It’s hard to believe that summer is coming to an end and that back-to-school time is around the corner. For some kids, that means cyberbullies are traded in for school bullies and social engagement will turn into in-person interactions. But for others — dubbed Extreme Internet Users — the screen stays. When it comes time to go back to the classroom, the six hours or more a day these kids spent online during summer may be curtailed in favor of educational screen time instead.
Every year around this time, I reflect on how much has changed for children, especially when it comes to mobile devices in the classroom. This trend has become increasingly popular and, on the rise, as technology has improved, education adapts to rapid changes, and our world becomes more interconnected. Either these devices are given to kids or their classrooms by their school, or parents are encouraged to purchase one for their child to help support internet research and to digitize note-taking and homework.
Regardless of whether you’re a technophile or technophobe when it comes to leveraging screens in education, one thing is for sure – their presence in learning environments is here to stay. And with this shift, security is of the utmost importance.
Since January 2016, there have been 353 cybersecurity incidents in the United States related to K-12 public schools and districts. These attacks range include phishing, ransomware, DoS attacks and breaches that have exposed personal data. However, the question – what motivates cybercriminals to target schools? – still persists. The answer is complex, because what cybercriminals could exploit depends on what they want to accomplish. Extorting school faculty, hacking private student data, disrupting school operations, or disabling, compromising, or re-directing school technology assets are all regular tools of the trade when it comes to hacking schools.
You may not be able to control how your child’s school thinks about cybersecurity, but you can take matters into your own hands. There are steps you can take to make sure your child is ready to face the school year head-on, including protecting their devices and their data.
- Start a cybersecurity conversation. Talk with school faculty about what is being done in terms of a comprehensive cybersecurity plan for your child’s school. It’s worth starting the conversation to understand where the gaps are and what is being done to patch them.
- Install security software on all devices. Don’t stop at the laptop, all devices need to be protected with comprehensive security software, including mobile devices and tablets.
- Make sure all device software is up-to-date. This is one of the easiest and best ways to secure your devices against threats.
- Teach your child how to connect securely on public Wi-Fi networks. Public Wi-Fi networks are notoriously used as backdoors by hackers trying to gain access to personal information. If Wi-Fi is absolutely necessary, ensure the network is password protected. However, if you want a secure encrypted connection, consider using a virtual private network (VPN).
- Designate a specific date and time for regular data back-ups. If ransomware hits, you won’t have to pay to get your child’s information back. You can back up that personal data to a physical external hard drive or use an online backup service, such as Dropbox or Google Drive. That way you can access your files even if your device gets compromised.
- Understand your child’s school bring your own device (BYOD) policy. Each school is different when it comes to BYOD and understanding your child’s school policy will save you a headache down the road. Some schools buy devices for students to rent, with parents having to pay for any incidentals, and some ask parents to buy the devices outright. Take the time to understand your child’s school policy before accidents happen.
Businesses are falling behind on their cyber hygiene. Security firm Tripwire has released its State of Cyber Hygiene Report detailing how organisations fall behind on basic cybersecurity practices. In its report, Tripwire
The post Over 60 percent of organisations fail to follow basic security benchmarks appeared first on The Cyber Security Place.
Attackers are harnessing the power of the internet, leveraging the proliferation of devices in the ever-expanding internet of things (IoT) to launch terabit-per-second–scale distributed denial-of-service (DDoS) attacks, according to NETSCOUT’s 2018 Threat Intelligence
Our routers are our connection to the internet, allowing us to use our devices to access websites at our leisure. And because of this, routers are often a target for hackers. In fact, just this week, it was uncovered that MikroTik is the latest router manufacturer under siege, as researchers have discovered a massive Coinhive cryptojacking campaign that’s targeting MikroTik routers.
The attack first finds its footing by taking advantage of a vulnerability within MikroTik routers. Once it leverages the flaw, the attack changes the devices’ configuration to inject Coinhive cryptocurrency mining malware into users’ web traffic. For context, Coinhive is a
cryptocurrency mining service. Set up as a legitimate service, Coinhive is unfortunately often used by cybercriminals to hack websites and cryptojack users, aka steal the processing power of their devices to mine for cryptocurrency without their consent.
Which is precisely what’s happening to over 200,000 MikroTik customers, largely in Latin America. However, the attack has the potential to start spreading all over the world, given there are 1.7 million MikroTik routers all over.
Now, the next question is – what can these MikroTik users do to protect themselves from this attack? Start by following these proactive security tips:
- Update your router’s firmware. MikroTik actually patched this vulnerability back in April, but that doesn’t necessarily mean that users applied the required patch. Therefore, this attack is a reminder of just how important it is to regularly update your router’s firmware, as these fixes are typically included within each update.
- Check online notices. When made aware of vulnerabilities, manufacturers will notify the public, as well as make them aware of incoming fixes. Therefore, scan technical service bulletins or notices on a company site so that if a vulnerability does pop up with your router, you can learn what to do to help your device stay secure.
- Secure your home’s internet at the source. Your home router allows your entire family to connect to the internet. If it’s vulnerable, your internet activity can be compromised as a result – just like with this MikroTik attack. So, be sure to use a router with built-in security like McAfee Secure Home Platform, which provides protection against threats at the router-level.
The post Cryptojacking Campaign Caught Targeting Over 200,000 MikroTik Routers appeared first on McAfee Blogs.
Did you know that what you do online could determine your future? That’s because employers and universities often look at your “digital footprint” when deciding whether to give you an opportunity, or not.
Your digital footprint includes everything you say and do online, including casual “likes”, fun photos, and comments, as well as the information you intentionally post to promote yourself, such as online resumes and professional profiles. This is why you should take some time to manage your online reputation.
A recent study by CareerBuilder found that 70% of employers use search engines and social media to screen candidates. What’s more, 54% of employers surveyed said that they reconsidered candidates after getting a bad impression of them online.
This situation should be especially concerning for younger adults who are entering the job market for the first time, after years of carefree posting.
And if you think that once you have a job you can forget about looking after your digital footprint, think again. Employers also said that they check employees’ online presence when considering promotions.
Even colleges and universities rely on social media checks to get a better sense of applicants, according to a recent survey of admissions officers.
Of course, having a negative online presence is one problem, but having no presence at all is an even bigger red flag, so don’t start deleting profiles and accounts, or making everything “private”.
Over half of employers surveyed said that they are less likely to interview a candidate with no visible presence online. In this age, everyone is expected to have a digital footprint—it’s what that footprint says about you that matters the most.
So, how do you make sure that your digital footprint gives a good impression of you?
Here are some important tips:
- Start Online Awareness Early—It’s easier to build a positive digital footprint from a young age, than to clean up a questionable presence later on. (When you consider that many kids get a smartphone at the age of 10, editing 8 years of online activity before college could be a real chore!) Talk to your kids about the importance of giving a positive impression online before they engage. When you do decide to let your kids connect, make sure to use parental controls that limit the kinds of content they can access, and protects them from online threats.
- Be cautious about over-sharing—Yes, social media was made for sharing, but try to avoid venting online or engaging in heated arguments. If you have a problem with someone, talk it out offline.
- Turn off tagging—Just because you’re paying attention to your online reputation, doesn’t mean your friends are. Being “tagged” in photos or videos you didn’t post could leave you open to the wrong impressions. That’s why it’s best to turn off tagging in your social media settings.
- Keep positive content public—If you have a great online presence, sharing your accomplishments and skills, make sure to make the posts public. This goes for your social channels, as well as your professional profiles.
- Be yourself, but speak clearly and respectfully—Show your unique personality and creativity, since people respond to genuineness But remember to be articulate in the process. Check posts for spelling or grammar errors before you hit “send”, and avoid offensive language. When commenting on other people’s posts, do it respectfully.
The post 5 Tips for Managing Your Digital Footprint and Online Reputation appeared first on McAfee Blogs.
Companies that lose the trust of their customers will have a hard time finding new clients.The European Union’s recent resolution to help strengthen member states’ cybersecurity measures was a clear
The post Why trust is the biggest selling point for cybersecurity companies appeared first on The Cyber Security Place.
Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report,
The post Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware appeared first on The Cyber Security Place.
Privacy seems like a pipe dream when everyone’s data seems vulnerable. Do we just give up on it though? In 2018 the number of internet users, worldwide, rose to 3.6
The post Is privacy even possible in this Golden Age of Data Breaches? appeared first on The Cyber Security Place.
Removal of PII data from Whois records makes protecting Internet users increasingly difficult for security professionals. New research conducted by domain name and DNS-based cyber threat intelligence firm DomainTools has revealed that
By Julia Sowells Senior Information Security Specialist at Hacker Combat, Over one million computers in China have been infected by cryptocurrency mining malware resulting in hackers earning over $2 million in
The post Cryptocurrency Mining Malware Hits Over 1 Million Computers in China appeared first on The Cyber Security Place.
HackerOne announced findings from the 2018 Hacker-Powered Security Report, based on over 72,000 resolved security vulnerabilities, 1,000 customer programs and more than $31 million in bounties awarded to hackers from
Move over “dark web,” the Tor Browser will keep you safe from snoops. The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it
The post What is the Tor Browser? How it works and how it can help you protect your identity online appeared first on The Cyber Security Place.
The closest many of us get to the dark web is watching hackers surf it in television shows or movies. However, it is a very real place that contains lots of stolen data. This data, along with compromised systems, devices, and more are often sold in underground marketplaces that exist on the dark web. One type of marketplace is called a remote desktop protocol (RDP) shop, which provides access to stolen systems for a small fee. Found in one of these RDP shops by McAfee’s ATR team: a major international airport’s security and building automation systems, which could be purchased for only $10 USD.
You might be wondering – what does “access” mean in this scenario? Just like Spotify and Apple Music sell access to artist’s songs, or a gym sells access to their exercise machines, the dark web can sell remote access to hacked machines through these RDP shops. Once access is purchased, crooks can obtain logins to a victim’s computer system and essentially have full control of it.
Now, the McAfee ATR team is not exactly sure how the cybercriminals got their hands on these systems. But they do know that once something like an airport security system is purchased, crooks can do serious damage. This access could allow cybercriminals to do essentially anything they want – create false alerts to the internal security team, send spam, steal data and credentials, mine for cryptocurrency, or even conduct a ransomware attack on the organization.
So, what happens if your information was potentially compromised in the sale of one of these systems on the dark web? To protect your personal data from larger cybercriminal schemes that originate from RDP shops, be sure to follow these tips:
- Be selective about what you share. The best way to control where your information goes is by reducing the sources you share it with. That means not providing your personal information to every app, network, or system that asks for it. Be strict and diligent, and only provide something with information when it’s crucial to the service or experience it provides.
- Set up an alert. Compromised information could potentially include financial data. Therefore, it’s best to proactively place a fraud alert on your credit so that any new or recent requests undergo scrutiny. This also entitles you to extra copies of your credit report, so you can check for anything suspicious. If you find an account you did not open, report it to the police or Federal Trade Commission, as well as the creditor involved so you can close the fraudulent account.
- Invest in an identity theft monitoring and recovery solution. If enough personal data becomes compromised by cybercriminals accessing stolen systems, users could be potentially faced with the possibility of identity theft. That’s precisely why they should leverage a solution tool such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protecting their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post Major International Airport’s Security System Found for Sale on Dark Web RDP Shop appeared first on McAfee Blogs.
How Are Your Kids Navigating the Dangers?
It’s no secret that our generation of digital natives love their gaming. Whether it’s on their smartphones, laptops or their dedicated gaming consoles – it’s quite mind boggling just how much gaming they can squeeze into their day-to-day lives!
Well, new research by McAfee shows exactly how much time our Aussie kids are spending working on their latest gaming quest – up to a whopping 4 hours a day! And while we would love them to be directing this time to homework, my bigger concern is around the risks.
Gaming Is Not All Bad News
When managed properly, gaming can be a terrific activity that provides some genuine benefits for players. Research shows it can help manage anxiety and depression, reduce pain and even help improve the memory and resilience of players. It can also provide terrific opportunities for social interactions by breaking down the barriers of physical social groups. Sounds idyllic, doesn’t it!!
Parents Concerned About Risks With Gaming
Despite our offspring assuring us otherwise, the majority of us parents do realise that there are some potential dangers associated with gaming. Two-thirds of us (65%) believe our kids are at risk of online grooming. 68% of us are concerned about cyberbullying and 58% worry that our children will become the victim of a cybercriminal’s scam.
What Are Parents Doing To Manage Risks of Online Gaming?
As first generation digital parents, we have a tough gig. Many of us are furiously trying to get our own heads around the constantly changing digital world without any intel from previous generations. Meanwhile, we need to be educating our kids about the challenges and pitfalls of the online world. It’s a big task!
Many parents do an amazing job but unfortunately, not all of us are taking the necessary steps to protect our kids and teach them how to navigate the challenges. According to the research:
- almost 1 in 5 parents (18%) never monitor what their children are doing online;
- 32% of parents do not follow the age ratings of games; and
- 86% of parents allow their children to play online games recommended for older children.
This is despite the fact that many of us worry that our children will be exposed to violence, sex, drugs and gambling according to the research.
How Can We Protect Our Kids While Playing Video Games
It’s clearly one of the most popular hobbies for Aussie tweens and teens, so our job as parents is to ensure our kids are gaming as safely as possible. Here is my advice on the steps you should take to protect your kids:
Start Conversations Early
If you start talking about ways to game safely early, it will make your job that much easier when your children get older. If your kids are young, start with simple rules like: “don’t open messages from people you don’t know” and “decline friend requests from strangers.” You want online safety to be part of normal behaviour.
Be Careful What You Click
Most children have been using digital activities for entertainment from an early age, desensitising them to the potentials risks of online behaviour. Cybercriminals can use the popularity of video games to entice gamers to click on potentially malicious links. Think about what you are clicking on and ensure that it’s from a reliable source.
Control How Long They Play
Set a good example by minimising your use of devices around the home. Why not invest in parental control software to set time limits on your child’s device usage? Not only will you be reducing their exposure to potentially malicious or inappropriate websites, but they will probably get more homework done!
Avoid Malicious Links
If your children are searching online for gaming tips or new games to download, a tool like McAfee WebAdvisor can help them avoid dangerous websites and links, and will warn them if they do accidentally click on something malicious.
No matter what anyone in the family is doing online, invest in a security product like McAfee Total Protection that can help keep connected devices safe from malware. Just like any PC application, be sure to keep security software updated.
Responsible Gaming Could Actually Prepare Your Child for Their Career
In my opinion, parenting is all about preparing your child for their adult life. And a big part of that is ensuring they are employable. So, before you crack down too harshly on your child’s gaming habits consider this. A recent report by McAfee, entitled Winning The Game, identified that gamers have a skills set that may help fill the current and future demand for cyber security experts. Whether it’s cracking systems, avoiding counter attacks or deciphering codes, these gaming skills were nominated by almost 1000 cyber security professionals as easily transferable to a security professional role.
So, let your kids keep playing but absolutely minimise the risks. Introduce time limits, ensure a game is suitable and teach your kids how to navigate the challenges. That way, if they end up with an illustrious career in cybersecurity, you can take all the credit!!
In recent years, gaming has grown drastically in popularity – moving from a niche hobby to a mainstream activity for adults and children alike. So much so that the majority (84%) of parents allow their children to play 1-4 hours of video games every single day. Despite this wide-spread video game use, new research from McAfee reveals that the majority of parents (71%) also worry that their child is at risk of being exposed to inappropriate content while gaming – including content related to adult websites, gambling, drugs or violence.
Even more staggering, 62% of children play games where they directly interact with other players, significantly increasing their risk of being targeted with inappropriate content or asked to share sensitive information. With this increase in popularity, it’s imperative that parents understand the potential cybersecurity risks to their children while playing games, and know how to provide proper guidance to their children to help keep them safe online.
This information have you feeling PWND? Before you decide it’s game over, we’re treating you to a #RT2Win sweepstakes on the @McAfee_Home Twitter handle to help you respawn! Five  lucky winners of the sweepstakes drawing will receive a $100 Amazon gift card. The best part? Entering is a breeze! Follow the instructions below to enter and good luck!
#RT2Win Sweepstakes Official Rules
- To enter, go to https://twitter.com/McAfee_Home, and find the #RT2Win sweepstakes tweet.
- The sweepstakes tweet will be released on Wednesday, June 13, 2018 at 12:00pm PT. This tweet will include the hashtags: #ProtectWhatMatters, #RT2Win, AND #Sweepstakes.
- Retweet the sweepstakes tweet released on the above date, from your own handle. The #ProtectWhatMatters, #RT2Win AND #Sweepstakes hashtags must be included to be entered.
- Sweepstakes will end on Wednesday, June 27, 2018 at 11:59pm PT. All entries must be made before that date and time.
- Winners will be notified on Friday, June 29, 2018 via Twitter direct message.
- Limit one entry per person
How to Win:
Retweet one of our contest tweets on @McAfee_Home that include “#ProtectWhatMatters, #RT2Win AND #Sweepstakes” for a chance to win a $100 Amazon gift card. Five  total winners will be selected and announced on June 27, 2018. Winners will be notified by direct message on Twitter. For full Sweepstakes details, please see the Terms and Conditions, below.
McAfee Most Dangerous Games #RT2Win Sweepstakes Terms and Conditions
How to enter:
No purchase necessary. A purchase will not increase your chances of winning. McAfee Most Dangerous Games #RT2Win Sweepstakes will be conducted from June 13, 2018 through June 27, 2018. All entries for each day of the McAfee Most Dangerous Games #RT2Win Sweepstakes must be received during the time allotted for the McAfee Most Dangerous Games #RT2Win Sweepstakes. Pacific Daylight Time shall control the McAfee Most Dangerous Games #RT2Win Sweepstakes, duration is as follows:
- Begins Wednesday, June 13 at 12:00pm PST
- Ends: Wednesday, June 27, 2018 at 11:59pm PST
- Five  winners will be announced: Friday, June 29, 2018
For the McAfee Most Dangerous Games #RT2Win Sweepstakes, participants must complete the following steps during the time allotted for the McAfee Most Dangerous Games Sweepstakes:
- Find the sweepstakes tweet of the day posted on @McAfee_Home which will include the hashtags: #ProtectWhatMatters, #RT2Win and #Sweepstakes
- Retweet the sweepstakes tweet of the day and make sure it includes the #ProtectWhatMatters, #RT2Win, and hashtags.
- Note: Tweets that do not contain the #ProtectWhatMatters, #RT2Win, and #Sweepstakes hashtags will not be considered for entry.
- Limit one entry per person.
Five  winners will be chosen for the McAfee Most Dangerous Games #RT2Win Sweepstakes tweet from the viable pool of entries that retweeted and included #ProtectWhatMatters, #RT2Win and #Sweepstakes. McAfee and the McAfee social team will choose winners from all the viable entries. The winners will be announced and privately messaged on Friday, June 29, 2018 on the @McAfee_Home Twitter handle. No other method of entry will be accepted besides Twitter. Only one entry per user is allowed, per Sweepstakes.
McAfee Most Dangerous Games #RT2Win Sweepstakes is open to all legal residents of the 50 United States who are 18 years of age or older on the dates of the McAfee Most Dangerous Games #RT2Win Sweepstakes begins and live in a jurisdiction where this prize and McAfee Most Dangerous Games #RT2Win Sweepstakes not prohibited. Employees of Sponsor and its subsidiaries, affiliates, prize suppliers, and advertising and promotional agencies, their immediate families (spouses, parents, children, and siblings and their spouses), and individuals living in the same household as such employees are ineligible.
Winners will be selected at random from all eligible retweets received during the McAfee Most Dangerous Games #RT2Win Sweepstakes drawing entry period. Sponsor will select the names of five  potential winners of the prizes in a random drawing from among all eligible submissions at the address listed below. The odds of winning depend on the number of eligible entries received. By participating, entrants agree to be bound by the Official McAfee Most Dangerous Games #RT2Win Sweepstakes Rules and the decisions of the coordinators, which shall be final and binding in all respects.
Each winner will be notified via direct message (“DM”) on Twitter.com by June 29, 2018. Prize winners may be required to sign an Affidavit of Eligibility and Liability/Publicity Release (where permitted by law) to be returned within ten (10) days of written notification, or prize may be forfeited, and an alternate winner selected. If a prize notification is returned as unclaimed or undeliverable to a potential winner, if potential winner cannot be reached within twenty four (24) hours from the first DM notification attempt, or if potential winner fails to return requisite document within the specified time period, or if a potential winner is not in compliance with these Official Rules, then such person shall be disqualified and, at Sponsor’s sole discretion, an alternate winner may be selected for the prize at issue based on the winner selection process described above.
The prize for the McAfee Most Dangerous Games #RT2Win Sweepstakes is a $100 Amazon gift card for each of five entrants. Entrants agree that Sponsor has the sole right to determine the winners of the McAfee Most Dangerous Games #RT2Win Sweepstakes and all matters or disputes arising from the McAfee Most Dangerous Games #RT2Win Sweepstakes and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor. Sponsor will not replace any lost or stolen prizes. Sponsor is not responsible for delays in prize delivery beyond its control. All other expenses and items not specifically mentioned in these Official Rules are not included and are the prize winners’ sole responsibility.
Entrants agree that by entering they agree to be bound by these rules. All federal, state, and local taxes, fees, and surcharges on prize packages are the sole responsibility of the prizewinner. Sponsor is not responsible for incorrect or inaccurate entry information, whether caused by any of the equipment or programming associated with or utilized in the McAfee Most Dangerous Games #RT2Win Sweepstakes, or by any technical or human error, which may occur in the processing of the McAfee Most Dangerous Games #RT2Win Sweepstakes. entries. By entering, participants release and hold harmless Sponsor and its respective parents, subsidiaries, affiliates, directors, officers, employees, attorneys, agents, and representatives from any and all liability for any injuries, loss, claim, action, demand, or damage of any kind arising from or in connection with the McAfee Most Dangerous Games #RT2Win Sweepstakes, any prize won, any misuse or malfunction of any prize awarded, participation in any McAfee Most Dangerous Games #RT2Win Sweepstakes -related activity, or participation in the McAfee Most Dangerous Games #RT2Win Sweepstakes. Except for applicable manufacturer’s standard warranties, the prizes are awarded “AS IS” and WITHOUT WARRANTY OF ANY KIND, express or implied (including any implied warranty of merchantability or fitness for a particular purpose).
Limitations of Liability; Releases:
By entering the Sweepstakes, you release Sponsor and all Released Parties from any liability whatsoever, and waive any and all causes of action, related to any claims, costs, injuries, losses, or damages of any kind arising out of or in connection with the Sweepstakes or delivery, misdelivery, acceptance, possession, use of or inability to use any prize (including claims, costs, injuries, losses and damages related to rights of publicity or privacy, defamation or portrayal in a false light, whether intentional or unintentional), whether under a theory of contract, tort (including negligence), warranty or other theory.
To the fullest extent permitted by applicable law, in no event will the sponsor or the released parties be liable for any special, indirect, incidental, or consequential damages, including loss of use, loss of profits or loss of data, whether in an action in contract, tort (including, negligence) or otherwise, arising out of or in any way connected to your participation in the sweepstakes or use or inability to use any equipment provided for use in the sweepstakes or any prize, even if a released party has been advised of the possibility of such damages.
- To the fullest extent permitted by applicable law, in no event will the aggregate liability of the released parties (jointly) arising out of or relating to your participation in the sweepstakes or use of or inability to use any equipment provided for use in the sweepstakes or any prize exceed $10. The limitations set forth in this section will not exclude or limit liability for personal injury or property damage caused by products rented from the sponsor, or for the released parties’ gross negligence, intentional misconduct, or for fraud.
- Use of Winner’s Name, Likeness, etc.: Except where prohibited by law, entry into the Sweepstakes constitutes permission to use your name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation (including in a public-facing winner list). As a condition of being awarded any prize, except where prohibited by law, winner may be required to execute a consent to the use of their name, hometown, aural and visual likeness and prize information for advertising, marketing, and promotional purposes without further permission or compensation. By entering this Sweepstakes, you consent to being contacted by Sponsor for any purpose in connection with this Sweepstakes.
If winner cannot be notified, does not respond to notification, does not meet eligibility requirements, or otherwise does not comply with these prize McAfee Most Dangerous Games #RT2Win Sweepstakes rules, then the winner will forfeit the prize and an alternate winner will be selected from remaining eligible entry forms for each McAfee Most Dangerous Games #RT2Win Sweepstakes.
Entrants agree that Sponsor has the sole right to determine the winners of the McAfee Most Dangerous Games #RT2Win Sweepstakes and all matters or disputes arising from the McAfee Most Dangerous Games #RT2Win Sweepstakes and that its determination is final and binding. There are no prize substitutions, transfers or cash equivalents permitted except at the sole discretion of Sponsor.
Governing Law & Disputes:
Each entrant agrees that any disputes, claims, and causes of action arising out of or connected with this sweepstakes or any prize awarded will be resolved individually, without resort to any form of class action and these rules will be construed in accordance with the laws, jurisdiction, and venue of Delaware.
Personal information obtained in connection with this prize McAfee Most Dangerous Games #RT2Win Sweepstakes will be handled in accordance policy set forth at http://www.mcafee.com/us/about/privacy.html.
- Winner List; Rules Request: For a copy of the winner list, send a stamped, self-addressed, business-size envelope for arrival after June 13,2018 before June 27, 2018 to the address listed below, Attn: #RT2Win at CES Sweepstakes. To obtain a copy of these Official Rules, visit this link or send a stamped, self-addressed business-size envelope to the address listed in below, Attn: Sarah Grayson. VT residents may omit return postage.
- Intellectual Property Notice: McAfee and the McAfee logo are registered trademarks of McAfee, LLC. The Sweepstakes and all accompanying materials are copyright © 2018 by McAfee, LLC. All rights reserved.
- Sponsor: McAfee, LLC, Corporate Headquarters 2821 Mission College Blvd. Santa Clara, CA 95054 USA
The post Don’t Play Games With Your Cybersecurity: #RT2Win a Respawn-Worthy Prize appeared first on McAfee Blogs.
Playing video games has become a popular pastime for children of all ages (even for some adults too), as the virtual challenges encourage these players to try their hand at beating the game again and again. In fact, recent McAfee research found that gaming helps prepare these kids for a potential career in cybersecurity. However, what many children and parents don’t realize is that these games can also pose a serious threat to their family’s online safety. To unpack what that threat looks like exactly, we conducted the McAfee which explores consumers’ attitudes towards the perceived risks that come with gaming. Let’s dive into the key findings.
Our survey discovered that 62% of children play games where they speak to other people while playing, and parents who responded to our survey are most worried that this unknown person may be a sexual predator (75% of parents), bully (61%), cybercriminal who could steal personal or financial info (60%), or a drug dealer (37%). Despite this worry, 44% of parents would still allow their child to play a game that they are technically too young for (i.e. they are younger than the recommended age determined by the rating).
What’s more – despite allowing their children up to four hours of gaming per day, 71% of parents at least somewhat agree that their child is at risk of being exposed to inappropriate content while gaming. 62% worry about cybercriminals disguising themselves as another player to steal sensitive information, 58% are concerned that their child could click on a link and download a virus, and 52% worry about cybercriminals hacking gaming accounts and accessing personal or financial information. And unfortunately, some of these concerns have become a reality, as we’ve recently seen cyberattacks involving both Minecraft and Nintendo Switch.
So, with parents worried about the security risks that come with online gaming – why aren’t they doing something to assuage their own concerns? Fortunately, we have a few pointers you can use to start securing your kid’s online safety today:
- Browse with protection. A tool like McAfee WebAdvisor can help you avoid dangerous websites and links, and will warn you in the event that you do accidentally click on something malicious.
- Use comprehensive security. No matter what you do online, it’s best to use a security product like McAfee Total Protection that can help keep your connected devices safe from malware. Just like any PC application, be sure to keep your security software updated with the latest software version.
- Use parental control software. Parental control will help you set time limits on your child’s device usage and help minimize exposure to potentially malicious or inappropriate websites.
Survey Methodology: McAfee commissioned OnePoll to conduct a survey of 5,000 parents of children ages 6 to 16 who play online or console games in Australia, Germany, Singapore, the U.S. and the U.K.
The post Don’t Play Games With Your Cybersecurity: Our Findings on the Role of Security in the World of Gaming appeared first on McAfee Blogs.
The internet is infinitely expansive, but that’s often easy to forget as we now have immediate access to it in the palm of our hands. We feel safe scouring the digital world from the comfort of our homes, offices, or local coffee shops, but there is real danger lurking behind those virtual walls. Cybercriminals using the internet to infiltrate the Internet of Things (IoT) and our mobile devices is no longer the stuff of science fiction movies. Hacks, phishing scams, malicious sites, and malware, just to name a few — this world of hyper-connectivity has left us exposed to far greater threats than we could have ever imagined. To combat these looming threats and highlight the importance of staying safe online, June was dubbed Internet Safety Month. Seeing as the internet gives us the opportunity to learn, explore, create, and socialize, we should be doing so safely and securely.
According to a recent Pew Research Center survey, 77% of American adults own a smartphone, up from 35% just six years ago. Whether we’re traveling, working, or just having fun, our mobile devices — tablet, smartphone, or laptop — are within reach at all times. Our gadgets make it easier to connect with the world, but they also store tons of sensitive information about our lives. Yes, we may use our devices to talk and text, but we also use applications on those devices to access banking information, share our location, and check emails. This wealth of personal information on an easily hackable device should galvanize us to ensure that data stays out of the hands of cybercriminals. From ransomware to phishing scams, the numerous threats that can infect our IoT and mobile devices through the internet are ever-evolving menaces.
With the rise of IoT, the probability of a debilitating attack increases. Just like everything else online, IoT devices are one part of a massively distributed network. The billions of extra entry points that IoT devices create make them a greater target for cybercriminals. In 2016, this fact was proven and executed by the Mirai botnet, a malware strain that remotely enslaved IoT objects for use in large-scale attacks designed to knock websites and entire networks offline. The authors of Mirai discovered previously unknown vulnerabilities in IoT devices that could be used to strengthen their botnet, which at its height infected 300,000 devices. While this is an extreme example, it is very much a reality that could happen again — only this time worse. These ever-present threats make it crucial to maintain proper cyber hygiene while using the internet.
Internet Safety Month emphasizes the importance of staying safe while surfing the web, not just in June but all 365 days of the year. With new threats appearing every day, the time to be proactive about your online safety is now. Don’t find yourself on the wrong side of the most recent internet threat, follow these tips to stay protected:
- Secure your devices. Strong passwords or touch ID features are your first line of defense against cybercriminals stealing your sensitive information. With security measures in place, your data is protected in the case of your device being lost or stolen. And reset those default passwords — many of today’s exploits come from leveraging devices where the default settings were never changed.
- Only use apps you trust. Information about you is collected through the apps you use. Think about who is getting that data and if you’re comfortable with how it could be used.
- Be picky about what Wi-Fi you’re using. Hotspots and public Wi-Fi networks are often unsecured, meaning anyone can see what you’re doing on your device. Limit your activity and avoid logging into accounts that hold sensitive information. Consider using a virtual private network (VPN) or a personal/mobile hotspot.
- Disable Wi-Fi and Bluetooth when not in use. Stores and other locations use this information to track your movements when you are in range. Both Bluetooth and Wi-Fi can also act as digital entrances into your phone. When it’s not absolutely necessary, consider turning it off.
- Keep your devices and apps up-to-date. Having the most up-to-date software and applications is the best defense against threats. If an app is no longer in use, just delete it to ensure your devices clutter-free and no longer housing unsupported or outdated apps.
Many internet users today store financial and personal data within a browser so that it auto-populates anytime they encounter a fill form. That way, they can save themselves the time they would normally spend typing their information into a website when wishing to make a purchase or take an action online. It’s convenient and easy, but also a security risk. This especially the case due to the emergence of Vega Stealer, a malware strain aiming to capitalize on that very short cut, and is designed to harvest saved financial data from Google Chrome and Firefox browsers.
Vega Stealer makes its way through the web through a common cybercriminal tactic – phishing emails. Once it spreads via these nasty notes, Vega swoops personal information that has been saved in Google Chrome, including passwords, saved credit cards, profiles, and cookies. Mind you, Firefox also has a target on its back, as the malware harvests specific files that store various passwords and keys when Firefox in use. But Vega Stealer doesn’t stop there, it also takes a screenshot of the infected machine and scans for any files on the system ending in .doc, .docx, .txt, .rtf, .xls, .xlsx, or .pdf.
As of now, it has not been determined who exactly is behind these browser attacks (though the strain seems to be related to August Stealer malware), but we do know one thing for sure: Vega is quite the thief. The good news is – there are many ways you can protect yourself from the nasty malware strain. Start by following these tips:
- Change your passwords. With Vega Stealer eager for credentials, the first thing you should do is change up your existing login information to any accounts you access using Chrome or Firefox. And, of course, make sure your new passwords are strong and complex.
- Be on the lookout for phishing scams.If you see something sketchy or from an unknown source in your email inbox, be sure to avoid clicking on any links provided. Better to just delete the email entirely.
- Stop Autofill on Chrome. This malware is counting on the fact that you store financial data within your browser. To stop it in its tracks, head to your Google Chrome account and go to settings. Scroll down to “Passwords and Forms,” go to “Autofill Settings,” and make sure you remove all personal and financial information from your Google Chrome Autofill. Though this means you’ll have to type out this information each time you want to make a purchase, your personal data will be better protected because of it.
- Stay protected while you browse. With Vega Stealer attacking both Chrome and Firefox browsers, it’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.
The post Vega Stealer Malware Swoops Financial Data Straight from Chrome and Firefox Browsers appeared first on McAfee Blogs.
Online privacy: too often managing this aspect of our digital lives gets shuffled to the bottom of our ‘to-do’ lists. The recent Facebook Cambridge Analytica drama made many of us rethink what private information we are sharing online. But many of us just don’t know what to do to fix it.
This week is Privacy Awareness Week – a great opportunity to check-in and see how we can do better. A recent survey conducted by McAfee shows that most Aussies (54%) are more concerned about their online privacy than five years ago. This is encouraging! However, a whopping 83% of us do not believe that protecting our internet-connected devices is essential to managing our privacy online. Oh dear!!
The survey also showed that 23% of Aussies do not change default passwords when we purchase new devices and that only 35% of us know how to properly check if our connected home appliances or devices are secured. Clearly we still have work to do, people! We have a disconnect on our hands. Most of us realise we need to do something to manage our privacy but don’t realise that protecting our devices is a big part of the solution. You can’t have one without the other!!!
Online Privacy Made Easier
So, I’m going to make it nice and easy for you. I have compiled a list of the steps you need to take to get your online privacy under control. And yes, it may take you a few hours to get on top of it but it’s so worth it. If your privacy is compromised, your identity can be easily stolen. Which could affect you financially as well as undermine your reputation. Let’s get to it – here’s what you need to do:
1. Protect Your Devices
- Use comprehensive security software such as McAfee® Total Protection. You know it will guard you against viruses and threats. But do you realise it will also direct you away from dangerous downloads and risky websites – where privacy can easily come unstuck!
- McAfee® Total Protection will also protect your smartphone and tablet, and can back up your important files.
2. Manage Your Passwords
- Ensure all your online accounts and all your devices have a separate, unique password. Ideally, it should have a combination of lower and upper case letters, numbers and special characters. I love using a nonsensical, crazy sentence.
3. Think Before You Download Apps
- Never download apps from unknown sources. They may be designed to mine your personal information. Always read reviews to see if anyone has had a problem and check out the app’s fine print before you download.
- Review the apps that you have signed up to with Facebook. As you would be aware from the recent Cambridge Analytica situation, Facebook provides some of these apps with user’s private information including name, location, email or even friends list.
So, please review these apps, people. Not sure where to start? Go to Settings > Apps > Logged in with Facebook and remove anything that doesn’t absolutely need access to your Facebook profile. You will still have to contact the app developer to ensure they have deleted the data they already have gathered on you.
4. Lock Down Your Home Wi-Fi
- To prevent hackers accessing your fleet of IoT devices at home (including your virtual assistant or your lighting or security systems), secure your home Wi-Fi with a complex password. All device passwords need to have their default passwords changed as well.
- McAfee’s Secure Home Platform – available soon on D-Link – can secure devices through your internet router to ensure every internet-connected device in your house is safe. How good is that???
5. Stay On Top Of Software Updates
- Check all your devices to ensure your software (operating systems, apps) is up-to-date.
- Out-of-date software often means there is a security vulnerability that makes it so much easier for a cybercriminal to access your device and online life.
- Why not schedule updates so this happens automatically?
6. Be Wary Using Wi-Fi Outside Home Or Work
- Avoid using public or unsecured Wi-Fi, especially when entering personal information online, as it can leave you open to all sorts of nasty attacks.
- Use a Virtual Private Network (VPN) such as McAfee® Safe Connect to encrypt connections and keep your data secure when sharing online.
7. Multi-Factor Authentication
- Always use multi-factor authentication where available to reduce the risk of having your accounts accessed by someone else.
And don’t forget about your kids! Teaching them the importance of proactively managing their online privacy is essential. As parents, we need to help our kids develop a toolkit of skills and knowledge, so they can prepare themselves for life’s challenges. So please share this with them – you’ll be doing them a big favour.
On my first Mother’s Day 21 years ago, I received a pair of gorgeous fluffy pink slippers. Last year – it was a sleek shiny green Fitbit! Technology has absolutely transformed our gift giving and Mother’s Day is no exception.
The rising popularity of internet connected gifts means many lucky mums will receive a glossy new device on Mother’s Day. It may be a digital home assistant, a fitness tracker or even a big new Smart TV. Whatever it is, we must understand the potential risks involved when giving or receiving an internet enabled device. Because we don’t want to put our mums (or our families) at risk.
But don’t let this change your shopping plans! Like anything in life, if you’re prepared you can minimise the risks and avoid getting caught out by cyber threats. So, here is the low-down on threats posed by some of the more popular gifts this Mother’s Day and tips on how to protect against them.
Digital Home Assistants
Regardless of which brand you might choose, a digital assistant can be a massive help for any busy mum. Whether it reading the kids a bedtime story or a recipe while you cook, or setting timers – it’s the closest thing many mums can get to another set of hands!
However, there are risks associated with these mother’s helpers. If your home assistant is hacked, your personal information could be at risk. Which means your bank accounts details or your identity could be put at risk. And as the device is ‘always on’, your personal assistant can listen to and record what is being said around your house – a definite privacy issue.
What to Do to Stay Safe
- Protecting your Home Wi-Fi is an essential step to ensuring your home assistant is secure. Solutions such as McAfee’s Secure Home Platform, available soon on D-Link routers, will secure all your devices that connect to your Home Wi-Fi, including your home assistant. So, you have protection and peace of mind.
- Always change the manufacturer’s default password when setting up the Wi-Fi and ensure you create a complex, unique one instead. A combination of lower and upper-case letters, numbers and special characters is ideal.
- Don’t allow your home assistant to store your private information. I also advise against allowing your home assistant to store passwords, credit card data, or any of your contact information.
A wearable fitness tracker might be at the top of your mum’s wish list this Mother’s Day. But there are some surprisingly worrying security risks surrounding the popular gift that she should be aware of.
Researchers have found it is possible to crack PINs and passwords by hacking into the motion sensors to track hand movements. Additional research shows that the encryption offered by wearable fitness tracker manufacturers is quite easily intercepted. This means all your personal data stored on the device can easily be hacked. And while info like your calorie intake and step count many not seem valuable to a hacker, information like where you worked out and how long you were away from home can paint a very valuable picture of who you are!
What to Do to Stay Safe
- Keep your fitness tracker up-to-date. Just like with any connected device, as soon as software updates become available, download them immediately to prevent cyber criminals from hacking your device.
- Set up your fitness tracker and any associated online accounts with an obscure user name and unique passwords, that are completely unrelated to any of your other accounts.
- Consider disabling certain features of the fitness tracker if you feel that your privacy many be jeopardised.
Whilst buying mum a smart TV would certainly make her feel spoilt this Mother’s Day, they can come with a more sinister side. In March 2017, news emerged that it may be possible to hack into smart TVs to spy on users. Since then, several critical vulnerabilities have been found in Vestel firmware, which is used in more than 30 popular TV brands. These vulnerabilities could be easily leveraged to spy on smart TV users through the microphones and cameras.
What to Do to Stay Safe
- Buy smart TVs with security in mind. When purchasing a smart TV, it’s always important to do your homework and read up on any current vulnerabilities.
- Secure your home’s internet at the source. Smart TVs, like all connected devices, must connect to a home Wi-Fi network to run. If they’re vulnerable, they could expose your network as a whole. Since it can be challenging to lock down all the IoT devices in a home, again a solution like McAfee Secure Home Platform can provide protection at the router-level.
If you are shopping online for mum, please remember to keep your guard up. Only shop from secure websites where the URL begins with ‘https://’ and a lock icon appears in the address bar. NEVER, EVER shop using unsecured Wi-Fi. It can leave you vulnerable to all sorts of nasty attacks and your private information may be hacked by a third party.
Finally, and most importantly, don’t forget to thank your wonderful mum for everything she has done for you. A handwritten card with a few lines of thanks is extremely powerful!!
Happy Mother’s Day!!
The authors thank John Fokker and Marcelo CaroVargas for their contributions and insights.
In our upcoming talk at the Cloud Security Alliance Summit at the RSA Conference, we will focus our attention on the insecurity of cloud deployments. We are interested in whether attackers can use compromised cloud infrastructure as viable backup resources as well as for cryptocurrency mining and other illegitimate uses. The use of containers has increased rapidly, especially when it comes to managing the deployment of applications. Our latest market survey found that 83% of organizations worldwide are actively testing or using containers in production. Applications need authentication for load balancing, managing the network between containers, auto-scaling, etc. One solution (called a cluster manager) for the automated installation and orchestration of containers is Kubernetes.
Some key components in the Kubernetes architecture appear below:
High-level Kubernetes architecture.
- Kubernetes master server: The managing machine oversees one or more nodes
- Node: A client that runs tasks as delegated by the user and Kubernetes master server
- Pod: An application (or part of an application) that runs on a node. The smallest unit that can be scheduled to be deployed. Not intended to live long.
For our article, we need to highlight the etcd storage on the master server. This database stores the configuration data of the cluster and represents the overall state of the cluster at a given time. Kubernetes saves these secrets in Base64 strings; before Version 2.1 there was no authentication in etcd.
With that knowledge, security researcher Giovanni Collazo from Puerto Rico started to query the Shodan database for etcd databases connected to the Internet. He discovered many and by executing a query, some of these databases started to reveal a lot of credentials. Beyond leaking credentials from databases and other accounts, what other scenarios are possible?
There are several ways that we can acquire credentials for cloud services without hacking into panels or services. By “creatively” searching public sites and repositories, we can find plenty of them. For example, when we searched on GitHub, we found more than 380,000 results for certain credentials. Let’s assume that half of them are useful: We would have 190,000 potentially valid credentials. As Collazo did for etcd, one can also use the Shodan search engine to query for other databases. By creating the right query for Django databases, for example, we were able to identify more cloud credentials. Amazon’s security team proactively scans GitHub for AWS credentials and informs their customers if they find credentials.
Regarding Kubernetes: Leaked credentials, complete configurations of the DNS, load balancers, and service accounts offer several possible scenarios. These include exfiltrating data, rerouting traffic, or even creating malicious containers in different nodes (if the service accounts have enough privileges to execute changes in the master server).
Creating malicious containers.
One of the biggest risks concerning leaked credentials is the abuse of your cloud resources for cryptomining. The adversaries can order multiple servers under your account to start cryptomining, enriching their bank accounts while you pay for the computing power “you” ordered.
We have heard a lot about incidents in which companies have not secured their Amazon S3 buckets. A number of tools can scan for “open” buckets and download the content. Attackers would be most interested in write-enabled rights on a bucket. For our Cloud Security Alliance keynote address at RSA, we created a list of Fortune 1000 companies and looked for readable buckets. We discovered quite a few. That is no surprise, but if you combine the read-only buckets information with the ease of harvesting credentials, the story changes. With open and writable buckets, the adversaries have plenty of opportunities: storing and injecting malware, exfiltrating and manipulating data, etc.
McAfee cloud researchers offer an audit tool that, among other things, verifies the rights of buckets. As we write this post, more than 1,200 writable buckets belonging to a multitude of companies, are accessible to the public. One of the largest ad networks in the world had a publicly writable bucket. If adversaries could access that network, they could easily inject malicious code into advertisements. (As part of our responsible disclosure process, we reported the issue, which was fixed within hours.) You can read an extensive post on McAfee cloud research and how the analysts exposed possible man-in-the-middle attacks leveraging writable buckets.
Clustering the Techniques
To combat ransomware, many organizations use the cloud to back up and protect their data. In our talk we will approach the cloud as an attack vector for spreading ransomware. With the leaked credentials we discovered from various sources, the open and writable buckets created a groundwork for storing and spreading our ransomware. With attackers having a multitude of credentials and storage places such as buckets, databases, and containers, defenders would have difficulty keeping up. We all need to pay attention to where we store our credentials and how well we monitor and secure our cloud environments.