected devices safe from malware and McAfee WebAdvisor can help you avoid dangerous websites and links.

Don’t overreact. It’s easy to fear what we don’t understand. True video game addiction is rare. The WHO’s new classification isn’t describing the average gamer who spends a few of hours a day gaming with friends. The designation targets serious gaming habits that destroy people’s lives such as neglecting hygiene and nutrition, rejecting loved ones, staying up all night, and losing jobs due to gaming. The more you understand about your child’s favorite games, the better parenting decisions you will be able to make.

toni page birdsong


Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post Report: Gaming Addiction is a Real Thing. So What Can Parents Do Next? appeared first on McAfee Blogs.

The Exactis Data Breach: What Consumers Need to Know

There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.

Therefore, it’s important consumers immediately take action to protect their personal security and identity. To do just that, follow these tips:

  • Keep an eye out for sketchy emails and messages. Cybercriminals can leverage this stolen information for phishing emails and social engineering scams. So, if you see something sketchy or from an unknown source in your email inbox or a social media message, be sure to avoid clicking on any links provided. Better to just delete the email or message entirely.
  • Set up an alert. Though this data breach does not compromise financial data, this personal data can still be used to obtain access to financial accounts. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, almost every American adult could be facing the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

"metadata": {
"id": "0314018a-527d-44cc-a71d-995cd761cd4a",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "",
"author": "Gary Davis",
"author-page": "",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "",
"feedimageurl": "",
"pubDate": "Thurs 28 June 2018 12:35:48 +0000"

The post The Exactis Data Breach: What Consumers Need to Know appeared first on McAfee Blogs.

A Traveler’s Guide to International Cybersecurity

When you think of the most valuable thing you could lose while traveling, what comes to mind? Your suitcase, wallet, passport? What comes to my mind is my mobile device. Especially while traveling abroad, my mobile device is my lifeline and is essentially the remote control to my digital life.

What many international travelers do not realize is that their devices are often more vulnerable when taking a long-distance trip. Because they store and transmit our personal information – from website logins to banking information – these devices are much more valuable than the contents of your wallet or suitcase. Especially while you’re abroad and not used to your surroundings, pickpockets and cybercriminals can prey on your vulnerability to steal or infect your devices. Luckily, there are cybersecurity precautions you can take before, during and after international travel to ensure your information stays safe.

Before Travel

First and foremost, you have to get your device security in order before you hit the skies or hit the road. Now is the time to be proactive, not reactive, when it comes to protecting your information. The best thing to do would be to leave your devices at home where you know they will be safe. However, that’s unrealistic for most people, since we’re tethered to our mobile gadgets. So at the very least, before you head on your trip, make sure to:

  • Clean up your device. Clear your browser history and delete cookies.
  • Consider deleting apps that you don’t use altogether to avoid unnecessary vulnerability.
  • Encrypt any personal data to ensure that information stays protected. Back up any files to an external hard drive or desktop if your encryption fails.

During Travel

Whether you’re home or abroad, it’s important to always be vigilant and aware of your surroundings, both online and in-person. While device theft is uncontrollable, you can control how and where you use your devices. When you’re traveling internationally, public, free Wi-Fi is sometimes the only option for service. Unfortunately, it can be exploited by cybercriminals as a gateway to your devices. By spoofing legitimate Wi-Fi networks, these nefarious folks could gain access to sensitive data and private accounts and potentially request money for the return of your information, making public Wi-Fi the biggest threat to your cybersecurity. To avoid being compromised, be sure to:

  • Mitigate risk and avoid making online purchases or accessing bank accounts while using public Wi-Fi.
  • Use your smartphone to create a personal hotspot, if you are in dire need of an internet connection.
  • Use a Virtual Private Network (VPN) to encrypt any data you may receive while on your trip.

After Travel

Arriving home after travel is an already exhaustive experience – don’t exhaust your device by bringing any malware back with you. Remember that if you connected to local networks abroad, your mobile devices may have been susceptible to malware. So, in order to help your device be ready for its return back home, follow these tips:

  • Update your software. By updating your apps when prompted, you’ll ensure you have the latest patch and avoid any vulnerabilities that may have surfaced while you were away.
  • Delete travel apps you needed for your trip but no longer use. These can store personal information that can be accessed if they are not regularly used or updated.
  • Reset your passwords, pins and other credentials you may have used while abroad, regardless if you think you were compromised or not. Changing them will render the stolen credentials useless.

Interested in learning more about IoT and mobile security tips and trends? Stop by, and follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post A Traveler’s Guide to International Cybersecurity appeared first on McAfee Blogs.

#CyberAware: 4 Actionable Steps to Boost Your Family’s Safety Online

Summer has officially rolled out its welcome mat. But as most parents might be thinking about slowing down, for most kids, summer is when digital device use goes into overdrive. That’s why June — which also happens to be Internet Safety Month — is a perfect time strengthen your family’s digital readiness.

Good news: This digital safety skills booster is quick and actionable. And who knows — if a few of these tips boost your family’s safety, you may have just saved summer for everyone!

4 Ways to Boost Family Safety Online 

Practice safe social. Challenge your family to reign in its social footprint by taking these specific actions: 1) Adjust privacy settings on all social networks. 2) Trim friend and follower lists. 3) Delete any personal data on social profiles such as birthdate, address, or school affiliation. 4) Edit, limit app permissions. As we’ve just seen in the headlines, the misuse of personal data is a very big deal. 5) Share with care. Routinely scrolling, liking, and commenting on social sites such as Snapchat and Instagram can give kids a false sense of security (and power). Remind tweens and teens to share responsibly. Oversharing can damage a reputation and words or images shared callously can damage other people.

Practice safe gaming. Summertime is a gamer’s heaven. Endless battles and showdowns await the dedicated. However, some digital pitfalls can quickly douse the fun. According to the National Cyber Security Alliance’s gaming tip sheet, safe gaming includes: updating gaming software, protecting devices from malware, protecting your child’s personal data, using voice chat safely, and paying close attention to content ratings.

Practice strong security. There are some steps only a parent can take to safeguard the family online. 1) Parental controls. Filtering software blocks inappropriate websites and apps as well as establishes boundaries for family tech use. 2) Comprehensive security software helps protect your PCs, tablets, and devices from viruses, malware, and identity theft. 3) Keeping your guard up. According to McAfee’s Gary Davis staying safe online also includes digital habits such as using strong passwords, boosting your network security and firewall, and being aware of the latest scams that target consumers.

Practice wise parenting. 1) Know where kids go. Know which apps your kids love and why, how they interact with others online, and how much time they spend online. 2) Unplug. Establish tech-free family activities this summer. Powering off and plugging into quality time is the most powerful way to keep your family safe online. Strong relationship empowers responsibility. 3) Be confident. As parenting expert, Dr. Meg Meeker says, parents should be parenting from a place of confidence, rather than from a place of fear. “The temptation for parents is to think that they have no control over what their child does online. This isn’t true,” says Meeker. “Parents, you are in control of your child’s technology use; it is not in control of you.”

toni page birdsong


Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post #CyberAware: 4 Actionable Steps to Boost Your Family’s Safety Online appeared first on McAfee Blogs.

Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach

When we find out our favorite artist is coming to town, we immediately head to the web to snatch up a ticket to their show. This where ticket distribution services, such as Ticketmaster and TicketFly, become handy, as they allow us to easily input our information to claim a spot for the show. But as of this week, users of the latter company are unfortunately now dealing with that very information being compromised by a massive data breach. In fact, Troy Hunt, founder of “Have I Been Pwned,” discovered that a hacker posted several Ticketfly database files to a public server online.

This attack first began with an unnamed hacker informing Ticketfly of a security vulnerability and demanding a ransom of one bitcoin to reveal the flaw and help fix it. This threat was met with no response. Following which, the hacker then defaced the site, prompting the company to take it offline, and stole piles of Ticketfly customer data in the process.

In addition to a whopping 26 million email addresses, this stolen data includes users’ names, phone numbers, home and billing addresses. As of now, no financial information has been published publicly by the hacker, but he or she has threatened to post more data if they are not paid their ransom.

So, with this personal information out in the open and potentially more still to come, what can these Ticketfly customers do to ensure they protected their data? Start by following these tips:

  • Keep an eye out for sketchy emails. One way cybercriminals can leverage stolen emails is by using the list for phishing email distribution. If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
  • Set up an alert. Though this hacker has not published financial data, that doesn’t mean he or she may not still have it on hand. Therefore, if you’re a Ticketfly user, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Invest in an identity theft solution. With this breach, Ticketfly users may be faced with the possibility of identity theft. That’s precisely why they should leverage an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

The post Cybercriminals Steal the Show! 26 Million Ticketfly Customers’ Data Compromised in Massive Breach appeared first on McAfee Blogs.

High-Tech & Hackable: How to Safeguard Your Smart Baby Devices

It’s just about as creepy as it gets: A hacker breaking into a smart device in your baby’s nursery. The Internet of Things (IoT) has wrapped our homes technology, which means any piece of technology you own — be it a smartphone, a thermostat, or even a baby toy or monitor — is fair game for hackers.

High tech products geared toward parents of newborns and kids are on the rise. Reports show that new parents are fueling this industry and purchasing everything from smart diapers, onesies, baby monitors, digital bassinets, soothers, high-tech swings, breathing monitors, play pads, and a string of smart toys. Parents purchasing baby tech and digital toys are counting on fresh tech ideas and products to increase efficiency and maintain a constant connection to their kids.

But these seemingly efficient products, some argue, could be increasing parent’s stress in some cases. Are these tech products, which are also highly hackable, worth the risk and worry?

The Pros

Peace of mind, safety. Smart baby devices give anxious parents added peace of mind when it comes to worries. Who doesn’t want to see their sweet baby deep in sleep and go to bed without worry? Given a chance, many parents welcome the opportunity to know their baby’s temperature, oxygen levels, heartbeat, and breathing are on track.

Remote monitoring, convenience. When you can be downstairs or working in the yard, or in your home gym, and still check on a sleeping baby, that’s an incredible convenience that many parents welcome as a productivity booster.

Learning and development. Many parents purchase smart devices for kids in an effort to help them stay on track developmentally and ensure they are prepared for the tech-driven world they are heading into.

The Cons

Hackable. Any device that is web-enabled or can connect to the cloud has the potential to be hacked, which can create a whole new set of issues for a family. If you are getting sleeping, breathing, and health data on your child, anyone else could be getting that same information.

False readings. Baby technology, as useful as it appears, can also have glitches that medical professionals argue can be more harmful than helpful. Can you imagine waking up at 2 a.m. to a monitor alarm that falsely says your baby isn’t breathing?

Complex, pricey. Some of the products can be complicated to program and set up and pricey to purchase or replace.

So why would a hacker even want to break into a baby monitor, you may ask? For some hackers, the motive is simply because they can. Being able to intercept data, crash a device, or prove his or her digital know-how is part of a hacker’s reward system. For others, the motives for stalking your family’s activities or talking to kids in the middle of the night can prove to be a far more nefarious activity.

Tips to safeguard baby tech:

Think before you purchase. According to the tech pros, think before buying baby tech and evaluate each item’s usefulness. Ask yourself: Do I need this piece of technology? Will this product potentially decrease or increase my stress? If a product connects to the wi-fi or the cloud, weight its convenience against any risk to your family’s data.

Change default passwords. Many products come with easy-to-guess default passwords that many consumers don’t take the time to change. This habit makes it easy for hackers to break in. Hackers can also gain access to entire wifi networks just by retrieving the password stored on one device. (Sometimes all a hacker does is google a specific brand to find the product’s password — yes, it’s as easy as that!)

Buy from known brands. Buy from reputable manufacturers and vendors. Google to see if that company’s products have ever been digitally compromised. And although it’s tempting to get your device used to save a little money, second-hand technology might have malware installed on it so beware.

Update software, use strong passwords. If there’s a software update alert connected to your baby tech, take the time to update immediately and be sure to choosing a password with a minimum of 16 characters and not using the same password for more than one device.

Turn off. When your devices are not on, there’s no vulnerability so, even with all the safeguards, remember to turn off devices not in use for that last layer of protection.

toni page birdsong



Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her on Twitter @McAfee_Family. (Disclosures).

The post High-Tech & Hackable: How to Safeguard Your Smart Baby Devices appeared first on McAfee Blogs.

Cyber Security Roundup for May 2018

I'm sure the release of the GDPR on 25th May hasn't escaped anyone's attention. After years of warnings about the EU parliament's intended tough stance on enforcing the human right to privacy in the digital realm, a real 'game changer' of a global privacy regulation has finally landed, which impacts any organisation which touches EU citizen personal data. 

The GDPR's potential hefty financial penalties for breaching its requirements is firmly on the radar of directors at large enterprises and small businesses alike, hence the massive barrage of emails we have all have received in recent weeks, on changes to company privacy statements and requesting consent, many of which I noted as not being GDPR compliant as obtaining "explicit consent" from the data subject. So there is a long way to go for many organisations before they become truly GDPR compliant state based on what I've seen so far in my mailbox.

Cybercriminals have been quick to take advantage of the GDPR privacy emails deluge, using the subject matter in their phishing attacks to cheat access to accounts and con victims.
On a positive GDPR note, also on 25th May, IBM developerWorks released a three-part guidance series written by myself, aimed at helping Application Developers to develop GDPR compliant applications.

Developing GDPR Compliant Applications Guidance

Overshadowed by the GDPR coming in force, was the release of new NHS Data Security and Protection Toolkit, aimed at the NHS and their service providers, and the European NIS Directive (for telecom providers) went under the radar, but they are significant to those working in those industries.

Always make sure your Broadband Router\Hub does not permit remote administrative access (over the internet) and is always kept up-to-date with the latest security patches, otherwise, it will be at serious risk of being hacked and remotely controlled by cyber-criminals. As evidenced with month, after a DNS flaw in over 800,000 Draytek Routers has allowed hackers to take them over, malware called VPNFilter has infected 500,000 routers, and serious vulnerabilities has been reported in TP-Link EAP controllers.

IBM made headlines after banning its workers from using USB sticks, which I think is a good and reasonable policy. As quite frankly any modern enterprise, whether large or small, with a decent IT infrastructure and cloud services, staff shouldn't need to use USB devices to move data either internally or externally with third parties, so I see this as a rather smart business and security move to ban all USB devices, as it forces staff to use the more secure and more efficient technology made available.

As my @securityexpert twitter account crossed the 10,000 follower threshold Twitter advised 300 million users to reset their passwords after internal error. Apparently, the passwords for the Twitter accounts were accidentally stored in a database in their "plain text" value instead of using a hashed value for the password, as per best practice. I always strongly recommend Twitter users to take advantage and use the multi-factor authentication system Twitter provides, which reduces the risk of account hacking.

Breaches of note in May included a T-Mobile website bug which exposed personal customer data, Coca-Cola said an insider breached 8,000 accounts, and BMW cars were found to have over a dozen security vulnerabilities.

As always a busy month of new security patch releases, with Microsoft, Adobe, PHP, PGP, Google, Git, and Dell all releasing critical security updates to fix significant security flaws. Click the links for the full details.

Analysis of DDoS Attacks at Cloudflare, has revealed that while organisations in the UK have certainly upped their spending on DDoS mitigation, cyber-criminals are now responding by switching to Layer 7 based DDoS attacks
Some interesting articles about the Welsh Cyber Security Revolution and a review of the NHS a year on from the WannaCry outbreak

Reports of interest this month include the Thales Data Threat Report, which found UK businesses to be the most breached in Europe. The LastPass Psychology of Passwords Report which found 59% of people surveyed used the same passwords across multiple accounts, despite 91% of them knowing that using the same password for multiple accounts is a security risk. The 2017 Cylance Report stated the number of cyber-attacks on industries such as healthcare, manufacturing, professional services, and education rose by about 13.4% between 2016 and 2017.


Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information

Cybercrime is often seen as a battle of good versus evil – a hacker tries to infiltrate a system while cyber defenders work hard to fend them off. Sometimes, data breaches are the work of these cybercriminals, and other times they’re caused by an actual employee of the affected company – something we like to call an insider threat. Just this past week, popular soft drink producer Coca-Cola announced that they were facing exactly that: an insider threat in the form of a former employee found carrying a personal hard drive of worker data.

So far, we know that this employee uploaded the data of their fellow coworkers onto an external hard drive, which they took with them when departing the company. According to a company representative, “the type of stolen and exposed data varies per employee.” And though there are no more known specifics around the data, we do know that this theft impacts 8,000 individual Coca-Cola employees.

As of now, Coca-Cola says it’s been working with law enforcement to dig into the details of this insider threat, but in the interim, these employees need to start taking proactive steps to protect their personal information. In order to do just that, follow these basic security tips:

  • Set up an alert. If you know there’s a chance your personal data has been compromised, place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
  • Freeze your credit. This allows you to seal your credit reports so no one else can take out new accounts or loans in your name. You can do this without impacting your existing lines of credit, such as credit cards. If you want to apply for services or open new accounts, you can temporarily “unfreeze” your credit using a personal identification code only you have.`
  • Consider an identity theft protection solution. With their personal information floating around, these employees could be faced with the possibility of identity theft. McAfee Identity Theft Protection allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

And, of course, to stay on top of the latest consumer and mobile security threats, be sure to follow me and @McAfee_Home on Twitter, listen to our podcast Hackable? and ‘Like’ us on Facebook.

"metadata": {
"id": "85576554-caea-4ff0-b59a-9fa580469932",
"version": "1.0",
"ep": "ta",
"lang": "en-us",
"original-url": "",
"author": "Gary Davis",
"author-page": "",
"category": "Consumer Threat Notices",
"draft": "false",
"authordetail": "Gary Davis is Chief Consumer Security Evangelist. Through a consumer lens, he partners with internal teams to drive strategic alignment of products with the needs of the security space. Gary also provides security education to businesses and consumers by distilling complex security topics into actionable advice. Follow Gary Davis on Twitter at @garyjdavis",
"tinyimage": "",
"feedimageurl": "",
"pubDate": "Thur, 31 May 2018 12:35:48 +0000"

The post Insider Threat at Coca-Cola Compromises 8,000 Employees’ Information appeared first on McAfee Blogs.

Application Development GDPR Compliance Guidance

Last week IBM developerWorks released a three-part guidance series I have written to help 
Application Developers develop GDPR compliant applications.

Developing GDPR Compliant Applications Guidance

The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe's data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens. Therefore, organizations that provide web applications, mobile apps, or traditional desktop applications that can indirectly process EU citizen's personal data or allow EU citizens sign in are subject to the GDPR's privacy obligations. Organizations face the prospect of powerful sanctions should applications fail to comply with the GDPR.

Part 1: A Developer's Guide to the GDPR
Part 1 summarizes the GDPR and explains how the privacy regulation impacts and applies to developing and supporting applications that are intended to be used by European Union citizens.

Part 2: Application Privacy by Design
Part 2 provides guidance for developing applications that are compliant with the European Union’s General Data Protection Regulation. 

Part 3: Minimizing Application Privacy Risk

Part 3  provides practical application development techniques that can alleviate an application's privacy risk.

America’s Dirty Little Secrets: Opening the Door to Protected Data

It’s 2018. Digital assistants have started taking over our homes, with adoption growing tenfold. These smart speakers know everything about us, from our shopping habits to our music tastes — they likely know more about our daily lives than we do. This ever-growing, ever-changing relationship between humans and devices highlights the importance of protecting data – verbal or otherwise – in the home. With connected devices using our personal data to be the most comprehensive in-home assistants possible, we need to prioritize Internet of Things (IoT) security, awareness and the implications of using such devices.

It’s estimated that by 2022, over half of U.S. households will have at least one smart speaker in their home — that’s over 70 million households, topping 175 million installed devices. These devices are aimed at making our lives easier and more convenient than ever before, but to do so they require that we willingly share access to our personal and private information. Whether it’s banking and home address stored directly on the device, or learnings it’s picked up from our conversations, the amount of private data that these devices carry opens up a new array of threats. New research from McAfee reveals that 60% of Americans have considered their digital assistants could be recording or listening to them. If so, what are the security implications of using a digital assistant?

From answering a quick question to ordering items online, controlling the lights, or changing thermostat temperature, digital assistants have become a pseudo-family member in many households, connecting to more IoT things than ever before. But if one of these devices is breached, it can open up an entire home Wi-Fi network and our valuable information could get into the wrong hands. Beyond this, many Americans have developed a very personal relationship with their devices, with 50% admitting to being embarrassed if friends or family knew what questions they asked their digital assistants. Now imagine if any of that information fell into the hands of cybercriminals — it could open the door to your personal data and threaten your family’s security.

In addition to the sensitive data that our smart speakers have stored, and the conversations they may or may not be recording, there are other security risks associated with this technology in the home. In 2016, it was determined that music or TV dialogue could take control of our digital assistants with commands undetectable to human ears. Known as the “Dolphin Attack,” this occurrence essentially hides commands in high-frequency sounds that our assistant-enabled gadgets can detect, but we are unable to hear. Instances of TV commercials activating digital assistants have already been reported, so we can see how this technique could be quite easy for cybercriminals to imitate if they wanted to access our smart homes’ network.

The growing trend of connecting these always-listening assistants to our home appliances and smart home gadgets is only exacerbating these concerns. Aside from digital assistants, other IoT devices such as game consoles, home security systems, thermostats, and smartphones may be at risk and must be secured to avoid becoming targets for cybercriminals. We must proceed with caution and be aware of who, or what could be listening in order to protect ourselves accordingly. Whenever bringing any kind of new, connected device into the home, prioritize safety and privacy.

Here are some top tips to securely manage the connected devices in your home:

  • Vary your passwords. Create passwords that are difficult to crack to ensure accounts are secure and update your passwords on a regular basis. Use multi-factor authentication whenever possible. Simplify password management by using a password manager.
  • Consider setting up a PIN code. Particularly for voice command purchases. Help keep cybercriminals away from your data by setting up an extra layer of security.
  • Invest in a router that delivers security for all your connected devices. It’s important to secure your entire connected home network. And the launch of McAfee Secure Home Platform skill for Alexa is set to make this easier and more convenient than ever before.

Technology is changing our everyday lives but being aware of the security concerns is the key to becoming an empowered consumer.

Interested in learning more about IoT and mobile security tips and trends? Follow @McAfee_Home on Twitter, and ‘Like” us on Facebook.

The post America’s Dirty Little Secrets: Opening the Door to Protected Data appeared first on McAfee Blogs.

Cyber Security Roundup for March 2018

In the wake of the global political fallout over the Salisbury nerve agent attack, there are reports of a growing threat of Russian state or Russian state-affiliated hacking groups conducting cyber attack reprisals against UK organisations, government officials have directly warned bosses at electricity, gas and water firms, Whitehall departments and NHS hospitals to prepare for a state-sponsored cyber assault

Large-scale data breaches were disclosed with Under Armour’s Fitness App MyFitnessPal (1.5 million personal records compromised), Orbitz (880k payment cards at risk), and at a Walmart partner (1.3 million personal records compromised). The latter was caused when an AWS S3 bucket holding a Walmart database was left with open access, which isn't the first time a cloud service misconfiguration has caused a major data breach.

TalkTalk were warned about their website’s poor security after a hacker known as 'B' disclosed a cross-site scripting vulnerability on the website to Sky News. TalkTalk was given a record £400,000 fine by the Information Commissioner's Office following a major website breach in October 2015, which 157,000 customer details were stolen. And the company were told to "be more diligent and more vigilant” and was fined a further £100,000 after data belonging to 21,000 customers were exposed to "rogue" staff at an Indian call centre.

GitHub survived the largest ever DDoS attack recorded thanks to Akamai DDoS protection, which peaked at a massive 1.35 terabytes of data per second.

UK schools were warned they were soft targets for cybercriminals, experts believe many schools are ill-equipped to prevent cyber thefts, with sensitive data such as children’s medical records said to be lucrative on the dark web. There has been a number of security incidents disclosed involving UK schools in recent months.
Gwent Police are facing scrutiny by the Information Commissioner's Office for not informing 450 people that hackers may have accessed their personal information, after discovering the breach over a year ago.

A hacker alleged to be behind a gang the ran the Carbanak and Cobalt bank target malware has been arrested. The gang is reported to be responsible for the theft of up to billion euros through bank transfers and from cash machines, from over 100 banks since 2013




How prepared is your business for the GDPR?

The GDPR is the biggest privacy shakeup since the dawn of the internet and it is just weeks before it comes into force on 25th May. GDPR comes with potentially head-spinning financial penalties for businesses found not complying, so it really is essential for any business which touches EU citizen's personal data, to thoroughly do their privacy rights homework and properly prepare.

Sage have produced a nice GDPR infographic which breaks down the basics of the GDPR with tips on complying, which is shared below.

I am currently writing a comprehensive GDPR Application Developer's Guidance series for IBM developerWorks, which will be released in the coming weeks.

The GDPR: A guide for international business - A Sage Infographic

GDPR Material and Territorial Scopes

The new EU General Data Regulation will enter into force 25 May of this year. The GDPR contains rules concerning the protection of natural persons when their personal data are processed and rules on the free movement of personal data. The new regulation is not revolutionary but an evolution from the previous Data Protection Act 1998 […]

Cyber Security Roundup for January 2018

2018 started with a big security alert bang after Google Security Researchers disclosed serious security vulnerabilities in just about every computer processor in use on the planet. Named 'Meltdown' and 'Spectre’, when exploited by a hacker or malware, these vulnerabilities disclose confidential data. As a result, a whole raft of critical security updates was hastily released for computer and smartphone operating systems, web browsers, and processor drivers. While processor manufacturers have been rather lethargic in reacting and producing patches for the problem, software vendors such as Microsoft, Google and Apple have reacted quickly, releasing security updates to protect their customers from the vulnerable processors, kudos to them.

The UK Information Commission's Office (ICO) heavily criticised the Carphone Warehouse for security inadequacies and fined the company £400K following their 2015 data breach, when the personal data, including bank details, of millions of Carphone Warehouse customers, was stolen by hackers, in what the company at the time described as a "sophisticated cyber attack", where have we heard that excuse before? Certainly the ICO wasn't buying that after it investigated, reporting a large number Carphone Warehouse's security failures, which included the use of software that was six years out of day,  lack of “rigorous controls” over who had login details to systems; no antivirus protection running on the servers holding data, the same root password being used on every individual server, which was known to “some 30-40 members of staff”; and the needless storage of full credit card details. The Carphone Warephone should thank their lucky stars the breach didn't occur after the General Data Protection Regulation comes into force, as with such a damning list of security failures, the company may well have been fined considerably more by ICO, when it is granted vastly greater financial sanctions and powers when the GDPR kicks in May.

The National Cyber Security Centre warned the UK national infrastructure faces serious nation-state attacks, stating it is a matter of a "when" not an "if". There also claims that the cyberattacks against the Ukraine in recent years was down to Russia testing and tuning it's nation-state cyberattacking capabilities. 

At the Davos summit, the Maersk chairman revealed his company spent a massive £200m to £240m on recovering from the recent NotPeyta ransomware outbreak, after the malware 'totally destroyed' the Maersk network. That's a huge price to pay for not regularly patching your systems.

It's no surprise that cybercriminals continue to target cryptocurrencies given the high financial rewards on offer. The most notable attack was a £290k cyber-heist from BlackWallet, where the hackers redirected 700k BlackWallet users to a fake replica BlackWallet website after compromising BlackWallet's DNS server. The replica website ran a script that transferred user cryptocurrency into the hacker's wallet, the hacker then moved currency into a different wallet platform.

In the United States, 
the Federal Trade Commission (FTC) fined toy firm VTech US$ 650,000 (£482,000) for violating a US children's privacy laws. The FTC alleged the toy company violated (COPPA) Children's Online Privacy Protection Rule by collecting personal information from hundreds of thousands of children without providing direct notice.

It was reported that a POS malware infection at Forever21 and lapses in encryption was responsible for the theft of debit and credit card details from Forever21 stores late last year. Payment card data continues to be a high valued target for cyber crooks with sophisticated attack capabilities, who are willing to invest considerable resources to achieve their aims.

Several interesting cybersecurity reports were released in January,  the Online Trust Alliance Cyber Incident & Breach Trends Report: 2017 concluded that cyber incidents have doubled in 2017 and 93% were preventable. Carbon Black's 2017 Threat Report stated non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite the proliferation of malware available to both the professional and amateur hackers. Carbon Black also reported that ransomware attacks are inflicting significantly higher costs and the number of attacks skyrocketed during the course of the year, no surprise there.  

Malwarebytes 2017 State of Malware Report said ransomware attacks on consumers and businesses slowed down towards the end of 2017 and were being replaced by spyware campaigns, which rose by over 800% year-on-year. Spyware campaigns not only allow hackers to steal precious enterprise and user data but also allows them to identify ideal attack points to launch powerful malware attacks. The Cisco 2018 Privacy Maturity Benchmark Study claimed 74% of privacy-immature organisations were hit by losses of more than £350,000, and companies that are privacy-mature have fewer data breaches and smaller losses from cyber-attacks.




Cyber Security Roundup for December 2017

UK supermarket giant Morrisons, lost a landmark data breach court case in December after a disgruntled Morrisons employee had stolen and posted the personal records of 100,000 co-workers online, the supermarket chain was held liable for the data breach by the UK High Court. The High Court ruling now allows those affected to claim compensation for the "upset and distress" caused. Morrisons said it believed it should not have been held responsible and would be appealing against the decision. If the appeal is lost it could open up the possibility of further class action lawsuits cases by individuals. Pending the GDPR becoming law in May 2018, such a court ruling sets a legal precedent for individuals to claim damages after personal data losses by companies through the courts as well. After May 2018, the GDPR grants individuals the right sue companies for damages following personal data breaches. So we can expect 'ambulance chasers' lawyers to pick up on this aspect of the GDPR, with class action lawsuits following data breaches, it well could become the new "P.P.I. industry"

Any businesses or individuals using Kaspersky should be aware the UK National Cyber Security Centre has warned government agencies against using the Russian supplier’s products and services, which follows a ban by US government departments in November. Barclays responded to the warning by stopping their free offering of Kaspersky anti-virus products to its customers. 2017 saw Cyber Security become a political football, so it is no real surprise that the UK and US once again blamed North Korea for the devasting WannaCry attacks earlier in the year, personally, I blame poor patch management and hackers, not the North Korea cyber army!

Nadine Dorries MP got herself in hot water after trying to defend now former political colleague Damian Green, following claims of Mr.Green accessed porn on his Parliment computer. This was activity was reported by a retired Police officer, which was said to be a breach of the data protection act. Nadine tweeted "my staff log onto my computer on my desk with my login everyday" to suggest anyone could have used Damian Green's PC to access the illicit websites. This led to widespread condemnation and a warning by ICO to MPs on password sharing. 

The fact illicit websites were not blocked by Parliament systems is one concerning lack security issue, but the flagrant disregard for basic cybersecurity by government MPs is gobsmacking, especially when you consider they are supposed to be understanding the risk and setting laws to protect UK citizens from cyber attacks and data breaches. Its another "slap palm on head" after the last UK Prime Minister announced he wanted to ban encryption.

2017 has seen huge rises in cryptocurrencies values, which has placed cryptocurrency brokers and user crypto coin wallets in the sights of cybercriminals. This month mining platform NiceHash was breached by hackers, who stole £51 million worth of Bitcoin and Bitcoin exchange Youbit, which lets people buy and sell Bitcoins and other virtual currencies, shut down and filed for bankruptcy after losing 17% of its assets in the cyber-attacks. I think we can expect further cryptocurrencies attacks in 2018 given the cryptocurrency bubble is yet to burst.

Faked LinkedIn profiles are nothing new, however, the German Intelligence Agency (BfV) said it had spotted China were using faked LinkedIn profiles to connect with and gather information on German officials and politicians, which is an interesting development.

Finally, Hackers were reported as taking advantage of poorly secured systems at UK private schools, and it was claimed hackers could turn off heating systems at UK schools and military bases.


Cyber Security Roundup for November 2017

One of the most notable data breaches disclosed this month was by Uber, given the company attempted to cover up the breach by paying off hackers. Over a year ago the transport tech firm was said to have paid £75,000 to two hackers to delete 57 million Uber account records which they had stolen. Uber revealed around 2.7 million of the stolen records were British riders and drivers. As a UK Uber rider, this could mean me, I haven't received any notification of the data breach from Uber as yet. The stolen information included names, email addresses, and phone numbers. Uber can expect enforcement action from regulators on both sides of the pond, the UK Information Commissioner's Office (ICO) said it had "huge concerns" about the breach and was investigating.

Jewson, Cash Converters, and Imgur all reported losing data due to hacks this month, while Equifax has reported suffering significant negative financial losses following their high profile hack of personal customer data. Equifax reported their net income had dropped by £20 million due to the hack, and their breach bill was coming in at a whopping £67 million.

November was a very busy month for security patches releases, with Microsoft, Apple, Adobe, Oracle, Cisco and Intel releasing a raft of patches to fix critical vulnerabilities. Apple even had to quickly release an emergency patch at end of November to fix a root access flaw reported in macOS High Sierra version 10.13.1. So just keep patching everything IT to ensure you and your business stays ahead of enterprising cybercriminals, the Equifax breach is a prime example of what can go wrong if system patching is neglected.

November also saw Open Web Application Security Project (OWASP) finally released an updated version to its Top Ten application vulnerabilities list, which is a ‘must know’ secure coding best practice for all software developers and security testers, especially considering that Akamai reported web application attacks had increased by 69% in the third quarter of 2017. Look out for an updated OWASP Top Ten IBM DeveloperWorks Guidance from me in December to reflect the updated list.


What is Data Privacy and why is it an important issue?

The question of whether privacy is a fundamental right is being argued before the honorable Supreme Court of India. It is a topic to which a young India is waking up too. Privacy is often equated with Liberty, and young Indians wants adequate protection to express themselves.

Privacy according to Wikipedia is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. There is little contention over the fact that privacy is an essential element of Liberty and the voluntary disclosure of private information is both part of human relationships and a digitized economy.

The reason for debating data privacy is due to the inherent potential for surveillance and disclosure of electronic records which constitute privacy such as sexual orientation, medical records, credit card information, and email.

Disclosure could take place due to wrongful use and distribution of the data such as for marketing, surveillance by governments or outright data theft by cyber criminals. In each case, a cybercitizens right to disclosure specific information to specific companies or people, for a specific purpose is violated.

Citizens in western countries are legally protected through data protection regulation. There are eight principles designed to prevent unauthorized use of personal data by government, organizations and individuals

Lawfulness, Fairness & Transparency
Personal data need to be processed based on the consent given by data subjects. Companies have an obligation to tell data subjects what their personal data will be used for. Data acquired cannot be sold to other entities say marketers.
Purpose limitation
Personal data collected for one purpose should not be used for a different purpose. If data was collected to deliver an insurance service, it cannot be used to market a different product.
Data minimization
Organizations should restrict collection of personal data to only those attributes needed to achieve the purpose for which consent from the data subject has been received.
Data has to be collected, processed and used in a manner which ensures that it is accurate. A data subject has to right to inspect and even alter the data.
Storage limitation
Personal data should be collected for a specific purpose and not be retained for longer than necessary in relation to this purposes.
Integrity and confidentiality
Organizations that collect this data are responsible for its security against data thefts and data entry/processing errors that may alter the integrity of data.
Organizations are accountable for the data in their possession
Cross Border Personal information
Personal information must be processed and stored  in secured environment which must be ensured if the data is processed outside the border of the country

It is important for cybercitizens to understand their privacy rights particularly in context of information that can be misused for financial gain or to cause reputational damage.